Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/xorg-server-1.20.9/miext/rootless/rootlessCommon.h Examining data/xorg-server-1.20.9/miext/rootless/rootlessWindow.h Examining data/xorg-server-1.20.9/miext/rootless/rootlessConfig.h Examining data/xorg-server-1.20.9/miext/rootless/rootlessWindow.c Examining data/xorg-server-1.20.9/miext/rootless/rootlessCommon.c Examining data/xorg-server-1.20.9/miext/rootless/rootlessGC.c Examining data/xorg-server-1.20.9/miext/rootless/rootlessScreen.c Examining data/xorg-server-1.20.9/miext/rootless/rootlessValTree.c Examining data/xorg-server-1.20.9/miext/rootless/rootless.h Examining data/xorg-server-1.20.9/miext/sync/misyncshm.c Examining data/xorg-server-1.20.9/miext/sync/misync.c Examining data/xorg-server-1.20.9/miext/sync/misyncfd.h Examining data/xorg-server-1.20.9/miext/sync/misyncshm.h Examining data/xorg-server-1.20.9/miext/sync/misyncfd.c Examining data/xorg-server-1.20.9/miext/sync/misyncstr.h Examining data/xorg-server-1.20.9/miext/sync/misync.h Examining data/xorg-server-1.20.9/miext/shadow/shrotpack.h Examining data/xorg-server-1.20.9/miext/shadow/shafb8.c Examining data/xorg-server-1.20.9/miext/shadow/shrot32pack_270.c Examining data/xorg-server-1.20.9/miext/shadow/sh3224.c Examining data/xorg-server-1.20.9/miext/shadow/shrot8pack_90.c Examining data/xorg-server-1.20.9/miext/shadow/shrot32pack.c Examining data/xorg-server-1.20.9/miext/shadow/shrot16pack_90.c Examining data/xorg-server-1.20.9/miext/shadow/shrot8pack_180.c Examining data/xorg-server-1.20.9/miext/shadow/shrot8pack_270.c Examining data/xorg-server-1.20.9/miext/shadow/shpacked.c Examining data/xorg-server-1.20.9/miext/shadow/shrot32pack_180.c Examining data/xorg-server-1.20.9/miext/shadow/shrotpackYX.h Examining data/xorg-server-1.20.9/miext/shadow/shadow.h Examining data/xorg-server-1.20.9/miext/shadow/shrot16pack_270YX.c Examining data/xorg-server-1.20.9/miext/shadow/shiplan2p4.c Examining data/xorg-server-1.20.9/miext/shadow/shrot32pack_90.c Examining data/xorg-server-1.20.9/miext/shadow/shrot8pack.c Examining data/xorg-server-1.20.9/miext/shadow/c2p_core.h Examining data/xorg-server-1.20.9/miext/shadow/shrot16pack.c Examining data/xorg-server-1.20.9/miext/shadow/shiplan2p8.c Examining data/xorg-server-1.20.9/miext/shadow/shplanar8.c Examining data/xorg-server-1.20.9/miext/shadow/shrot16pack_270.c Examining data/xorg-server-1.20.9/miext/shadow/shplanar.c Examining data/xorg-server-1.20.9/miext/shadow/shrot16pack_90YX.c Examining data/xorg-server-1.20.9/miext/shadow/shrot16pack_180.c Examining data/xorg-server-1.20.9/miext/shadow/shadow.c Examining data/xorg-server-1.20.9/miext/shadow/shrotate.c Examining data/xorg-server-1.20.9/miext/shadow/shafb4.c Examining data/xorg-server-1.20.9/miext/damage/damage.c Examining data/xorg-server-1.20.9/miext/damage/damagestr.h Examining data/xorg-server-1.20.9/miext/damage/damage.h Examining data/xorg-server-1.20.9/composite/compwindow.c Examining data/xorg-server-1.20.9/composite/compinit.c Examining data/xorg-server-1.20.9/composite/compext.c Examining data/xorg-server-1.20.9/composite/compalloc.c Examining data/xorg-server-1.20.9/composite/compoverlay.c Examining data/xorg-server-1.20.9/composite/compint.h Examining data/xorg-server-1.20.9/composite/compositeext.h Examining data/xorg-server-1.20.9/record/set.c Examining data/xorg-server-1.20.9/record/set.h Examining data/xorg-server-1.20.9/record/record.c Examining data/xorg-server-1.20.9/xkb/ddxCtrls.c Examining data/xorg-server-1.20.9/xkb/xkb.h Examining data/xorg-server-1.20.9/xkb/XKBMAlloc.c Examining data/xorg-server-1.20.9/xkb/xkb.c Examining data/xorg-server-1.20.9/xkb/xkbPrKeyEv.c Examining data/xorg-server-1.20.9/xkb/ddxVT.c Examining data/xorg-server-1.20.9/xkb/ddxLoad.c Examining data/xorg-server-1.20.9/xkb/ddxPrivate.c Examining data/xorg-server-1.20.9/xkb/xkbfmisc.c Examining data/xorg-server-1.20.9/xkb/maprules.c Examining data/xorg-server-1.20.9/xkb/xkbEvents.c Examining data/xorg-server-1.20.9/xkb/xkbout.c Examining data/xorg-server-1.20.9/xkb/xkbLEDs.c Examining data/xorg-server-1.20.9/xkb/xkbgeom.h Examining data/xorg-server-1.20.9/xkb/XKBMisc.c Examining data/xorg-server-1.20.9/xkb/ddxLEDs.c Examining data/xorg-server-1.20.9/xkb/xkbInit.c Examining data/xorg-server-1.20.9/xkb/XKBAlloc.c Examining data/xorg-server-1.20.9/xkb/xkmread.c Examining data/xorg-server-1.20.9/xkb/xkbtext.c Examining data/xorg-server-1.20.9/xkb/xkbSwap.c Examining data/xorg-server-1.20.9/xkb/xkbDflts.h Examining data/xorg-server-1.20.9/xkb/ddxKillSrv.c Examining data/xorg-server-1.20.9/xkb/ddxBeep.c Examining data/xorg-server-1.20.9/xkb/xkbAccessX.c Examining data/xorg-server-1.20.9/xkb/XKBGAlloc.c Examining data/xorg-server-1.20.9/xkb/xkbActions.c Examining data/xorg-server-1.20.9/xkb/xkbUtils.c Examining data/xorg-server-1.20.9/Xi/opendev.h Examining data/xorg-server-1.20.9/Xi/getfocus.h Examining data/xorg-server-1.20.9/Xi/xiselectev.h Examining data/xorg-server-1.20.9/Xi/allowev.h Examining data/xorg-server-1.20.9/Xi/sendexev.h Examining data/xorg-server-1.20.9/Xi/allowev.c Examining data/xorg-server-1.20.9/Xi/grabdev.h Examining data/xorg-server-1.20.9/Xi/setfocus.h Examining data/xorg-server-1.20.9/Xi/xisetdevfocus.h Examining data/xorg-server-1.20.9/Xi/chgptr.c Examining data/xorg-server-1.20.9/Xi/getkmap.h Examining data/xorg-server-1.20.9/Xi/devbell.h Examining data/xorg-server-1.20.9/Xi/setbmap.h Examining data/xorg-server-1.20.9/Xi/xiproperty.h Examining data/xorg-server-1.20.9/Xi/xisetclientpointer.c Examining data/xorg-server-1.20.9/Xi/sendexev.c Examining data/xorg-server-1.20.9/Xi/getbmap.h Examining data/xorg-server-1.20.9/Xi/xiwarppointer.h Examining data/xorg-server-1.20.9/Xi/getprop.c Examining data/xorg-server-1.20.9/Xi/getselev.c Examining data/xorg-server-1.20.9/Xi/gtmotion.h Examining data/xorg-server-1.20.9/Xi/xisetdevfocus.c Examining data/xorg-server-1.20.9/Xi/getvers.c Examining data/xorg-server-1.20.9/Xi/xisetclientpointer.h Examining data/xorg-server-1.20.9/Xi/grabdevk.c Examining data/xorg-server-1.20.9/Xi/closedev.c Examining data/xorg-server-1.20.9/Xi/xiquerydevice.h Examining data/xorg-server-1.20.9/Xi/chgfctl.c Examining data/xorg-server-1.20.9/Xi/getprop.h Examining data/xorg-server-1.20.9/Xi/xigrabdev.h Examining data/xorg-server-1.20.9/Xi/ungrdevb.h Examining data/xorg-server-1.20.9/Xi/selectev.c Examining data/xorg-server-1.20.9/Xi/setdval.c Examining data/xorg-server-1.20.9/Xi/xigrabdev.c Examining data/xorg-server-1.20.9/Xi/chgkmap.h Examining data/xorg-server-1.20.9/Xi/ungrdevk.h Examining data/xorg-server-1.20.9/Xi/getmmap.h Examining data/xorg-server-1.20.9/Xi/getfocus.c Examining data/xorg-server-1.20.9/Xi/xiquerypointer.c Examining data/xorg-server-1.20.9/Xi/getvers.h Examining data/xorg-server-1.20.9/Xi/xiallowev.h Examining data/xorg-server-1.20.9/Xi/xiquerypointer.h Examining data/xorg-server-1.20.9/Xi/xiallowev.c Examining data/xorg-server-1.20.9/Xi/getfctl.c Examining data/xorg-server-1.20.9/Xi/getbmap.c Examining data/xorg-server-1.20.9/Xi/grabdevb.h Examining data/xorg-server-1.20.9/Xi/setdval.h Examining data/xorg-server-1.20.9/Xi/extinit.c Examining data/xorg-server-1.20.9/Xi/chgptr.h Examining data/xorg-server-1.20.9/Xi/grabdev.c Examining data/xorg-server-1.20.9/Xi/exglobals.h Examining data/xorg-server-1.20.9/Xi/chgkbd.c Examining data/xorg-server-1.20.9/Xi/ungrdevb.c Examining data/xorg-server-1.20.9/Xi/setbmap.c Examining data/xorg-server-1.20.9/Xi/getdctl.c Examining data/xorg-server-1.20.9/Xi/chgdctl.h Examining data/xorg-server-1.20.9/Xi/getmmap.c Examining data/xorg-server-1.20.9/Xi/setmode.h Examining data/xorg-server-1.20.9/Xi/xichangehierarchy.h Examining data/xorg-server-1.20.9/Xi/xigetclientpointer.h Examining data/xorg-server-1.20.9/Xi/chgfctl.h Examining data/xorg-server-1.20.9/Xi/chgkmap.c Examining data/xorg-server-1.20.9/Xi/ungrdevk.c Examining data/xorg-server-1.20.9/Xi/xipassivegrab.c Examining data/xorg-server-1.20.9/Xi/xibarriers.c Examining data/xorg-server-1.20.9/Xi/setmmap.h Examining data/xorg-server-1.20.9/Xi/xiproperty.c Examining data/xorg-server-1.20.9/Xi/devbell.c Examining data/xorg-server-1.20.9/Xi/opendev.c Examining data/xorg-server-1.20.9/Xi/grabdevk.h Examining data/xorg-server-1.20.9/Xi/queryst.h Examining data/xorg-server-1.20.9/Xi/xiselectev.c Examining data/xorg-server-1.20.9/Xi/xiqueryversion.c Examining data/xorg-server-1.20.9/Xi/chgprop.h Examining data/xorg-server-1.20.9/Xi/grabdevb.c Examining data/xorg-server-1.20.9/Xi/stubs.c Examining data/xorg-server-1.20.9/Xi/xigetclientpointer.c Examining data/xorg-server-1.20.9/Xi/xichangecursor.h Examining data/xorg-server-1.20.9/Xi/xipassivegrab.h Examining data/xorg-server-1.20.9/Xi/xiquerydevice.c Examining data/xorg-server-1.20.9/Xi/ungrdev.c Examining data/xorg-server-1.20.9/Xi/setmmap.c Examining data/xorg-server-1.20.9/Xi/exevents.c Examining data/xorg-server-1.20.9/Xi/getdctl.h Examining data/xorg-server-1.20.9/Xi/closedev.h Examining data/xorg-server-1.20.9/Xi/getkmap.c Examining data/xorg-server-1.20.9/Xi/getselev.h Examining data/xorg-server-1.20.9/Xi/xibarriers.h Examining data/xorg-server-1.20.9/Xi/xichangehierarchy.c Examining data/xorg-server-1.20.9/Xi/setmode.c Examining data/xorg-server-1.20.9/Xi/chgprop.c Examining data/xorg-server-1.20.9/Xi/setfocus.c Examining data/xorg-server-1.20.9/Xi/ungrdev.h Examining data/xorg-server-1.20.9/Xi/selectev.h Examining data/xorg-server-1.20.9/Xi/xiwarppointer.c Examining data/xorg-server-1.20.9/Xi/xichangecursor.c Examining data/xorg-server-1.20.9/Xi/getfctl.h Examining data/xorg-server-1.20.9/Xi/chgdctl.c Examining data/xorg-server-1.20.9/Xi/listdev.c Examining data/xorg-server-1.20.9/Xi/xiqueryversion.h Examining data/xorg-server-1.20.9/Xi/chgkbd.h Examining data/xorg-server-1.20.9/Xi/queryst.c Examining data/xorg-server-1.20.9/Xi/listdev.h Examining data/xorg-server-1.20.9/Xi/gtmotion.c Examining data/xorg-server-1.20.9/dbe/midbe.c Examining data/xorg-server-1.20.9/dbe/dbe.c Examining data/xorg-server-1.20.9/dbe/dbestruct.h Examining data/xorg-server-1.20.9/dbe/midbe.h Examining data/xorg-server-1.20.9/include/events.h Examining data/xorg-server-1.20.9/include/Xprintf.h Examining data/xorg-server-1.20.9/include/os.h Examining data/xorg-server-1.20.9/include/eventconvert.h Examining data/xorg-server-1.20.9/include/xsha1.h Examining data/xorg-server-1.20.9/include/list.h Examining data/xorg-server-1.20.9/include/XIstubs.h Examining data/xorg-server-1.20.9/include/vidmodestr.h Examining data/xorg-server-1.20.9/include/dixfont.h Examining data/xorg-server-1.20.9/include/cursorstr.h Examining data/xorg-server-1.20.9/include/inputstr.h Examining data/xorg-server-1.20.9/include/extension.h Examining data/xorg-server-1.20.9/include/dixstruct.h Examining data/xorg-server-1.20.9/include/gc.h Examining data/xorg-server-1.20.9/include/dix.h Examining data/xorg-server-1.20.9/include/systemd-logind.h Examining data/xorg-server-1.20.9/include/window.h Examining data/xorg-server-1.20.9/include/client.h Examining data/xorg-server-1.20.9/include/dixevents.h Examining data/xorg-server-1.20.9/include/extinit.h Examining data/xorg-server-1.20.9/include/ptrveloc.h Examining data/xorg-server-1.20.9/include/property.h Examining data/xorg-server-1.20.9/include/dbus-core.h Examining data/xorg-server-1.20.9/include/displaymode.h Examining data/xorg-server-1.20.9/include/xserver_poll.h Examining data/xorg-server-1.20.9/include/selection.h Examining data/xorg-server-1.20.9/include/closure.h Examining data/xorg-server-1.20.9/include/resource.h Examining data/xorg-server-1.20.9/include/dixgrabs.h Examining data/xorg-server-1.20.9/include/misc.h Examining data/xorg-server-1.20.9/include/closestr.h Examining data/xorg-server-1.20.9/include/windowstr.h Examining data/xorg-server-1.20.9/include/callback.h Examining data/xorg-server-1.20.9/include/rgb.h Examining data/xorg-server-1.20.9/include/site.h Examining data/xorg-server-1.20.9/include/optionstr.h Examining data/xorg-server-1.20.9/include/screenint.h Examining data/xorg-server-1.20.9/include/protocol-versions.h Examining data/xorg-server-1.20.9/include/opaque.h Examining data/xorg-server-1.20.9/include/swaprep.h Examining data/xorg-server-1.20.9/include/registry.h Examining data/xorg-server-1.20.9/include/gcstruct.h Examining data/xorg-server-1.20.9/include/glx_extinit.h Examining data/xorg-server-1.20.9/include/dix-config-apple-verbatim.h Examining data/xorg-server-1.20.9/include/scrnintstr.h Examining data/xorg-server-1.20.9/include/xserver-properties.h Examining data/xorg-server-1.20.9/include/xkbstr.h Examining data/xorg-server-1.20.9/include/regionstr.h Examining data/xorg-server-1.20.9/include/xkbrules.h Examining data/xorg-server-1.20.9/include/globals.h Examining data/xorg-server-1.20.9/include/colormapst.h Examining data/xorg-server-1.20.9/include/dixaccess.h Examining data/xorg-server-1.20.9/include/privates.h Examining data/xorg-server-1.20.9/include/xkbfile.h Examining data/xorg-server-1.20.9/include/glxvndabi.h Examining data/xorg-server-1.20.9/include/servermd.h Examining data/xorg-server-1.20.9/include/hotplug.h Examining data/xorg-server-1.20.9/include/xkbsrv.h Examining data/xorg-server-1.20.9/include/busfault.h Examining data/xorg-server-1.20.9/include/exevents.h Examining data/xorg-server-1.20.9/include/nonsdk_extinit.h Examining data/xorg-server-1.20.9/include/colormap.h Examining data/xorg-server-1.20.9/include/miscstruct.h Examining data/xorg-server-1.20.9/include/swapreq.h Examining data/xorg-server-1.20.9/include/validate.h Examining data/xorg-server-1.20.9/include/probes.h Examining data/xorg-server-1.20.9/include/input.h Examining data/xorg-server-1.20.9/include/dixfontstr.h Examining data/xorg-server-1.20.9/include/region.h Examining data/xorg-server-1.20.9/include/cursor.h Examining data/xorg-server-1.20.9/include/extnsionst.h Examining data/xorg-server-1.20.9/include/pixmap.h Examining data/xorg-server-1.20.9/include/propertyst.h Examining data/xorg-server-1.20.9/include/inpututils.h Examining data/xorg-server-1.20.9/include/eventstr.h Examining data/xorg-server-1.20.9/include/pixmapstr.h Examining data/xorg-server-1.20.9/dix/globals.c Examining data/xorg-server-1.20.9/dix/getevents.c Examining data/xorg-server-1.20.9/dix/dixutils.c Examining data/xorg-server-1.20.9/dix/grabs.c Examining data/xorg-server-1.20.9/dix/dispatch.h Examining data/xorg-server-1.20.9/dix/registry.c Examining data/xorg-server-1.20.9/dix/enterleave.c Examining data/xorg-server-1.20.9/dix/window.c Examining data/xorg-server-1.20.9/dix/enterleave.h Examining data/xorg-server-1.20.9/dix/main.c Examining data/xorg-server-1.20.9/dix/colormap.c Examining data/xorg-server-1.20.9/dix/region.c Examining data/xorg-server-1.20.9/dix/initatoms.c Examining data/xorg-server-1.20.9/dix/events.c Examining data/xorg-server-1.20.9/dix/eventconvert.c Examining data/xorg-server-1.20.9/dix/stubmain.c Examining data/xorg-server-1.20.9/dix/privates.c Examining data/xorg-server-1.20.9/dix/resource.c Examining data/xorg-server-1.20.9/dix/atom.c Examining data/xorg-server-1.20.9/dix/selection.c Examining data/xorg-server-1.20.9/dix/gc.c Examining data/xorg-server-1.20.9/dix/inpututils.c Examining data/xorg-server-1.20.9/dix/ptrveloc.c Examining data/xorg-server-1.20.9/dix/cursor.c Examining data/xorg-server-1.20.9/dix/dixfonts.c Examining data/xorg-server-1.20.9/dix/devices.c Examining data/xorg-server-1.20.9/dix/property.c Examining data/xorg-server-1.20.9/dix/swapreq.c Examining data/xorg-server-1.20.9/dix/glyphcurs.c Examining data/xorg-server-1.20.9/dix/touch.c Examining data/xorg-server-1.20.9/dix/dispatch.c Examining data/xorg-server-1.20.9/dix/extension.c Examining data/xorg-server-1.20.9/dix/pixmap.c Examining data/xorg-server-1.20.9/dix/tables.c Examining data/xorg-server-1.20.9/dix/swaprep.c Examining data/xorg-server-1.20.9/test/input.c Examining data/xorg-server-1.20.9/test/signal-logging.c Examining data/xorg-server-1.20.9/test/xi2/protocol-xipassivegrabdevice.c Examining data/xorg-server-1.20.9/test/xi2/protocol-common.h Examining data/xorg-server-1.20.9/test/xi2/protocol-xiquerypointer.c Examining data/xorg-server-1.20.9/test/xi2/protocol-xigetclientpointer.c Examining data/xorg-server-1.20.9/test/xi2/protocol-eventconvert.c Examining data/xorg-server-1.20.9/test/xi2/protocol-xiselectevents.c Examining data/xorg-server-1.20.9/test/xi2/protocol-xiqueryversion.c Examining data/xorg-server-1.20.9/test/xi2/protocol-xigetselectedevents.c Examining data/xorg-server-1.20.9/test/xi2/protocol-xiquerydevice.c Examining data/xorg-server-1.20.9/test/xi2/protocol-xisetclientpointer.c Examining data/xorg-server-1.20.9/test/xi2/xi2.c Examining data/xorg-server-1.20.9/test/xi2/protocol-xiwarppointer.c Examining data/xorg-server-1.20.9/test/xi2/protocol-common.c Examining data/xorg-server-1.20.9/test/tests-common.h Examining data/xorg-server-1.20.9/test/list.c Examining data/xorg-server-1.20.9/test/sync/sync.c Examining data/xorg-server-1.20.9/test/simple-xinit.c Examining data/xorg-server-1.20.9/test/string.c Examining data/xorg-server-1.20.9/test/tests.c Examining data/xorg-server-1.20.9/test/xi1/protocol-xchangedevicecontrol.c Examining data/xorg-server-1.20.9/test/xtest.c Examining data/xorg-server-1.20.9/test/misc.c Examining data/xorg-server-1.20.9/test/tests-common.c Examining data/xorg-server-1.20.9/test/bigreq/request-length.c Examining data/xorg-server-1.20.9/test/tests.h Examining data/xorg-server-1.20.9/test/fixes.c Examining data/xorg-server-1.20.9/test/touch.c Examining data/xorg-server-1.20.9/test/hashtabletest.c Examining data/xorg-server-1.20.9/test/xfree86.c Examining data/xorg-server-1.20.9/test/test_xkb.c Examining data/xorg-server-1.20.9/os/xsha1.c Examining data/xorg-server-1.20.9/os/access.c Examining data/xorg-server-1.20.9/os/strndup.c Examining data/xorg-server-1.20.9/os/log.c Examining data/xorg-server-1.20.9/os/osdep.h Examining data/xorg-server-1.20.9/os/xdmauth.c Examining data/xorg-server-1.20.9/os/xserver_poll.c Examining data/xorg-server-1.20.9/os/rpcauth.c Examining data/xorg-server-1.20.9/os/xstrans.c Examining data/xorg-server-1.20.9/os/auth.c Examining data/xorg-server-1.20.9/os/client.c Examining data/xorg-server-1.20.9/os/ospoll.h Examining data/xorg-server-1.20.9/os/connection.c Examining data/xorg-server-1.20.9/os/io.c Examining data/xorg-server-1.20.9/os/strcasestr.c Examining data/xorg-server-1.20.9/os/strlcat.c Examining data/xorg-server-1.20.9/os/ospoll.c Examining data/xorg-server-1.20.9/os/osinit.c Examining data/xorg-server-1.20.9/os/backtrace.c Examining data/xorg-server-1.20.9/os/WaitFor.c Examining data/xorg-server-1.20.9/os/strlcpy.c Examining data/xorg-server-1.20.9/os/oscolor.c Examining data/xorg-server-1.20.9/os/inputthread.c Examining data/xorg-server-1.20.9/os/utils.c Examining data/xorg-server-1.20.9/os/timingsafe_memcmp.c Examining data/xorg-server-1.20.9/os/mitauth.c Examining data/xorg-server-1.20.9/os/xprintf.c Examining data/xorg-server-1.20.9/os/busfault.c Examining data/xorg-server-1.20.9/os/strcasecmp.c Examining data/xorg-server-1.20.9/os/xdmcp.c Examining data/xorg-server-1.20.9/os/reallocarray.c Examining data/xorg-server-1.20.9/damageext/damageextint.h Examining data/xorg-server-1.20.9/damageext/damageext.c Examining data/xorg-server-1.20.9/damageext/damageext.h Examining data/xorg-server-1.20.9/randr/rrprovider.c Examining data/xorg-server-1.20.9/randr/rrcrtc.c Examining data/xorg-server-1.20.9/randr/rrmode.c Examining data/xorg-server-1.20.9/randr/rrinfo.c Examining data/xorg-server-1.20.9/randr/rrtransform.c Examining data/xorg-server-1.20.9/randr/rrmonitor.c Examining data/xorg-server-1.20.9/randr/rrsdispatch.c Examining data/xorg-server-1.20.9/randr/randrstr.h Examining data/xorg-server-1.20.9/randr/rrproviderproperty.c Examining data/xorg-server-1.20.9/randr/rrlease.c Examining data/xorg-server-1.20.9/randr/rrxinerama.c Examining data/xorg-server-1.20.9/randr/rrdispatch.c Examining data/xorg-server-1.20.9/randr/rrtransform.h Examining data/xorg-server-1.20.9/randr/rrscreen.c Examining data/xorg-server-1.20.9/randr/rroutput.c Examining data/xorg-server-1.20.9/randr/rrproperty.c Examining data/xorg-server-1.20.9/randr/rrpointer.c Examining data/xorg-server-1.20.9/randr/randr.c Examining data/xorg-server-1.20.9/fb/fbline.c Examining data/xorg-server-1.20.9/fb/fbpush.c Examining data/xorg-server-1.20.9/fb/fboverlay.h Examining data/xorg-server-1.20.9/fb/fbutil.c Examining data/xorg-server-1.20.9/fb/fbfillrect.c Examining data/xorg-server-1.20.9/fb/fbseg.c Examining data/xorg-server-1.20.9/fb/fbpixmap.c Examining data/xorg-server-1.20.9/fb/wfbrename.h Examining data/xorg-server-1.20.9/fb/fbglyph.c Examining data/xorg-server-1.20.9/fb/fbbits.c Examining data/xorg-server-1.20.9/fb/fbsolid.c Examining data/xorg-server-1.20.9/fb/fbarc.c Examining data/xorg-server-1.20.9/fb/fballpriv.c Examining data/xorg-server-1.20.9/fb/fbwindow.c Examining data/xorg-server-1.20.9/fb/fbpict.c Examining data/xorg-server-1.20.9/fb/fbcopy.c Examining data/xorg-server-1.20.9/fb/fbfill.c Examining data/xorg-server-1.20.9/fb/fbpict.h Examining data/xorg-server-1.20.9/fb/fbrop.h Examining data/xorg-server-1.20.9/fb/fbgetsp.c Examining data/xorg-server-1.20.9/fb/fbblt.c Examining data/xorg-server-1.20.9/fb/fboverlay.c Examining data/xorg-server-1.20.9/fb/fbcmap_mi.c Examining data/xorg-server-1.20.9/fb/fbsetsp.c Examining data/xorg-server-1.20.9/fb/fbbltone.c Examining data/xorg-server-1.20.9/fb/fb.h Examining data/xorg-server-1.20.9/fb/fbbits.h Examining data/xorg-server-1.20.9/fb/fbpoint.c Examining data/xorg-server-1.20.9/fb/fbimage.c Examining data/xorg-server-1.20.9/fb/fbfillsp.c Examining data/xorg-server-1.20.9/fb/fbgc.c Examining data/xorg-server-1.20.9/fb/fbtrap.c Examining data/xorg-server-1.20.9/fb/fbscreen.c Examining data/xorg-server-1.20.9/hw/xfree86/dixmods/fbmodule.c Examining data/xorg-server-1.20.9/hw/xfree86/dixmods/glxmodule.c Examining data/xorg-server-1.20.9/hw/xfree86/dixmods/shmodule.c Examining data/xorg-server-1.20.9/hw/xfree86/utils/cvt/cvt.c Examining data/xorg-server-1.20.9/hw/xfree86/utils/gtf/gtf.c Examining data/xorg-server-1.20.9/hw/xfree86/xkb/xkbKillSrv.c Examining data/xorg-server-1.20.9/hw/xfree86/xkb/xkbVT.c Examining data/xorg-server-1.20.9/hw/xfree86/xkb/xkbPrivate.c Examining data/xorg-server-1.20.9/hw/xfree86/xorgconf.cpp Examining data/xorg-server-1.20.9/hw/xfree86/os-support/xf86_OSproc.h Examining data/xorg-server-1.20.9/hw/xfree86/os-support/solaris/sun_VTsw.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/solaris/sun_apm.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/solaris/sun_agp.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/solaris/sun_init.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/solaris/sun_vid.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/solaris/sun_bell.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/shared/ioperm_noop.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/shared/VTsw_noop.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/shared/sigiostubs.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/shared/kmod_noop.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/shared/vidmem.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/shared/posix_tty.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/shared/pm_noop.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/shared/sigio.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/shared/VTsw_usl.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/shared/agp_noop.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/shared/platform_noop.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/xf86OSpriv.h Examining data/xorg-server-1.20.9/hw/xfree86/os-support/hurd/hurd_bell.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/hurd/hurd_video.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/hurd/hurd_init.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/linux/lnx_bell.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/linux/lnx_platform.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/linux/lnx_init.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/linux/lnx_agp.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/linux/lnx_acpi.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/linux/lnx_apm.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/linux/linux.h Examining data/xorg-server-1.20.9/hw/xfree86/os-support/linux/int10/vm86/linux_vm86.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/linux/int10/linux.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/linux/lnx_kmod.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/linux/lnx_video.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/linux/systemd-logind.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/linux/lnx_ev56.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/xf86_OSlib.h Examining data/xorg-server-1.20.9/hw/xfree86/os-support/stub/stub_video.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/stub/stub_init.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/stub/stub_bell.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/misc/SlowBcopy.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/bsd/i386_video.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/bsd/alpha_video.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/bsd/bsd_kmod.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/bsd/bsd_VTsw.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/bsd/memrange.h Examining data/xorg-server-1.20.9/hw/xfree86/os-support/bsd/ppc_video.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/bsd/bsd_kqueue_apm.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/bsd/bsd_apm.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/bsd/bsd_init.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/bsd/bsd_bell.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/bsd/sparc64_video.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/bsd/arm_video.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/bsd/bsd_ev56.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/int10Defines.h Examining data/xorg-server-1.20.9/hw/xfree86/os-support/bus/xf86Pci.h Examining data/xorg-server-1.20.9/hw/xfree86/os-support/bus/nobus.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/bus/Pci.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/bus/Sbus.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/bus/xf86Sbus.h Examining data/xorg-server-1.20.9/hw/xfree86/os-support/bus/bsd_pci.c Examining data/xorg-server-1.20.9/hw/xfree86/os-support/bus/Pci.h Examining data/xorg-server-1.20.9/hw/xfree86/parser/Module.c Examining data/xorg-server-1.20.9/hw/xfree86/parser/DRI.c Examining data/xorg-server-1.20.9/hw/xfree86/parser/configProcs.h Examining data/xorg-server-1.20.9/hw/xfree86/parser/Pointer.c Examining data/xorg-server-1.20.9/hw/xfree86/parser/Flags.c Examining data/xorg-server-1.20.9/hw/xfree86/parser/Layout.c Examining data/xorg-server-1.20.9/hw/xfree86/parser/Video.c Examining data/xorg-server-1.20.9/hw/xfree86/parser/Files.c Examining data/xorg-server-1.20.9/hw/xfree86/parser/Vendor.c Examining data/xorg-server-1.20.9/hw/xfree86/parser/Extensions.c Examining data/xorg-server-1.20.9/hw/xfree86/parser/xf86Parser.h Examining data/xorg-server-1.20.9/hw/xfree86/parser/xf86tokens.h Examining data/xorg-server-1.20.9/hw/xfree86/parser/xf86Optrec.h Examining data/xorg-server-1.20.9/hw/xfree86/parser/write.c Examining data/xorg-server-1.20.9/hw/xfree86/parser/OutputClass.c Examining data/xorg-server-1.20.9/hw/xfree86/parser/Configint.h Examining data/xorg-server-1.20.9/hw/xfree86/parser/Input.c Examining data/xorg-server-1.20.9/hw/xfree86/parser/scan.c Examining data/xorg-server-1.20.9/hw/xfree86/parser/Device.c Examining data/xorg-server-1.20.9/hw/xfree86/parser/InputClass.c Examining data/xorg-server-1.20.9/hw/xfree86/parser/Monitor.c Examining data/xorg-server-1.20.9/hw/xfree86/parser/Screen.c Examining data/xorg-server-1.20.9/hw/xfree86/parser/read.c Examining data/xorg-server-1.20.9/hw/xfree86/shadowfb/shadowfb.h Examining data/xorg-server-1.20.9/hw/xfree86/shadowfb/sfbmodule.c Examining data/xorg-server-1.20.9/hw/xfree86/shadowfb/shadowfb.c Examining data/xorg-server-1.20.9/hw/xfree86/i2c/i2c_def.h Examining data/xorg-server-1.20.9/hw/xfree86/i2c/xf86i2c.c Examining data/xorg-server-1.20.9/hw/xfree86/i2c/xf86i2c.h Examining data/xorg-server-1.20.9/hw/xfree86/drivers/modesetting/driver.c Examining data/xorg-server-1.20.9/hw/xfree86/drivers/modesetting/dumb_bo.h Examining data/xorg-server-1.20.9/hw/xfree86/drivers/modesetting/vblank.c Examining data/xorg-server-1.20.9/hw/xfree86/drivers/modesetting/dri2.c Examining data/xorg-server-1.20.9/hw/xfree86/drivers/modesetting/driver.h Examining data/xorg-server-1.20.9/hw/xfree86/drivers/modesetting/drmmode_display.c Examining data/xorg-server-1.20.9/hw/xfree86/drivers/modesetting/present.c Examining data/xorg-server-1.20.9/hw/xfree86/drivers/modesetting/dumb_bo.c Examining data/xorg-server-1.20.9/hw/xfree86/drivers/modesetting/drmmode_display.h Examining data/xorg-server-1.20.9/hw/xfree86/drivers/modesetting/pageflip.c Examining data/xorg-server-1.20.9/hw/xfree86/ddc/edid.h Examining data/xorg-server-1.20.9/hw/xfree86/ddc/xf86DDC.h Examining data/xorg-server-1.20.9/hw/xfree86/ddc/ddc.c Examining data/xorg-server-1.20.9/hw/xfree86/ddc/ddcProperty.c Examining data/xorg-server-1.20.9/hw/xfree86/ddc/print_edid.c Examining data/xorg-server-1.20.9/hw/xfree86/ddc/interpret_edid.c Examining data/xorg-server-1.20.9/hw/xfree86/vgahw/vgaHW.c Examining data/xorg-server-1.20.9/hw/xfree86/vgahw/vgaHW.h Examining data/xorg-server-1.20.9/hw/xfree86/vgahw/vgaHWmodule.c Examining data/xorg-server-1.20.9/hw/xfree86/dri2/pci_ids/r300_pci_ids.h Examining data/xorg-server-1.20.9/hw/xfree86/dri2/pci_ids/i965_pci_ids.h Examining data/xorg-server-1.20.9/hw/xfree86/dri2/pci_ids/radeon_pci_ids.h Examining data/xorg-server-1.20.9/hw/xfree86/dri2/pci_ids/i915_pci_ids.h Examining data/xorg-server-1.20.9/hw/xfree86/dri2/pci_ids/radeonsi_pci_ids.h Examining data/xorg-server-1.20.9/hw/xfree86/dri2/pci_ids/r600_pci_ids.h Examining data/xorg-server-1.20.9/hw/xfree86/dri2/pci_ids/vmwgfx_pci_ids.h Examining data/xorg-server-1.20.9/hw/xfree86/dri2/pci_ids/virtio_gpu_pci_ids.h Examining data/xorg-server-1.20.9/hw/xfree86/dri2/pci_ids/i810_pci_ids.h Examining data/xorg-server-1.20.9/hw/xfree86/dri2/pci_ids/r200_pci_ids.h Examining data/xorg-server-1.20.9/hw/xfree86/dri2/pci_ids/pci_id_driver_map.h Examining data/xorg-server-1.20.9/hw/xfree86/dri2/dri2.h Examining data/xorg-server-1.20.9/hw/xfree86/dri2/dri2.c Examining data/xorg-server-1.20.9/hw/xfree86/dri2/dri2ext.c Examining data/xorg-server-1.20.9/hw/xfree86/dri2/dri2int.h Examining data/xorg-server-1.20.9/hw/xfree86/dri/dri.c Examining data/xorg-server-1.20.9/hw/xfree86/dri/dri.h Examining data/xorg-server-1.20.9/hw/xfree86/dri/xf86dri.c Examining data/xorg-server-1.20.9/hw/xfree86/dri/dristruct.h Examining data/xorg-server-1.20.9/hw/xfree86/dri/sarea.h Examining data/xorg-server-1.20.9/hw/xfree86/exa/examodule.c Examining data/xorg-server-1.20.9/hw/xfree86/ramdac/TI.c Examining data/xorg-server-1.20.9/hw/xfree86/ramdac/xf86RamDacCmap.c Examining data/xorg-server-1.20.9/hw/xfree86/ramdac/IBM.h Examining data/xorg-server-1.20.9/hw/xfree86/ramdac/BT.c Examining data/xorg-server-1.20.9/hw/xfree86/ramdac/xf86Cursor.h Examining data/xorg-server-1.20.9/hw/xfree86/ramdac/xf86HWCurs.c Examining data/xorg-server-1.20.9/hw/xfree86/ramdac/BT.h Examining data/xorg-server-1.20.9/hw/xfree86/ramdac/TI.h Examining data/xorg-server-1.20.9/hw/xfree86/ramdac/IBM.c Examining data/xorg-server-1.20.9/hw/xfree86/ramdac/xf86RamDac.c Examining data/xorg-server-1.20.9/hw/xfree86/ramdac/xf86CursorRD.c Examining data/xorg-server-1.20.9/hw/xfree86/ramdac/TIPriv.h Examining data/xorg-server-1.20.9/hw/xfree86/ramdac/xf86CursorPriv.h Examining data/xorg-server-1.20.9/hw/xfree86/ramdac/BTPriv.h Examining data/xorg-server-1.20.9/hw/xfree86/ramdac/xf86RamDacPriv.h Examining data/xorg-server-1.20.9/hw/xfree86/ramdac/IBMPriv.h Examining data/xorg-server-1.20.9/hw/xfree86/ramdac/xf86RamDac.h Examining data/xorg-server-1.20.9/hw/xfree86/loader/loader.h Examining data/xorg-server-1.20.9/hw/xfree86/loader/loader.c Examining data/xorg-server-1.20.9/hw/xfree86/loader/loadmod.c Examining data/xorg-server-1.20.9/hw/xfree86/loader/loaderProcs.h Examining data/xorg-server-1.20.9/hw/xfree86/loader/symbol-test.c Examining data/xorg-server-1.20.9/hw/xfree86/int10/x86emu.c Examining data/xorg-server-1.20.9/hw/xfree86/int10/generic.c Examining data/xorg-server-1.20.9/hw/xfree86/int10/stub.c Examining data/xorg-server-1.20.9/hw/xfree86/int10/xf86x86emu.c Examining data/xorg-server-1.20.9/hw/xfree86/int10/xf86int10.h Examining data/xorg-server-1.20.9/hw/xfree86/int10/xf86int10.c Examining data/xorg-server-1.20.9/hw/xfree86/int10/helper_exec.c Examining data/xorg-server-1.20.9/hw/xfree86/int10/xf86int10module.c Examining data/xorg-server-1.20.9/hw/xfree86/int10/xf86x86emu.h Examining data/xorg-server-1.20.9/hw/xfree86/int10/helper_mem.c Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86VGAarbiter.c Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86VGAarbiter.h Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86VGAarbiterPriv.h Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86Xinput.c Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86xv.c Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86Config.c Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86pciBus.c Examining data/xorg-server-1.20.9/hw/xfree86/common/dgaproc.h Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86cmap.c Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86Init.c Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86RandR.c Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86Mode.c Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86Optionstr.h Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86Option.c Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86Xinput.h Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86.h Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86str.h Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86DPMS.c Examining data/xorg-server-1.20.9/hw/xfree86/common/xaarop.h Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86cmap.h Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86MatchDrivers.h Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86Globals.c Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86Bus.h Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86sbusBus.h Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86Config.h Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86platformBus.c Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86noBus.c Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86Extensions.c Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86Opt.h Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86xvmc.c Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86Extensions.h Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86xvmc.h Examining data/xorg-server-1.20.9/hw/xfree86/common/xorgVersion.h Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86VidMode.c Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86AutoConfig.c Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86Bus.c Examining data/xorg-server-1.20.9/hw/xfree86/common/compiler.h Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86Configure.c Examining data/xorg-server-1.20.9/hw/xfree86/common/xorgHelper.c Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86InPriv.h Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86Privstr.h Examining data/xorg-server-1.20.9/hw/xfree86/common/fourcc.h Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86platformBus.h Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86xvpriv.h Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86DGA.c Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86sbusBus.c Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86Cursor.c Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86Module.h Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86Events.c Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86xv.h Examining data/xorg-server-1.20.9/hw/xfree86/common/xisb.c Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86fbman.h Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86pciBus.h Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86PciInfo.h Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86fbBus.c Examining data/xorg-server-1.20.9/hw/xfree86/common/xisb.h Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86fbman.c Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86PM.c Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86Helper.c Examining data/xorg-server-1.20.9/hw/xfree86/common/xf86Priv.h Examining data/xorg-server-1.20.9/hw/xfree86/glamor_egl/glamor_xf86_xv.c Examining data/xorg-server-1.20.9/hw/xfree86/xorg-wrapper.c Examining data/xorg-server-1.20.9/hw/xfree86/fbdevhw/fbdevhwstub.c Examining data/xorg-server-1.20.9/hw/xfree86/fbdevhw/fbpriv.h Examining data/xorg-server-1.20.9/hw/xfree86/fbdevhw/fbdevhw.c Examining data/xorg-server-1.20.9/hw/xfree86/fbdevhw/fbdevhw.h Examining data/xorg-server-1.20.9/hw/xfree86/modes/xf86RandR12.h Examining data/xorg-server-1.20.9/hw/xfree86/modes/xf86Rotate.c Examining data/xorg-server-1.20.9/hw/xfree86/modes/xf86RandR12.c Examining data/xorg-server-1.20.9/hw/xfree86/modes/xf86cvt.c Examining data/xorg-server-1.20.9/hw/xfree86/modes/xf86EdidModes.c Examining data/xorg-server-1.20.9/hw/xfree86/modes/xf86Crtc.c Examining data/xorg-server-1.20.9/hw/xfree86/modes/xf86Modes.h Examining data/xorg-server-1.20.9/hw/xfree86/modes/xf86Cursors.c Examining data/xorg-server-1.20.9/hw/xfree86/modes/xf86Modes.c Examining data/xorg-server-1.20.9/hw/xfree86/modes/xf86DiDGA.c Examining data/xorg-server-1.20.9/hw/xfree86/modes/xf86Crtc.h Examining data/xorg-server-1.20.9/hw/xfree86/modes/xf86gtf.c Examining data/xorg-server-1.20.9/hw/xfree86/vbe/vbe_module.c Examining data/xorg-server-1.20.9/hw/xfree86/vbe/vbe.c Examining data/xorg-server-1.20.9/hw/xfree86/vbe/vbeModes.h Examining data/xorg-server-1.20.9/hw/xfree86/vbe/vbeModes.c Examining data/xorg-server-1.20.9/hw/xfree86/vbe/vbe.h Examining data/xorg-server-1.20.9/hw/xfree86/x86emu/decode.c Examining data/xorg-server-1.20.9/hw/xfree86/x86emu/prim_ops.c Examining data/xorg-server-1.20.9/hw/xfree86/x86emu/ops2.c Examining data/xorg-server-1.20.9/hw/xfree86/x86emu/debug.c Examining data/xorg-server-1.20.9/hw/xfree86/x86emu/sys.c Examining data/xorg-server-1.20.9/hw/xfree86/x86emu/x86emu.h Examining data/xorg-server-1.20.9/hw/xfree86/x86emu/fpu.c Examining data/xorg-server-1.20.9/hw/xfree86/x86emu/validate.c Examining data/xorg-server-1.20.9/hw/xfree86/x86emu/ops.c Examining data/xorg-server-1.20.9/hw/xfree86/x86emu/x86emu/prim_x86_gcc.h Examining data/xorg-server-1.20.9/hw/xfree86/x86emu/x86emu/decode.h Examining data/xorg-server-1.20.9/hw/xfree86/x86emu/x86emu/regs.h Examining data/xorg-server-1.20.9/hw/xfree86/x86emu/x86emu/prim_ops.h Examining data/xorg-server-1.20.9/hw/xfree86/x86emu/x86emu/types.h Examining data/xorg-server-1.20.9/hw/xfree86/x86emu/x86emu/fpu.h Examining data/xorg-server-1.20.9/hw/xfree86/x86emu/x86emu/prim_asm.h Examining data/xorg-server-1.20.9/hw/xfree86/x86emu/x86emu/x86emui.h Examining data/xorg-server-1.20.9/hw/xfree86/x86emu/x86emu/fpu_regs.h Examining data/xorg-server-1.20.9/hw/xfree86/x86emu/x86emu/ops.h Examining data/xorg-server-1.20.9/hw/xfree86/x86emu/x86emu/debug.h Examining data/xorg-server-1.20.9/hw/xwayland/xwayland-cursor.c Examining data/xorg-server-1.20.9/hw/xwayland/xwayland-glamor-xv.c Examining data/xorg-server-1.20.9/hw/xwayland/xwayland-vidmode.c Examining data/xorg-server-1.20.9/hw/xwayland/xwayland-shm.c Examining data/xorg-server-1.20.9/hw/xwayland/xwayland.c Examining data/xorg-server-1.20.9/hw/xwayland/xwayland-glamor-gbm.c Examining data/xorg-server-1.20.9/hw/xwayland/xwayland-present.c Examining data/xorg-server-1.20.9/hw/xwayland/xwayland-output.c Examining data/xorg-server-1.20.9/hw/xwayland/xwayland-glamor.c Examining data/xorg-server-1.20.9/hw/xwayland/xwayland.h Examining data/xorg-server-1.20.9/hw/xwayland/xwayland-cvt.c Examining data/xorg-server-1.20.9/hw/xwayland/xwayland-glamor-eglstream.c Examining data/xorg-server-1.20.9/hw/xwayland/xwayland-input.c Examining data/xorg-server-1.20.9/hw/xnest/Pixmap.c Examining data/xorg-server-1.20.9/hw/xnest/Handlers.h Examining data/xorg-server-1.20.9/hw/xnest/Args.h Examining data/xorg-server-1.20.9/hw/xnest/Pointer.c Examining data/xorg-server-1.20.9/hw/xnest/Args.c Examining data/xorg-server-1.20.9/hw/xnest/Window.c Examining data/xorg-server-1.20.9/hw/xnest/GCOps.h Examining data/xorg-server-1.20.9/hw/xnest/Events.h Examining data/xorg-server-1.20.9/hw/xnest/XNCursor.h Examining data/xorg-server-1.20.9/hw/xnest/Visual.c Examining data/xorg-server-1.20.9/hw/xnest/GCOps.c Examining data/xorg-server-1.20.9/hw/xnest/Init.h Examining data/xorg-server-1.20.9/hw/xnest/Display.h Examining data/xorg-server-1.20.9/hw/xnest/Color.h Examining data/xorg-server-1.20.9/hw/xnest/XNGC.h Examining data/xorg-server-1.20.9/hw/xnest/Keyboard.h Examining data/xorg-server-1.20.9/hw/xnest/Keyboard.c Examining data/xorg-server-1.20.9/hw/xnest/GC.c Examining data/xorg-server-1.20.9/hw/xnest/Xnest.h Examining data/xorg-server-1.20.9/hw/xnest/Events.c Examining data/xorg-server-1.20.9/hw/xnest/Handlers.c Examining data/xorg-server-1.20.9/hw/xnest/Pointer.h Examining data/xorg-server-1.20.9/hw/xnest/Font.c Examining data/xorg-server-1.20.9/hw/xnest/Display.c Examining data/xorg-server-1.20.9/hw/xnest/Color.c Examining data/xorg-server-1.20.9/hw/xnest/Drawable.h Examining data/xorg-server-1.20.9/hw/xnest/Cursor.c Examining data/xorg-server-1.20.9/hw/xnest/Init.c Examining data/xorg-server-1.20.9/hw/xnest/Visual.h Examining data/xorg-server-1.20.9/hw/xnest/Screen.h Examining data/xorg-server-1.20.9/hw/xnest/Screen.c Examining data/xorg-server-1.20.9/hw/xnest/xnest-config.h Examining data/xorg-server-1.20.9/hw/xnest/XNWindow.h Examining data/xorg-server-1.20.9/hw/xnest/XNFont.h Examining data/xorg-server-1.20.9/hw/xnest/XNPixmap.h Examining data/xorg-server-1.20.9/hw/xquartz/darwin.h Examining data/xorg-server-1.20.9/hw/xquartz/console_redirect.h Examining data/xorg-server-1.20.9/hw/xquartz/darwinXinput.c Examining data/xorg-server-1.20.9/hw/xquartz/keysym2ucs.h Examining data/xorg-server-1.20.9/hw/xquartz/quartzRandR.h Examining data/xorg-server-1.20.9/hw/xquartz/quartz.h Examining data/xorg-server-1.20.9/hw/xquartz/sanitizedCocoa.h Examining data/xorg-server-1.20.9/hw/xquartz/bundle/Info.plist.cpp Examining data/xorg-server-1.20.9/hw/xquartz/quartzKeyboard.c Examining data/xorg-server-1.20.9/hw/xquartz/quartzRandR.c Examining data/xorg-server-1.20.9/hw/xquartz/keysym2ucs.c Examining data/xorg-server-1.20.9/hw/xquartz/xpr/dri.c Examining data/xorg-server-1.20.9/hw/xquartz/xpr/x-hook.h Examining data/xorg-server-1.20.9/hw/xquartz/xpr/driWrap.c Examining data/xorg-server-1.20.9/hw/xquartz/xpr/x-list.c Examining data/xorg-server-1.20.9/hw/xquartz/xpr/xprEvent.c Examining data/xorg-server-1.20.9/hw/xquartz/xpr/xprEvent.h Examining data/xorg-server-1.20.9/hw/xquartz/xpr/xprAppleWM.c Examining data/xorg-server-1.20.9/hw/xquartz/xpr/x-hash.c Examining data/xorg-server-1.20.9/hw/xquartz/xpr/xprFrame.c Examining data/xorg-server-1.20.9/hw/xquartz/xpr/x-hash.h Examining data/xorg-server-1.20.9/hw/xquartz/xpr/appledri.h Examining data/xorg-server-1.20.9/hw/xquartz/xpr/dri.h Examining data/xorg-server-1.20.9/hw/xquartz/xpr/driWrap.h Examining data/xorg-server-1.20.9/hw/xquartz/xpr/xpr.h Examining data/xorg-server-1.20.9/hw/xquartz/xpr/appledri.c Examining data/xorg-server-1.20.9/hw/xquartz/xpr/dristruct.h Examining data/xorg-server-1.20.9/hw/xquartz/xpr/x-hook.c Examining data/xorg-server-1.20.9/hw/xquartz/xpr/appledristr.h Examining data/xorg-server-1.20.9/hw/xquartz/xpr/x-list.h Examining data/xorg-server-1.20.9/hw/xquartz/xpr/xprCursor.c Examining data/xorg-server-1.20.9/hw/xquartz/xpr/xprScreen.c Examining data/xorg-server-1.20.9/hw/xquartz/darwinEvents.h Examining data/xorg-server-1.20.9/hw/xquartz/pbproxy/trick_autotools.c Examining data/xorg-server-1.20.9/hw/xquartz/pbproxy/x-selection.h Examining data/xorg-server-1.20.9/hw/xquartz/pbproxy/pbproxy.h Examining data/xorg-server-1.20.9/hw/xquartz/darwinEvents.c Examining data/xorg-server-1.20.9/hw/xquartz/darwinfb.h Examining data/xorg-server-1.20.9/hw/xquartz/quartzKeyboard.h Examining data/xorg-server-1.20.9/hw/xquartz/quartzCommon.h Examining data/xorg-server-1.20.9/hw/xquartz/mach-startup/launchd_fd.h Examining data/xorg-server-1.20.9/hw/xquartz/mach-startup/stub.c Examining data/xorg-server-1.20.9/hw/xquartz/mach-startup/launchd_fd.c Examining data/xorg-server-1.20.9/hw/xquartz/mach-startup/mach_startup_types.h Examining data/xorg-server-1.20.9/hw/xquartz/mach-startup/bundle-main.c Examining data/xorg-server-1.20.9/hw/xquartz/quartz.c Examining data/xorg-server-1.20.9/hw/xquartz/X11Controller.h Examining data/xorg-server-1.20.9/hw/xquartz/applewm.c Examining data/xorg-server-1.20.9/hw/xquartz/sanitizedCarbon.h Examining data/xorg-server-1.20.9/hw/xquartz/GL/capabilities.h Examining data/xorg-server-1.20.9/hw/xquartz/GL/capabilities.c Examining data/xorg-server-1.20.9/hw/xquartz/GL/indirect.c Examining data/xorg-server-1.20.9/hw/xquartz/GL/visualConfigs.c Examining data/xorg-server-1.20.9/hw/xquartz/GL/visualConfigs.h Examining data/xorg-server-1.20.9/hw/xquartz/GL/glcontextmodes.c Examining data/xorg-server-1.20.9/hw/xquartz/GL/glcontextmodes.h Examining data/xorg-server-1.20.9/hw/xquartz/console_redirect.c Examining data/xorg-server-1.20.9/hw/xquartz/quartzStartup.c Examining data/xorg-server-1.20.9/hw/xquartz/darwin.c Examining data/xorg-server-1.20.9/hw/xquartz/X11Application.h Examining data/xorg-server-1.20.9/hw/xquartz/applewmExt.h Examining data/xorg-server-1.20.9/hw/dmx/dmxcmap.h Examining data/xorg-server-1.20.9/hw/dmx/dmxvisual.c Examining data/xorg-server-1.20.9/hw/dmx/dmxextension.h Examining data/xorg-server-1.20.9/hw/dmx/dmxcursor.h Examining data/xorg-server-1.20.9/hw/dmx/dmxscrinit.h Examining data/xorg-server-1.20.9/hw/dmx/input/dmxconsole.h Examining data/xorg-server-1.20.9/hw/dmx/input/dmxcommon.c Examining data/xorg-server-1.20.9/hw/dmx/input/usb-common.c Examining data/xorg-server-1.20.9/hw/dmx/input/dmxxinput.c Examining data/xorg-server-1.20.9/hw/dmx/input/dmxarg.h Examining data/xorg-server-1.20.9/hw/dmx/input/dmxinputinit.h Examining data/xorg-server-1.20.9/hw/dmx/input/ChkNotMaskEv.h Examining data/xorg-server-1.20.9/hw/dmx/input/dmxmotion.h Examining data/xorg-server-1.20.9/hw/dmx/input/dmxdummy.h Examining data/xorg-server-1.20.9/hw/dmx/input/dmxarg.c Examining data/xorg-server-1.20.9/hw/dmx/input/usb-mouse.c Examining data/xorg-server-1.20.9/hw/dmx/input/ChkNotMaskEv.c Examining data/xorg-server-1.20.9/hw/dmx/input/dmxevents.h Examining data/xorg-server-1.20.9/hw/dmx/input/usb-other.c Examining data/xorg-server-1.20.9/hw/dmx/input/dmxdummy.c Examining data/xorg-server-1.20.9/hw/dmx/input/dmxdetach.c Examining data/xorg-server-1.20.9/hw/dmx/input/usb-other.h Examining data/xorg-server-1.20.9/hw/dmx/input/usb-keyboard.h Examining data/xorg-server-1.20.9/hw/dmx/input/usb-keyboard.c Examining data/xorg-server-1.20.9/hw/dmx/input/dmxbackend.h Examining data/xorg-server-1.20.9/hw/dmx/input/dmxcommon.h Examining data/xorg-server-1.20.9/hw/dmx/input/dmxevents.c Examining data/xorg-server-1.20.9/hw/dmx/input/dmxmotion.c Examining data/xorg-server-1.20.9/hw/dmx/input/usb-common.h Examining data/xorg-server-1.20.9/hw/dmx/input/dmxbackend.c Examining data/xorg-server-1.20.9/hw/dmx/input/atKeynames.h Examining data/xorg-server-1.20.9/hw/dmx/input/dmxmap.h Examining data/xorg-server-1.20.9/hw/dmx/input/dmxconsole.c Examining data/xorg-server-1.20.9/hw/dmx/input/usb-mouse.h Examining data/xorg-server-1.20.9/hw/dmx/input/usb-private.h Examining data/xorg-server-1.20.9/hw/dmx/input/dmxmap.c Examining data/xorg-server-1.20.9/hw/dmx/input/dmxinputinit.c Examining data/xorg-server-1.20.9/hw/dmx/dmx_glxvisuals.h Examining data/xorg-server-1.20.9/hw/dmx/dmxprop.c Examining data/xorg-server-1.20.9/hw/dmx/dmxcb.c Examining data/xorg-server-1.20.9/hw/dmx/dmxgcops.c Examining data/xorg-server-1.20.9/hw/dmx/dmxstat.c Examining data/xorg-server-1.20.9/hw/dmx/dmxinput.c Examining data/xorg-server-1.20.9/hw/dmx/dmxsync.c Examining data/xorg-server-1.20.9/hw/dmx/dmxcmap.c Examining data/xorg-server-1.20.9/hw/dmx/dmxscrinit.c Examining data/xorg-server-1.20.9/hw/dmx/dmxdpms.c Examining data/xorg-server-1.20.9/hw/dmx/dmxfont.c Examining data/xorg-server-1.20.9/hw/dmx/dmxsync.h Examining data/xorg-server-1.20.9/hw/dmx/dmxgc.h Examining data/xorg-server-1.20.9/hw/dmx/dmxclient.h Examining data/xorg-server-1.20.9/hw/dmx/dmxfont.h Examining data/xorg-server-1.20.9/hw/dmx/dmxdpms.h Examining data/xorg-server-1.20.9/hw/dmx/dmxpict.c Examining data/xorg-server-1.20.9/hw/dmx/dmxpict.h Examining data/xorg-server-1.20.9/hw/dmx/glxProxy/glxswap.h Examining data/xorg-server-1.20.9/hw/dmx/glxProxy/compsize.c Examining data/xorg-server-1.20.9/hw/dmx/glxProxy/glxext.c Examining data/xorg-server-1.20.9/hw/dmx/glxProxy/glxcmds.h Examining data/xorg-server-1.20.9/hw/dmx/glxProxy/glxswap.c Examining data/xorg-server-1.20.9/hw/dmx/glxProxy/glxvendor.h Examining data/xorg-server-1.20.9/hw/dmx/glxProxy/render2swap.c Examining data/xorg-server-1.20.9/hw/dmx/glxProxy/glxvisuals.h Examining data/xorg-server-1.20.9/hw/dmx/glxProxy/glxvendor.c Examining data/xorg-server-1.20.9/hw/dmx/glxProxy/glxerror.h Examining data/xorg-server-1.20.9/hw/dmx/glxProxy/glxvisuals.c Examining data/xorg-server-1.20.9/hw/dmx/glxProxy/g_renderswap.c Examining data/xorg-server-1.20.9/hw/dmx/glxProxy/glxserver.h Examining data/xorg-server-1.20.9/hw/dmx/glxProxy/glxfbconfig.c Examining data/xorg-server-1.20.9/hw/dmx/glxProxy/glxscreens.h Examining data/xorg-server-1.20.9/hw/dmx/glxProxy/renderpixswap.c Examining data/xorg-server-1.20.9/hw/dmx/glxProxy/global.c Examining data/xorg-server-1.20.9/hw/dmx/glxProxy/glxext.h Examining data/xorg-server-1.20.9/hw/dmx/glxProxy/glxcmds.c Examining data/xorg-server-1.20.9/hw/dmx/glxProxy/glxsingle.h Examining data/xorg-server-1.20.9/hw/dmx/glxProxy/g_disptab.c Examining data/xorg-server-1.20.9/hw/dmx/glxProxy/glxdrawable.h Examining data/xorg-server-1.20.9/hw/dmx/glxProxy/glxcmdsswap.c Examining data/xorg-server-1.20.9/hw/dmx/glxProxy/glxscreens.c Examining data/xorg-server-1.20.9/hw/dmx/glxProxy/g_disptab.h Examining data/xorg-server-1.20.9/hw/dmx/glxProxy/glxfbconfig.h Examining data/xorg-server-1.20.9/hw/dmx/glxProxy/glxutil.h Examining data/xorg-server-1.20.9/hw/dmx/glxProxy/compsize.h Examining data/xorg-server-1.20.9/hw/dmx/glxProxy/glxcontext.h Examining data/xorg-server-1.20.9/hw/dmx/glxProxy/glxsingle.c Examining data/xorg-server-1.20.9/hw/dmx/glxProxy/unpack.h Examining data/xorg-server-1.20.9/hw/dmx/dmxwindow.c Examining data/xorg-server-1.20.9/hw/dmx/dmxlog.c Examining data/xorg-server-1.20.9/hw/dmx/dmxinit.c Examining data/xorg-server-1.20.9/hw/dmx/dmxinit.h Examining data/xorg-server-1.20.9/hw/dmx/dmxcb.h Examining data/xorg-server-1.20.9/hw/dmx/dmx.h Examining data/xorg-server-1.20.9/hw/dmx/examples/dmxinfo.c Examining data/xorg-server-1.20.9/hw/dmx/examples/evi.c Examining data/xorg-server-1.20.9/hw/dmx/examples/dmxreconfig.c Examining data/xorg-server-1.20.9/hw/dmx/examples/dmxrminput.c Examining data/xorg-server-1.20.9/hw/dmx/examples/dmxwininfo.c Examining data/xorg-server-1.20.9/hw/dmx/examples/dmxrmscreen.c Examining data/xorg-server-1.20.9/hw/dmx/examples/xinput.c Examining data/xorg-server-1.20.9/hw/dmx/examples/res.c Examining data/xorg-server-1.20.9/hw/dmx/examples/dmxaddscreen.c Examining data/xorg-server-1.20.9/hw/dmx/examples/xtest.c Examining data/xorg-server-1.20.9/hw/dmx/examples/xbell.c Examining data/xorg-server-1.20.9/hw/dmx/examples/xled.c Examining data/xorg-server-1.20.9/hw/dmx/examples/ev.c Examining data/xorg-server-1.20.9/hw/dmx/examples/dmxaddinput.c Examining data/xorg-server-1.20.9/hw/dmx/examples/dmxresize.c Examining data/xorg-server-1.20.9/hw/dmx/dmx-config.h Examining data/xorg-server-1.20.9/hw/dmx/dmxgc.c Examining data/xorg-server-1.20.9/hw/dmx/dmxcursor.c Examining data/xorg-server-1.20.9/hw/dmx/dmxgcops.h Examining data/xorg-server-1.20.9/hw/dmx/dmxwindow.h Examining data/xorg-server-1.20.9/hw/dmx/dmxprop.h Examining data/xorg-server-1.20.9/hw/dmx/dmx_glxvisuals.c Examining data/xorg-server-1.20.9/hw/dmx/dmxlog.h Examining data/xorg-server-1.20.9/hw/dmx/dmxextension.c Examining data/xorg-server-1.20.9/hw/dmx/dmxpixmap.h Examining data/xorg-server-1.20.9/hw/dmx/dmxvisual.h Examining data/xorg-server-1.20.9/hw/dmx/dmx.c Examining data/xorg-server-1.20.9/hw/dmx/dmxinput.h Examining data/xorg-server-1.20.9/hw/dmx/dmxpixmap.c Examining data/xorg-server-1.20.9/hw/dmx/dmxstat.h Examining data/xorg-server-1.20.9/hw/dmx/config/scanner.c Examining data/xorg-server-1.20.9/hw/dmx/config/dmxcompat.c Examining data/xorg-server-1.20.9/hw/dmx/config/dmxparse.c Examining data/xorg-server-1.20.9/hw/dmx/config/dmxprint.h Examining data/xorg-server-1.20.9/hw/dmx/config/Canvas.h Examining data/xorg-server-1.20.9/hw/dmx/config/dmxconfig.h Examining data/xorg-server-1.20.9/hw/dmx/config/Canvas.c Examining data/xorg-server-1.20.9/hw/dmx/config/xdmxconfig.c Examining data/xorg-server-1.20.9/hw/dmx/config/vdltodmx.c Examining data/xorg-server-1.20.9/hw/dmx/config/dmxconfig.c Examining data/xorg-server-1.20.9/hw/dmx/config/parser.c Examining data/xorg-server-1.20.9/hw/dmx/config/CanvasP.h Examining data/xorg-server-1.20.9/hw/dmx/config/dmxparse.h Examining data/xorg-server-1.20.9/hw/dmx/config/dmxtodmx.c Examining data/xorg-server-1.20.9/hw/dmx/config/dmxprint.c Examining data/xorg-server-1.20.9/hw/dmx/config/dmxcompat.h Examining data/xorg-server-1.20.9/hw/dmx/config/parser.h Examining data/xorg-server-1.20.9/hw/vfb/InitInput.c Examining data/xorg-server-1.20.9/hw/vfb/InitOutput.c Examining data/xorg-server-1.20.9/hw/kdrive/src/kcmap.c Examining data/xorg-server-1.20.9/hw/kdrive/src/kinfo.c Examining data/xorg-server-1.20.9/hw/kdrive/src/kxv.h Examining data/xorg-server-1.20.9/hw/kdrive/src/kshadow.c Examining data/xorg-server-1.20.9/hw/kdrive/src/kxv.c Examining data/xorg-server-1.20.9/hw/kdrive/src/kdrive.c Examining data/xorg-server-1.20.9/hw/kdrive/src/fourcc.h Examining data/xorg-server-1.20.9/hw/kdrive/src/kinput.c Examining data/xorg-server-1.20.9/hw/kdrive/src/kdrive.h Examining data/xorg-server-1.20.9/hw/kdrive/ephyr/ephyr_draw.c Examining data/xorg-server-1.20.9/hw/kdrive/ephyr/ephyrcursor.c Examining data/xorg-server-1.20.9/hw/kdrive/ephyr/hostx.h Examining data/xorg-server-1.20.9/hw/kdrive/ephyr/ephyr_glamor_glx.c Examining data/xorg-server-1.20.9/hw/kdrive/ephyr/ephyrlog.h Examining data/xorg-server-1.20.9/hw/kdrive/ephyr/ephyr_glamor_xv.c Examining data/xorg-server-1.20.9/hw/kdrive/ephyr/hostx.c Examining data/xorg-server-1.20.9/hw/kdrive/ephyr/ephyr.c Examining data/xorg-server-1.20.9/hw/kdrive/ephyr/ephyr_glamor_glx.h Examining data/xorg-server-1.20.9/hw/kdrive/ephyr/ephyrinit.c Examining data/xorg-server-1.20.9/hw/kdrive/ephyr/ephyrvideo.c Examining data/xorg-server-1.20.9/hw/kdrive/ephyr/ephyr.h Examining data/xorg-server-1.20.9/hw/xwin/winwin32rootlesswndproc.c Examining data/xorg-server-1.20.9/hw/xwin/winmisc.c Examining data/xorg-server-1.20.9/hw/xwin/winwindow.h Examining data/xorg-server-1.20.9/hw/xwin/ddraw.h Examining data/xorg-server-1.20.9/hw/xwin/winmouse.c Examining data/xorg-server-1.20.9/hw/xwin/wincursor.c Examining data/xorg-server-1.20.9/hw/xwin/winkeynames.h Examining data/xorg-server-1.20.9/hw/xwin/winauth.c Examining data/xorg-server-1.20.9/hw/xwin/winmultiwindowclass.c Examining data/xorg-server-1.20.9/hw/xwin/wintrayicon.c Examining data/xorg-server-1.20.9/hw/xwin/windisplay.c Examining data/xorg-server-1.20.9/hw/xwin/winlayouts.h Examining data/xorg-server-1.20.9/hw/xwin/winconfig.h Examining data/xorg-server-1.20.9/hw/xwin/winallpriv.c Examining data/xorg-server-1.20.9/hw/xwin/winwin32rootlesswindow.c Examining data/xorg-server-1.20.9/hw/xwin/winmultiwindowshape.c Examining data/xorg-server-1.20.9/hw/xwin/wincreatewnd.c Examining data/xorg-server-1.20.9/hw/xwin/winshadgdi.c Examining data/xorg-server-1.20.9/hw/xwin/winglobals.c Examining data/xorg-server-1.20.9/hw/xwin/InitInput.c Examining data/xorg-server-1.20.9/hw/xwin/winmultiwindowicons.h Examining data/xorg-server-1.20.9/hw/xwin/winmultiwindowicons.c Examining data/xorg-server-1.20.9/hw/xwin/win.h Examining data/xorg-server-1.20.9/hw/xwin/winwin32rootless.c Examining data/xorg-server-1.20.9/hw/xwin/winshadddnl.c Examining data/xorg-server-1.20.9/hw/xwin/winSetAppUserModelID.c Examining data/xorg-server-1.20.9/hw/xwin/winresource.h Examining data/xorg-server-1.20.9/hw/xwin/winos.c Examining data/xorg-server-1.20.9/hw/xwin/winkeyhook.c Examining data/xorg-server-1.20.9/hw/xwin/winmultiwindowwndproc.c Examining data/xorg-server-1.20.9/hw/xwin/windisplay.h Examining data/xorg-server-1.20.9/hw/xwin/winglobals.h Examining data/xorg-server-1.20.9/hw/xwin/winwndproc.c Examining data/xorg-server-1.20.9/hw/xwin/winprefsyacc.c Examining data/xorg-server-1.20.9/hw/xwin/wincmap.c Examining data/xorg-server-1.20.9/hw/xwin/glx/glwindows.h Examining data/xorg-server-1.20.9/hw/xwin/glx/glthunk.c Examining data/xorg-server-1.20.9/hw/xwin/glx/dri_helpers.c Examining data/xorg-server-1.20.9/hw/xwin/glx/dri_helpers.h Examining data/xorg-server-1.20.9/hw/xwin/glx/wgl_ext_api.c Examining data/xorg-server-1.20.9/hw/xwin/glx/wgl_ext_api.h Examining data/xorg-server-1.20.9/hw/xwin/glx/indirect.h Examining data/xorg-server-1.20.9/hw/xwin/glx/indirect.c Examining data/xorg-server-1.20.9/hw/xwin/glx/winpriv.c Examining data/xorg-server-1.20.9/hw/xwin/glx/glshim.c Examining data/xorg-server-1.20.9/hw/xwin/glx/winpriv.h Examining data/xorg-server-1.20.9/hw/xwin/windialogs.c Examining data/xorg-server-1.20.9/hw/xwin/dri/windowsdri.h Examining data/xorg-server-1.20.9/hw/xwin/dri/windowsdri.c Examining data/xorg-server-1.20.9/hw/xwin/winkeybd.c Examining data/xorg-server-1.20.9/hw/xwin/winms.h Examining data/xorg-server-1.20.9/hw/xwin/winmultiwindowwm.c Examining data/xorg-server-1.20.9/hw/xwin/winmultiwindowclass.h Examining data/xorg-server-1.20.9/hw/xwin/winengine.c Examining data/xorg-server-1.20.9/hw/xwin/winmsg.c Examining data/xorg-server-1.20.9/hw/xwin/winprefslex.c Examining data/xorg-server-1.20.9/hw/xwin/winmonitors.h Examining data/xorg-server-1.20.9/hw/xwin/winwindow.c Examining data/xorg-server-1.20.9/hw/xwin/winrandr.c Examining data/xorg-server-1.20.9/hw/xwin/winclipboardwrappers.c Examining data/xorg-server-1.20.9/hw/xwin/winmultiwindowwindow.c Examining data/xorg-server-1.20.9/hw/xwin/winwindowswm.c Examining data/xorg-server-1.20.9/hw/xwin/winkeybd.h Examining data/xorg-server-1.20.9/hw/xwin/wintaskbar.c Examining data/xorg-server-1.20.9/hw/xwin/winmonitors.c Examining data/xorg-server-1.20.9/hw/xwin/winmsg.h Examining data/xorg-server-1.20.9/hw/xwin/winvalargs.c Examining data/xorg-server-1.20.9/hw/xwin/InitOutput.c Examining data/xorg-server-1.20.9/hw/xwin/winprefsyacc.h Examining data/xorg-server-1.20.9/hw/xwin/propertystore.h Examining data/xorg-server-1.20.9/hw/xwin/winprefs.c Examining data/xorg-server-1.20.9/hw/xwin/winerror.c Examining data/xorg-server-1.20.9/hw/xwin/winmsgwindow.c Examining data/xorg-server-1.20.9/hw/xwin/winwakeup.c Examining data/xorg-server-1.20.9/hw/xwin/winclipboard/textconv.c Examining data/xorg-server-1.20.9/hw/xwin/winclipboard/debug.c Examining data/xorg-server-1.20.9/hw/xwin/winclipboard/thread.c Examining data/xorg-server-1.20.9/hw/xwin/winclipboard/wndproc.c Examining data/xorg-server-1.20.9/hw/xwin/winclipboard/winclipboard.h Examining data/xorg-server-1.20.9/hw/xwin/winclipboard/xevents.c Examining data/xorg-server-1.20.9/hw/xwin/winclipboard/xwinclip.c Examining data/xorg-server-1.20.9/hw/xwin/winclipboard/internal.h Examining data/xorg-server-1.20.9/hw/xwin/winprefs.h Examining data/xorg-server-1.20.9/hw/xwin/winscrinit.c Examining data/xorg-server-1.20.9/hw/xwin/winclipboardinit.c Examining data/xorg-server-1.20.9/hw/xwin/winblock.c Examining data/xorg-server-1.20.9/hw/xwin/winconfig.c Examining data/xorg-server-1.20.9/hw/xwin/winprocarg.c Examining data/xorg-server-1.20.9/hw/xwin/winmessages.h Examining data/xorg-server-1.20.9/glx/glxdriswrast.c Examining data/xorg-server-1.20.9/glx/singlepixswap.c Examining data/xorg-server-1.20.9/glx/glxbyteorder.h Examining data/xorg-server-1.20.9/glx/renderpix.c Examining data/xorg-server-1.20.9/glx/glxext.c Examining data/xorg-server-1.20.9/glx/indirect_reqsize.c Examining data/xorg-server-1.20.9/glx/glxdri2.c Examining data/xorg-server-1.20.9/glx/vndservervendor.c Examining data/xorg-server-1.20.9/glx/glxdricommon.c Examining data/xorg-server-1.20.9/glx/render2swap.c Examining data/xorg-server-1.20.9/glx/extension_string.c Examining data/xorg-server-1.20.9/glx/vndcmds.c Examining data/xorg-server-1.20.9/glx/vnd_dispatch_stubs.c Examining data/xorg-server-1.20.9/glx/glxserver.h Examining data/xorg-server-1.20.9/glx/vndserver.h Examining data/xorg-server-1.20.9/glx/vndext.c Examining data/xorg-server-1.20.9/glx/indirect_size.h Examining data/xorg-server-1.20.9/glx/glxscreens.h Examining data/xorg-server-1.20.9/glx/rensize.c Examining data/xorg-server-1.20.9/glx/indirect_util.c Examining data/xorg-server-1.20.9/glx/indirect_dispatch.h Examining data/xorg-server-1.20.9/glx/indirect_size_get.c Examining data/xorg-server-1.20.9/glx/renderpixswap.c Examining data/xorg-server-1.20.9/glx/indirect_reqsize.h Examining data/xorg-server-1.20.9/glx/indirect_texture_compression.c Examining data/xorg-server-1.20.9/glx/clientinfo.c Examining data/xorg-server-1.20.9/glx/glxext.h Examining data/xorg-server-1.20.9/glx/vndservermapping.c Examining data/xorg-server-1.20.9/glx/createcontext.c Examining data/xorg-server-1.20.9/glx/glxcmds.c Examining data/xorg-server-1.20.9/glx/glxdrawable.h Examining data/xorg-server-1.20.9/glx/glxdricommon.h Examining data/xorg-server-1.20.9/glx/glxcmdsswap.c Examining data/xorg-server-1.20.9/glx/indirect_util.h Examining data/xorg-server-1.20.9/glx/indirect_program.c Examining data/xorg-server-1.20.9/glx/indirect_dispatch_swap.c Examining data/xorg-server-1.20.9/glx/glxscreens.c Examining data/xorg-server-1.20.9/glx/indirect_size_get.h Examining data/xorg-server-1.20.9/glx/singlepix.c Examining data/xorg-server-1.20.9/glx/singlesize.h Examining data/xorg-server-1.20.9/glx/swap_interval.c Examining data/xorg-server-1.20.9/glx/glxutil.h Examining data/xorg-server-1.20.9/glx/extension_string.h Examining data/xorg-server-1.20.9/glx/single2.c Examining data/xorg-server-1.20.9/glx/singlesize.c Examining data/xorg-server-1.20.9/glx/render2.c Examining data/xorg-server-1.20.9/glx/vndservervendor.h Examining data/xorg-server-1.20.9/glx/glxcontext.h Examining data/xorg-server-1.20.9/glx/indirect_dispatch.c Examining data/xorg-server-1.20.9/glx/indirect_table.c Examining data/xorg-server-1.20.9/glx/xfont.c Examining data/xorg-server-1.20.9/glx/unpack.h Examining data/xorg-server-1.20.9/glx/single2swap.c Examining data/xorg-server-1.20.9/glx/indirect_table.h Examining data/xorg-server-1.20.9/exa/exa.h Examining data/xorg-server-1.20.9/exa/exa_unaccel.c Examining data/xorg-server-1.20.9/exa/exa_driver.c Examining data/xorg-server-1.20.9/exa/exa.c Examining data/xorg-server-1.20.9/exa/exa_accel.c Examining data/xorg-server-1.20.9/exa/exa_classic.c Examining data/xorg-server-1.20.9/exa/exa_migration_classic.c Examining data/xorg-server-1.20.9/exa/exa_glyphs.c Examining data/xorg-server-1.20.9/exa/exa_priv.h Examining data/xorg-server-1.20.9/exa/exa_migration_mixed.c Examining data/xorg-server-1.20.9/exa/exa_offscreen.c Examining data/xorg-server-1.20.9/exa/exa_render.c Examining data/xorg-server-1.20.9/exa/exa_mixed.c Examining data/xorg-server-1.20.9/xfixes/xfixes.h Examining data/xorg-server-1.20.9/xfixes/region.c Examining data/xorg-server-1.20.9/xfixes/saveset.c Examining data/xorg-server-1.20.9/xfixes/cursor.c Examining data/xorg-server-1.20.9/xfixes/select.c Examining data/xorg-server-1.20.9/xfixes/xfixesint.h Examining data/xorg-server-1.20.9/xfixes/xfixes.c Examining data/xorg-server-1.20.9/present/present_notify.c Examining data/xorg-server-1.20.9/present/present_event.c Examining data/xorg-server-1.20.9/present/present_fence.c Examining data/xorg-server-1.20.9/present/present_fake.c Examining data/xorg-server-1.20.9/present/present_request.c Examining data/xorg-server-1.20.9/present/present_priv.h Examining data/xorg-server-1.20.9/present/present.h Examining data/xorg-server-1.20.9/present/present_vblank.c Examining data/xorg-server-1.20.9/present/present.c Examining data/xorg-server-1.20.9/present/present_wnmd.c Examining data/xorg-server-1.20.9/present/present_scmd.c Examining data/xorg-server-1.20.9/present/present_execute.c Examining data/xorg-server-1.20.9/present/presentext.h Examining data/xorg-server-1.20.9/present/present_screen.c Examining data/xorg-server-1.20.9/pseudoramiX/pseudoramiX.c Examining data/xorg-server-1.20.9/pseudoramiX/pseudoramiX.h Examining data/xorg-server-1.20.9/dri3/dri3_request.c Examining data/xorg-server-1.20.9/dri3/dri3_screen.c Examining data/xorg-server-1.20.9/dri3/dri3.c Examining data/xorg-server-1.20.9/dri3/dri3.h Examining data/xorg-server-1.20.9/dri3/dri3_priv.h Examining data/xorg-server-1.20.9/mi/mizerarc.c Examining data/xorg-server-1.20.9/mi/micoord.h Examining data/xorg-server-1.20.9/mi/miscrinit.c Examining data/xorg-server-1.20.9/mi/misprite.c Examining data/xorg-server-1.20.9/mi/mifillrct.c Examining data/xorg-server-1.20.9/mi/mipolypnt.c Examining data/xorg-server-1.20.9/mi/mizerline.c Examining data/xorg-server-1.20.9/mi/mioverlay.h Examining data/xorg-server-1.20.9/mi/mibitblt.c Examining data/xorg-server-1.20.9/mi/migc.c Examining data/xorg-server-1.20.9/mi/mipointrst.h Examining data/xorg-server-1.20.9/mi/mipolyrect.c Examining data/xorg-server-1.20.9/mi/miarc.c Examining data/xorg-server-1.20.9/mi/miscanfill.h Examining data/xorg-server-1.20.9/mi/miline.h Examining data/xorg-server-1.20.9/mi/miwindow.c Examining data/xorg-server-1.20.9/mi/mipoly.c Examining data/xorg-server-1.20.9/mi/mifillarc.c Examining data/xorg-server-1.20.9/mi/migc.h Examining data/xorg-server-1.20.9/mi/mipointer.h Examining data/xorg-server-1.20.9/mi/mifillarc.h Examining data/xorg-server-1.20.9/mi/mizerclip.c Examining data/xorg-server-1.20.9/mi/mipushpxl.c Examining data/xorg-server-1.20.9/mi/mifpoly.h Examining data/xorg-server-1.20.9/mi/miwideline.c Examining data/xorg-server-1.20.9/mi/miglblt.c Examining data/xorg-server-1.20.9/mi/micmap.h Examining data/xorg-server-1.20.9/mi/mizerarc.h Examining data/xorg-server-1.20.9/mi/miwideline.h Examining data/xorg-server-1.20.9/mi/miinitext.c Examining data/xorg-server-1.20.9/mi/midispcur.c Examining data/xorg-server-1.20.9/mi/mistruct.h Examining data/xorg-server-1.20.9/mi/micmap.c Examining data/xorg-server-1.20.9/mi/miexpose.c Examining data/xorg-server-1.20.9/mi/mieq.c Examining data/xorg-server-1.20.9/mi/mipolyseg.c Examining data/xorg-server-1.20.9/mi/mioverlay.c Examining data/xorg-server-1.20.9/mi/midash.c Examining data/xorg-server-1.20.9/mi/mivaltree.c Examining data/xorg-server-1.20.9/mi/misprite.h Examining data/xorg-server-1.20.9/mi/mi.h Examining data/xorg-server-1.20.9/mi/mipoly.h Examining data/xorg-server-1.20.9/mi/mipolytext.c Examining data/xorg-server-1.20.9/mi/mivalidate.h Examining data/xorg-server-1.20.9/mi/micopy.c Examining data/xorg-server-1.20.9/mi/mipointer.c Examining data/xorg-server-1.20.9/render/glyphstr.h Examining data/xorg-server-1.20.9/render/glyph.c Examining data/xorg-server-1.20.9/render/mipict.h Examining data/xorg-server-1.20.9/render/picture.c Examining data/xorg-server-1.20.9/render/mirect.c Examining data/xorg-server-1.20.9/render/mitri.c Examining data/xorg-server-1.20.9/render/miindex.c Examining data/xorg-server-1.20.9/render/render.c Examining data/xorg-server-1.20.9/render/mitrap.c Examining data/xorg-server-1.20.9/render/picture.h Examining data/xorg-server-1.20.9/render/animcur.c Examining data/xorg-server-1.20.9/render/mipict.c Examining data/xorg-server-1.20.9/render/matrix.c Examining data/xorg-server-1.20.9/render/filter.c Examining data/xorg-server-1.20.9/render/picturestr.h Examining data/xorg-server-1.20.9/glamor/glamor_transform.c Examining data/xorg-server-1.20.9/glamor/glamor_debug.h Examining data/xorg-server-1.20.9/glamor/glamor_lines.c Examining data/xorg-server-1.20.9/glamor/glamor_points.c Examining data/xorg-server-1.20.9/glamor/glamor.h Examining data/xorg-server-1.20.9/glamor/glamor_transfer.c Examining data/xorg-server-1.20.9/glamor/glamor_transform.h Examining data/xorg-server-1.20.9/glamor/glamor_trapezoid.c Examining data/xorg-server-1.20.9/glamor/glamor_composite_glyphs.c Examining data/xorg-server-1.20.9/glamor/glamor_egl_stubs.c Examining data/xorg-server-1.20.9/glamor/glamor_gradient.c Examining data/xorg-server-1.20.9/glamor/glamor_sync.c Examining data/xorg-server-1.20.9/glamor/glamor_transfer.h Examining data/xorg-server-1.20.9/glamor/glamor_egl.h Examining data/xorg-server-1.20.9/glamor/glamor_priv.h Examining data/xorg-server-1.20.9/glamor/glamor_program.h Examining data/xorg-server-1.20.9/glamor/glamor_core.c Examining data/xorg-server-1.20.9/glamor/glamor_image.c Examining data/xorg-server-1.20.9/glamor/glamor_pixmap.c Examining data/xorg-server-1.20.9/glamor/glamor_window.c Examining data/xorg-server-1.20.9/glamor/glamor.c Examining data/xorg-server-1.20.9/glamor/glamor_largepixmap.c Examining data/xorg-server-1.20.9/glamor/glamor_prepare.c Examining data/xorg-server-1.20.9/glamor/glamor_dash.c Examining data/xorg-server-1.20.9/glamor/glamor_context.h Examining data/xorg-server-1.20.9/glamor/glamor_copy.c Examining data/xorg-server-1.20.9/glamor/glamor_xv.c Examining data/xorg-server-1.20.9/glamor/glamor_glyphblt.c Examining data/xorg-server-1.20.9/glamor/glamor_font.h Examining data/xorg-server-1.20.9/glamor/glamor_utils.h Examining data/xorg-server-1.20.9/glamor/glamor_program.c Examining data/xorg-server-1.20.9/glamor/glamor_egl.c Examining data/xorg-server-1.20.9/glamor/glamor_text.c Examining data/xorg-server-1.20.9/glamor/glamor_fbo.c Examining data/xorg-server-1.20.9/glamor/glamor_glx.c Examining data/xorg-server-1.20.9/glamor/glamor_font.c Examining data/xorg-server-1.20.9/glamor/glamor_addtraps.c Examining data/xorg-server-1.20.9/glamor/glamor_segs.c Examining data/xorg-server-1.20.9/glamor/glamor_picture.c Examining data/xorg-server-1.20.9/glamor/glamor_render.c Examining data/xorg-server-1.20.9/glamor/glamor_triangles.c Examining data/xorg-server-1.20.9/glamor/glamor_vbo.c Examining data/xorg-server-1.20.9/glamor/glamor_rects.c Examining data/xorg-server-1.20.9/glamor/glamor_utils.c Examining data/xorg-server-1.20.9/glamor/glamor_egl_ext.h Examining data/xorg-server-1.20.9/glamor/glamor_spans.c Examining data/xorg-server-1.20.9/glamor/glamor_eglmodule.c Examining data/xorg-server-1.20.9/glamor/glamor_prepare.h Examining data/xorg-server-1.20.9/glamor/glamor_compositerects.c Examining data/xorg-server-1.20.9/Xext/xace.c Examining data/xorg-server-1.20.9/Xext/xselinux_label.c Examining data/xorg-server-1.20.9/Xext/sync.c Examining data/xorg-server-1.20.9/Xext/panoramiX.h Examining data/xorg-server-1.20.9/Xext/shm.c Examining data/xorg-server-1.20.9/Xext/syncsrv.h Examining data/xorg-server-1.20.9/Xext/hashtable.c Examining data/xorg-server-1.20.9/Xext/shape.c Examining data/xorg-server-1.20.9/Xext/hashtable.h Examining data/xorg-server-1.20.9/Xext/geext.h Examining data/xorg-server-1.20.9/Xext/xvdisp.h Examining data/xorg-server-1.20.9/Xext/xcmisc.c Examining data/xorg-server-1.20.9/Xext/bigreq.c Examining data/xorg-server-1.20.9/Xext/panoramiXprocs.c Examining data/xorg-server-1.20.9/Xext/dpmsproc.h Examining data/xorg-server-1.20.9/Xext/xvmain.c Examining data/xorg-server-1.20.9/Xext/panoramiX.c Examining data/xorg-server-1.20.9/Xext/xvmc.c Examining data/xorg-server-1.20.9/Xext/xace.h Examining data/xorg-server-1.20.9/Xext/security.c Examining data/xorg-server-1.20.9/Xext/sleepuntil.c Examining data/xorg-server-1.20.9/Xext/shmint.h Examining data/xorg-server-1.20.9/Xext/xselinux.h Examining data/xorg-server-1.20.9/Xext/panoramiXSwap.c Examining data/xorg-server-1.20.9/Xext/xselinuxint.h Examining data/xorg-server-1.20.9/Xext/xres.c Examining data/xorg-server-1.20.9/Xext/xselinux_hooks.c Examining data/xorg-server-1.20.9/Xext/xselinux_ext.c Examining data/xorg-server-1.20.9/Xext/panoramiXsrv.h Examining data/xorg-server-1.20.9/Xext/securitysrv.h Examining data/xorg-server-1.20.9/Xext/xvmcext.h Examining data/xorg-server-1.20.9/Xext/xf86bigfontsrv.h Examining data/xorg-server-1.20.9/Xext/xtest.c Examining data/xorg-server-1.20.9/Xext/panoramiXh.h Examining data/xorg-server-1.20.9/Xext/xf86bigfont.c Examining data/xorg-server-1.20.9/Xext/geint.h Examining data/xorg-server-1.20.9/Xext/vidmode.c Examining data/xorg-server-1.20.9/Xext/syncsdk.h Examining data/xorg-server-1.20.9/Xext/saver.c Examining data/xorg-server-1.20.9/Xext/xvdix.h Examining data/xorg-server-1.20.9/Xext/xvdisp.c Examining data/xorg-server-1.20.9/Xext/sleepuntil.h Examining data/xorg-server-1.20.9/Xext/dpms.c Examining data/xorg-server-1.20.9/Xext/geext.c Examining data/xorg-server-1.20.9/Xext/xacestr.h Examining data/xorg-server-1.20.9/config/udev.c Examining data/xorg-server-1.20.9/config/dbus-core.c Examining data/xorg-server-1.20.9/config/wscons.c Examining data/xorg-server-1.20.9/config/config-backends.h Examining data/xorg-server-1.20.9/config/config.c Examining data/xorg-server-1.20.9/config/hal.c FINAL RESULTS: data/xorg-server-1.20.9/hw/xfree86/fbdevhw/fbdevhw.c:339:13: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. readlink(sysfs_path, buf, sizeof(buf)) < 0 || data/xorg-server-1.20.9/hw/xfree86/os-support/solaris/sun_init.c:185:9: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. chown(consoleDev, getuid(), getgid()); data/xorg-server-1.20.9/Xext/xselinux_hooks.c:319:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf, MAX_AUDIT_MESSAGE_LENGTH, fmt, ap); data/xorg-server-1.20.9/Xi/listdev.c:128:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(nameptr, name); data/xorg-server-1.20.9/config/hal.c:112:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(str, props[i]); data/xorg-server-1.20.9/dix/dixutils.c:195:35: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. Mask type, Mask access) data/xorg-server-1.20.9/dix/dixutils.c:203:35: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. access); data/xorg-server-1.20.9/dix/dixutils.c:220:65: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. dixLookupWindow(WindowPtr *pWin, XID id, ClientPtr client, Mask access) data/xorg-server-1.20.9/dix/dixutils.c:224:72: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. rc = dixLookupDrawable((DrawablePtr *) pWin, id, client, M_WINDOW, access); data/xorg-server-1.20.9/dix/dixutils.c:237:56: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. dixLookupGC(GCPtr *pGC, XID id, ClientPtr client, Mask access) data/xorg-server-1.20.9/dix/dixutils.c:239:70: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. return dixLookupResourceByType((void **) pGC, id, RT_GC, client, access); data/xorg-server-1.20.9/dix/dixutils.c:243:66: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. dixLookupFontable(FontPtr *pFont, XID id, ClientPtr client, Mask access) data/xorg-server-1.20.9/dix/dixutils.c:250:34: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. access); data/xorg-server-1.20.9/dix/dixutils.c:253:69: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. rc = dixLookupResourceByType((void **) &pGC, id, RT_GC, client, access); data/xorg-server-1.20.9/dix/dixutils.c:262:69: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. dixLookupClient(ClientPtr *pClient, XID rid, ClientPtr client, Mask access) data/xorg-server-1.20.9/dix/dixutils.c:274:69: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. rc = XaceHook(XACE_CLIENT_ACCESS, client, clients[clientIndex], access); data/xorg-server-1.20.9/exa/exa.c:300:22: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (pExaScr->access[i].pixmap == pPixmap) { data/xorg-server-1.20.9/exa/exa.c:301:22: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. pExaScr->access[i].count++; data/xorg-server-1.20.9/exa/exa.c:302:29: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. return pExaScr->access[i].retval; data/xorg-server-1.20.9/exa/exa.c:307:18: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (pExaScr->access[index].pixmap) { data/xorg-server-1.20.9/exa/exa.c:309:27: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (!pExaScr->access[index].pixmap) data/xorg-server-1.20.9/exa/exa.c:330:14: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. pExaScr->access[index].pixmap = pPixmap; data/xorg-server-1.20.9/exa/exa.c:331:14: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. pExaScr->access[index].count = 1; data/xorg-server-1.20.9/exa/exa.c:362:14: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. pExaScr->access[index].retval = ret; data/xorg-server-1.20.9/exa/exa.c:409:22: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (pExaScr->access[i].pixmap == pPixmap) { data/xorg-server-1.20.9/exa/exa.c:410:28: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (--pExaScr->access[i].count > 0) data/xorg-server-1.20.9/exa/exa.c:420:14: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. pExaScr->access[i].pixmap = NULL; data/xorg-server-1.20.9/exa/exa.c:426:51: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (!pExaScr->info->FinishAccess || !pExaScr->access[i].retval) data/xorg-server-1.20.9/exa/exa.c:452:22: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (pExaScr->access[i].pixmap == pPixmap) { data/xorg-server-1.20.9/exa/exa.c:454:22: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. pExaScr->access[i].pixmap = NULL; data/xorg-server-1.20.9/exa/exa_priv.h:196:7: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. } access[EXA_NUM_PREPARE_INDICES]; data/xorg-server-1.20.9/glamor/glamor_prepare.c:34:58: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. glamor_prep_pixmap_box(PixmapPtr pixmap, glamor_access_t access, BoxPtr box) data/xorg-server-1.20.9/glamor/glamor_prepare.c:119:28: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. priv->map_access = access; data/xorg-server-1.20.9/glamor/glamor_prepare.c:185:61: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. glamor_prepare_access(DrawablePtr drawable, glamor_access_t access) data/xorg-server-1.20.9/glamor/glamor_prepare.c:197:43: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. return glamor_prep_pixmap_box(pixmap, access, &box); data/xorg-server-1.20.9/glamor/glamor_prepare.c:201:65: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. glamor_prepare_access_box(DrawablePtr drawable, glamor_access_t access, data/xorg-server-1.20.9/glamor/glamor_prepare.c:213:43: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. return glamor_prep_pixmap_box(pixmap, access, &box); data/xorg-server-1.20.9/glamor/glamor_prepare.c:227:67: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. glamor_prepare_access_picture(PicturePtr picture, glamor_access_t access) data/xorg-server-1.20.9/glamor/glamor_prepare.c:232:54: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. return glamor_prepare_access(picture->pDrawable, access); data/xorg-server-1.20.9/glamor/glamor_prepare.c:236:71: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. glamor_prepare_access_picture_box(PicturePtr picture, glamor_access_t access, data/xorg-server-1.20.9/glamor/glamor_prepare.c:249:62: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. return glamor_prepare_access_box(picture->pDrawable, access, data/xorg-server-1.20.9/glamor/glamor_prepare.c:254:62: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. return glamor_prepare_access_box(picture->pDrawable, access, data/xorg-server-1.20.9/glamor/glamor_prepare.h:27:61: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. glamor_prepare_access(DrawablePtr drawable, glamor_access_t access); data/xorg-server-1.20.9/glamor/glamor_prepare.h:30:65: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. glamor_prepare_access_box(DrawablePtr drawable, glamor_access_t access, data/xorg-server-1.20.9/glamor/glamor_prepare.h:37:67: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. glamor_prepare_access_picture(PicturePtr picture, glamor_access_t access); data/xorg-server-1.20.9/glamor/glamor_prepare.h:40:71: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. glamor_prepare_access_picture_box(PicturePtr picture, glamor_access_t access, data/xorg-server-1.20.9/glamor/glamor_program.c:160:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(new, add); data/xorg-server-1.20.9/glx/single2.c:280:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s1, sext_string); data/xorg-server-1.20.9/glx/single2.c:287:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s1, cext_string); data/xorg-server-1.20.9/glx/single2.c:312:32: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). combo_string = strcat(combo_string, token); data/xorg-server-1.20.9/glx/single2.c:313:32: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). combo_string = strcat(combo_string, SEPARATOR); data/xorg-server-1.20.9/hw/dmx/config/dmxprint.c:149:16: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. pos += vfprintf(str, format, args); /* assumes no newlines! */ data/xorg-server-1.20.9/hw/dmx/config/parser.c:690:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define YYFPRINTF fprintf data/xorg-server-1.20.9/hw/dmx/glxProxy/glxscreens.c:189:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(ExtensionsString, ext); data/xorg-server-1.20.9/hw/kdrive/ephyr/hostx.c:668:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(class_hint, ephyrResName); data/xorg-server-1.20.9/hw/kdrive/ephyr/hostx.h:39:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, __FILE__ ":%d,%s() " x "\n", __LINE__, __func__, ##a) data/xorg-server-1.20.9/hw/kdrive/src/kdrive.c:119:15: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. ret = system(command); data/xorg-server-1.20.9/hw/vfb/InitOutput.c:698:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf((char *) (pXWDHeader + 1), "Xvfb %s:%s.%d", hostname, display, data/xorg-server-1.20.9/hw/xfree86/common/xf86AutoConfig.c:111:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newstr, p); data/xorg-server-1.20.9/hw/xfree86/common/xf86AutoConfig.c:187:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, sizeof(buf), BUILTIN_DEVICE_SECTION, data/xorg-server-1.20.9/hw/xfree86/common/xf86AutoConfig.c:190:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, sizeof(buf), BUILTIN_SCREEN_SECTION, data/xorg-server-1.20.9/hw/xfree86/common/xf86AutoConfig.c:197:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, sizeof(buf), BUILTIN_LAYOUT_SCREEN_LINE, data/xorg-server-1.20.9/hw/xfree86/common/xf86Config.c:227:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(out_pnt, path_elem); data/xorg-server-1.20.9/hw/xfree86/common/xf86Config.c:581:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temp_path, start); data/xorg-server-1.20.9/hw/xfree86/common/xf86Configure.c:314:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(p_e, "%s%-20s%s%s%s", prefix, optname, middle, data/xorg-server-1.20.9/hw/xfree86/common/xf86Configure.c:459:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ptr->mon_modelname, (char *) (det_mon->section.name)); data/xorg-server-1.20.9/hw/xfree86/common/xf86Configure.c:515:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ptr->mon_comment + len, displaySize_string); data/xorg-server-1.20.9/hw/xfree86/loader/loadmod.c:150:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(list[n], elem); data/xorg-server-1.20.9/hw/xfree86/loader/loadmod.c:383:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fp, dp->d_name); data/xorg-server-1.20.9/hw/xfree86/modes/xf86Crtc.c:638:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(output->name, name); data/xorg-server-1.20.9/hw/xfree86/modes/xf86Modes.c:292:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(*p, new); data/xorg-server-1.20.9/hw/xfree86/os-support/bsd/bsd_init.c:199:17: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(cons_drivers, supported_drivers[i]); data/xorg-server-1.20.9/hw/xfree86/os-support/bus/Sbus.c:110:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(promOpio->oprom_array, prop); data/xorg-server-1.20.9/hw/xfree86/os-support/bus/Sbus.c:517:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(path + 1, prop); data/xorg-server-1.20.9/hw/xfree86/os-support/bus/Sbus.c:520:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(path, p); data/xorg-server-1.20.9/hw/xfree86/os-support/bus/Sbus.c:618:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, pathName); data/xorg-server-1.20.9/hw/xfree86/os-support/linux/lnx_acpi.c:148:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(addr.sun_path, ACPI_SOCKET); data/xorg-server-1.20.9/hw/xfree86/os-support/linux/lnx_apm.c:166:13: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(APM_PROC, R_OK) || ((pfd = open(APM_PROC, O_RDONLY)) == -1)) { data/xorg-server-1.20.9/hw/xfree86/os-support/linux/lnx_init.c:206:13: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(vtname, sizeof(vtname), vcs[i], xf86Info.vtno); /* /dev/tty1-64 */ data/xorg-server-1.20.9/hw/xfree86/os-support/linux/lnx_kmod.c:22:8: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. #ifdef execl data/xorg-server-1.20.9/hw/xfree86/os-support/linux/lnx_kmod.c:23:8: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. #undef execl data/xorg-server-1.20.9/hw/xfree86/os-support/linux/lnx_kmod.c:79:9: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execl(mpPath, "modprobe", modName, NULL); data/xorg-server-1.20.9/hw/xfree86/parser/Files.c:113:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(ptr->file_fontpath, str); data/xorg-server-1.20.9/hw/xfree86/parser/Files.c:138:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(ptr->file_modulepath, str); data/xorg-server-1.20.9/hw/xfree86/parser/scan.c:396:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(xf86_lex_val.str, configRBuf); /* private copy ! */ data/xorg-server-1.20.9/hw/xfree86/parser/scan.c:556:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(result + l, s); \ data/xorg-server-1.20.9/hw/xfree86/parser/scan.c:1098:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cur + curlen, add); data/xorg-server-1.20.9/hw/xfree86/utils/cvt/cvt.c:36:5: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, f, args); data/xorg-server-1.20.9/hw/xfree86/vbe/vbe.c:286:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(page, vbeVersionString); data/xorg-server-1.20.9/hw/xfree86/x86emu/debug.c:183:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(temp, sizeof(temp), x, ap); data/xorg-server-1.20.9/hw/xfree86/x86emu/debug.c:185:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(M.x86.decoded_buf + M.x86.enc_str_pos, "%s", temp); data/xorg-server-1.20.9/hw/xfree86/x86emu/validate.c:600:5: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stdout, fmt, argptr); data/xorg-server-1.20.9/hw/xfree86/x86emu/validate.c:612:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, separator); data/xorg-server-1.20.9/hw/xfree86/x86emu/validate.c:617:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, separator); data/xorg-server-1.20.9/hw/xfree86/x86emu/validate.c:622:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, separator); data/xorg-server-1.20.9/hw/xfree86/x86emu/validate.c:627:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, separator); data/xorg-server-1.20.9/hw/xfree86/x86emu/validate.c:632:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, separator); data/xorg-server-1.20.9/hw/xfree86/x86emu/validate.c:637:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, separator); data/xorg-server-1.20.9/hw/xfree86/x86emu/x86emu/prim_x86_gcc.h:46:66: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. #error This file is intended to be used by gcc on i386 or x86-64 system data/xorg-server-1.20.9/hw/xfree86/xorg-wrapper.c:237:13: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, sizeof(buf), DRM_DEV_NAME, DRM_DIR_NAME, i); data/xorg-server-1.20.9/hw/xfree86/xorg-wrapper.c:274:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(buf, X_OK) != 0) { data/xorg-server-1.20.9/hw/xfree86/xorg-wrapper.c:282:16: [4] (shell) execv: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. (void) execv(argv[0], argv); data/xorg-server-1.20.9/hw/xquartz/console_redirect.c:473:5: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system("/bin/echo SYST OUT"); data/xorg-server-1.20.9/hw/xquartz/console_redirect.c:474:5: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system("/bin/echo SYST ERR >&2"); data/xorg-server-1.20.9/hw/xquartz/mach-startup/bundle-main.c:799:5: [4] (shell) execvp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execvp(newargv[0], (char *const *)newargv); data/xorg-server-1.20.9/hw/xquartz/mach-startup/bundle-main.c:840:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(command, default_value); data/xorg-server-1.20.9/hw/xquartz/mach-startup/stub.c:282:20: [4] (shell) execvp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. return execvp(x11_path, _argv); data/xorg-server-1.20.9/hw/xquartz/quartzKeyboard.c:448:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(xmodmap, F_OK) == 0) { data/xorg-server-1.20.9/hw/xquartz/quartzKeyboard.c:450:13: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(sysmodmap, F_OK) == 0) { data/xorg-server-1.20.9/hw/xquartz/quartzKeyboard.c:465:17: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(usermodmap, F_OK) == 0) { data/xorg-server-1.20.9/hw/xwayland/xwayland-shm.c:133:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, path); data/xorg-server-1.20.9/hw/xwayland/xwayland-shm.c:134:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(name, template); data/xorg-server-1.20.9/hw/xwayland/xwayland.c:1319:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(msg, sizeof msg, format, args); data/xorg-server-1.20.9/hw/xwin/InitOutput.c:516:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(compose, basedir); data/xorg-server-1.20.9/hw/xwin/InitOutput.c:537:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newfp + oldfp_len, newpath); data/xorg-server-1.20.9/hw/xwin/winclipboard/debug.c:37:12: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. count += vfprintf(stderr, format, ap); data/xorg-server-1.20.9/hw/xwin/winclipboard/debug.c:49:11: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. count = vfprintf(stderr, format, ap); data/xorg-server-1.20.9/hw/xwin/winclipboard/xevents.c:625:25: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(pszReturnData, ppszTextList[i]); data/xorg-server-1.20.9/hw/xwin/winclipboard/xevents.c:728:17: [4] (buffer) wcscpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. wcscpy((wchar_t *)pszGlobalData, pwszUnicodeStr); data/xorg-server-1.20.9/hw/xwin/winclipboard/xevents.c:733:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pszGlobalData, pszConvertData); data/xorg-server-1.20.9/hw/xwin/winconfig.c:301:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(regpath, regtempl); data/xorg-server-1.20.9/hw/xwin/winconfig.c:302:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(regpath, layoutName); data/xorg-server-1.20.9/hw/xwin/winconfig.c:916:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(n, p->name); data/xorg-server-1.20.9/hw/xwin/wincreatewnd.c:91:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(szTitle, data/xorg-server-1.20.9/hw/xwin/wincreatewnd.c:96:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(szTitle, data/xorg-server-1.20.9/hw/xwin/wincreatewnd.c:308:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(szTitle, data/xorg-server-1.20.9/hw/xwin/wincreatewnd.c:313:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(szTitle, data/xorg-server-1.20.9/hw/xwin/windialogs.c:602:33: [4] (shell) ShellExecute: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. iReturn = (INT_PTR) ShellExecute(NULL, data/xorg-server-1.20.9/hw/xwin/winerror.c:79:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(errormsg, sizeof(errormsg), f, args); data/xorg-server-1.20.9/hw/xwin/winmultiwindowwm.c:458:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(*ppWindowName, pszWindowName); data/xorg-server-1.20.9/hw/xwin/winmultiwindowwm.c:460:17: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(*ppWindowName, pszClientMachine); data/xorg-server-1.20.9/hw/xwin/winprefs.c:332:25: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execl("/bin/sh", data/xorg-server-1.20.9/hw/xwin/winprefs.c:545:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(file, pref.iconDirectory); data/xorg-server-1.20.9/hw/xwin/winprefs.c:550:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(file, fname); data/xorg-server-1.20.9/hw/xwin/winprefs.c:685:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fname, home); data/xorg-server-1.20.9/hw/xwin/winprefs.c:740:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pref.menu[i].menuItem[j].param, param); data/xorg-server-1.20.9/hw/xwin/winprefslex.c:686:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ptr, str); data/xorg-server-1.20.9/hw/xwin/winprefsyacc.c:802:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define YYFPRINTF fprintf data/xorg-server-1.20.9/hw/xwin/wintrayicon.c:62:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(nid.szTip, data/xorg-server-1.20.9/hw/xwin/winwin32rootless.c:251:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(pszClass, res_role); data/xorg-server-1.20.9/hw/xwin/winwin32rootless.c:262:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(pszClass, pszWindowID); data/xorg-server-1.20.9/os/access.c:971:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(fname, sizeof(fname), ETC_HOST_PREFIX "%s" ETC_HOST_SUFFIX, data/xorg-server-1.20.9/os/backtrace.c:254:9: [4] (shell) execle: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execle("/usr/bin/pstack", "pstack", parent, NULL); data/xorg-server-1.20.9/os/connection.c:1009:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(port, display_env); data/xorg-server-1.20.9/os/log.c:919:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmpBuf, len, AUDIT_PREFIX, autime, (unsigned long) getpid()); data/xorg-server-1.20.9/os/log.c:963:11: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. len = vsnprintf(buf, sizeof(buf), f, args); data/xorg-server-1.20.9/os/log.c:1004:15: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. (void)vsnprintf(__crashreporter_info_buff__, data/xorg-server-1.20.9/os/osinit.c:243:17: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(fname, sizeof(fname), ADMPATH, display); data/xorg-server-1.20.9/os/osinit.c:245:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fname, devnull); data/xorg-server-1.20.9/os/utils.c:279:12: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. (void) sprintf(tmp, "%s" LOCK_TMP_PREFIX "%s" LOCK_SUFFIX, tmppath, port); data/xorg-server-1.20.9/os/utils.c:280:12: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. (void) sprintf(LockFile, "%s" LOCK_PREFIX "%s" LOCK_SUFFIX, tmppath, port); data/xorg-server-1.20.9/os/utils.c:1391:9: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execl("/bin/sh", "sh", "-c", command, (char *) NULL); data/xorg-server-1.20.9/os/utils.c:1477:9: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execl("/bin/sh", "sh", "-c", command, (char *) NULL); data/xorg-server-1.20.9/os/utils.c:1555:9: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execl("/bin/cat", "cat", file, (char *) NULL); data/xorg-server-1.20.9/os/xprintf.c:105:12: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. size = vsnprintf(NULL, 0, format, va2); data/xorg-server-1.20.9/os/xprintf.c:112:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(*ret, size + 1, format, va); data/xorg-server-1.20.9/os/xprintf.c:207:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. x = vsnprintf(s, n , format, args); data/xorg-server-1.20.9/present/present_request.c:67:59: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. #define VERIFY_FENCE_OR_NONE(fence_ptr, fence_id, client, access) do { \ data/xorg-server-1.20.9/present/present_request.c:71:72: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. int __rc__ = SyncVerifyFence(&fence_ptr, fence_id, client, access); \ data/xorg-server-1.20.9/present/present_request.c:77:56: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. #define VERIFY_CRTC_OR_NONE(crtc_ptr, crtc_id, client, access) do { \ data/xorg-server-1.20.9/present/present_request.c:81:47: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. VERIFY_RR_CRTC(crtc_id, crtc_ptr, access); \ data/xorg-server-1.20.9/test/simple-xinit.c:78:5: [4] (shell) execvp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execvp(server_args[0], server_args); data/xorg-server-1.20.9/test/simple-xinit.c:141:9: [4] (shell) execvp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execvp(client_args[0], client_args); data/xorg-server-1.20.9/test/xfree86.c:84:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(compare, comment); data/xorg-server-1.20.9/test/xfree86.c:94:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(compare, comment); data/xorg-server-1.20.9/test/xi2/protocol-common.c:301:71: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. __wrap_dixLookupWindow(WindowPtr *win, XID id, ClientPtr client, Mask access) data/xorg-server-1.20.9/test/xi2/protocol-common.c:312:52: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. return __real_dixLookupWindow(win, id, client, access); data/xorg-server-1.20.9/test/xi2/protocol-common.c:319:29: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. Mask access) data/xorg-server-1.20.9/test/xi2/protocol-common.c:329:57: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. return __real_dixLookupClient(pClient, rid, client, access); data/xorg-server-1.20.9/test/xi2/protocol-common.h:150:33: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. Mask access); data/xorg-server-1.20.9/test/xi2/protocol-common.h:152:33: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. Mask access); data/xorg-server-1.20.9/test/xi2/protocol-common.h:154:73: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. int __wrap_dixLookupClient(ClientPtr *c, XID id, ClientPtr client, Mask access); data/xorg-server-1.20.9/test/xi2/protocol-common.h:155:73: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. int __real_dixLookupClient(ClientPtr *c, XID id, ClientPtr client, Mask access); data/xorg-server-1.20.9/xfixes/cursor.c:71:48: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. #define VERIFY_CURSOR(pCursor, cursor, client, access) \ data/xorg-server-1.20.9/xfixes/cursor.c:75:30: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. RT_CURSOR, client, access); \ data/xorg-server-1.20.9/xkb/ddxLoad.c:67:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(XKM_OUTPUT_DIR, W_OK | X_OK) == 0 && data/xorg-server-1.20.9/xkb/ddxLoad.c:69:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(outdir, XKM_OUTPUT_DIR); data/xorg-server-1.20.9/xkb/ddxLoad.c:74:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(outdir, Win32TempDir()); data/xorg-server-1.20.9/xkb/ddxLoad.c:118:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmpname, Win32TempDir()); data/xorg-server-1.20.9/xkb/ddxLoad.c:120:12: [4] (tmpfile) mktemp: Temporary file race condition (CWE-377). (void) mktemp(tmpname); data/xorg-server-1.20.9/xkb/maprules.c:481:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(str1, str2); data/xorg-server-1.20.9/xkb/maprules.c:820:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(outstr, mdefs->layout[ndx]); data/xorg-server-1.20.9/xkb/maprules.c:828:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(outstr, mdefs->model); data/xorg-server-1.20.9/xkb/maprules.c:837:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(outstr, mdefs->variant[ndx]); data/xorg-server-1.20.9/xkb/maprules.c:985:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, base); data/xorg-server-1.20.9/xkb/maprules.c:990:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, base); data/xorg-server-1.20.9/xkb/xkbInit.c:175:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&pval[out], XkbRulesUsed); data/xorg-server-1.20.9/xkb/xkbInit.c:180:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&pval[out], XkbModelUsed); data/xorg-server-1.20.9/xkb/xkbInit.c:185:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&pval[out], XkbLayoutUsed); data/xorg-server-1.20.9/xkb/xkbInit.c:190:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&pval[out], XkbVariantUsed); data/xorg-server-1.20.9/xkb/xkbInit.c:195:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&pval[out], XkbOptionsUsed); data/xorg-server-1.20.9/xkb/xkbUtils.c:1465:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dprop->name, sprop->name); data/xorg-server-1.20.9/xkb/xkbUtils.c:1466:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dprop->value, sprop->value); data/xorg-server-1.20.9/xkb/xkbUtils.c:1520:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dcolor->spec, scolor->spec); data/xorg-server-1.20.9/xkb/xkbUtils.c:1875:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dst->geom->label_font, src->geom->label_font); data/xorg-server-1.20.9/xkb/xkbtext.c:188:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(str, "%sMask", tmp); data/xorg-server-1.20.9/xkb/xkbtext.c:190:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(str, tmp); data/xorg-server-1.20.9/xkb/xkbtext.c:211:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(rtrn, mm); data/xorg-server-1.20.9/xkb/xkbtext.c:249:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, modNames[ndx]); data/xorg-server-1.20.9/xkb/xkbtext.c:256:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(rtrn, buf); data/xorg-server-1.20.9/xkb/xkbtext.c:290:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(str, modNames[i]); data/xorg-server-1.20.9/xkb/xkbtext.c:300:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(rtrn, buf); data/xorg-server-1.20.9/xkb/xkbtext.c:470:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(&buf[len], "XkbIM_Use%s", imWhichNames[i]); data/xorg-server-1.20.9/xkb/xkbtext.c:476:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(&buf[len], "%s", imWhichNames[i]); data/xorg-server-1.20.9/xkb/xkbtext.c:532:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(&buf[len], "Xkb%sMask", ctrlNames[i]); data/xorg-server-1.20.9/xkb/xkbtext.c:538:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(&buf[len], "%s", ctrlNames[i]); data/xorg-server-1.20.9/xkb/xkbtext.c:720:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(to, from); data/xorg-server-1.20.9/xkb/xkbtext.c:1241:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmp, buf); data/xorg-server-1.20.9/xkb/xkbtext.c:1304:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmp, buf); data/xorg-server-1.20.9/Xext/xf86bigfont.c:712:9: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((unsigned int) time(NULL)); data/xorg-server-1.20.9/glamor/glamor.c:297:26: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. debug_level_string = getenv("GLAMOR_DEBUG"); data/xorg-server-1.20.9/glx/glxdricommon.c:284:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. path = getenv("LIBGL_DRIVERS_PATH"); data/xorg-server-1.20.9/hw/dmx/glxProxy/glxscreens.c:172:25: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. denied_extensions = getenv("DMX_DENY_GLX_EXTENSIONS"); data/xorg-server-1.20.9/hw/kdrive/ephyr/hostx.c:426:46: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (!hostx_has_extension(&xcb_shm_id) || getenv("XEPHYR_NO_SHM")) { data/xorg-server-1.20.9/hw/kdrive/ephyr/hostx.c:662:22: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. tmpstr = getenv("RESOURCE_NAME"); data/xorg-server-1.20.9/hw/kdrive/ephyr/hostx.c:758:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("XEPHYR_PAUSE")) { data/xorg-server-1.20.9/hw/kdrive/ephyr/hostx.c:759:42: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. HostX.damage_debug_msec = strtol(getenv("XEPHYR_PAUSE"), NULL, 0); data/xorg-server-1.20.9/hw/xfree86/common/xf86Configure.c:674:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. home = getenv("HOME"); data/xorg-server-1.20.9/hw/xfree86/common/xf86Helper.c:1161:24: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((env = getenv("XDG_DATA_HOME"))) data/xorg-server-1.20.9/hw/xfree86/common/xf86Helper.c:1164:29: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. else if ((env = getenv("HOME"))) data/xorg-server-1.20.9/hw/xfree86/drivers/modesetting/driver.c:221:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. dev = getenv("KMSDEVICE"); data/xorg-server-1.20.9/hw/xfree86/fbdevhw/fbdevhw.c:319:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. dev = getenv("FRAMEBUFFER"); data/xorg-server-1.20.9/hw/xfree86/parser/scan.c:634:27: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. env = getenv(XCONFENV); data/xorg-server-1.20.9/hw/xfree86/parser/scan.c:645:27: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. env = getenv(XCONFENV); data/xorg-server-1.20.9/hw/xfree86/parser/scan.c:656:27: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. env = getenv(XCONFENV); data/xorg-server-1.20.9/hw/xquartz/GL/indirect.c:654:29: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. opengl_framework_path = getenv("OPENGL_FRAMEWORK_PATH"); data/xorg-server-1.20.9/hw/xquartz/darwin.c:695:22: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *home = getenv("HOME"); data/xorg-server-1.20.9/hw/xquartz/mach-startup/bundle-main.c:305:9: [3] (tmpfile) tmpnam: Temporary file race condition (CWE-377). tmpnam(filename_out); data/xorg-server-1.20.9/hw/xquartz/mach-startup/bundle-main.c:514:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((s = getenv("DISPLAY"))) { data/xorg-server-1.20.9/hw/xquartz/mach-startup/bundle-main.c:534:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. temp = getenv("PATH"); data/xorg-server-1.20.9/hw/xquartz/mach-startup/bundle-main.c:592:24: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *disp = getenv("DISPLAY"); data/xorg-server-1.20.9/hw/xquartz/mach-startup/bundle-main.c:675:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. temp = getenv("HOME"); data/xorg-server-1.20.9/hw/xquartz/mach-startup/stub.c:225:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("X11_PREFS_DOMAIN")) data/xorg-server-1.20.9/hw/xquartz/mach-startup/stub.c:226:33: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. server_bootstrap_name = getenv("X11_PREFS_DOMAIN"); data/xorg-server-1.20.9/hw/xquartz/quartzKeyboard.c:394:27: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *homedir = getenv("HOME"); data/xorg-server-1.20.9/hw/xwayland/xwayland-glamor.c:236:21: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. no_glamor_env = getenv("XWAYLAND_NO_GLAMOR"); data/xorg-server-1.20.9/hw/xwayland/xwayland-shm.c:123:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. path = getenv("XDG_RUNTIME_DIR"); data/xorg-server-1.20.9/hw/xwin/InitOutput.c:562:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("XKEYSYMDB") == NULL) { data/xorg-server-1.20.9/hw/xwin/InitOutput.c:569:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("XERRORDB") == NULL) { data/xorg-server-1.20.9/hw/xwin/InitOutput.c:576:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("XLOCALEDIR") == NULL) { data/xorg-server-1.20.9/hw/xwin/InitOutput.c:583:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("HOME") == NULL) { data/xorg-server-1.20.9/hw/xwin/glx/glshim.c:87:12: [3] (misc) LoadLibraryEx: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. hMod = LoadLibraryEx(dllname, NULL, 0); data/xorg-server-1.20.9/hw/xwin/glx/indirect.c:122:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. envptr = getenv("GLWIN_ENABLE_DEBUG"); data/xorg-server-1.20.9/hw/xwin/glx/indirect.c:126:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. envptr = getenv("GLWIN_ENABLE_TRACE"); data/xorg-server-1.20.9/hw/xwin/glx/indirect.c:130:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. envptr = getenv("GLWIN_DUMP_PFD"); data/xorg-server-1.20.9/hw/xwin/glx/indirect.c:134:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. envptr = getenv("GLWIN_DUMP_HWND"); data/xorg-server-1.20.9/hw/xwin/glx/indirect.c:138:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. envptr = getenv("GLWIN_DUMP_DC"); data/xorg-server-1.20.9/hw/xwin/glx/indirect.c:142:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. envptr = getenv("GLWIN_ENABLE_GLCALL_TRACE"); data/xorg-server-1.20.9/hw/xwin/glx/indirect.c:146:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. envptr = getenv("GLWIN_ENABLE_WGLCALL_TRACE"); data/xorg-server-1.20.9/hw/xwin/glx/indirect.c:150:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. envptr = getenv("GLWIN_DEBUG_ALL"); data/xorg-server-1.20.9/hw/xwin/winSetAppUserModelID.c:56:24: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. g_hmodShell32Dll = LoadLibrary("shell32.dll"); data/xorg-server-1.20.9/hw/xwin/winengine.c:217:24: [3] (misc) LoadLibraryEx: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. g_hmodDirectDraw = LoadLibraryEx("ddraw.dll", NULL, 0); data/xorg-server-1.20.9/hw/xwin/winmsg.c:128:22: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (force || getenv("WIN_DEBUG_MESSAGES") || data/xorg-server-1.20.9/hw/xwin/winmsg.c:129:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. getenv("WIN_DEBUG_WM_USER")) { data/xorg-server-1.20.9/hw/xwin/winmsg.c:142:22: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (force || getenv("WIN_DEBUG_MESSAGES") || getenv(buffer)) { data/xorg-server-1.20.9/hw/xwin/winmsg.c:142:54: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (force || getenv("WIN_DEBUG_MESSAGES") || getenv(buffer)) { data/xorg-server-1.20.9/hw/xwin/winprefs.c:353:25: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. if (CreateProcess data/xorg-server-1.20.9/hw/xwin/winprefs.c:353:25: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. if (CreateProcess data/xorg-server-1.20.9/hw/xwin/winprefs.c:683:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. home = getenv("HOME"); data/xorg-server-1.20.9/os/connection.c:1005:31: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *display_env = getenv("DISPLAY"); data/xorg-server-1.20.9/os/utils.c:1669:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("TEMP") != NULL) data/xorg-server-1.20.9/os/utils.c:1670:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. return getenv("TEMP"); data/xorg-server-1.20.9/os/utils.c:1671:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. else if (getenv("TMP") != NULL) data/xorg-server-1.20.9/os/utils.c:1672:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. return getenv("TMP"); data/xorg-server-1.20.9/os/utils.c:1689:10: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. if (!CreateProcess(NULL, cmd, NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi)) { data/xorg-server-1.20.9/os/utils.c:1689:10: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. if (!CreateProcess(NULL, cmd, NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi)) { data/xorg-server-1.20.9/Xext/hashtable.c:144:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(elem->key, key, ht->keySize); data/xorg-server-1.20.9/Xext/panoramiX.c:791:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&PanoramiXVisuals[j], pVisual, sizeof(VisualRec)); data/xorg-server-1.20.9/Xext/panoramiX.c:1257:33: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + index, ScratchMem + index2, w); data/xorg-server-1.20.9/Xext/panoramiX.c:1280:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + (pitch * (y + j)) + x, data/xorg-server-1.20.9/Xext/panoramiX.h:67:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char raw_data[4]; data/xorg-server-1.20.9/Xext/panoramiXprocs.c:1399:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) origPts, (char *) &stuff[1], npoint * sizeof(xPoint)); data/xorg-server-1.20.9/Xext/panoramiXprocs.c:1403:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&stuff[1], origPts, npoint * sizeof(xPoint)); data/xorg-server-1.20.9/Xext/panoramiXprocs.c:1464:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) origPts, (char *) &stuff[1], npoint * sizeof(xPoint)); data/xorg-server-1.20.9/Xext/panoramiXprocs.c:1468:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&stuff[1], origPts, npoint * sizeof(xPoint)); data/xorg-server-1.20.9/Xext/panoramiXprocs.c:1533:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) origSegs, (char *) &stuff[1], nsegs * sizeof(xSegment)); data/xorg-server-1.20.9/Xext/panoramiXprocs.c:1537:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&stuff[1], origSegs, nsegs * sizeof(xSegment)); data/xorg-server-1.20.9/Xext/panoramiXprocs.c:1601:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) origRecs, (char *) &stuff[1], data/xorg-server-1.20.9/Xext/panoramiXprocs.c:1606:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&stuff[1], origRecs, nrects * sizeof(xRectangle)); data/xorg-server-1.20.9/Xext/panoramiXprocs.c:1668:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) origArcs, (char *) &stuff[1], narcs * sizeof(xArc)); data/xorg-server-1.20.9/Xext/panoramiXprocs.c:1672:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&stuff[1], origArcs, narcs * sizeof(xArc)); data/xorg-server-1.20.9/Xext/panoramiXprocs.c:1730:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) locPts, (char *) &stuff[1], data/xorg-server-1.20.9/Xext/panoramiXprocs.c:1735:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&stuff[1], locPts, count * sizeof(DDXPointRec)); data/xorg-server-1.20.9/Xext/panoramiXprocs.c:1799:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) origRects, (char *) &stuff[1], data/xorg-server-1.20.9/Xext/panoramiXprocs.c:1804:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&stuff[1], origRects, things * sizeof(xRectangle)); data/xorg-server-1.20.9/Xext/panoramiXprocs.c:1866:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) origArcs, (char *) &stuff[1], narcs * sizeof(xArc)); data/xorg-server-1.20.9/Xext/panoramiXprocs.c:1870:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&stuff[1], origArcs, narcs * sizeof(xArc)); data/xorg-server-1.20.9/Xext/shm.c:1227:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(shmdirs[i], O_TMPFILE|O_RDWR|O_CLOEXEC|O_EXCL, 0666); data/xorg-server-1.20.9/Xext/shm.c:1237:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char template[PATH_MAX]; data/xorg-server-1.20.9/Xext/shm.c:1242:14: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). fd = mkstemp(template); data/xorg-server-1.20.9/Xext/sync.c:2839:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timer_name[64]; data/xorg-server-1.20.9/Xext/sync.c:2840:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(timer_name, "DEVICEIDLETIME %d", dev->id); data/xorg-server-1.20.9/Xext/vidmode.c:96:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(modeto, modefrom, sizeof(DisplayModeRec)); data/xorg-server-1.20.9/Xext/xf86bigfont.c:410:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char chars[512]; data/xorg-server-1.20.9/Xext/xres.c:286:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[40]; data/xorg-server-1.20.9/Xext/xres.c:480:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, &rep, sizeof(rep)); data/xorg-server-1.20.9/Xext/xres.c:508:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, &rep, sizeof(rep)); data/xorg-server-1.20.9/Xext/xselinux_ext.c:370:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) (buf + pos), items[k].octx, strlen(items[k].octx) + 1); data/xorg-server-1.20.9/Xext/xselinux_ext.c:372:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) (buf + pos), items[k].dctx, strlen(items[k].dctx) + 1); data/xorg-server-1.20.9/Xext/xselinux_hooks.c:256:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char idNum[16]; data/xorg-server-1.20.9/Xext/xselinux_hooks.c:303:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAX_AUDIT_MESSAGE_LENGTH]; data/xorg-server-1.20.9/Xext/xselinuxint.h:51:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[COMMAND_LEN]; data/xorg-server-1.20.9/Xext/xvdisp.c:1057:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&info.guid, pImage->guid, 16); data/xorg-server-1.20.9/Xext/xvdisp.c:1074:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&info.comp_order, pImage->component_order, 32); data/xorg-server-1.20.9/Xext/xvdix.h:120:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char guid[16]; data/xorg-server-1.20.9/Xext/xvdix.h:141:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char component_order[32]; data/xorg-server-1.20.9/Xext/xvmc.c:53:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char clientDriverName[DR_CLIENT_DRIVER_NAME_SIZE]; data/xorg-server-1.20.9/Xext/xvmc.c:54:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char busID[DR_BUSID_SIZE]; data/xorg-server-1.20.9/Xext/xvmc.c:577:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&info.guid, pImage->guid, 16); data/xorg-server-1.20.9/Xext/xvmc.c:594:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&info.comp_order, pImage->component_order, 32); data/xorg-server-1.20.9/Xext/xvmcext.h:52:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char component_order[4]; data/xorg-server-1.20.9/Xi/exevents.c:473:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(to->focus, from->focus, sizeof(FocusClassRec)); data/xorg-server-1.20.9/Xi/exevents.c:479:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(to->focus->trace, from->focus->trace, data/xorg-server-1.20.9/Xi/exevents.c:546:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(v->axes, from->valuator->axes, v->numAxes * sizeof(AxisInfo)); data/xorg-server-1.20.9/Xi/exevents.c:575:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(to->button->xkb_acts, from->button->xkb_acts, data/xorg-server-1.20.9/Xi/exevents.c:581:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(to->button->labels, from->button->labels, data/xorg-server-1.20.9/Xi/exevents.c:603:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(to->proximity, from->proximity, sizeof(ProximityClassRec)); data/xorg-server-1.20.9/Xi/extinit.c:640:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&to[1], &from[1], from->length * 4); data/xorg-server-1.20.9/Xi/extinit.c:707:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(to, from, sizeof(xEvent) + from->length * 4); data/xorg-server-1.20.9/Xi/extinit.c:752:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&to[1], &from[1], from->length * 4); data/xorg-server-1.20.9/Xi/extinit.c:787:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(to, from, sizeof(xEvent) + from->length * 4); data/xorg-server-1.20.9/Xi/queryst.c:137:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tb->buttons, b->down, sizeof(b->down)); data/xorg-server-1.20.9/Xi/xiproperty.c:754:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) new_data, value, len * size_in_bytes); data/xorg-server-1.20.9/Xi/xiproperty.c:756:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) old_data, (char *) prop_value->data, data/xorg-server-1.20.9/Xi/xiquerydevice.c:281:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(labels, dev->button->labels, dev->button->numButtons * sizeof(Atom)); data/xorg-server-1.20.9/Xi/xiselectev.c:361:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&evmask[1], devmask, j + 1); data/xorg-server-1.20.9/composite/compinit.c:236:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&p[cs->numAlternateVisuals], vids, sizeof(VisualID) * nVisuals); data/xorg-server-1.20.9/config/udev.c:64:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char itoa_buf[16]; data/xorg-server-1.20.9/config/wscons.c:95:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(WSCONS_KBD_DEVICE, O_RDWR | O_NONBLOCK | O_EXCL); data/xorg-server-1.20.9/config/wscons.c:216:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char devname[256]; data/xorg-server-1.20.9/dbe/dbe.c:306:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pDbeWindowPriv->IDs, pDbeWindowPriv->initIDs, data/xorg-server-1.20.9/dbe/dbe.c:1200:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pDbeWindowPriv->initIDs, pDbeWindowPriv->IDs, data/xorg-server-1.20.9/dix/devices.c:246:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char devind[MAXDEVICES]; data/xorg-server-1.20.9/dix/devices.c:1275:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(butc->labels, labels, numButtons * sizeof(Atom)); data/xorg-server-1.20.9/dix/devices.c:2513:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&event.buttons.names, master->button->labels, maxbuttons * data/xorg-server-1.20.9/dix/dixfonts.c:502:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char chars[512]; data/xorg-server-1.20.9/dix/dixfonts.c:665:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_pattern[XLFDMAXFONTNAMELEN]; data/xorg-server-1.20.9/dix/enterleave.c:647:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) ev->buttons, (char *) b->down, 4); data/xorg-server-1.20.9/dix/enterleave.c:729:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) &bev->buttons[4], (char *) &b->down[4], data/xorg-server-1.20.9/dix/eventconvert.c:488:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bits, dce->buttons.names, dce->buttons.num_buttons * sizeof(Atom)); data/xorg-server-1.20.9/dix/events.c:1204:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(qe->event, event, eventlen); data/xorg-server-1.20.9/dix/events.c:4599:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) &ke.map[0], (char *) &keybd->key->down[1], 31); data/xorg-server-1.20.9/dix/events.c:4710:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) &ke.map[0], (char *) &dev->key->down[1], 31); data/xorg-server-1.20.9/dix/events.c:5300:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&event_filters[i], default_filter, sizeof(default_filter)); data/xorg-server-1.20.9/dix/events.c:5942:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&eventCopy, events, sizeof(xEvent)); data/xorg-server-1.20.9/dix/gc.c:72:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char DefaultDash[2] = { 4, 4 }; data/xorg-server-1.20.9/dix/getevents.c:447:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(¤t, ibuff, sizeof(Time)); data/xorg-server-1.20.9/dix/getevents.c:454:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(obuff, ibuff, sizeof(Time)); /* copy timestamp */ data/xorg-server-1.20.9/dix/getevents.c:460:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&from.min_value, icbuf++, sizeof(INT32)); data/xorg-server-1.20.9/dix/getevents.c:461:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&from.max_value, icbuf++, sizeof(INT32)); data/xorg-server-1.20.9/dix/getevents.c:462:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&coord, icbuf++, sizeof(INT32)); data/xorg-server-1.20.9/dix/getevents.c:470:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(corebuf, &coord, sizeof(INT16)); data/xorg-server-1.20.9/dix/getevents.c:474:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&from.min_value, icbuf++, sizeof(INT32)); data/xorg-server-1.20.9/dix/getevents.c:475:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&from.max_value, icbuf++, sizeof(INT32)); data/xorg-server-1.20.9/dix/getevents.c:476:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&coord, icbuf++, sizeof(INT32)); data/xorg-server-1.20.9/dix/getevents.c:481:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(corebuf, &coord, sizeof(INT16)); data/xorg-server-1.20.9/dix/getevents.c:485:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(obuff, ibuff, sizeof(Time)); /* copy timestamp */ data/xorg-server-1.20.9/dix/getevents.c:494:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&from.min_value, icbuf++, sizeof(INT32)); data/xorg-server-1.20.9/dix/getevents.c:495:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&from.max_value, icbuf++, sizeof(INT32)); data/xorg-server-1.20.9/dix/getevents.c:496:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&coord, icbuf++, sizeof(INT32)); data/xorg-server-1.20.9/dix/getevents.c:510:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ocbuf, &coord, sizeof(INT32)); data/xorg-server-1.20.9/dix/getevents.c:515:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(obuff, ibuff, size); data/xorg-server-1.20.9/dix/getevents.c:558:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff, &ms, sizeof(Time)); data/xorg-server-1.20.9/dix/getevents.c:573:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff, &v->axes[i].min_value, sizeof(INT32)); data/xorg-server-1.20.9/dix/getevents.c:575:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff, &v->axes[i].max_value, sizeof(INT32)); data/xorg-server-1.20.9/dix/getevents.c:578:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff, &val, sizeof(INT32)); data/xorg-server-1.20.9/dix/getevents.c:587:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff, &ms, sizeof(Time)); data/xorg-server-1.20.9/dix/getevents.c:600:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff, &val, sizeof(INT32)); data/xorg-server-1.20.9/dix/glyphcurs.c:83:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char char2b[2]; data/xorg-server-1.20.9/dix/grabs.c:280:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mdetails_mask, src->modifiersDetail.pMask, len); data/xorg-server-1.20.9/dix/grabs.c:291:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(details_mask, src->detail.pMask, len); data/xorg-server-1.20.9/dix/inpututils.c:80:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(dev->button->map[1]), map, len); data/xorg-server-1.20.9/dix/inpututils.c:621:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, src, sizeof(*dest)); data/xorg-server-1.20.9/dix/inpututils.c:1215:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xi2mask->masks[deviceid], mask, min(xi2mask->mask_size, mask_size)); data/xorg-server-1.20.9/dix/privates.c:85:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *key_names[PRIVATE_LAST] = { data/xorg-server-1.20.9/dix/property.c:282:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, value, totalSize); data/xorg-server-1.20.9/dix/property.c:317:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, value, totalSize); data/xorg-server-1.20.9/dix/property.c:330:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, pProp->data, pProp->size * sizeInBytes); data/xorg-server-1.20.9/dix/property.c:331:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + pProp->size * sizeInBytes, value, totalSize); data/xorg-server-1.20.9/dix/property.c:339:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + totalSize, pProp->data, pProp->size * sizeInBytes); data/xorg-server-1.20.9/dix/property.c:340:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, value, totalSize); data/xorg-server-1.20.9/dix/registry.c:136:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256], *lineobj, *ptr; data/xorg-server-1.20.9/dix/registry.c:353:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fh = fopen(FILENAME, "r"); data/xorg-server-1.20.9/dix/resource.c:645:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(resourceTypes, predefTypes, sizeof(predefTypes)); data/xorg-server-1.20.9/dix/swaprep.c:1101:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pInfoT, pInfo, i); data/xorg-server-1.20.9/dix/swaprep.c:1107:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pInfoT, pInfo, i); data/xorg-server-1.20.9/dix/touch.c:529:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sprite->spriteTrace, srcsprite->spriteTrace, data/xorg-server-1.20.9/dix/window.c:150:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char _back_lsb[4] = { 0x88, 0x22, 0x44, 0x11 }; data/xorg-server-1.20.9/dix/window.c:151:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char _back_msb[4] = { 0x11, 0x44, 0x22, 0x88 }; data/xorg-server-1.20.9/dix/window.c:194:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[WINDOW_NAME_BUF_LEN]; data/xorg-server-1.20.9/dix/window.c:208:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, prop->data, len); data/xorg-server-1.20.9/dix/window.c:520:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char back[128]; data/xorg-server-1.20.9/dri3/dri3.h:90:33: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). dri3_open_proc open; data/xorg-server-1.20.9/dri3/dri3_screen.c:46:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (info->open != NULL) data/xorg-server-1.20.9/dri3/dri3_screen.c:47:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return (*info->open) (screen, provider, fd); data/xorg-server-1.20.9/exa/exa_glyphs.c:280:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cache->glyphs[pos].sha1, pGlyph->sha1, sizeof(pGlyph->sha1)); data/xorg-server-1.20.9/exa/exa_migration_classic.c:59:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, bytes); data/xorg-server-1.20.9/exa/exa_priv.h:108:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char sha1[20]; data/xorg-server-1.20.9/exa/exa_render.c:39:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char format[20]; data/xorg-server-1.20.9/exa/exa_render.c:40:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char size[20]; data/xorg-server-1.20.9/exa/exa_render.c:99:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sop[20]; data/xorg-server-1.20.9/exa/exa_render.c:100:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char srcdesc[40], maskdesc[40], dstdesc[40]; data/xorg-server-1.20.9/fb/fb.h:72:40: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define MEMCPY_WRAPPED(dst, src, size) memcpy((dst), (src), (size)) data/xorg-server-1.20.9/glamor/glamor_egl.c:789:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(glamor_egl->device_path, O_RDWR|O_CLOEXEC); data/xorg-server-1.20.9/glamor/glamor_font.c:45:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char c[2]; data/xorg-server-1.20.9/glamor/glamor_font.c:143:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, GLYPHWIDTHBYTES(glyph)); data/xorg-server-1.20.9/glamor/glamor_lines.c:91:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(v, points, n * sizeof (DDXPointRec)); data/xorg-server-1.20.9/glamor/glamor_points.c:85:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vbo_ppt, ppt, npt * (2 * sizeof (INT16))); data/xorg-server-1.20.9/glamor/glamor_rects.c:87:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(v, prect, nrect * sizeof (xRectangle)); data/xorg-server-1.20.9/glamor/glamor_render.c:1031:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(*shader)->source_solid_color[0], data/xorg-server-1.20.9/glamor/glamor_render.c:1039:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(*shader)->mask_solid_color[0], data/xorg-server-1.20.9/glamor/glamor_render.c:1047:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s_key, &key, sizeof(key)); data/xorg-server-1.20.9/glamor/glamor_segs.c:89:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(v, segs, nseg * sizeof (xSegment)); data/xorg-server-1.20.9/glx/extension_string.c:139:24: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(&buffer[length], known_glx_extensions[i].name, data/xorg-server-1.20.9/glx/glxcmds.c:2179:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(glxc->largeCmdBuf, pc, dataBytes); data/xorg-server-1.20.9/glx/glxcmds.c:2224:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(glxc->largeCmdBuf + glxc->largeCmdBytesSoFar, pc, dataBytes); data/xorg-server-1.20.9/glx/glxcmds.c:2361:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, pGlxScreen->GLXextensions, n); data/xorg-server-1.20.9/glx/glxcmds.c:2434:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, ptr, n); data/xorg-server-1.20.9/glx/glxdri2.c:981:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(options, GLXOptions, sizeof(GLXOptions)); data/xorg-server-1.20.9/glx/glxdricommon.c:277:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/xorg-server-1.20.9/glx/glxscreens.h:151:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char glx_enable_bits[__GLX_EXT_BYTES]; data/xorg-server-1.20.9/glx/indirect_util.c:139:12: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(&reply.pad3, data, 8); data/xorg-server-1.20.9/glx/indirect_util.c:186:12: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(&reply.pad3, data, 8); data/xorg-server-1.20.9/glx/singlepix.c:52:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *answer, answerBuffer[200]; data/xorg-server-1.20.9/glx/singlepix.c:102:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *answer, answerBuffer[200]; data/xorg-server-1.20.9/glx/singlepix.c:203:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *answer, answerBuffer[200]; data/xorg-server-1.20.9/glx/singlepix.c:282:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *answer, answerBuffer[200]; data/xorg-server-1.20.9/glx/singlepix.c:359:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *answer, answerBuffer[200]; data/xorg-server-1.20.9/glx/singlepix.c:429:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *answer, answerBuffer[200]; data/xorg-server-1.20.9/glx/singlepix.c:492:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *answer, answerBuffer[200]; data/xorg-server-1.20.9/glx/singlepixswap.c:54:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *answer, answerBuffer[200]; data/xorg-server-1.20.9/glx/singlepixswap.c:116:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *answer, answerBuffer[200]; data/xorg-server-1.20.9/glx/singlepixswap.c:233:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *answer, answerBuffer[200]; data/xorg-server-1.20.9/glx/singlepixswap.c:322:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *answer, answerBuffer[200]; data/xorg-server-1.20.9/glx/singlepixswap.c:409:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *answer, answerBuffer[200]; data/xorg-server-1.20.9/glx/singlepixswap.c:488:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *answer, answerBuffer[200]; data/xorg-server-1.20.9/glx/singlepixswap.c:559:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *answer, answerBuffer[200]; data/xorg-server-1.20.9/glx/vndcmds.c:146:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(requestCopy, client->requestBuffer, requestSize); data/xorg-server-1.20.9/glx/vndcmds.c:151:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(client->requestBuffer, requestCopy, requestSize); data/xorg-server-1.20.9/glx/vndservervendor.c:56:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&vendor->glxvc, imports, sizeof(GlxServerImports)); data/xorg-server-1.20.9/glx/xfont.c:60:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[__GL_CHAR_BUF_SIZE]; data/xorg-server-1.20.9/hw/dmx/config/dmxcompat.c:145:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). str = fopen(filename, "r"); data/xorg-server-1.20.9/hw/dmx/config/dmxconfig.c:169:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(str = fopen(filename, "r"))) data/xorg-server-1.20.9/hw/dmx/config/dmxparse.c:385:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(option->string + offset, p->string, len); data/xorg-server-1.20.9/hw/dmx/config/dmxparse.c:468:31: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). dmxConfigFreeToken(p->open); data/xorg-server-1.20.9/hw/dmx/config/dmxparse.c:613:33: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). dmxConfigFreeToken(virtual->open); data/xorg-server-1.20.9/hw/dmx/config/dmxparse.h:160:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). DMXConfigTokenPtr open; data/xorg-server-1.20.9/hw/dmx/config/dmxparse.h:188:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). DMXConfigTokenPtr open; data/xorg-server-1.20.9/hw/dmx/config/dmxprint.c:405:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (p->open && p->close) { data/xorg-server-1.20.9/hw/dmx/config/dmxprint.c:407:36: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). dmxConfigPrintToken(p->open); data/xorg-server-1.20.9/hw/dmx/config/dmxprint.c:481:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). dmxConfigPrintToken(p->open ? p->open : &dummyOpen); data/xorg-server-1.20.9/hw/dmx/config/dmxprint.c:481:38: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). dmxConfigPrintToken(p->open ? p->open : &dummyOpen); data/xorg-server-1.20.9/hw/dmx/config/parser.c:936:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; data/xorg-server-1.20.9/hw/dmx/config/parser.c:1124:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char yymsgbuf[128]; data/xorg-server-1.20.9/hw/dmx/config/vdltodmx.c:52:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if (!(str = fopen(argv[2], "w"))) { data/xorg-server-1.20.9/hw/dmx/config/xdmxconfig.c:215:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cnambuf[512]; data/xorg-server-1.20.9/hw/dmx/config/xdmxconfig.c:216:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cdimbuf[128]; data/xorg-server-1.20.9/hw/dmx/config/xdmxconfig.c:217:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nambuf[512]; data/xorg-server-1.20.9/hw/dmx/config/xdmxconfig.c:218:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dimbuf[128]; data/xorg-server-1.20.9/hw/dmx/config/xdmxconfig.c:219:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rtbuf[128]; data/xorg-server-1.20.9/hw/dmx/config/xdmxconfig.c:220:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char offbuf[128]; data/xorg-server-1.20.9/hw/dmx/config/xdmxconfig.c:444:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(str = fopen(dmxConfigFilename, "r"))) { data/xorg-server-1.20.9/hw/dmx/config/xdmxconfig.c:475:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(str = fopen(dmxConfigFilename, "w"))) { data/xorg-server-1.20.9/hw/dmx/dmx.c:495:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(name, &value_list[count], stuff->displayNameLength); data/xorg-server-1.20.9/hw/dmx/dmx.c:866:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(name, &value_list[count], stuff->displayNameLength); data/xorg-server-1.20.9/hw/dmx/dmx_glxvisuals.c:563:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cfg, &glxConfigs[j], sizeof(__GLXvisualConfig)); data/xorg-server-1.20.9/hw/dmx/dmxextension.c:1217:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pos, gl + 1, gl->size - sizeof(gl->info)); data/xorg-server-1.20.9/hw/dmx/dmxinit.c:127:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[DMX_ERROR_BUF_SIZE]; data/xorg-server-1.20.9/hw/dmx/dmxinit.c:128:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char request[DMX_ERROR_BUF_SIZE]; data/xorg-server-1.20.9/hw/dmx/dmxinit.c:940:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). dmxDepth = atoi(argv[i]); data/xorg-server-1.20.9/hw/dmx/dmxpict.c:610:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(curGlyph, buffer, size * elt->len); data/xorg-server-1.20.9/hw/dmx/dmxprop.c:86:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostname[256]; data/xorg-server-1.20.9/hw/dmx/dmxprop.c:87:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[512]; data/xorg-server-1.20.9/hw/dmx/dmxstat.c:113:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). dmxStatInterval = (interval ? atoi(interval) : 1) * 1000; data/xorg-server-1.20.9/hw/dmx/dmxstat.c:114:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). dmxStatDisplays = (displays ? atoi(displays) : 0); data/xorg-server-1.20.9/hw/dmx/dmxsync.c:123:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). dmxSyncInterval = (interval ? atoi(interval) : 100); data/xorg-server-1.20.9/hw/dmx/examples/dmxaddinput.c:75:55: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). status = DMXAddConsoleInput(display, argv[3], atoi(argv[4]), &id); data/xorg-server-1.20.9/hw/dmx/examples/dmxaddinput.c:78:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). status = DMXAddBackendInput(display, atoi(argv[3]), atoi(argv[4]), &id); data/xorg-server-1.20.9/hw/dmx/examples/dmxaddinput.c:78:61: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). status = DMXAddBackendInput(display, atoi(argv[3]), atoi(argv[4]), &id); data/xorg-server-1.20.9/hw/dmx/examples/dmxrminput.c:73:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). status = DMXRemoveInput(display, atoi(argv[2])); data/xorg-server-1.20.9/hw/dmx/examples/dmxwininfo.c:79:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[500]; data/xorg-server-1.20.9/hw/dmx/examples/ev.c:65:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(name, O_RDONLY, 0)) >= 0) { data/xorg-server-1.20.9/hw/dmx/examples/ev.c:113:60: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). snprintf(name, sizeof(name), "/dev/input/event%d", atoi(argv[1])); data/xorg-server-1.20.9/hw/dmx/examples/ev.c:114:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(name, O_RDWR, 0)) >= 0) { data/xorg-server-1.20.9/hw/dmx/examples/xbell.c:84:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). kc.key_click_percent = atoi(argv[1]); data/xorg-server-1.20.9/hw/dmx/examples/xbell.c:85:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). kc.bell_percent = atoi(argv[2]); data/xorg-server-1.20.9/hw/dmx/examples/xbell.c:86:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). kc.bell_pitch = atoi(argv[3]); data/xorg-server-1.20.9/hw/dmx/examples/xbell.c:87:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). kc.bell_duration = atoi(argv[4]); data/xorg-server-1.20.9/hw/dmx/examples/xinput.c:269:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *names[MAX_EVENTS]; data/xorg-server-1.20.9/hw/dmx/glxProxy/glxcmdsswap.c:796:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cl->largeCmdBuf, pc, req->dataBytes); data/xorg-server-1.20.9/hw/dmx/glxProxy/glxcmdsswap.c:818:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cl->largeCmdBuf + cl->largeCmdBytesSoFar, pc, req->dataBytes); data/xorg-server-1.20.9/hw/dmx/glxProxy/glxcmdsswap.c:839:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cl->largeCmdBuf + cl->largeCmdBytesSoFar, pc, req->dataBytes); data/xorg-server-1.20.9/hw/dmx/glxProxy/glxscreens.c:55:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char GLXServerVersion[64]; data/xorg-server-1.20.9/hw/dmx/glxProxy/glxscreens.c:62:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char ExtensionsString[1024]; data/xorg-server-1.20.9/hw/dmx/glxProxy/glxscreens.c:160:29: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. _XReadPad(dpy, (char *) be_extensions[s], numbytes); data/xorg-server-1.20.9/hw/dmx/glxProxy/glxscreens.c:207:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(ExtensionsString, "GLX_SGIX_swap_group"); data/xorg-server-1.20.9/hw/dmx/glxProxy/glxscreens.c:210:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(ExtensionsString, " GLX_SGIX_swap_barrier"); data/xorg-server-1.20.9/hw/dmx/glxProxy/glxscreens.c:284:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(proxy_cfg, cfg, sizeof(__GLXFBConfig)); data/xorg-server-1.20.9/hw/dmx/glxProxy/glxsingle.c:945:33: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, pbytes * sw); data/xorg-server-1.20.9/hw/dmx/glxProxy/glxvendor.c:258:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&reply, &be_reply, sz_xGLXVendorPrivReply); data/xorg-server-1.20.9/hw/dmx/glxProxy/glxvendor.c:361:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&reply, &be_reply, sz_xGLXVendorPrivReply); data/xorg-server-1.20.9/hw/dmx/input/dmxinputinit.c:777:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dmxLocal, s, sizeof(*dmxLocal)); data/xorg-server-1.20.9/hw/dmx/input/dmxinputinit.h:96:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char map[DMX_MAX_BUTTONS]; /**< Button map */ data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:181:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char extra[256]; /* FIXME: may cause buffer overflow */ data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:196:29: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extra, " X"); data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:199:29: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extra, " Y"); data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:202:29: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extra, " Z"); data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:205:29: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extra, " HWheel"); data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:208:29: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extra, " Dial"); data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:211:29: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extra, " Wheel"); data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:214:29: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extra, " Misc"); data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:227:29: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extra, " X"); data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:230:29: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extra, " Y"); data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:233:29: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extra, " Z"); data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:236:29: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extra, " RX"); data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:239:29: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extra, " RY"); data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:242:29: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extra, " RZ"); data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:245:29: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extra, " Throttle"); data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:248:29: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extra, " Rudder"); data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:251:29: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extra, " Wheel"); data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:254:29: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extra, " Gas"); data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:257:29: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extra, " Break"); data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:260:29: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extra, " Hat0X"); data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:263:29: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extra, " Hat0Y"); data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:266:29: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extra, " Hat1X"); data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:269:29: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extra, " Hat1Y"); data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:272:29: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extra, " Hat2X"); data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:275:29: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extra, " Hat2Y"); data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:278:29: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extra, " Hat3X"); data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:281:29: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extra, " Hat3Y"); data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:284:29: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extra, " Pressure"); data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:287:29: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extra, " Distance"); data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:290:29: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extra, " TiltX"); data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:293:29: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extra, " TiltY"); data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:296:29: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extra, " Misc"); data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:312:29: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extra, " NumLock"); data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:315:29: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extra, " CapsLock"); data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:318:29: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extra, " ScrlLock"); data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:321:29: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extra, " Compose"); data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:324:29: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extra, " Kana"); data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:327:29: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extra, " Sleep"); data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:330:29: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extra, " Suspend"); data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:333:29: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extra, " Mute"); data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:336:29: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extra, " Misc"); data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:349:29: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extra, " Click"); data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:352:29: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(extra, " Bell"); data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:391:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((priv->fd = open(name, O_RDWR | O_NONBLOCK, 0)) >= 0) { data/xorg-server-1.20.9/hw/dmx/input/usb-keyboard.c:420:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mapCopy, map, sizeof(map)); data/xorg-server-1.20.9/hw/dmx/input/usb-private.h:103:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mask[EV_MAX / 8 + 1]; /**< Mask */ data/xorg-server-1.20.9/hw/kdrive/ephyr/ephyr_draw.c:332:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, w * cpp); data/xorg-server-1.20.9/hw/kdrive/ephyr/ephyr_draw.c:369:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, w * cpp); data/xorg-server-1.20.9/hw/kdrive/ephyr/ephyrinit.c:289:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int verbosity = atoi(argv[i + 1]); data/xorg-server-1.20.9/hw/kdrive/ephyr/ephyrvideo.c:418:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(image->guid, formats[i].guid, 16); data/xorg-server-1.20.9/hw/kdrive/ephyr/ephyrvideo.c:435:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(image->component_order, formats[i].vcomp_order, 32); data/xorg-server-1.20.9/hw/kdrive/ephyr/ephyrvideo.c:1239:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a_pitches, xcb_xv_query_image_attributes_pitches(reply), data/xorg-server-1.20.9/hw/kdrive/ephyr/ephyrvideo.c:1241:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a_offsets, xcb_xv_query_image_attributes_offsets(reply), data/xorg-server-1.20.9/hw/kdrive/ephyr/hostx.c:186:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUF_LEN + 1]; data/xorg-server-1.20.9/hw/kdrive/ephyr/hostx.c:669:17: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(class_hint + strlen(ephyrResName) + 1, "Xephyr"); data/xorg-server-1.20.9/hw/kdrive/src/kdrive.c:220:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char save[1024]; data/xorg-server-1.20.9/hw/kdrive/src/kdrive.c:247:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pixels = atoi(save); data/xorg-server-1.20.9/hw/kdrive/src/kdrive.c:254:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mm = atoi(save); data/xorg-server-1.20.9/hw/kdrive/src/kdrive.c:280:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). screen->x = atoi(save); data/xorg-server-1.20.9/hw/kdrive/src/kdrive.c:286:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). screen->y = atoi(save); data/xorg-server-1.20.9/hw/kdrive/src/kdrive.c:292:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int rotate = atoi(save); data/xorg-server-1.20.9/hw/kdrive/src/kdrive.c:318:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). screen->fb.depth = atoi(save); data/xorg-server-1.20.9/hw/kdrive/src/kdrive.c:322:43: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). screen->fb.bitsPerPixel = atoi(save); data/xorg-server-1.20.9/hw/kdrive/src/kdrive.c:331:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). screen->rate = atoi(save); data/xorg-server-1.20.9/hw/kdrive/src/kdrive.c:438:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). kdOrigin.x = atoi(x); data/xorg-server-1.20.9/hw/kdrive/src/kdrive.c:442:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). kdOrigin.y = atoi(y + 1); data/xorg-server-1.20.9/hw/kdrive/src/kinput.c:940:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char save[1024]; data/xorg-server-1.20.9/hw/kdrive/src/kinput.c:1048:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char save[1024]; data/xorg-server-1.20.9/hw/kdrive/src/kxv.c:280:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pa->pImages, adaptorPtr->pImages, data/xorg-server-1.20.9/hw/kdrive/src/kxv.c:288:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pa->pAttributes, adaptorPtr->pAttributes, data/xorg-server-1.20.9/hw/vfb/InitOutput.c:98:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mmap_file[MAXPATHLEN]; data/xorg-server-1.20.9/hw/vfb/InitOutput.c:185:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if (-1 == shmdt((char *) vfbScreens[i].pXWDHeader)) { data/xorg-server-1.20.9/hw/vfb/InitOutput.c:293:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). screenNum = atoi(argv[i + 1]); data/xorg-server-1.20.9/hw/vfb/InitOutput.c:330:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). while ((++i < argc) && (depth = atoi(argv[i])) != 0) { data/xorg-server-1.20.9/hw/vfb/InitOutput.c:358:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). currentScreen->blackPixel = atoi(argv[++i]); data/xorg-server-1.20.9/hw/vfb/InitOutput.c:364:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). currentScreen->whitePixel = atoi(argv[++i]); data/xorg-server-1.20.9/hw/vfb/InitOutput.c:370:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). currentScreen->lineBias = atoi(argv[++i]); data/xorg-server-1.20.9/hw/vfb/InitOutput.c:512:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dummyBuffer[DUMMY_BUFFER_SIZE]; data/xorg-server-1.20.9/hw/vfb/InitOutput.c:517:32: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (-1 == (pvfb->mmap_fd = open(pvfb->mmap_file, O_CREAT | O_RDWR, 0666))) { data/xorg-server-1.20.9/hw/vfb/InitOutput.c:658:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostname[XWD_WINDOW_NAME_LEN]; data/xorg-server-1.20.9/hw/vfb/InitOutput.c:819:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[64]; data/xorg-server-1.20.9/hw/vfb/InitOutput.c:840:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (name, "%dx%d", pScreen->width, pScreen->height); data/xorg-server-1.20.9/hw/xfree86/common/xf86.h:66:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern _X_EXPORT const unsigned char byte_reversed[256]; data/xorg-server-1.20.9/hw/xfree86/common/xf86AutoConfig.c:125:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. free((char *) ((*list)[i])); data/xorg-server-1.20.9/hw/xfree86/common/xf86AutoConfig.c:172:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/xorg-server-1.20.9/hw/xfree86/common/xf86AutoConfig.c:247:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fbfd = open(xf86SolarisFbDev, O_RDONLY); data/xorg-server-1.20.9/hw/xfree86/common/xf86AutoConfig.c:330:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nscreen, oscreen, sizeof(confScreenRec)); data/xorg-server-1.20.9/hw/xfree86/common/xf86AutoConfig.c:337:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cptr, odev, sizeof(GDevRec)); data/xorg-server-1.20.9/hw/xfree86/common/xf86Configure.c:171:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(DFLT_MOUSE_DEV, 0); data/xorg-server-1.20.9/hw/xfree86/common/xf86Configure.c:479:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char displaySize_string[displaySizeMaxLen]; data/xorg-server-1.20.9/hw/xfree86/common/xf86Configure.c:535:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *fallback[5] = { "modesetting", "fbdev", "vesa", "wsfb", NULL }; data/xorg-server-1.20.9/hw/xfree86/common/xf86Configure.c:599:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/xorg-server-1.20.9/hw/xfree86/common/xf86Globals.c:58:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char byte_reversed[256] = { data/xorg-server-1.20.9/hw/xfree86/common/xf86Helper.c:1152:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PATH_MAX]; data/xorg-server-1.20.9/hw/xfree86/common/xf86Helper.c:1554:12: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(options, BSOptions, sizeof(BSOptions)); data/xorg-server-1.20.9/hw/xfree86/common/xf86Helper.c:1600:12: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(options, SMOptions, sizeof(SMOptions)); data/xorg-server-1.20.9/hw/xfree86/common/xf86Init.c:185:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[80]; data/xorg-server-1.20.9/hw/xfree86/common/xf86Init.c:186:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open("/proc/cmdline", O_RDONLY); data/xorg-server-1.20.9/hw/xfree86/common/xf86Init.c:205:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/xorg-server-1.20.9/hw/xfree86/common/xf86Init.c:1389:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(name, "kbd"); data/xorg-server-1.20.9/hw/xfree86/common/xf86MatchDrivers.h:30:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *matches[MATCH_DRIVERS_LIMIT]; data/xorg-server-1.20.9/hw/xfree86/common/xf86Mode.c:1478:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newCR, cp, sizeof(ClockRange)); data/xorg-server-1.20.9/hw/xfree86/common/xf86Option.c:306:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[16]; data/xorg-server-1.20.9/hw/xfree86/common/xf86Option.c:315:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[32]; data/xorg-server-1.20.9/hw/xfree86/common/xf86Option.c:331:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[16]; data/xorg-server-1.20.9/hw/xfree86/common/xf86Xinput.c:484:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char host_os[sizeof(name.sysname)] = ""; data/xorg-server-1.20.9/hw/xfree86/common/xf86Xinput.c:1049:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pInfo->major = atoi(value); data/xorg-server-1.20.9/hw/xfree86/common/xf86Xinput.c:1052:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pInfo->minor = atoi(value); data/xorg-server-1.20.9/hw/xfree86/common/xf86fbman.c:563:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(resize, area, sizeof(FBArea)); data/xorg-server-1.20.9/hw/xfree86/common/xf86pciBus.c:298:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *bus = atoi(p); data/xorg-server-1.20.9/hw/xfree86/common/xf86pciBus.c:300:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *bus += atoi(d) << 8; data/xorg-server-1.20.9/hw/xfree86/common/xf86pciBus.c:312:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *device = atoi(p); data/xorg-server-1.20.9/hw/xfree86/common/xf86pciBus.c:325:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *func = atoi(p); data/xorg-server-1.20.9/hw/xfree86/common/xf86pciBus.c:1073:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *driverList[5] = { NULL, NULL, NULL, NULL, NULL }; data/xorg-server-1.20.9/hw/xfree86/common/xf86pciBus.c:1306:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path_name[512], vendor_str[5], chip_str[5]; data/xorg-server-1.20.9/hw/xfree86/common/xf86pciBus.c:1330:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(path_name, "r"); data/xorg-server-1.20.9/hw/xfree86/common/xf86pciBus.c:1447:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char busnum[8]; data/xorg-server-1.20.9/hw/xfree86/common/xf86platformBus.c:84:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&xf86_platform_devices[j], &xf86_platform_devices[j + 1], sizeof(struct xf86_platform_device)); data/xorg-server-1.20.9/hw/xfree86/common/xf86platformBus.h:109:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static inline char * data/xorg-server-1.20.9/hw/xfree86/common/xf86sbusBus.c:54:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(device, O_RDONLY, 0); data/xorg-server-1.20.9/hw/xfree86/common/xf86sbusBus.c:86:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fbDevName[32]; data/xorg-server-1.20.9/hw/xfree86/common/xf86sbusBus.c:268:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *fbNum = atoi(id + 2); data/xorg-server-1.20.9/hw/xfree86/common/xf86sbusBus.c:284:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). i = atoi(id + len); data/xorg-server-1.20.9/hw/xfree86/common/xf86sbusBus.c:629:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char origRed[16]; data/xorg-server-1.20.9/hw/xfree86/common/xf86sbusBus.c:630:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char origGreen[16]; data/xorg-server-1.20.9/hw/xfree86/common/xf86sbusBus.c:631:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char origBlue[16]; data/xorg-server-1.20.9/hw/xfree86/common/xf86sbusBus.c:696:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[2]; data/xorg-server-1.20.9/hw/xfree86/common/xf86xv.c:401:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pa->pImages, adaptorPtr->pImages, data/xorg-server-1.20.9/hw/xfree86/common/xf86xv.c:409:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pa->pAttributes, adaptorPtr->pAttributes, data/xorg-server-1.20.9/hw/xfree86/ddc/ddc.c:273:12: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(options, DDCOptions, sizeof(DDCOptions)); data/xorg-server-1.20.9/hw/xfree86/ddc/ddc.c:353:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char W_Buffer[1]; data/xorg-server-1.20.9/hw/xfree86/ddc/ddc.c:419:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(options, DDCOptions, sizeof(DDCOptions)); data/xorg-server-1.20.9/hw/xfree86/ddc/edid.h:398:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[4]; data/xorg-server-1.20.9/hw/xfree86/ddc/edid.h:629:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ieee_id[3]; data/xorg-server-1.20.9/hw/xfree86/ddc/interpret_edid.c:565:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char empty_block[18]; data/xorg-server-1.20.9/hw/xfree86/ddc/interpret_edid.c:606:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(det_mon->section.est_iii, c + 6, 6); data/xorg-server-1.20.9/hw/xfree86/ddc/print_edid.c:529:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[EDID_WIDTH * 2 + 1]; data/xorg-server-1.20.9/hw/xfree86/ddc/print_edid.c:556:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(&buf[j * 2], "%02x", m->rawData[i + j]); data/xorg-server-1.20.9/hw/xfree86/dri/dri.c:301:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/xorg-server-1.20.9/hw/xfree86/dri2/dri2.c:1623:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ds->driverNames, info->driverNames, data/xorg-server-1.20.9/hw/xfree86/drivers/modesetting/dri2.c:1037:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *driver_names[2] = { NULL, NULL }; data/xorg-server-1.20.9/hw/xfree86/drivers/modesetting/driver.c:219:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(dev, O_RDWR | O_CLOEXEC, 0); data/xorg-server-1.20.9/hw/xfree86/drivers/modesetting/driver.c:222:37: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((NULL == dev) || ((fd = open(dev, O_RDWR | O_CLOEXEC, 0)) == -1)) { data/xorg-server-1.20.9/hw/xfree86/drivers/modesetting/driver.c:224:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(dev, O_RDWR | O_CLOEXEC, 0); data/xorg-server-1.20.9/hw/xfree86/drivers/modesetting/driver.c:975:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ms->drmmode.Options, Options, sizeof(Options)); data/xorg-server-1.20.9/hw/xfree86/drivers/modesetting/driver.c:1132:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(o, n, width); data/xorg-server-1.20.9/hw/xfree86/drivers/modesetting/drmmode_display.c:372:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, num_props * sizeof(*dst)); data/xorg-server-1.20.9/hw/xfree86/drivers/modesetting/drmmode_display.c:391:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst[i].enum_values, src[i].enum_values, data/xorg-server-1.20.9/hw/xfree86/drivers/modesetting/drmmode_display.c:2757:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&atom, value->data, 4); data/xorg-server-1.20.9/hw/xfree86/drivers/modesetting/drmmode_display.c:2844:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char conn_id[5]; data/xorg-server-1.20.9/hw/xfree86/drivers/modesetting/drmmode_display.c:2862:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(conn_id, blob_data + 4, len); data/xorg-server-1.20.9/hw/xfree86/drivers/modesetting/drmmode_display.c:2910:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[32]; data/xorg-server-1.20.9/hw/xfree86/exa/examodule.c:125:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pScreenPriv->options, EXAOptions, sizeof(EXAOptions)); data/xorg-server-1.20.9/hw/xfree86/fbdevhw/fbdevhw.c:266:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[256]; data/xorg-server-1.20.9/hw/xfree86/fbdevhw/fbdevhw.c:274:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(filename, O_RDONLY, 0); data/xorg-server-1.20.9/hw/xfree86/fbdevhw/fbdevhw.c:279:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(filename, O_RDONLY, 0); data/xorg-server-1.20.9/hw/xfree86/fbdevhw/fbdevhw.c:285:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(filename, O_RDWR, 0); data/xorg-server-1.20.9/hw/xfree86/fbdevhw/fbdevhw.c:315:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(dev, O_RDWR, 0); data/xorg-server-1.20.9/hw/xfree86/fbdevhw/fbdevhw.c:320:37: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((NULL == dev) || ((fd = open(dev, O_RDWR, 0)) == -1)) { data/xorg-server-1.20.9/hw/xfree86/fbdevhw/fbdevhw.c:323:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(dev, O_RDWR, 0); data/xorg-server-1.20.9/hw/xfree86/fbdevhw/fbdevhw.c:334:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PATH_MAX]; data/xorg-server-1.20.9/hw/xfree86/fbdevhw/fbpriv.h:93:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[16]; /* identification string eg "TT Builtin" */ data/xorg-server-1.20.9/hw/xfree86/int10/generic.c:110:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, map, len); data/xorg-server-1.20.9/hw/xfree86/int10/helper_mem.c:122:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(base + 0x0FFF5, "06/11/99"); data/xorg-server-1.20.9/hw/xfree86/int10/helper_mem.c:124:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(base + 0x0FFD9, "PCI_ISA"); data/xorg-server-1.20.9/hw/xfree86/int10/helper_mem.c:213:20: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(options, INT10Options, sizeof(INT10Options)); data/xorg-server-1.20.9/hw/xfree86/loader/loadmod.c:208:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errmsg[80]; data/xorg-server-1.20.9/hw/xfree86/loader/loadmod.c:331:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PATH_MAX + 1]; data/xorg-server-1.20.9/hw/xfree86/loader/loadmod.c:350:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PATH_MAX + 1]; data/xorg-server-1.20.9/hw/xfree86/modes/xf86Crtc.c:523:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(output->options, xf86OutputOptions, sizeof(xf86OutputOptions)); data/xorg-server-1.20.9/hw/xfree86/modes/xf86Crtc.c:591:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *direction[4] = { data/xorg-server-1.20.9/hw/xfree86/modes/xf86Crtc.c:1028:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(crtcs, best_crtcs, n * sizeof(xf86CrtcPtr)); data/xorg-server-1.20.9/hw/xfree86/modes/xf86Crtc.c:1033:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(best_crtcs, crtcs, config->num_output * sizeof(xf86CrtcPtr)); data/xorg-server-1.20.9/hw/xfree86/modes/xf86Crtc.c:2366:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(modes, preferred_match, data/xorg-server-1.20.9/hw/xfree86/modes/xf86Crtc.c:2516:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(config->options, xf86DeviceOptions, sizeof(xf86DeviceOptions)); data/xorg-server-1.20.9/hw/xfree86/modes/xf86Crtc.c:2622:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&crtc->panningTotalArea, &output->initialTotalArea, data/xorg-server-1.20.9/hw/xfree86/modes/xf86Crtc.c:2624:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&crtc->panningTrackingArea, &output->initialTrackingArea, data/xorg-server-1.20.9/hw/xfree86/modes/xf86Crtc.c:2626:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(crtc->panningBorder, output->initialBorder, data/xorg-server-1.20.9/hw/xfree86/modes/xf86Modes.c:323:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[256]; data/xorg-server-1.20.9/hw/xfree86/modes/xf86Modes.c:327:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char tchar[TBITS + 1] = "UezdPb"; data/xorg-server-1.20.9/hw/xfree86/modes/xf86Modes.c:333:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type[TBITS + 2]; /* +1 for leading space */ data/xorg-server-1.20.9/hw/xfree86/modes/xf86RandR12.c:1373:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(crtc->gamma_red, randr_crtc->gammaRed, data/xorg-server-1.20.9/hw/xfree86/modes/xf86RandR12.c:1375:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(crtc->gamma_green, randr_crtc->gammaGreen, data/xorg-server-1.20.9/hw/xfree86/modes/xf86RandR12.c:1377:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(crtc->gamma_blue, randr_crtc->gammaBlue, data/xorg-server-1.20.9/hw/xfree86/modes/xf86RandR12.c:1760:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[25]; data/xorg-server-1.20.9/hw/xfree86/modes/xf86RandR12.c:1890:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(totalArea, &crtc->panningTotalArea, sizeof(BoxRec)); data/xorg-server-1.20.9/hw/xfree86/modes/xf86RandR12.c:1892:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(trackingArea, &crtc->panningTrackingArea, sizeof(BoxRec)); data/xorg-server-1.20.9/hw/xfree86/modes/xf86RandR12.c:1894:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(border, crtc->panningBorder, 4 * sizeof(INT16)); data/xorg-server-1.20.9/hw/xfree86/modes/xf86RandR12.c:1914:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&oldTotalArea, &crtc->panningTotalArea, sizeof(BoxRec)); data/xorg-server-1.20.9/hw/xfree86/modes/xf86RandR12.c:1915:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&oldTrackingArea, &crtc->panningTrackingArea, sizeof(BoxRec)); data/xorg-server-1.20.9/hw/xfree86/modes/xf86RandR12.c:1916:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(oldBorder, crtc->panningBorder, 4 * sizeof(INT16)); data/xorg-server-1.20.9/hw/xfree86/modes/xf86RandR12.c:1919:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&crtc->panningTotalArea, totalArea, sizeof(BoxRec)); data/xorg-server-1.20.9/hw/xfree86/modes/xf86RandR12.c:1921:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&crtc->panningTrackingArea, trackingArea, sizeof(BoxRec)); data/xorg-server-1.20.9/hw/xfree86/modes/xf86RandR12.c:1923:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(crtc->panningBorder, border, 4 * sizeof(INT16)); data/xorg-server-1.20.9/hw/xfree86/modes/xf86RandR12.c:1932:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&crtc->panningTotalArea, &oldTotalArea, sizeof(BoxRec)); data/xorg-server-1.20.9/hw/xfree86/modes/xf86RandR12.c:1933:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&crtc->panningTrackingArea, &oldTrackingArea, sizeof(BoxRec)); data/xorg-server-1.20.9/hw/xfree86/modes/xf86RandR12.c:1934:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(crtc->panningBorder, oldBorder, 4 * sizeof(INT16)); data/xorg-server-1.20.9/hw/xfree86/modes/xf86Rotate.c:455:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_params, transform->params, data/xorg-server-1.20.9/hw/xfree86/os-support/bsd/alpha_video.c:112:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(DEV_APERTURE, O_RDWR)) >= 0) { data/xorg-server-1.20.9/hw/xfree86/os-support/bsd/alpha_video.c:132:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(DEV_MEM, O_RDWR)) >= 0) { data/xorg-server-1.20.9/hw/xfree86/os-support/bsd/arm_video.c:99:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(DEV_MEM, O_RDWR)) >= 0) { data/xorg-server-1.20.9/hw/xfree86/os-support/bsd/arm_video.c:142:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((IoFd = open("/dev/io", O_RDWR)) == -1) { data/xorg-server-1.20.9/hw/xfree86/os-support/bsd/arm_video.c:174:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open("/dev/ttyC0", O_RDWR)) >= 0) { data/xorg-server-1.20.9/hw/xfree86/os-support/bsd/bsd_apm.c:118:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(APM_DEVICE, O_RDWR)) == -1) { data/xorg-server-1.20.9/hw/xfree86/os-support/bsd/bsd_init.c:180:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((i = open("/dev/tty", O_RDWR)) >= 0) { data/xorg-server-1.20.9/hw/xfree86/os-support/bsd/bsd_init.c:194:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cons_drivers[80] = { 0, }; data/xorg-server-1.20.9/hw/xfree86/os-support/bsd/bsd_init.c:197:21: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(cons_drivers, ", "); data/xorg-server-1.20.9/hw/xfree86/os-support/bsd/bsd_init.c:219:33: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((devConsoleFd = open("/dev/console", O_WRONLY, 0)) < 0) { data/xorg-server-1.20.9/hw/xfree86/os-support/bsd/bsd_init.c:324:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(PCCONS_CONSOLE_DEV1, PCCONS_CONSOLE_MODE, 0)) data/xorg-server-1.20.9/hw/xfree86/os-support/bsd/bsd_init.c:325:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). >= 0 || (fd = open(PCCONS_CONSOLE_DEV2, PCCONS_CONSOLE_MODE, 0)) data/xorg-server-1.20.9/hw/xfree86/os-support/bsd/bsd_init.c:349:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vtname[12]; data/xorg-server-1.20.9/hw/xfree86/os-support/bsd/bsd_init.c:354:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(SYSCONS_CONSOLE_DEV1, SYSCONS_CONSOLE_MODE, 0)) >= 0 data/xorg-server-1.20.9/hw/xfree86/os-support/bsd/bsd_init.c:355:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). || (fd = open(SYSCONS_CONSOLE_DEV2, SYSCONS_CONSOLE_MODE, 0)) >= 0) { data/xorg-server-1.20.9/hw/xfree86/os-support/bsd/bsd_init.c:419:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(vtname, SYSCONS_CONSOLE_MODE, 0)) < 0) { data/xorg-server-1.20.9/hw/xfree86/os-support/bsd/bsd_init.c:456:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vtname[12], *vtprefix; data/xorg-server-1.20.9/hw/xfree86/os-support/bsd/bsd_init.c:465:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(PCVT_CONSOLE_DEV, PCVT_CONSOLE_MODE, 0); data/xorg-server-1.20.9/hw/xfree86/os-support/bsd/bsd_init.c:468:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(WSCONS_PCVT_COMPAT_CONSOLE_DEV, PCVT_CONSOLE_MODE, 0); data/xorg-server-1.20.9/hw/xfree86/os-support/bsd/bsd_init.c:508:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(vtname, PCVT_CONSOLE_MODE, 0)) < 0) { data/xorg-server-1.20.9/hw/xfree86/os-support/bsd/bsd_init.c:514:27: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(vtname, PCVT_CONSOLE_MODE, 0)) < 0) { data/xorg-server-1.20.9/hw/xfree86/os-support/bsd/bsd_init.c:552:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ttyname[16]; data/xorg-server-1.20.9/hw/xfree86/os-support/bsd/bsd_init.c:561:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(ttyname, 2)) != -1) data/xorg-server-1.20.9/hw/xfree86/os-support/bsd/bsd_kqueue_apm.c:122:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((ctlFd = open(_PATH_APM_CTLDEV, O_RDWR)) < 0) { data/xorg-server-1.20.9/hw/xfree86/os-support/bsd/bsd_kqueue_apm.c:164:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((devFd = open(_PATH_APM_DEV, O_RDONLY)) == -1) { data/xorg-server-1.20.9/hw/xfree86/os-support/bsd/i386_video.c:82:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(DEV_MEM, O_RDWR)) >= 0) { data/xorg-server-1.20.9/hw/xfree86/os-support/bsd/i386_video.c:112:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(DEV_APERTURE, O_RDWR)) >= 0) { data/xorg-server-1.20.9/hw/xfree86/os-support/bsd/i386_video.c:258:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((IoFd = open("/dev/io", O_RDWR)) == -1) { data/xorg-server-1.20.9/hw/xfree86/os-support/bsd/memrange.h:33:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mr_owner[8]; data/xorg-server-1.20.9/hw/xfree86/os-support/bus/Sbus.c:162:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024]; data/xorg-server-1.20.9/hw/xfree86/os-support/bus/Sbus.c:167:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen("/proc/cpuinfo", "r"); data/xorg-server-1.20.9/hw/xfree86/os-support/bus/Sbus.c:213:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). promFd = open("/dev/openprom", O_RDONLY, 0); data/xorg-server-1.20.9/hw/xfree86/os-support/bus/Sbus.c:397:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (holes && (f = fopen("/proc/fb", "r")) != NULL) { data/xorg-server-1.20.9/hw/xfree86/os-support/bus/Sbus.c:400:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[64]; data/xorg-server-1.20.9/hw/xfree86/os-support/bus/Sbus.c:460:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char regstr[40]; data/xorg-server-1.20.9/hw/xfree86/os-support/bus/Sbus.c:653:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). psdp->fd = open(psdp->device, O_RDWR); data/xorg-server-1.20.9/hw/xfree86/os-support/bus/Sbus.c:687:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char zeros[8]; data/xorg-server-1.20.9/hw/xfree86/os-support/bus/Sbus.c:708:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char red[2], green[2], blue[2]; data/xorg-server-1.20.9/hw/xfree86/os-support/hurd/hurd_init.c:75:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open("/dev/kbd", O_RDONLY | O_NONBLOCK)) < 0) { data/xorg-server-1.20.9/hw/xfree86/os-support/linux/int10/linux.c:81:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, map, len); data/xorg-server-1.20.9/hw/xfree86/os-support/linux/int10/linux.c:130:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(DEV_MEM, O_RDWR, 0)) >= 0) { data/xorg-server-1.20.9/hw/xfree86/os-support/linux/int10/linux.c:190:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(DEV_MEM, O_RDWR, 0)) >= 0) { data/xorg-server-1.20.9/hw/xfree86/os-support/linux/int10/linux.c:376:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(DEV_MEM, O_RDWR, 0)) >= 0) { data/xorg-server-1.20.9/hw/xfree86/os-support/linux/lnx_acpi.c:58:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ev[LINE_LENGTH]; data/xorg-server-1.20.9/hw/xfree86/os-support/linux/lnx_agp.c:72:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). gartFd = open(AGP_DEVICE, O_RDWR, 0); data/xorg-server-1.20.9/hw/xfree86/os-support/linux/lnx_apm.c:165:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(APM_DEVICE, O_RDWR)) > -1) { data/xorg-server-1.20.9/hw/xfree86/os-support/linux/lnx_apm.c:166:47: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (access(APM_PROC, R_OK) || ((pfd = open(APM_PROC, O_RDONLY)) == -1)) { data/xorg-server-1.20.9/hw/xfree86/os-support/linux/lnx_init.c:52:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char vtname[11]; data/xorg-server-1.20.9/hw/xfree86/os-support/linux/lnx_init.c:109:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open("/dev/tty0", O_WRONLY, 0); data/xorg-server-1.20.9/hw/xfree86/os-support/linux/lnx_init.c:207:39: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((xf86Info.consoleFd = open(vtname, O_RDWR | O_NDELAY, 0)) >= 0) data/xorg-server-1.20.9/hw/xfree86/os-support/linux/lnx_kmod.c:39:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mpPath[MAX_PATH] = ""; data/xorg-server-1.20.9/hw/xfree86/os-support/linux/lnx_kmod.c:44:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(MODPROBE_PATH_FILE, O_RDONLY); data/xorg-server-1.20.9/hw/xfree86/os-support/linux/lnx_kmod.c:60:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mpPath, "/sbin/modprobe"); data/xorg-server-1.20.9/hw/xfree86/os-support/linux/lnx_platform.c:46:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(path, O_RDWR | O_CLOEXEC, 0); data/xorg-server-1.20.9/hw/xfree86/os-support/linux/lnx_video.c:95:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open("/dev/mem", O_RDWR); data/xorg-server-1.20.9/hw/xfree86/os-support/shared/posix_tty.c:131:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). SYSCALL(fd = open(dev, O_RDWR | O_NONBLOCK)); data/xorg-server-1.20.9/hw/xfree86/os-support/shared/posix_tty.c:429:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c[256]; data/xorg-server-1.20.9/hw/xfree86/os-support/solaris/sun_VTsw.c:95:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((door_fd = open(VT_DAEMON_DOOR_FILE, O_RDONLY)) < 0) data/xorg-server-1.20.9/hw/xfree86/os-support/solaris/sun_agp.c:85:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). gartFd = open(AGP_DEVICE, O_RDWR); data/xorg-server-1.20.9/hw/xfree86/os-support/solaris/sun_apm.c:202:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(APM_DEVICE, O_RDWR)) == -1) { data/xorg-server-1.20.9/hw/xfree86/os-support/solaris/sun_apm.c:203:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(APM_DEVICE1, O_RDWR)) == -1) { data/xorg-server-1.20.9/hw/xfree86/os-support/solaris/sun_bell.c:69:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). audioFD = open(AUDIO_DEVICE, O_WRONLY | O_NONBLOCK); data/xorg-server-1.20.9/hw/xfree86/os-support/solaris/sun_init.c:58:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char consoleDev[PATH_MAX] = "/dev/fb"; data/xorg-server-1.20.9/hw/xfree86/os-support/solaris/sun_init.c:62:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. _X_HIDDEN char xf86SolarisFbDev[PATH_MAX] = "/dev/fb"; data/xorg-server-1.20.9/hw/xfree86/os-support/solaris/sun_init.c:102:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open("/dev/vt/0", O_RDWR, 0)) == -1) { data/xorg-server-1.20.9/hw/xfree86/os-support/solaris/sun_init.c:180:36: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (((xf86Info.consoleFd = open(consoleDev, O_RDWR | O_NDELAY, 0)) < 0)) data/xorg-server-1.20.9/hw/xfree86/os-support/solaris/sun_init.c:217:59: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (ioctl(xf86Info.consoleFd, VT_SETDISPINFO, atoi(display)) < 0) data/xorg-server-1.20.9/hw/xfree86/os-support/solaris/sun_init.c:280:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(xf86SolarisFbDev, O_RDWR, 0)) < 0) { data/xorg-server-1.20.9/hw/xfree86/os-support/xf86_OSlib.h:144:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern _X_HIDDEN char xf86SolarisFbDev[PATH_MAX]; data/xorg-server-1.20.9/hw/xfree86/os-support/xf86_OSlib.h:265:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[16]; data/xorg-server-1.20.9/hw/xfree86/parser/scan.c:720:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(filepath, "r"); data/xorg-server-1.20.9/hw/xfree86/parser/scan.c:778:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(path, "r"); data/xorg-server-1.20.9/hw/xfree86/parser/write.c:80:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((cf = fopen(filename, "w")) == NULL) { data/xorg-server-1.20.9/hw/xfree86/parser/xf86Parser.h:281:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *scrn_gpu_device_str[CONF_MAXGPUDEVICES]; data/xorg-server-1.20.9/hw/xfree86/ramdac/xf86RamDac.h:20:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char DAC[0x300]; /* colour map */ data/xorg-server-1.20.9/hw/xfree86/utils/cvt/cvt.c:235:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). HDisplay = atoi(argv[n]); data/xorg-server-1.20.9/hw/xfree86/utils/cvt/cvt.c:242:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). VDisplay = atoi(argv[n]); data/xorg-server-1.20.9/hw/xfree86/utils/gtf/gtf.c:611:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). o->x = atoi(argv[1]); data/xorg-server-1.20.9/hw/xfree86/utils/gtf/gtf.c:612:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). o->y = atoi(argv[2]); data/xorg-server-1.20.9/hw/xfree86/vbe/vbe.c:79:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vbe->VbeSignature, vbeVersionString, 4); data/xorg-server-1.20.9/hw/xfree86/vbe/vbe.c:274:12: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(options, VBEOptions, sizeof(VBEOptions)); data/xorg-server-1.20.9/hw/xfree86/vbe/vbe.c:306:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, page, 128); data/xorg-server-1.20.9/hw/xfree86/vbe/vbe.c:401:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(block->VideoModePtr, modes, sizeof(CARD16) * i); data/xorg-server-1.20.9/hw/xfree86/vbe/vbe.c:407:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&block->OemSoftwareRev, ((char *) pVbe->memory) + 20, 236); data/xorg-server-1.20.9/hw/xfree86/vbe/vbe.c:419:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&block->Reserved, ((char *) pVbe->memory) + 34, 222); data/xorg-server-1.20.9/hw/xfree86/vbe/vbe.c:420:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&block->OemData, ((char *) pVbe->memory) + 256, 256); data/xorg-server-1.20.9/hw/xfree86/vbe/vbe.c:466:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pVbe->memory, block, sizeof(VbeCRTCInfoBlock)); data/xorg-server-1.20.9/hw/xfree86/vbe/vbe.c:535:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(block, pVbe->memory, sizeof(*block)); data/xorg-server-1.20.9/hw/xfree86/vbe/vbe.c:819:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pVbe->memory, data, num * sizeof(CARD32)); data/xorg-server-1.20.9/hw/xfree86/vbe/vbe.c:829:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, pVbe->memory, num * sizeof(CARD32)); data/xorg-server-1.20.9/hw/xfree86/vbe/vbe.c:929:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vbe_sr->state, vbe_sr->pstate, vbe_sr->stateSize); data/xorg-server-1.20.9/hw/xfree86/vbe/vbe.c:940:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vbe_sr->pstate, vbe_sr->state, vbe_sr->stateSize); data/xorg-server-1.20.9/hw/xfree86/vbe/vbe.c:1082:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, page, 32); data/xorg-server-1.20.9/hw/xfree86/vbe/vbe.h:350:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char reserved[14]; data/xorg-server-1.20.9/hw/xfree86/vgahw/vgaHW.c:1538:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (newMode.regtype, regp->regtype, VGAHWMINNUM(regtype)) data/xorg-server-1.20.9/hw/xfree86/vgahw/vgaHW.c:1544:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&newMode, regp, sizeof(vgaRegRec)); data/xorg-server-1.20.9/hw/xfree86/vgahw/vgaHW.c:1557:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&newSaved, regp, sizeof(vgaRegRec)); data/xorg-server-1.20.9/hw/xfree86/vgahw/vgaHW.c:1587:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(regp, &newMode, sizeof(vgaRegRec)); data/xorg-server-1.20.9/hw/xfree86/vgahw/vgaHW.c:1591:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(regp, &newSaved, sizeof(vgaRegRec)); data/xorg-server-1.20.9/hw/xfree86/vgahw/vgaHW.c:1604:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, sizeof(vgaRegRec)); data/xorg-server-1.20.9/hw/xfree86/vgahw/vgaHW.c:1609:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->CRTC, src->CRTC, src->numCRTC); data/xorg-server-1.20.9/hw/xfree86/vgahw/vgaHW.c:1610:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->Sequencer, src->Sequencer, src->numSequencer); data/xorg-server-1.20.9/hw/xfree86/vgahw/vgaHW.c:1611:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->Graphics, src->Graphics, src->numGraphics); data/xorg-server-1.20.9/hw/xfree86/vgahw/vgaHW.c:1612:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->Attribute, src->Attribute, src->numAttribute); data/xorg-server-1.20.9/hw/xfree86/vgahw/vgaHW.h:87:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char DAC[768]; /* Internal Colorlookuptable */ data/xorg-server-1.20.9/hw/xfree86/x86emu/debug.c:180:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[100]; data/xorg-server-1.20.9/hw/xfree86/x86emu/debug.c:200:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[64]; data/xorg-server-1.20.9/hw/xfree86/x86emu/debug.c:203:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf1 + 2 * i, "%02x", fetch_data_byte_abs(s, o + i)); data/xorg-server-1.20.9/hw/xfree86/x86emu/debug.c:248:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[1024]; data/xorg-server-1.20.9/hw/xfree86/x86emu/validate.c:64:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[80],buf2[80]; \ data/xorg-server-1.20.9/hw/xfree86/x86emu/validate.c:195:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[80],buf2[80]; \ data/xorg-server-1.20.9/hw/xfree86/x86emu/validate.c:263:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[80],buf2[80]; \ data/xorg-server-1.20.9/hw/xfree86/x86emu/validate.c:343:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[80],buf2[80]; \ data/xorg-server-1.20.9/hw/xfree86/x86emu/validate.c:384:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[80],buf2[80]; \ data/xorg-server-1.20.9/hw/xfree86/x86emu/validate.c:426:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[80],buf2[80]; \ data/xorg-server-1.20.9/hw/xfree86/x86emu/validate.c:467:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[80],buf2[80]; \ data/xorg-server-1.20.9/hw/xfree86/x86emu/validate.c:511:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[80],buf2[80]; \ data/xorg-server-1.20.9/hw/xfree86/x86emu/validate.c:556:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[80],buf2[80]; \ data/xorg-server-1.20.9/hw/xfree86/x86emu/validate.c:613:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, "CF"); data/xorg-server-1.20.9/hw/xfree86/x86emu/validate.c:618:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, "PF"); data/xorg-server-1.20.9/hw/xfree86/x86emu/validate.c:623:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, "AF"); data/xorg-server-1.20.9/hw/xfree86/x86emu/validate.c:628:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, "ZF"); data/xorg-server-1.20.9/hw/xfree86/x86emu/validate.c:633:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, "SF"); data/xorg-server-1.20.9/hw/xfree86/x86emu/validate.c:638:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, "OF"); data/xorg-server-1.20.9/hw/xfree86/x86emu/validate.c:642:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "None"); data/xorg-server-1.20.9/hw/xfree86/x86emu/x86emu/regs.h:288:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char decode_buf[32]; /* encoded byte stream */ data/xorg-server-1.20.9/hw/xfree86/x86emu/x86emu/regs.h:289:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char decoded_buf[256]; /* disassembled strings */ data/xorg-server-1.20.9/hw/xfree86/xkb/xkbPrivate.c:24:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msgbuf[XkbAnyActionDataSize + 1]; data/xorg-server-1.20.9/hw/xfree86/xkb/xkbPrivate.c:27:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msgbuf, xf86act->data, XkbAnyActionDataSize); data/xorg-server-1.20.9/hw/xfree86/xorg-wrapper.c:86:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/xorg-server-1.20.9/hw/xfree86/xorg-wrapper.c:90:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(CONFIG_FILE, "r"); data/xorg-server-1.20.9/hw/xfree86/xorg-wrapper.c:197:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PATH_MAX]; data/xorg-server-1.20.9/hw/xfree86/xorg-wrapper.c:203:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *const empty_envp[1] = { NULL, }; data/xorg-server-1.20.9/hw/xfree86/xorg-wrapper.c:238:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(buf, O_RDWR); data/xorg-server-1.20.9/hw/xquartz/GL/capabilities.h:50:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stencil_bit_depths[GLCAPS_STENCIL_BIT_DEPTH_BUFFERS]; data/xorg-server-1.20.9/hw/xquartz/darwin.c:791:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). darwinDesiredDepth = atoi(argv[i + 1]); data/xorg-server-1.20.9/hw/xquartz/keysym2ucs.c:883:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(reverse_keysymtab, keysymtab, sizeof(keysymtab)); data/xorg-server-1.20.9/hw/xquartz/mach-startup/bundle-main.c:91:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char __crashreporter_info_buff__[4096] = { 0 }; data/xorg-server-1.20.9/hw/xquartz/mach-startup/bundle-main.c:200:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bytes[CMSG_SPACE(sizeof(int))]; data/xorg-server-1.20.9/hw/xquartz/mach-startup/bundle-main.c:531:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024], *temp; data/xorg-server-1.20.9/hw/xquartz/mach-startup/bundle-main.c:754:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open("/dev/null", O_RDONLY); data/xorg-server-1.20.9/hw/xquartz/mach-startup/bundle-main.c:786:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *newargv[4]; data/xorg-server-1.20.9/hw/xquartz/mach-startup/mach_startup_types.h:6:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef char string_t[STRING_T_SIZE]; data/xorg-server-1.20.9/hw/xquartz/mach-startup/stub.c:57:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char x11_path[PATH_MAX + 1]; data/xorg-server-1.20.9/hw/xquartz/mach-startup/stub.c:161:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bytes[CMSG_SPACE(sizeof(int))]; data/xorg-server-1.20.9/hw/xquartz/mach-startup/stub.c:275:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *_argv[3]; data/xorg-server-1.20.9/hw/xquartz/quartz.c:509:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pQuartzScreen->displayIDs, displayIDs, size); data/xorg-server-1.20.9/hw/xquartz/quartzKeyboard.c:189:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char modifierKeycodes[32][2]; data/xorg-server-1.20.9/hw/xquartz/quartzKeyboard.c:373:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pDev->kbdfeed->ctrl.autoRepeats, ctrl->per_key_repeat, data/xorg-server-1.20.9/hw/xquartz/quartzKeyboard.c:395:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char usermodmap[PATH_MAX], cmd[PATH_MAX]; data/xorg-server-1.20.9/hw/xquartz/xpr/appledri.c:271:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[PATH_MAX]; data/xorg-server-1.20.9/hw/xquartz/xpr/dri.c:96:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char shmPath[PATH_MAX]; data/xorg-server-1.20.9/hw/xwayland/xwayland-cursor.c:156:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pixmap->devPrivate.ptr, data/xorg-server-1.20.9/hw/xwayland/xwayland-cursor.c:208:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pixmap->devPrivate.ptr, data/xorg-server-1.20.9/hw/xwayland/xwayland-cvt.c:88:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[128]; data/xorg-server-1.20.9/hw/xwayland/xwayland-glamor-gbm.c:134:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(device_path, O_RDWR | O_CLOEXEC); data/xorg-server-1.20.9/hw/xwayland/xwayland-glamor-gbm.c:460:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(xwl_gbm->device_name, O_RDWR | O_CLOEXEC); data/xorg-server-1.20.9/hw/xwayland/xwayland-glamor-gbm.c:762:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). xwl_gbm->drm_fd = open(xwl_gbm->device_name, O_RDWR | O_CLOEXEC); data/xorg-server-1.20.9/hw/xwayland/xwayland-glamor-xv.c:281:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pa->pAttributes, glamor_xv_attributes, data/xorg-server-1.20.9/hw/xwayland/xwayland-glamor-xv.c:294:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pa->pImages, glamor_xv_images, glamor_xv_num_images * sizeof(XvImageRec)); data/xorg-server-1.20.9/hw/xwayland/xwayland-input.c:1144:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[32]; data/xorg-server-1.20.9/hw/xwayland/xwayland-output.c:333:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/xorg-server-1.20.9/hw/xwayland/xwayland-shm.c:83:10: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). fd = mkstemp(tmpname); data/xorg-server-1.20.9/hw/xwayland/xwayland.c:1150:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xwl_screen->wm_fd = atoi(argv[i + 1]); data/xorg-server-1.20.9/hw/xwayland/xwayland.c:1161:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(argv[i + 1]); data/xorg-server-1.20.9/hw/xwayland/xwayland.c:1317:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[256]; data/xorg-server-1.20.9/hw/xwin/InitInput.c:133:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). g_fdMessageQueue = open(WIN_MSG_QUEUE_FNAME, O_RDONLY); data/xorg-server-1.20.9/hw/xwin/InitOutput.c:356:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[MAX_PATH]; data/xorg-server-1.20.9/hw/xwin/InitOutput.c:394:26: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fontdirs = fopen(ETCX11DIR "/font-dirs", "rt"); data/xorg-server-1.20.9/hw/xwin/InitOutput.c:397:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256]; data/xorg-server-1.20.9/hw/xwin/InitOutput.c:563:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[MAX_PATH]; data/xorg-server-1.20.9/hw/xwin/InitOutput.c:570:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[MAX_PATH]; data/xorg-server-1.20.9/hw/xwin/InitOutput.c:577:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[MAX_PATH]; data/xorg-server-1.20.9/hw/xwin/InitOutput.c:584:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[MAX_PATH + 5]; data/xorg-server-1.20.9/hw/xwin/InitOutput.c:599:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[MAX_PATH]; data/xorg-server-1.20.9/hw/xwin/InitOutput.c:611:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char xkbbasedir[MAX_PATH]; data/xorg-server-1.20.9/hw/xwin/ddraw.h:1180:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szDriver[MAX_DDDEVICEID_STRING]; data/xorg-server-1.20.9/hw/xwin/ddraw.h:1181:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szDescription[MAX_DDDEVICEID_STRING]; data/xorg-server-1.20.9/hw/xwin/ddraw.h:1191:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szDriver[MAX_DDDEVICEID_STRING]; /* user readable driver name */ data/xorg-server-1.20.9/hw/xwin/ddraw.h:1192:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szDescription[MAX_DDDEVICEID_STRING]; /* user readable description */ data/xorg-server-1.20.9/hw/xwin/glx/indirect.c:110:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024]; \ data/xorg-server-1.20.9/hw/xwin/glx/indirect.c:124:44: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). glxWinDebugSettings.enableDebug = (atoi(envptr) == 1); data/xorg-server-1.20.9/hw/xwin/glx/indirect.c:128:44: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). glxWinDebugSettings.enableTrace = (atoi(envptr) == 1); data/xorg-server-1.20.9/hw/xwin/glx/indirect.c:132:40: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). glxWinDebugSettings.dumpPFD = (atoi(envptr) == 1); data/xorg-server-1.20.9/hw/xwin/glx/indirect.c:136:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). glxWinDebugSettings.dumpHWND = (atoi(envptr) == 1); data/xorg-server-1.20.9/hw/xwin/glx/indirect.c:140:39: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). glxWinDebugSettings.dumpDC = (atoi(envptr) == 1); data/xorg-server-1.20.9/hw/xwin/glx/indirect.c:144:50: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). glxWinDebugSettings.enableGLcallTrace = (atoi(envptr) == 1); data/xorg-server-1.20.9/hw/xwin/glx/indirect.c:148:51: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). glxWinDebugSettings.enableWGLcallTrace = (atoi(envptr) == 1); data/xorg-server-1.20.9/hw/xwin/glx/indirect.c:166:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char errorbuffer[1024]; data/xorg-server-1.20.9/hw/xwin/glx/indirect.c:180:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errorbuffer + strlen(errorbuffer), " (%08x)", last_error); data/xorg-server-1.20.9/hw/xwin/glx/indirect.c:949:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[MAX_PATH]; data/xorg-server-1.20.9/hw/xwin/glx/indirect.c:1001:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pData, (void *)&bmpHeader, sizeof(BITMAPINFOHEADER)); data/xorg-server-1.20.9/hw/xwin/winclipboard/thread.c:181:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fdMessageQueue = open(WIN_MSG_QUEUE_FNAME, O_RDONLY); data/xorg-server-1.20.9/hw/xwin/winclipboard/thread.c:470:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pszErrorMsg[100]; data/xorg-server-1.20.9/hw/xwin/winclipboard/xevents.c:76:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *szSelectionNames[CLIP_NUM_SELECTIONS] = data/xorg-server-1.20.9/hw/xwin/winclipboard/xevents.c:213:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pszTextList[2] = { NULL }; data/xorg-server-1.20.9/hw/xwin/winclipboard/xevents.c:669:35: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). int iUnicodeLen = MultiByteToWideChar(CP_UTF8, data/xorg-server-1.20.9/hw/xwin/winclipboard/xevents.c:685:17: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). MultiByteToWideChar(CP_UTF8, data/xorg-server-1.20.9/hw/xwin/winclipboardinit.c:57:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szDisplay[512]; data/xorg-server-1.20.9/hw/xwin/winconfig.c:225:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char layoutName[KL_NAMELENGTH]; data/xorg-server-1.20.9/hw/xwin/winconfig.c:226:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char layoutFriendlyName[256]; data/xorg-server-1.20.9/hw/xwin/winconfig.c:915:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(n, "No"); data/xorg-server-1.20.9/hw/xwin/wincreatewnd.c:62:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szTitle[256]; data/xorg-server-1.20.9/hw/xwin/wincreatewnd.c:143:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szTitle[256]; data/xorg-server-1.20.9/hw/xwin/wincursor.c:265:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, 4 * nCX); data/xorg-server-1.20.9/hw/xwin/windialogs.c:72:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[256]; data/xorg-server-1.20.9/hw/xwin/winerror.c:66:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errormsg[1024] = ""; data/xorg-server-1.20.9/hw/xwin/winmessages.h:5:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *MESSAGE_NAMES[1024] = { data/xorg-server-1.20.9/hw/xwin/winmsg.c:138:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[64]; data/xorg-server-1.20.9/hw/xwin/winmultiwindowclass.c:138:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hints, prop->data, sizeof(WinXWMHints)); data/xorg-server-1.20.9/hw/xwin/winmultiwindowclass.c:212:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hints, prop->data, sizeof(WinXSizeHints)); data/xorg-server-1.20.9/hw/xwin/winmultiwindowclass.c:246:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pDaddyId, prop->data, sizeof(Window)); data/xorg-server-1.20.9/hw/xwin/winmultiwindowicons.c:271:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(DIB_pixels, pixels, height * width * 4); data/xorg-server-1.20.9/hw/xwin/winmultiwindowicons.c:312:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. RGB(((char *) pixels)[2], ((char *) pixels)[1], data/xorg-server-1.20.9/hw/xwin/winmultiwindowicons.c:312:55: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. RGB(((char *) pixels)[2], ((char *) pixels)[1], data/xorg-server-1.20.9/hw/xwin/winmultiwindowicons.c:313:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((char *) pixels)[0])); data/xorg-server-1.20.9/hw/xwin/winmultiwindowwm.c:434:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostname[HOST_NAME_MAX + 1]; data/xorg-server-1.20.9/hw/xwin/winmultiwindowwm.c:631:17: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). MultiByteToWideChar(CP_UTF8, 0, pszWindowName, -1, NULL, 0); data/xorg-server-1.20.9/hw/xwin/winmultiwindowwm.c:634:13: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). MultiByteToWideChar(CP_UTF8, 0, pszWindowName, -1, data/xorg-server-1.20.9/hw/xwin/winmultiwindowwm.c:1031:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pszDisplay[512]; data/xorg-server-1.20.9/hw/xwin/winmultiwindowwm.c:1421:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pszDisplay[512]; data/xorg-server-1.20.9/hw/xwin/winmultiwindowwm.c:1574:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&pNode->msg, pMsg, sizeof(winWMMessageRec)); data/xorg-server-1.20.9/hw/xwin/winmultiwindowwndproc.c:1025:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/xorg-server-1.20.9/hw/xwin/winmultiwindowwndproc.c:1029:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "SIZE_MINIMIZED"); data/xorg-server-1.20.9/hw/xwin/winmultiwindowwndproc.c:1032:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "SIZE_MAXIMIZED"); data/xorg-server-1.20.9/hw/xwin/winmultiwindowwndproc.c:1035:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "SIZE_RESTORED"); data/xorg-server-1.20.9/hw/xwin/winmultiwindowwndproc.c:1038:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "UNKNOWN_FLAG"); data/xorg-server-1.20.9/hw/xwin/winprefs.c:526:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file[PATH_MAX + NAME_MAX + 2]; data/xorg-server-1.20.9/hw/xwin/winprefs.c:537:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). i = atoi(fname + 1); data/xorg-server-1.20.9/hw/xwin/winprefs.c:556:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). i = atoi(strrchr(fname, ',') + 1); data/xorg-server-1.20.9/hw/xwin/winprefs.c:631:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). prefFile = fopen(path, "r"); data/xorg-server-1.20.9/hw/xwin/winprefs.c:671:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[PATH_MAX + NAME_MAX + 2]; data/xorg-server-1.20.9/hw/xwin/winprefs.c:672:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szDisplay[512]; data/xorg-server-1.20.9/hw/xwin/winprefs.c:675:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char param[PARAM_MAX + 1]; data/xorg-server-1.20.9/hw/xwin/winprefs.c:688:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(fname, ".XWinrc"); data/xorg-server-1.20.9/hw/xwin/winprefs.c:694:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[MAX_PATH]; data/xorg-server-1.20.9/hw/xwin/winprefs.c:729:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dstParam, szDisplay, strlen(szDisplay)); data/xorg-server-1.20.9/hw/xwin/winprefs.h:80:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[MENU_MAX + 1]; /* To be displayed in menu */ data/xorg-server-1.20.9/hw/xwin/winprefs.h:82:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char param[PARAM_MAX + 1]; /* Any parameters? */ data/xorg-server-1.20.9/hw/xwin/winprefs.h:88:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char menuName[MENU_MAX + 1]; /* What's it called in the text? */ data/xorg-server-1.20.9/hw/xwin/winprefs.h:95:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char match[MENU_MAX + 1]; /* String to look for to apply this sysmenu */ data/xorg-server-1.20.9/hw/xwin/winprefs.h:96:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char menuName[MENU_MAX + 1]; /* Which menu to show? Used to set *menu */ data/xorg-server-1.20.9/hw/xwin/winprefs.h:102:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char match[MENU_MAX + 1]; /* What string to search for? */ data/xorg-server-1.20.9/hw/xwin/winprefs.h:103:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char iconFile[PATH_MAX + NAME_MAX + 2]; /* Icon location, WIN32 path */ data/xorg-server-1.20.9/hw/xwin/winprefs.h:109:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char match[MENU_MAX + 1]; /* What string to search for? */ data/xorg-server-1.20.9/hw/xwin/winprefs.h:119:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rootMenuName[MENU_MAX + 1]; /* Menu for taskbar icon */ data/xorg-server-1.20.9/hw/xwin/winprefs.h:126:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char defaultSysMenuName[MENU_MAX + 1]; data/xorg-server-1.20.9/hw/xwin/winprefs.h:130:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char iconDirectory[PATH_MAX + 1]; /* Where do the .icos lie? (Win32 path) */ data/xorg-server-1.20.9/hw/xwin/winprefs.h:131:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char defaultIconName[NAME_MAX + 1]; /* Replacement for x.ico */ data/xorg-server-1.20.9/hw/xwin/winprefs.h:132:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char trayIconName[NAME_MAX + 1]; /* Replacement for tray icon */ data/xorg-server-1.20.9/hw/xwin/winprefsyacc.c:1048:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; data/xorg-server-1.20.9/hw/xwin/winprefsyacc.c:1236:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char yymsgbuf[128]; data/xorg-server-1.20.9/hw/xwin/winprefsyacc.c:1986:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pref.menu+pref.menuItems, &menu, sizeof(MENUPARSED)); data/xorg-server-1.20.9/hw/xwin/winprocarg.c:292:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nScreenNum = atoi(argv[i + 1]); data/xorg-server-1.20.9/hw/xwin/winprocarg.c:502:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). dwEngine = atoi(argv[i]); data/xorg-server-1.20.9/hw/xwin/winprocarg.c:775:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). dwBPP = atoi(argv[i]); data/xorg-server-1.20.9/hw/xwin/winprocarg.c:796:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). dwRefreshRate = atoi(argv[i]); data/xorg-server-1.20.9/hw/xwin/winprocarg.c:817:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). dwNumBoxes = atoi(argv[i]); data/xorg-server-1.20.9/hw/xwin/winprocarg.c:999:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g_iLogVerbose = atoi(argv[++i]); data/xorg-server-1.20.9/hw/xwin/winrandr.c:67:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[100]; data/xorg-server-1.20.9/hw/xwin/winwin32rootless.c:206:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pszClass[CLASS_NAME_LENGTH], pszWindowID[12]; data/xorg-server-1.20.9/hw/xwin/winwin32rootless.c:349:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pszClass[CLASS_NAME_LENGTH]; data/xorg-server-1.20.9/include/closestr.h:62:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pattern[XLFDMAXFONTNAMELEN]; data/xorg-server-1.20.9/include/input.h:177:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char autoRepeats[32]; data/xorg-server-1.20.9/include/os.h:365:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #define Fopen(a,b) fopen(a,b) data/xorg-server-1.20.9/include/xkbsrv.h:199:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char overlay_perkey_state[256/8]; /* bitfield */ data/xorg-server-1.20.9/include/xkbstr.h:119:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[XkbAnyActionDataSize]; data/xorg-server-1.20.9/include/xkbstr.h:222:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char message[6]; data/xorg-server-1.20.9/include/xkbstr.h:305:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char per_key_repeat[XkbPerKeyBitArraySize]; data/xorg-server-1.20.9/include/xkbstr.h:326:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char vmods[XkbNumVirtualMods]; data/xorg-server-1.20.9/include/xkbstr.h:337:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char kt_index[XkbNumKbdGroups]; data/xorg-server-1.20.9/include/xkbstr.h:411:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[XkbKeyNameLength]; data/xorg-server-1.20.9/include/xkbstr.h:415:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char real[XkbKeyNameLength]; data/xorg-server-1.20.9/include/xkbstr.h:416:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char alias[XkbKeyNameLength]; data/xorg-server-1.20.9/include/xsha1.h:17:38: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int x_sha1_final(void *ctx, unsigned char result[20]); data/xorg-server-1.20.9/mi/miarc.c:1048:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&lastArc, &arcData->arc, sizeof(xArc)); data/xorg-server-1.20.9/mi/mieq.c:129:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_events, data/xorg-server-1.20.9/mi/mieq.c:132:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&new_events[first_hunk], data/xorg-server-1.20.9/mi/mieq.c:249:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(evt, e, evlen); data/xorg-server-1.20.9/mi/mieq.c:411:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copy, original, len); data/xorg-server-1.20.9/miext/rootless/rootlessWindow.c:1024:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gResizeDeathBits, winRec->pixelData, data/xorg-server-1.20.9/miext/shadow/shpacked.c:101:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(win, sha, i * sizeof(FbBits)); data/xorg-server-1.20.9/os/access.c:446:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nodename[512]; data/xorg-server-1.20.9/os/access.c:485:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(inetaddr->sin_addr), hp->h_addr, hp->h_length); data/xorg-server-1.20.9/os/access.c:491:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(inet6addr->sin6_addr), hp->h_addr, hp->h_length); data/xorg-server-1.20.9/os/access.c:509:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(host->addr, addr, len); data/xorg-server-1.20.9/os/access.c:609:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2048]; data/xorg-server-1.20.9/os/access.c:685:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(host->addr, addr, len); data/xorg-server-1.20.9/os/access.c:812:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(host->addr, addr, len); data/xorg-server-1.20.9/os/access.c:909:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(host->addr, addr, len); data/xorg-server-1.20.9/os/access.c:933:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lhostname[120], ohostname[120]; data/xorg-server-1.20.9/os/access.c:935:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[PATH_MAX + 1]; data/xorg-server-1.20.9/os/access.c:974:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = fopen(fname, "r")) != 0) { data/xorg-server-1.20.9/os/access.c:1375:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(host->addr, addr, len); data/xorg-server-1.20.9/os/access.c:1461:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, host->addr, len); data/xorg-server-1.20.9/os/access.c:1812:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostname[SI_HOSTNAME_MAXLEN]; data/xorg-server-1.20.9/os/access.c:1843:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostname[SI_HOSTNAME_MAXLEN]; data/xorg-server-1.20.9/os/access.c:1864:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(sin.sin_addr), *addrlist, hp->h_length); data/xorg-server-1.20.9/os/access.c:1954:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addrbuf[SI_IPv6_MAXLEN]; data/xorg-server-1.20.9/os/access.c:1959:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addrbuf, siAddr, siAddrlen); data/xorg-server-1.20.9/os/access.c:1992:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addrbuf[SI_IPv6_MAXLEN]; data/xorg-server-1.20.9/os/access.c:1994:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addrbuf, addrString, length); data/xorg-server-1.20.9/os/access.c:2039:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addrbuf, addr, len); data/xorg-server-1.20.9/os/auth.c:321:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open("/dev/urandom", O_RDONLY); data/xorg-server-1.20.9/os/backtrace.c:51:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char procname[256]; data/xorg-server-1.20.9/os/backtrace.c:141:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (unsigned int)((char *) array[i] - data/xorg-server-1.20.9/os/backtrace.c:150:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (unsigned int)((char *) array[i] - data/xorg-server-1.20.9/os/backtrace.c:182:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[32]; data/xorg-server-1.20.9/os/backtrace.c:186:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char signame[SIG2STR_MAX]; data/xorg-server-1.20.9/os/backtrace.c:189:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(signame, "unknown"); data/xorg-server-1.20.9/os/backtrace.c:245:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char parent[16]; data/xorg-server-1.20.9/os/backtrace.c:259:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char btline[256]; data/xorg-server-1.20.9/os/client.c:133:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[PATH_MAX + 1]; data/xorg-server-1.20.9/os/client.c:149:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[_POSIX2_LINE_MAX]; data/xorg-server-1.20.9/os/client.c:184:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(path, O_RDONLY); data/xorg-server-1.20.9/os/client.c:235:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(path, O_RDONLY); data/xorg-server-1.20.9/os/connection.c:130:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char dynamic_display[7]; /* display name */ data/xorg-server-1.20.9/os/connection.c:229:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char port[20]; data/xorg-server-1.20.9/os/connection.c:256:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (TryCreateSocket(atoi(display), &partial) && data/xorg-server-1.20.9/os/connection.c:379:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr[128]; data/xorg-server-1.20.9/os/connection.c:380:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char client_uid_string[64]; data/xorg-server-1.20.9/os/connection.c:405:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipaddr[INET6_ADDRSTRLEN]; data/xorg-server-1.20.9/os/connection.c:421:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(client_uid_string, " ( "); data/xorg-server-1.20.9/os/connection.c:724:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pad[3] = { 0, 0, 0 }; data/xorg-server-1.20.9/os/connection.c:1003:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char port[256]; data/xorg-server-1.20.9/os/connection.c:1013:45: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). snprintf(port, sizeof(port), ":%d", atoi(display)); data/xorg-server-1.20.9/os/connection.c:1051:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char port[20]; data/xorg-server-1.20.9/os/connection.c:1053:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). snprintf(port, sizeof(port), ":%d", atoi(display)); data/xorg-server-1.20.9/os/io.c:700:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char info[128]; data/xorg-server-1.20.9/os/io.c:830:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char padBuffer[3]; data/xorg-server-1.20.9/os/log.c:126:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char __crashreporter_info_buff__[4096] = { 0 }; data/xorg-server-1.20.9/os/log.c:254:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pidstring[32]; data/xorg-server-1.20.9/os/log.c:268:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((logFile = fopen(logFileName, "w")) == NULL) data/xorg-server-1.20.9/os/log.c:424:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char number[21]; data/xorg-server-1.20.9/os/log.c:636:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(saveBuffer + bufferPos, buf, len); data/xorg-server-1.20.9/os/log.c:708:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/xorg-server-1.20.9/os/log.c:773:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/xorg-server-1.20.9/os/log.c:802:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/xorg-server-1.20.9/os/log.c:958:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/xorg-server-1.20.9/os/log.c:960:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char oldbuf[1024]; data/xorg-server-1.20.9/os/mitauth.c:136:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char cookie[16]; /* 128 bits */ data/xorg-server-1.20.9/os/osinit.c:169:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[PATH_MAX]; data/xorg-server-1.20.9/os/osinit.c:251:25: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(err = fopen(fname, "a+"))) data/xorg-server-1.20.9/os/osinit.c:252:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). err = fopen(devnull, "w"); data/xorg-server-1.20.9/os/osinit.c:259:24: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[BUFSIZ]; data/xorg-server-1.20.9/os/rpcauth.c:60:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cred_area[MAX_AUTH_BYTES]; data/xorg-server-1.20.9/os/rpcauth.c:61:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char verf_area[MAX_AUTH_BYTES]; data/xorg-server-1.20.9/os/rpcauth.c:126:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char rpc_error[MAXNETNAMELEN + 50]; data/xorg-server-1.20.9/os/strndup.c:50:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copy, str, len); data/xorg-server-1.20.9/os/utils.c:250:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char LockFile[PATH_MAX]; data/xorg-server-1.20.9/os/utils.c:262:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[PATH_MAX], pid_str[12]; data/xorg-server-1.20.9/os/utils.c:266:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char port[20]; data/xorg-server-1.20.9/os/utils.c:273:40: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). snprintf(port, sizeof(port), "%d", atoi(display)); data/xorg-server-1.20.9/os/utils.c:290:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). lfd = open(tmp, O_CREAT | O_EXCL | O_WRONLY, 0644); data/xorg-server-1.20.9/os/utils.c:301:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). lfd = open(tmp, O_CREAT | O_EXCL | O_WRONLY, 0644); data/xorg-server-1.20.9/os/utils.c:334:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). lfd = open(LockFile, O_RDONLY | O_NOFOLLOW); data/xorg-server-1.20.9/os/utils.c:634:9: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atol(d) > INT_MAX) data/xorg-server-1.20.9/os/utils.c:695:45: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). defaultPointerControl.num = atoi(argv[i]); data/xorg-server-1.20.9/os/utils.c:704:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). auditTrailLevel = atoi(argv[i]); data/xorg-server-1.20.9/os/utils.c:721:48: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). defaultKeyboardControl.click = atoi(argv[i]); data/xorg-server-1.20.9/os/utils.c:730:43: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). defaultColorVisualClass = atoi(argv[i]); data/xorg-server-1.20.9/os/utils.c:749:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). monitorResolution = atoi(argv[i]); data/xorg-server-1.20.9/os/utils.c:755:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). displayfd = atoi(argv[i]); data/xorg-server-1.20.9/os/utils.c:775:47: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). defaultKeyboardControl.bell = atoi(argv[i]); data/xorg-server-1.20.9/os/utils.c:815:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). limitDataSpace = atoi(argv[i]); data/xorg-server-1.20.9/os/utils.c:826:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). limitNoFile = atoi(argv[i]); data/xorg-server-1.20.9/os/utils.c:834:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). limitStackSpace = atoi(argv[i]); data/xorg-server-1.20.9/os/utils.c:856:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). LimitClients = atoi(argv[i]); data/xorg-server-1.20.9/os/utils.c:894:56: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). defaultScreenSaverInterval = ((CARD32) atoi(argv[i])) * data/xorg-server-1.20.9/os/utils.c:914:52: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). defaultScreenSaverTime = ((CARD32) atoi(argv[i])) * data/xorg-server-1.20.9/os/utils.c:927:51: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). defaultPointerControl.threshold = atoi(argv[i]); data/xorg-server-1.20.9/os/utils.c:936:42: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). TimeOutValue = ((CARD32) atoi(argv[i])) * MILLI_PER_SECOND; data/xorg-server-1.20.9/os/utils.c:961:35: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). long reqSizeArg = atol(argv[i]); data/xorg-server-1.20.9/os/utils.c:1006:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). SmartScheduleInterval = atoi(argv[i]); data/xorg-server-1.20.9/os/utils.c:1014:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). SmartScheduleMaxSlice = atoi(argv[i]); data/xorg-server-1.20.9/os/utils.c:1069:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hname[1024], *hnameptr; data/xorg-server-1.20.9/os/utils.c:1589:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). iop = fopen(file, type); data/xorg-server-1.20.9/os/utils.c:1657:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[PATH_MAX]; data/xorg-server-1.20.9/os/xdmauth.c:177:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char client[6]; data/xorg-server-1.20.9/os/xdmcp.c:283:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xdm_udp_port = (unsigned short) atoi(argv[i]); data/xorg-server-1.20.9/os/xdmcp.c:610:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). DisplayNumber = (CARD16) atoi(display); data/xorg-server-1.20.9/os/xdmcp.c:849:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ManagerAddress, mgrAddr->ai_addr, mgrAddr->ai_addrlen); data/xorg-server-1.20.9/os/xdmcp.c:1348:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char portstr[6]; data/xorg-server-1.20.9/os/xdmcp.c:1382:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addr, ai->ai_addr, ai->ai_addrlen); data/xorg-server-1.20.9/os/xdmcp.c:1459:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char portstr[6]; data/xorg-server-1.20.9/os/xsha1.c:59:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. x_sha1_final(void *ctx, unsigned char result[20]) data/xorg-server-1.20.9/os/xsha1.c:93:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. x_sha1_final(void *ctx, unsigned char result[20]) data/xorg-server-1.20.9/os/xsha1.c:132:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. x_sha1_final(void *ctx, unsigned char result[20]) data/xorg-server-1.20.9/os/xsha1.c:167:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. x_sha1_final(void *ctx, unsigned char result[20]) data/xorg-server-1.20.9/os/xsha1.c:209:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. x_sha1_final(void *ctx, unsigned char result[20]) data/xorg-server-1.20.9/os/xsha1.c:213:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result, gcry_md_read(h, GCRY_MD_SHA1), 20); data/xorg-server-1.20.9/os/xsha1.c:241:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. x_sha1_final(void *ctx, unsigned char result[20]) data/xorg-server-1.20.9/os/xsha1.c:282:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. x_sha1_final(void *ctx, unsigned char result[20]) data/xorg-server-1.20.9/randr/rrcrtc.c:195:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(crtc->outputs, outputs, numOutputs * sizeof(RROutputPtr)); data/xorg-server-1.20.9/randr/rrcrtc.c:927:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(crtc->gammaRed, red, crtc->gammaSize * sizeof(CARD16)); data/xorg-server-1.20.9/randr/rrcrtc.c:928:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(crtc->gammaGreen, green, crtc->gammaSize * sizeof(CARD16)); data/xorg-server-1.20.9/randr/rrcrtc.c:929:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(crtc->gammaBlue, blue, crtc->gammaSize * sizeof(CARD16)); data/xorg-server-1.20.9/randr/rrcrtc.c:1657:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(extra, crtc->gammaRed, len); data/xorg-server-1.20.9/randr/rrcrtc.c:1761:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(output, transform->filter->name, nbytes); data/xorg-server-1.20.9/randr/rrcrtc.c:1764:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(output + nbytes, transform->params, nparams * sizeof(xFixed)); data/xorg-server-1.20.9/randr/rrinfo.c:33:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[100]; data/xorg-server-1.20.9/randr/rrmode.c:77:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mode->name, name, modeInfo->nameLength); data/xorg-server-1.20.9/randr/rrmonitor.c:29:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[20]; data/xorg-server-1.20.9/randr/rrmonitor.c:35:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name, "Monitor-%08lx", (unsigned long int)crtc->id); data/xorg-server-1.20.9/randr/rrmonitor.c:176:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(monitor->outputs, client_monitor->outputs, client_monitor->numOutputs * sizeof (RROutput)); data/xorg-server-1.20.9/randr/rrmonitor.c:726:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(monitor->outputs, stuff + 1, stuff->monitor.noutput * sizeof (RROutput)); data/xorg-server-1.20.9/randr/rroutput.c:90:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(output->name, name, nameLength); data/xorg-server-1.20.9/randr/rroutput.c:153:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newClones, clones, numClones * sizeof(RROutputPtr)); data/xorg-server-1.20.9/randr/rroutput.c:190:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newModes, modes, numModes * sizeof(RRModePtr)); data/xorg-server-1.20.9/randr/rroutput.c:285:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newCrtcs, crtcs, numCrtcs * sizeof(RRCrtcPtr)); data/xorg-server-1.20.9/randr/rroutput.c:558:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(name, output->name, output->nameLength); data/xorg-server-1.20.9/randr/rrproperty.c:233:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) new_data, (char *) value, len * size_in_bytes); data/xorg-server-1.20.9/randr/rrproperty.c:235:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) old_data, (char *) prop_value->data, data/xorg-server-1.20.9/randr/rrproperty.c:385:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_values, values, num_values * sizeof(INT32)); data/xorg-server-1.20.9/randr/rrproperty.c:495:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(extra, prop->valid_values, prop->num_valid * sizeof(INT32)); data/xorg-server-1.20.9/randr/rrproperty.c:745:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(extra, (char *) prop_value->data + ind, len); data/xorg-server-1.20.9/randr/rrprovider.c:246:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(name, provider->name, rep.nameLength); data/xorg-server-1.20.9/randr/rrprovider.c:407:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(provider->name, name, nameLength); data/xorg-server-1.20.9/randr/rrproviderproperty.c:211:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) new_data, (char *) value, len * size_in_bytes); data/xorg-server-1.20.9/randr/rrproviderproperty.c:213:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) old_data, (char *) prop_value->data, data/xorg-server-1.20.9/randr/rrproviderproperty.c:360:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_values, values, num_values * sizeof(INT32)); data/xorg-server-1.20.9/randr/rrproviderproperty.c:466:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(extra, prop->valid_values, prop->num_valid * sizeof(INT32)); data/xorg-server-1.20.9/randr/rrproviderproperty.c:709:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(extra, (char *) prop_value->data + ind, len); data/xorg-server-1.20.9/randr/rrscreen.c:355:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(names, mode->name, mode->mode.nameLength); \ data/xorg-server-1.20.9/randr/rrscreen.c:618:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(names, mode->name, mode->mode.nameLength); data/xorg-server-1.20.9/randr/rrtransform.c:76:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_params, params, nparams * sizeof(xFixed)); data/xorg-server-1.20.9/record/record.c:79:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char replyBuffer[REPLY_BUF_SIZE]; /* buffered recorded protocol */ data/xorg-server-1.20.9/record/record.c:376:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pContext->replyBuffer + pContext->numBufBytes, data/xorg-server-1.20.9/record/record.c:381:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char padBuffer[3]; /* as in FlushClient */ data/xorg-server-1.20.9/record/record.c:383:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pContext->replyBuffer + pContext->numBufBytes, data/xorg-server-1.20.9/record/record.c:386:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pContext->replyBuffer + pContext->numBufBytes, data/xorg-server-1.20.9/record/record.c:726:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&shiftedEvent, pev, sizeof(xEvent)); data/xorg-server-1.20.9/record/record.c:1092:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pNewIDs, pRCAP->pClientIDs, pRCAP->numClients * sizeof(XID)); data/xorg-server-1.20.9/record/record.c:2735:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ppAllContextsCopy, ppAllContexts, data/xorg-server-1.20.9/record/set.c:355:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&prls[1], stackIntervals, nIntervals * sizeof(RecordSetInterval)); data/xorg-server-1.20.9/render/animcur.c:71:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char empty[4]; data/xorg-server-1.20.9/render/filter.c:59:54: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if (!CompareISOLatin1Lowered((const unsigned char *) filterNames[i], -1, data/xorg-server-1.20.9/render/filter.c:67:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(name, filter, len); data/xorg-server-1.20.9/render/glyph.c:122:53: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. CARD32 signature, Bool match, unsigned char sha1[20]) data/xorg-server-1.20.9/render/glyph.c:166:53: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. CARD8 *bits, unsigned long size, unsigned char sha1[20]) data/xorg-server-1.20.9/render/glyph.c:187:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. FindGlyphByHash(unsigned char sha1[20], int format) data/xorg-server-1.20.9/render/glyphstr.h:45:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char sha1[20]; data/xorg-server-1.20.9/render/glyphstr.h:96:42: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern GlyphPtr FindGlyphByHash(unsigned char sha1[20], int format); data/xorg-server-1.20.9/render/glyphstr.h:100:53: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. CARD8 *bits, unsigned long size, unsigned char sha1[20]); data/xorg-server-1.20.9/render/mipict.c:441:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1]; data/xorg-server-1.20.9/render/picture.c:878:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&pPicture->pSourcePict->solidFill.fullcolor, color, sizeof(*color)); data/xorg-server-1.20.9/render/render.c:533:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(reply + 1, pFormat->index.pValues, num * sizeof(xIndexValue)); data/xorg-server-1.20.9/render/render.c:988:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char sha1[20]; data/xorg-server-1.20.9/render/render.c:1153:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(glyph_new->glyph->sha1, glyph_new->sha1, 20); data/xorg-server-1.20.9/render/render.c:1330:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&gs, buffer, sizeof(GlyphSet)); data/xorg-server-1.20.9/render/render.c:1722:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(names, ps->filters[i].name, j); data/xorg-server-1.20.9/render/render.c:1730:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(names, ps->filterAliases[i].alias, j); data/xorg-server-1.20.9/render/render.c:2839:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(extra, stuff + 1, extra_len); data/xorg-server-1.20.9/render/render.c:2842:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(stuff + 1, extra, extra_len); data/xorg-server-1.20.9/render/render.c:2888:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(extra, stuff + 1, extra_len); data/xorg-server-1.20.9/render/render.c:2892:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(stuff + 1, extra, extra_len); data/xorg-server-1.20.9/render/render.c:2949:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(extra, stuff + 1, extra_len); data/xorg-server-1.20.9/render/render.c:2953:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(stuff + 1, extra, extra_len); data/xorg-server-1.20.9/render/render.c:3006:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(extra, stuff + 1, extra_len); data/xorg-server-1.20.9/render/render.c:3010:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(stuff + 1, extra, extra_len); data/xorg-server-1.20.9/render/render.c:3059:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(extra, stuff + 1, extra_len); data/xorg-server-1.20.9/render/render.c:3063:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(stuff + 1, extra, extra_len); data/xorg-server-1.20.9/render/render.c:3109:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(extra, stuff + 1, extra_len); data/xorg-server-1.20.9/render/render.c:3114:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(stuff + 1, extra, extra_len); data/xorg-server-1.20.9/test/signal-logging.c:37:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[21]; data/xorg-server-1.20.9/test/signal-logging.c:38:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hex_string[17]; data/xorg-server-1.20.9/test/signal-logging.c:43:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[21]; data/xorg-server-1.20.9/test/signal-logging.c:48:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[21]; data/xorg-server-1.20.9/test/signal-logging.c:54:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[21]; data/xorg-server-1.20.9/test/signal-logging.c:55:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char expected[21]; data/xorg-server-1.20.9/test/signal-logging.c:57:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(expected, "%ld", number); data/xorg-server-1.20.9/test/signal-logging.c:71:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[21]; data/xorg-server-1.20.9/test/signal-logging.c:72:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char expected[21]; data/xorg-server-1.20.9/test/signal-logging.c:75:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(expected, "%.2f", number); data/xorg-server-1.20.9/test/signal-logging.c:90:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[21]; data/xorg-server-1.20.9/test/signal-logging.c:91:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char expected[21]; data/xorg-server-1.20.9/test/signal-logging.c:93:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(expected, "%lu", number); data/xorg-server-1.20.9/test/signal-logging.c:102:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(expected, "%lx", number); data/xorg-server-1.20.9/test/signal-logging.c:167:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/xorg-server-1.20.9/test/signal-logging.c:173:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char read_buf[2048]; data/xorg-server-1.20.9/test/signal-logging.c:179:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(&buf[sizeof(buf) - 4], "end"); data/xorg-server-1.20.9/test/signal-logging.c:182:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). assert((f = fopen(log_file_path, "r"))); data/xorg-server-1.20.9/test/signal-logging.c:252:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char expected[30]; data/xorg-server-1.20.9/test/signal-logging.c:253:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(expected, "(EE) %u\n", ui); data/xorg-server-1.20.9/test/signal-logging.c:258:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(expected, "(EE) %x\n", ui); data/xorg-server-1.20.9/test/signal-logging.c:271:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char expected[30]; data/xorg-server-1.20.9/test/signal-logging.c:272:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(expected, "(EE) %lu\n", lui); data/xorg-server-1.20.9/test/signal-logging.c:276:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(expected, "(EE) %lld\n", (unsigned long long)ui); data/xorg-server-1.20.9/test/signal-logging.c:281:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(expected, "(EE) %lx\n", lui); data/xorg-server-1.20.9/test/signal-logging.c:287:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(expected, "(EE) %llx\n", (unsigned long long)ui); data/xorg-server-1.20.9/test/signal-logging.c:301:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char expected[30]; data/xorg-server-1.20.9/test/signal-logging.c:302:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(expected, "(EE) %d\n", i); data/xorg-server-1.20.9/test/signal-logging.c:307:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(expected, "(EE) %d\n", i | INT_MIN); data/xorg-server-1.20.9/test/signal-logging.c:320:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char expected[30]; data/xorg-server-1.20.9/test/signal-logging.c:321:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(expected, "(EE) %ld\n", li); data/xorg-server-1.20.9/test/signal-logging.c:326:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(expected, "(EE) %ld\n", li | LONG_MIN); data/xorg-server-1.20.9/test/signal-logging.c:331:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(expected, "(EE) %lld\n", (long long)li); data/xorg-server-1.20.9/test/signal-logging.c:336:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(expected, "(EE) %lld\n", (long long)(li | LONG_MIN)); data/xorg-server-1.20.9/test/signal-logging.c:356:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char expected[30]; data/xorg-server-1.20.9/test/signal-logging.c:358:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(expected, "(EE) 0x%p\n", (void*)ptr); data/xorg-server-1.20.9/test/signal-logging.c:360:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(expected, "(EE) %p\n", (void*)ptr); data/xorg-server-1.20.9/test/signal-logging.c:371:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char expected[30]; data/xorg-server-1.20.9/test/signal-logging.c:372:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(expected, "(EE) %.2f\n", d); data/xorg-server-1.20.9/test/simple-xinit.c:87:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char display_string[10]; data/xorg-server-1.20.9/test/simple-xinit.c:100:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi(display_string); data/xorg-server-1.20.9/test/xfree86.c:80:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char compare[1024] = { 0 }; data/xorg-server-1.20.9/test/xfree86.c:93:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(compare, "\n#"); data/xorg-server-1.20.9/test/xi1/protocol-xchangedevicecontrol.c:80:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char *data[4096]; /* the request buffer */ data/xorg-server-1.20.9/test/xi2/protocol-xigetselectedevents.c:59:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mask[MAXDEVICES][XI2LASTEVENT]; /* intentionally bigger */ data/xorg-server-1.20.9/test/xi2/protocol-xipassivegrabdevice.c:167:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char *data[4096]; /* the request buffer */ data/xorg-server-1.20.9/test/xi2/protocol-xipassivegrabdevice.c:242:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((uint32_t *) (request + 1) + request->mask_len, modifiers, data/xorg-server-1.20.9/test/xi2/protocol-xiselectevents.c:63:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char *data[4096 * 20]; /* the request data buffer */ data/xorg-server-1.20.9/xfixes/cursor.c:329:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(image, pCursor->bits->argb, npixels * sizeof(CARD32)); data/xorg-server-1.20.9/xfixes/cursor.c:554:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((image + npixels), name, nbytes); data/xorg-server-1.20.9/xkb/XKBGAlloc.c:591:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(alias->real, realStr, data/xorg-server-1.20.9/xkb/XKBGAlloc.c:602:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(alias->alias, aliasStr, min(XkbKeyNameLength, strlen(aliasStr))); data/xorg-server-1.20.9/xkb/XKBGAlloc.c:603:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(alias->real, realStr, min(XkbKeyNameLength, strlen(realStr))); data/xorg-server-1.20.9/xkb/XKBGAlloc.c:818:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(key->under.name, under, min(XkbKeyNameLength, strlen(under))); data/xorg-server-1.20.9/xkb/XKBGAlloc.c:819:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(key->over.name, over, min(XkbKeyNameLength, strlen(over))); data/xorg-server-1.20.9/xkb/XKBMAlloc.c:240:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(into->map, from->map, data/xorg-server-1.20.9/xkb/XKBMAlloc.c:247:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(into->preserve, from->preserve, data/xorg-server-1.20.9/xkb/XKBMAlloc.c:254:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(into->level_names, from->level_names, data/xorg-server-1.20.9/xkb/XKBMAlloc.c:411:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&newSyms[nSyms + (new_num_lvls * g)], data/xorg-server-1.20.9/xkb/XKBMAlloc.c:418:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&newSyms[nSyms], XkbKeySymsPtr(xkb, i), data/xorg-server-1.20.9/xkb/XKBMAlloc.c:494:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&xkb->map->syms[xkb->map->num_syms], XkbKeySymsPtr(xkb, key), data/xorg-server-1.20.9/xkb/XKBMAlloc.c:521:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&newSyms[nSyms], XkbKeySymsPtr(xkb, i), data/xorg-server-1.20.9/xkb/XKBMAlloc.c:829:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&newActs[nActs], XkbKeyActionsPtr(xkb, i), data/xorg-server-1.20.9/xkb/XKBMisc.c:213:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) &xkb_syms_rtrn[2], (char *) xkb_syms_rtrn, data/xorg-server-1.20.9/xkb/XKBMisc.c:217:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) &xkb_syms_rtrn[nSyms[XkbGroup1Index]], data/xorg-server-1.20.9/xkb/XKBMisc.c:218:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (char *) xkb_syms_rtrn, data/xorg-server-1.20.9/xkb/XKBMisc.c:597:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(oldSyms, pSyms, XkbKeyNumSyms(xkb, key) * sizeof(KeySym)); data/xorg-server-1.20.9/xkb/XKBMisc.c:609:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&pSyms[i * width], &oldSyms[i * oldWidth], data/xorg-server-1.20.9/xkb/XKBMisc.c:616:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(oldActs, pActs, XkbKeyNumSyms(xkb, key) * sizeof(XkbAction)); data/xorg-server-1.20.9/xkb/XKBMisc.c:628:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&pActs[i * width], &oldActs[i * oldWidth], data/xorg-server-1.20.9/xkb/ddxLoad.c:80:16: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. (void) strcpy(outdir, "/tmp/"); data/xorg-server-1.20.9/xkb/ddxLoad.c:107:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpname[PATH_MAX]; data/xorg-server-1.20.9/xkb/ddxLoad.c:119:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tmpname, "\\xkb_XXXXXX"); data/xorg-server-1.20.9/xkb/ddxLoad.c:161:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(tmpname, "w"); data/xorg-server-1.20.9/xkb/ddxLoad.c:294:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PATH_MAX], xkm_output_dir[PATH_MAX]; data/xorg-server-1.20.9/xkb/ddxLoad.c:315:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(buf, "rb"); data/xorg-server-1.20.9/xkb/ddxLoad.c:331:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fileName[PATH_MAX]; data/xorg-server-1.20.9/xkb/ddxLoad.c:392:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PATH_MAX]; data/xorg-server-1.20.9/xkb/ddxLoad.c:406:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(buf, "r"); data/xorg-server-1.20.9/xkb/ddxLoad.c:462:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[PATH_MAX]; data/xorg-server-1.20.9/xkb/maprules.c:61:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[DFLT_LINE_SIZE]; data/xorg-server-1.20.9/xkb/maprules.c:93:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(line->line, line->buf, line->sz_line); data/xorg-server-1.20.9/xkb/maprules.c:201:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *cname[MAX_WORDS] = { data/xorg-server-1.20.9/xkb/maprules.c:216:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *name[MAX_WORDS]; data/xorg-server-1.20.9/xkb/maprules.c:222:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *layout[XkbNumKbdGroups + 1]; data/xorg-server-1.20.9/xkb/maprules.c:223:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *variant[XkbNumKbdGroups + 1]; data/xorg-server-1.20.9/xkb/maprules.c:234:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ndx_buf[NDX_BUFF_SIZE]; data/xorg-server-1.20.9/xkb/maprules.c:252:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *ndx = atoi(ndx_buf); data/xorg-server-1.20.9/xkb/maprules.c:973:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PATH_MAX]; data/xorg-server-1.20.9/xkb/maprules.c:988:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(buf, "r"); data/xorg-server-1.20.9/xkb/maprules.c:991:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(buf, "r"); data/xorg-server-1.20.9/xkb/xkb.c:739:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rep.perKeyRepeat, xkb->per_key_repeat, XkbPerKeyBitArraySize); data/xorg-server-1.20.9/xkb/xkb.c:955:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new.per_key_repeat, stuff->perKeyRepeat, data/xorg-server-1.20.9/xkb/xkb.c:1148:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) buf, (char *) pSym, outMap->nSyms * 4); data/xorg-server-1.20.9/xkb/xkb.c:1210:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) actDesc, data/xorg-server-1.20.9/xkb/xkb.c:2186:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) newActs, (char *) wire, data/xorg-server-1.20.9/xkb/xkb.c:2186:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. memcpy((char *) newActs, (char *) wire, data/xorg-server-1.20.9/xkb/xkb.c:2186:39: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. memcpy((char *) newActs, (char *) wire, data/xorg-server-1.20.9/xkb/xkb.c:2765:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) &wire->act, (char *) &sym->act, data/xorg-server-1.20.9/xkb/xkb.c:2935:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) &sym->act, (char *) &wire->act, data/xorg-server-1.20.9/xkb/xkb.c:4286:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) &names->keys[stuff->firstKey], (char *) tmp, data/xorg-server-1.20.9/xkb/xkb.c:4298:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) names->key_aliases, (char *) tmp, data/xorg-server-1.20.9/xkb/xkb.c:4564:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(wire, (char *) geom->key_aliases, sz); data/xorg-server-1.20.9/xkb/xkb.c:4778:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(keyWire->over, key->over.name, XkbKeyNameLength); data/xorg-server-1.20.9/xkb/xkb.c:4779:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(keyWire->under, key->under.name, XkbKeyNameLength); data/xorg-server-1.20.9/xkb/xkb.c:4880:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(keyWire[k].name, key->name.name, data/xorg-server-1.20.9/xkb/xkb.c:5061:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*str, &wire[2], len); data/xorg-server-1.20.9/xkb/xkb.c:5286:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(key->name.name, kWire[k].name, XkbKeyNameLength); data/xorg-server-1.20.9/xkb/xkb.c:5793:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mapFile[PATH_MAX]; data/xorg-server-1.20.9/xkb/xkb.c:6684:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) &acts[stuff->firstBtn], (char *) wire, sz); data/xorg-server-1.20.9/xkb/xkbActions.c:796:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) msg.message, (char *) pMsg->message, data/xorg-server-1.20.9/xkb/xkbActions.c:812:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) msg.message, (char *) pMsg->message, data/xorg-server-1.20.9/xkb/xkbInit.c:359:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) compat->sym_interpret, (char *) dfltSI, sizeof(dfltSI)); data/xorg-server-1.20.9/xkb/xkbInit.c:634:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dev->kbdfeed->ctrl.autoRepeats, xkb->ctrls->per_key_repeat, data/xorg-server-1.20.9/xkb/xkbInit.c:780:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). XkbDfltAccessXTimeout = atoi(argv[++i]); data/xorg-server-1.20.9/xkb/xkbInit.c:813:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). XkbDfltRepeatDelay = (long) atoi(argv[i]); data/xorg-server-1.20.9/xkb/xkbInit.c:820:44: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). XkbDfltRepeatInterval = (long) atoi(argv[i]); data/xorg-server-1.20.9/xkb/xkbLEDs.c:655:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sli_new, src, sizeof(XkbSrvLedInfoRec)); data/xorg-server-1.20.9/xkb/xkbUtils.c:246:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) XkbKeySymsPtr(xkb, key), (char *) tsyms, data/xorg-server-1.20.9/xkb/xkbUtils.c:280:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char newVMods[XkbNumVirtualMods]; data/xorg-server-1.20.9/xkb/xkbUtils.c:346:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(repeat, pXDev->kbdfeed->ctrl.autoRepeats, XkbPerKeyBitArraySize); data/xorg-server-1.20.9/xkb/xkbUtils.c:353:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pXDev->kbdfeed->ctrl.autoRepeats, repeat, XkbPerKeyBitArraySize); data/xorg-server-1.20.9/xkb/xkbUtils.c:585:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(kbd->key->xkbInfo->desc->map->modmap, modmap, MAP_LENGTH); data/xorg-server-1.20.9/xkb/xkbUtils.c:956:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->map->syms, src->map->syms, data/xorg-server-1.20.9/xkb/xkbUtils.c:974:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->map->key_sym_map, src->map->key_sym_map, data/xorg-server-1.20.9/xkb/xkbUtils.c:1037:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dtype->level_names, stype->level_names, data/xorg-server-1.20.9/xkb/xkbUtils.c:1049:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dtype->mods, &stype->mods, sizeof(XkbModsRec)); data/xorg-server-1.20.9/xkb/xkbUtils.c:1072:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dtype->map, stype->map, data/xorg-server-1.20.9/xkb/xkbUtils.c:1101:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dtype->preserve, stype->preserve, data/xorg-server-1.20.9/xkb/xkbUtils.c:1150:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->map->modmap, src->map->modmap, src->max_key_code + 1); data/xorg-server-1.20.9/xkb/xkbUtils.c:1186:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->server->explicit, src->server->explicit, data/xorg-server-1.20.9/xkb/xkbUtils.c:1202:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->server->acts, src->server->acts, data/xorg-server-1.20.9/xkb/xkbUtils.c:1220:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->server->key_acts, src->server->key_acts, data/xorg-server-1.20.9/xkb/xkbUtils.c:1236:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->server->behaviors, src->server->behaviors, data/xorg-server-1.20.9/xkb/xkbUtils.c:1244:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->server->vmods, src->server->vmods, XkbNumVirtualMods); data/xorg-server-1.20.9/xkb/xkbUtils.c:1254:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->server->vmodmap, src->server->vmodmap, data/xorg-server-1.20.9/xkb/xkbUtils.c:1291:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->names->keys, src->names->keys, data/xorg-server-1.20.9/xkb/xkbUtils.c:1308:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->names->key_aliases, src->names->key_aliases, data/xorg-server-1.20.9/xkb/xkbUtils.c:1325:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->names->radio_groups, src->names->radio_groups, data/xorg-server-1.20.9/xkb/xkbUtils.c:1340:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->names->vmods, src->names->vmods, data/xorg-server-1.20.9/xkb/xkbUtils.c:1342:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->names->indicators, src->names->indicators, data/xorg-server-1.20.9/xkb/xkbUtils.c:1344:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->names->groups, src->names->groups, data/xorg-server-1.20.9/xkb/xkbUtils.c:1377:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->compat->sym_interpret, src->compat->sym_interpret, data/xorg-server-1.20.9/xkb/xkbUtils.c:1392:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->compat->groups, src->compat->groups, data/xorg-server-1.20.9/xkb/xkbUtils.c:1593:29: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(doutline->points, soutline->points, data/xorg-server-1.20.9/xkb/xkbUtils.c:1719:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(drow->keys, srow->keys, data/xorg-server-1.20.9/xkb/xkbUtils.c:1745:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ddoodad, sdoodad, sizeof(XkbDoodadRec)); data/xorg-server-1.20.9/xkb/xkbUtils.c:1807:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ddoodad, sdoodad, sizeof(XkbDoodadRec)); data/xorg-server-1.20.9/xkb/xkbUtils.c:1846:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->geom->key_aliases, src->geom->key_aliases, data/xorg-server-1.20.9/xkb/xkbUtils.c:1913:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->indicators, src->indicators, sizeof(XkbIndicatorRec)); data/xorg-server-1.20.9/xkb/xkbUtils.c:1932:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->ctrls, src->ctrls, sizeof(XkbControlsRec)); data/xorg-server-1.20.9/xkb/xkbout.c:541:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[5]; data/xorg-server-1.20.9/xkb/xkbout.c:543:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, xkb->names->keys[i].name, 4); data/xorg-server-1.20.9/xkb/xkbtext.c:113:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char numBuf[20]; data/xorg-server-1.20.9/xkb/xkbtext.c:135:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(rtrn, "vmod_"); data/xorg-server-1.20.9/xkb/xkbtext.c:152:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *str, buf[VMOD_BUFFER_SIZE]; data/xorg-server-1.20.9/xkb/xkbtext.c:159:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(rtrn, "none"); data/xorg-server-1.20.9/xkb/xkbtext.c:229:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *modNames[XkbNumModifiers] = { data/xorg-server-1.20.9/xkb/xkbtext.c:237:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/xorg-server-1.20.9/xkb/xkbtext.c:251:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "none"); data/xorg-server-1.20.9/xkb/xkbtext.c:264:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64], *rtrn; data/xorg-server-1.20.9/xkb/xkbtext.c:268:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "0xff"); data/xorg-server-1.20.9/xkb/xkbtext.c:270:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "all"); data/xorg-server-1.20.9/xkb/xkbtext.c:276:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "none"); data/xorg-server-1.20.9/xkb/xkbtext.c:293:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(str, "Mask"); data/xorg-server-1.20.9/xkb/xkbtext.c:314:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "Semantics"); data/xorg-server-1.20.9/xkb/xkbtext.c:317:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "Layout"); data/xorg-server-1.20.9/xkb/xkbtext.c:320:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "Keymap"); data/xorg-server-1.20.9/xkb/xkbtext.c:324:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "Geometry"); data/xorg-server-1.20.9/xkb/xkbtext.c:327:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "Types"); data/xorg-server-1.20.9/xkb/xkbtext.c:330:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "CompatMap"); data/xorg-server-1.20.9/xkb/xkbtext.c:333:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "Symbols"); data/xorg-server-1.20.9/xkb/xkbtext.c:336:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "Indicators"); data/xorg-server-1.20.9/xkb/xkbtext.c:339:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "KeyNames"); data/xorg-server-1.20.9/xkb/xkbtext.c:342:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "VirtualMods"); data/xorg-server-1.20.9/xkb/xkbtext.c:345:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "unknown(%d)", config); data/xorg-server-1.20.9/xkb/xkbtext.c:356:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[32]; data/xorg-server-1.20.9/xkb/xkbtext.c:359:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "NoSymbol"); data/xorg-server-1.20.9/xkb/xkbtext.c:372:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, name, 4); data/xorg-server-1.20.9/xkb/xkbtext.c:380:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buf[1], name, 4); data/xorg-server-1.20.9/xkb/xkbtext.c:391:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *siMatchText[5] = { data/xorg-server-1.20.9/xkb/xkbtext.c:398:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[40]; data/xorg-server-1.20.9/xkb/xkbtext.c:512:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "none"); data/xorg-server-1.20.9/xkb/xkbtext.c:606:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(out, "%o", (unsigned char) *in); data/xorg-server-1.20.9/xkb/xkbtext.c:626:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", val); data/xorg-server-1.20.9/xkb/xkbtext.c:632:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d.%d", whole, frac); data/xorg-server-1.20.9/xkb/xkbtext.c:634:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", whole); data/xorg-server-1.20.9/xkb/xkbtext.c:647:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "XkbOutlineDoodad"); data/xorg-server-1.20.9/xkb/xkbtext.c:649:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "XkbSolidDoodad"); data/xorg-server-1.20.9/xkb/xkbtext.c:651:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "XkbTextDoodad"); data/xorg-server-1.20.9/xkb/xkbtext.c:653:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "XkbIndicatorDoodad"); data/xorg-server-1.20.9/xkb/xkbtext.c:655:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "XkbLogoDoodad"); data/xorg-server-1.20.9/xkb/xkbtext.c:657:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "UnknownDoodad%d", type); data/xorg-server-1.20.9/xkb/xkbtext.c:662:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "outline"); data/xorg-server-1.20.9/xkb/xkbtext.c:664:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "solid"); data/xorg-server-1.20.9/xkb/xkbtext.c:666:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "text"); data/xorg-server-1.20.9/xkb/xkbtext.c:668:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "indicator"); data/xorg-server-1.20.9/xkb/xkbtext.c:670:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "logo"); data/xorg-server-1.20.9/xkb/xkbtext.c:672:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "unknown%d", type); data/xorg-server-1.20.9/xkb/xkbtext.c:677:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *actionTypeNames[XkbSA_NumActions] = { data/xorg-server-1.20.9/xkb/xkbtext.c:695:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[32]; data/xorg-server-1.20.9/xkb/xkbtext.c:765:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuf[32]; data/xorg-server-1.20.9/xkb/xkbtext.c:790:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuf[32]; data/xorg-server-1.20.9/xkb/xkbtext.c:815:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuf[32]; data/xorg-server-1.20.9/xkb/xkbtext.c:852:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuf[32]; data/xorg-server-1.20.9/xkb/xkbtext.c:871:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuf[64]; data/xorg-server-1.20.9/xkb/xkbtext.c:936:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuf[32]; data/xorg-server-1.20.9/xkb/xkbtext.c:956:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuf[32]; data/xorg-server-1.20.9/xkb/xkbtext.c:1048:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuf[32]; data/xorg-server-1.20.9/xkb/xkbtext.c:1080:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuf[32], *tmp; data/xorg-server-1.20.9/xkb/xkbtext.c:1127:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuf[32]; data/xorg-server-1.20.9/xkb/xkbtext.c:1162:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuf[32]; data/xorg-server-1.20.9/xkb/xkbtext.c:1218:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ACTION_SZ], *tmp; data/xorg-server-1.20.9/xkb/xkbtext.c:1248:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256], *tmp; data/xorg-server-1.20.9/xkb/xkbtext.c:1278:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "permanentRadioGroup= %d", g); data/xorg-server-1.20.9/xkb/xkbtext.c:1280:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "radioGroup= %d", g); data/xorg-server-1.20.9/xkb/xkbtext.c:1291:24: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char tbuf[8]; data/xorg-server-1.20.9/xkb/xkbtext.c:1313:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[32]; data/xorg-server-1.20.9/xkb/xkmread.c:189:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[100]; data/xorg-server-1.20.9/xkb/xkmread.c:210:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[100]; data/xorg-server-1.20.9/xkb/xkmread.c:282:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/xorg-server-1.20.9/xkb/xkmread.c:418:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[100]; data/xorg-server-1.20.9/xkb/xkmread.c:563:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(act->any.data, wire.actionData, XkbAnyActionDataSize); data/xorg-server-1.20.9/xkb/xkmread.c:612:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/xorg-server-1.20.9/xkb/xkmread.c:696:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/xorg-server-1.20.9/xkb/xkmread.c:864:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/xorg-server-1.20.9/xkb/xkmread.c:917:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/xorg-server-1.20.9/xkb/xkmread.c:946:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(row->keys[k].over.name, keyWire.over, XkbKeyNameLength); data/xorg-server-1.20.9/xkb/xkmread.c:947:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(row->keys[k].under.name, keyWire.under, XkbKeyNameLength); data/xorg-server-1.20.9/xkb/xkmread.c:962:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/xorg-server-1.20.9/xkb/xkmread.c:1008:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(key->name.name, keyWire.name, XkbKeyNameLength); data/xorg-server-1.20.9/xkb/xkmread.c:1038:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/xorg-server-1.20.9/xkb/xkmread.c:1066:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char val[1024]; data/xorg-server-1.20.9/Xext/sync.c:1264:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += pad_to_int32(sz_xSyncSystemCounter + strlen(psci->name)); data/xorg-server-1.20.9/Xext/sync.c:1289:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). namelen = strlen(psci->name); data/xorg-server-1.20.9/Xext/sync.c:1300:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(pname_in_reply, psci->name, namelen); data/xorg-server-1.20.9/Xext/vidmode.c:1184:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rep.vendorLength = strlen((char *) (pVidMode->GetMonitorValue(pScreen, data/xorg-server-1.20.9/Xext/vidmode.c:1190:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rep.modelLength = strlen((char *) (pVidMode->GetMonitorValue(pScreen, data/xorg-server-1.20.9/Xext/xres.c:284:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = MakeAtom(name, strlen(name), TRUE); data/xorg-server-1.20.9/Xext/xres.c:289:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = MakeAtom(buf, strlen(buf), TRUE); data/xorg-server-1.20.9/Xext/xselinux_ext.c:58:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(copy, ptr, len); data/xorg-server-1.20.9/Xext/xselinux_ext.c:93:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(ctx) + 1; data/xorg-server-1.20.9/Xext/xselinux_ext.c:320:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i->octx_len = bytes_to_int32(strlen(i->octx) + 1); data/xorg-server-1.20.9/Xext/xselinux_ext.c:321:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i->dctx_len = bytes_to_int32(strlen(i->dctx) + 1); data/xorg-server-1.20.9/Xext/xselinux_ext.c:370:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy((char *) (buf + pos), items[k].octx, strlen(items[k].octx) + 1); data/xorg-server-1.20.9/Xext/xselinux_ext.c:372:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy((char *) (buf + pos), items[k].dctx, strlen(items[k].dctx) + 1); data/xorg-server-1.20.9/Xext/xselinux_hooks.c:146:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(subj->command, cmdname, COMMAND_LEN - 1); data/xorg-server-1.20.9/Xext/xselinux_hooks.c:783:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). PropModeReplace, strlen(ctx), ctx, FALSE); data/xorg-server-1.20.9/Xext/xselinux_hooks.c:801:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). PropModeReplace, strlen(ctx), ctx, FALSE); data/xorg-server-1.20.9/Xext/xvdisp.c:371:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). totalSize += pad_to_int32(strlen(pa->name)); data/xorg-server-1.20.9/Xext/xvdisp.c:387:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ainfo.name_size = nameSize = strlen(pa->name); data/xorg-server-1.20.9/Xext/xvdisp.c:438:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). totalSize += pad_to_int32(strlen(pe->name)); data/xorg-server-1.20.9/Xext/xvdisp.c:450:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). einfo.name_size = nameSize = strlen(pe->name); data/xorg-server-1.20.9/Xext/xvdisp.c:790:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rep.text_size += pad_to_int32(strlen(pAtt->name) + 1); data/xorg-server-1.20.9/Xext/xvdisp.c:801:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(pAtt->name) + 1; /* pass the NULL */ data/xorg-server-1.20.9/Xext/xvmain.c:192:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (void) MakeAtom(XvName, strlen(XvName), xTrue); data/xorg-server-1.20.9/Xext/xvmc.c:628:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). .nameLen = bytes_to_int32(strlen(pScreenPriv->clientDriverName) + 1), data/xorg-server-1.20.9/Xext/xvmc.c:629:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). .busIDLen = bytes_to_int32(strlen(pScreenPriv->busID) + 1), data/xorg-server-1.20.9/Xi/extinit.c:1194:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). MakeAtom(dev_type[i].name, strlen(dev_type[i].name), 1); data/xorg-server-1.20.9/Xi/listdev.c:99:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *namesize += strlen(d->name); data/xorg-server-1.20.9/Xi/listdev.c:127:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *nameptr++ = strlen(name); data/xorg-server-1.20.9/Xi/listdev.c:129:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *namebuf += (strlen(name) + 1); data/xorg-server-1.20.9/Xi/xichangehierarchy.c:150:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name, (char *) &c[1], c->name_len); data/xorg-server-1.20.9/Xi/xiproperty.c:380:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(dev_properties[i].name), TRUE); data/xorg-server-1.20.9/Xi/xiquerydevice.c:196:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += pad_to_int32(strlen(dev->name)); data/xorg-server-1.20.9/Xi/xiquerydevice.c:503:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). info->name_len = strlen(dev->name); data/xorg-server-1.20.9/Xi/xiquerydevice.c:509:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(any, dev->name, info->name_len); data/xorg-server-1.20.9/config/hal.c:102:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(props[i]); data/xorg-server-1.20.9/config/hal.c:113:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str += strlen(props[i]); data/xorg-server-1.20.9/config/hal.c:285:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((tmp = strcasestr(psi_key, "xkb")) && strlen(tmp) >= 4) { data/xorg-server-1.20.9/config/hal.c:319:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(tmp) >= 4) && data/xorg-server-1.20.9/config/hal.c:336:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (tmp_val && strlen(psi_key) >= sizeof(LIBHAL_XKB_PROP_KEY)) { data/xorg-server-1.20.9/config/hal.c:366:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(psi_key) >= sizeof(LIBHAL_XKB_PROP_KEY)) { data/xorg-server-1.20.9/config/hal.c:579:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!old_owner || !strlen(old_owner)) { data/xorg-server-1.20.9/dix/atom.c:93:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((comp < 0) || ((comp == 0) && (len < strlen((*np)->string)))) data/xorg-server-1.20.9/dix/cursor.c:500:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (unsigned) strlen(defaultCursorFont), defaultCursorFont); data/xorg-server-1.20.9/dix/dispatch.c:560:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). setup.nbytesVendor = strlen(VendorString); data/xorg-server-1.20.9/dix/dispatch.c:1075:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(str); data/xorg-server-1.20.9/dix/dispatch.c:3619:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). csp.lengthReason = strlen(reason); data/xorg-server-1.20.9/dix/dixfonts.c:140:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (unsigned) strlen(defaultfontname), defaultfontname); data/xorg-server-1.20.9/dix/dixfonts.c:290:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newlen = strlen(alias); data/xorg-server-1.20.9/dix/dixfonts.c:982:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). namelen = strlen(name); data/xorg-server-1.20.9/dix/dixfonts.c:1629:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name, (char *) cp, (int) len); data/xorg-server-1.20.9/dix/dixfonts.c:1709:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = start + strlen("built-ins"); data/xorg-server-1.20.9/dix/dixfonts.c:1726:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(temp_path) + 1; data/xorg-server-1.20.9/dix/extension.c:151:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(extensions[i]->name) == len) && data/xorg-server-1.20.9/dix/extension.c:167:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = FindExtension(extname, strlen(extname)); data/xorg-server-1.20.9/dix/extension.c:282:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). total_length += strlen(extensions[i]->name) + 1; data/xorg-server-1.20.9/dix/extension.c:295:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *bufptr++ = len = strlen(extensions[i]->name); data/xorg-server-1.20.9/glamor/glamor_program.c:155:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new = realloc(cur, strlen(cur) + strlen(add) + 1); data/xorg-server-1.20.9/glamor/glamor_program.c:155:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new = realloc(cur, strlen(cur) + strlen(add) + 1); data/xorg-server-1.20.9/glx/extension_string.c:156:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const size_t ext_name_len = strlen(ext); data/xorg-server-1.20.9/glx/glxcmds.c:2348:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen(pGlxScreen->GLXextensions) + 1; data/xorg-server-1.20.9/glx/glxcmds.c:2421:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen(ptr) + 1; data/xorg-server-1.20.9/glx/glxdricommon.c:298:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). path_len = strlen(path); data/xorg-server-1.20.9/glx/single2.c:274:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). clen = strlen(cext_string); data/xorg-server-1.20.9/glx/single2.c:275:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(sext_string); data/xorg-server-1.20.9/glx/single2.c:307:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = p + strlen(p); data/xorg-server-1.20.9/glx/single2.c:311:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(token) == n) && (strncmp(token, p, n) == 0)) { data/xorg-server-1.20.9/glx/single2.c:383:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen((const char *) string) + 1; data/xorg-server-1.20.9/hw/dmx/config/dmxcompat.c:59:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(buf); data/xorg-server-1.20.9/hw/dmx/config/dmxcompat.c:89:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *len = strlen(name); data/xorg-server-1.20.9/hw/dmx/config/dmxcompat.c:102:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *len = strlen(name); data/xorg-server-1.20.9/hw/dmx/config/dmxcompat.c:159:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = dmxConfigCopyString(buf + 1, strlen(buf + 1)); data/xorg-server-1.20.9/hw/dmx/config/dmxparse.c:98:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(string); data/xorg-server-1.20.9/hw/dmx/config/dmxparse.c:101:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(copy, string, length); data/xorg-server-1.20.9/hw/dmx/config/dmxparse.c:376:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length += strlen(p->string) + 1; data/xorg-server-1.20.9/hw/dmx/config/dmxparse.c:383:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(p->string); data/xorg-server-1.20.9/hw/dmx/config/parser.c:836:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define yystrlen strlen data/xorg-server-1.20.9/hw/dmx/config/scanner.c:652:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ data/xorg-server-1.20.9/hw/dmx/config/scanner.c:1687:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return yy_scan_bytes( yystr, (int) strlen(yystr) ); data/xorg-server-1.20.9/hw/dmx/config/scanner.c:1966:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = message + strlen(message); data/xorg-server-1.20.9/hw/dmx/config/scanner.c:1980:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(entry->from, pt, strlen(entry->from))) { data/xorg-server-1.20.9/hw/dmx/config/xdmxconfig.c:317:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = pt->display->name ? strlen(pt->display->name) : 0; data/xorg-server-1.20.9/hw/dmx/dmx.c:347:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = attr.displayName ? strlen(attr.displayName) : 0; data/xorg-server-1.20.9/hw/dmx/dmx.c:809:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = attr.name ? strlen(attr.name) : 0; data/xorg-server-1.20.9/hw/dmx/dmxfont.c:333:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(fp[i]) + 1; data/xorg-server-1.20.9/hw/dmx/dmxfont.c:361:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int n = strlen(fp[i]); data/xorg-server-1.20.9/hw/dmx/dmxfont.c:364:21: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&newfp[j], fp[i], n); data/xorg-server-1.20.9/hw/dmx/dmxinit.c:794:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int fplen = strlen(fp) + 1; data/xorg-server-1.20.9/hw/dmx/dmxinit.c:795:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(dmxFontPath); data/xorg-server-1.20.9/hw/dmx/dmxinit.c:799:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&dmxFontPath[len + 1], fp, fplen); data/xorg-server-1.20.9/hw/dmx/dmxlog.c:157:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). : strlen(dmxInput->name)); data/xorg-server-1.20.9/hw/dmx/dmxprop.c:160:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp((char *) tp.value, DMX_IDENT, strlen(DMX_IDENT))) { data/xorg-server-1.20.9/hw/dmx/dmxprop.c:176:21: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(list[count - 1], (char *) tp.value, tp.nitems + 1); data/xorg-server-1.20.9/hw/dmx/dmxprop.c:225:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen((char *) id))) { data/xorg-server-1.20.9/hw/dmx/dmxprop.c:265:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). PropModeReplace, id, strlen((char *) id)); data/xorg-server-1.20.9/hw/dmx/dmxprop.c:370:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). PropModeAppend, (unsigned char *) buf, strlen(buf)); data/xorg-server-1.20.9/hw/dmx/dmxprop.c:374:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). PropModeAppend, (unsigned char *) buf, strlen(buf)); data/xorg-server-1.20.9/hw/dmx/examples/dmxwininfo.c:76:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). XDrawString(dpy, win, gc, x, y, msg, strlen(msg)); data/xorg-server-1.20.9/hw/dmx/examples/dmxwininfo.c:88:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). XDrawString(dpy, win, gc, x, y, str, strlen(str)); data/xorg-server-1.20.9/hw/dmx/examples/ev.c:125:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((rc = read(fd, &event, sizeof(event))) > 0) { data/xorg-server-1.20.9/hw/dmx/glxProxy/glxcmds.c:2643:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). numbytes = strlen(be_buf) + 1; data/xorg-server-1.20.9/hw/dmx/glxProxy/glxcmds.c:2723:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). numbytes = strlen(be_buf) + 1; data/xorg-server-1.20.9/hw/dmx/glxProxy/glxscreens.c:190:13: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(ExtensionsString, " "); data/xorg-server-1.20.9/hw/dmx/input/dmxarg.c:149:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (!strlen(string)) data/xorg-server-1.20.9/hw/dmx/input/dmxcommon.c:686:13: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(250); /* This ends up sleeping only until data/xorg-server-1.20.9/hw/dmx/input/dmxinputinit.c:732:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). atom = MakeAtom((char *) devname, strlen(devname), TRUE); data/xorg-server-1.20.9/hw/dmx/input/dmxinputinit.c:805:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(name)) data/xorg-server-1.20.9/hw/dmx/input/dmxinputinit.c:1143:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). : strlen(dmxInput->name)); data/xorg-server-1.20.9/hw/dmx/input/usb-common.c:105:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (read(priv->fd, &raw, sizeof(raw)) > 0) { data/xorg-server-1.20.9/hw/dmx/input/usb-keyboard.c:393:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (read(priv->fd, &raw, sizeof(raw)) > 0) { data/xorg-server-1.20.9/hw/kdrive/ephyr/ephyrvideo.c:196:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cookie = xcb_intern_atom(conn, FALSE, strlen(atom_name), atom_name); data/xorg-server-1.20.9/hw/kdrive/ephyr/hostx.c:182:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(ephyrTitle), data/xorg-server-1.20.9/hw/kdrive/ephyr/hostx.c:197:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(buf), data/xorg-server-1.20.9/hw/kdrive/ephyr/hostx.c:300:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name, (char*)xcb_randr_get_output_info_name(output_info_r), name_len); data/xorg-server-1.20.9/hw/kdrive/ephyr/hostx.c:577:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen("_NET_WM_STATE"), data/xorg-server-1.20.9/hw/kdrive/ephyr/hostx.c:581:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen("_NET_WM_STATE_FULLSCREEN"), data/xorg-server-1.20.9/hw/kdrive/ephyr/hostx.c:665:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). class_len = strlen(ephyrResName) + 1 + strlen("Xephyr") + 1; data/xorg-server-1.20.9/hw/kdrive/ephyr/hostx.c:665:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). class_len = strlen(ephyrResName) + 1 + strlen("Xephyr") + 1; data/xorg-server-1.20.9/hw/kdrive/ephyr/hostx.c:669:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(class_hint + strlen(ephyrResName) + 1, "Xephyr"); data/xorg-server-1.20.9/hw/kdrive/src/kdrive.c:239:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(arg) >= sizeof(save)) data/xorg-server-1.20.9/hw/kdrive/src/kinput.c:58:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define AtomFromName(x) MakeAtom(x, strlen(x), 1) data/xorg-server-1.20.9/hw/kdrive/src/kinput.c:961:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(arg) >= sizeof(save)) { data/xorg-server-1.20.9/hw/kdrive/src/kinput.c:1069:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(arg) >= sizeof(save)) { data/xorg-server-1.20.9/hw/vfb/InitOutput.c:844:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). modeInfo.nameLength = strlen (name); data/xorg-server-1.20.9/hw/xfree86/common/xf86AutoConfig.c:110:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newstr = xnfalloc(strlen(p) + 2); data/xorg-server-1.20.9/hw/xfree86/common/xf86AutoConfig.c:112:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(newstr, "\n"); data/xorg-server-1.20.9/hw/xfree86/common/xf86Bus.c:273:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *retID = busID + strlen(p) + 1; data/xorg-server-1.20.9/hw/xfree86/common/xf86Config.c:177:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp_path = calloc(1, strlen(path) + 1); data/xorg-server-1.20.9/hw/xfree86/common/xf86Config.c:184:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dir_elem = xnfcalloc(1, strlen(path_elem) + 1); data/xorg-server-1.20.9/hw/xfree86/common/xf86Config.c:188:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dirlen = strlen(path_elem); data/xorg-server-1.20.9/hw/xfree86/common/xf86Config.c:228:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). out_pnt += strlen(path_elem); data/xorg-server-1.20.9/hw/xfree86/common/xf86Config.c:568:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). log_buf = xnfalloc(strlen(defaultFontPath) + (2 * countDirs) + 1); data/xorg-server-1.20.9/hw/xfree86/common/xf86Config.c:574:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(temp_path, start, size); data/xorg-server-1.20.9/hw/xfree86/common/xf86Configure.c:122:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lower_driver = xnfalloc(strlen(driver) + 1); data/xorg-server-1.20.9/hw/xfree86/common/xf86Configure.c:301:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(ptr->dev_comment) + strlen(prefix) + data/xorg-server-1.20.9/hw/xfree86/common/xf86Configure.c:301:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(ptr->dev_comment) + strlen(prefix) + data/xorg-server-1.20.9/hw/xfree86/common/xf86Configure.c:302:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(middle) + strlen(suffix) + 1; data/xorg-server-1.20.9/hw/xfree86/common/xf86Configure.c:302:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(middle) + strlen(suffix) + 1; data/xorg-server-1.20.9/hw/xfree86/common/xf86Configure.c:307:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += max(20, strlen(optname)); data/xorg-server-1.20.9/hw/xfree86/common/xf86Configure.c:308:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(opttype); data/xorg-server-1.20.9/hw/xfree86/common/xf86Configure.c:313:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p_e = ptr->dev_comment + strlen(ptr->dev_comment); data/xorg-server-1.20.9/hw/xfree86/common/xf86Configure.c:457:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen((char *) (det_mon->section.name)) + data/xorg-server-1.20.9/hw/xfree86/common/xf86Configure.c:507:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(ptr->mon_comment); data/xorg-server-1.20.9/hw/xfree86/common/xf86Configure.c:514:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len + strlen(displaySize_string) + 1))) { data/xorg-server-1.20.9/hw/xfree86/common/xf86Configure.c:680:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int l = strlen(home); data/xorg-server-1.20.9/hw/xfree86/common/xf86DGA.c:1294:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nameSize = deviceName ? (strlen(deviceName) + 1) : 0; data/xorg-server-1.20.9/hw/xfree86/common/xf86DGA.c:1362:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size += pad_to_int32(strlen(mode[i].name) + 1); /* plus NULL */ data/xorg-server-1.20.9/hw/xfree86/common/xf86DGA.c:1370:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(mode[i].name) + 1; data/xorg-server-1.20.9/hw/xfree86/common/xf86DGA.c:1496:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(mode.name) + 1; data/xorg-server-1.20.9/hw/xfree86/common/xf86Extensions.c:107:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncasecmp(key, "omit", 4) != 0 || strlen(key) < 5) data/xorg-server-1.20.9/hw/xfree86/common/xf86Helper.c:1259:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = 6 + strlen(drvname) + 2 + strlen(drvmsg) + 2; data/xorg-server-1.20.9/hw/xfree86/common/xf86Helper.c:1259:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = 6 + strlen(drvname) + 2 + strlen(drvmsg) + 2; data/xorg-server-1.20.9/hw/xfree86/common/xf86Helper.c:1266:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (len + 2 + strlen(chips[i].name) < 78) { data/xorg-server-1.20.9/hw/xfree86/common/xf86Helper.c:1275:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(chips[i].name); data/xorg-server-1.20.9/hw/xfree86/common/xf86Init.c:191:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (read(fd, buf, 80) > 0) { data/xorg-server-1.20.9/hw/xfree86/common/xf86Init.c:267:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(data) + 1, data, FALSE); data/xorg-server-1.20.9/hw/xfree86/common/xf86Init.c:838:9: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(022); data/xorg-server-1.20.9/hw/xfree86/common/xf86Option.c:907:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = malloc(strlen(s) + 1); data/xorg-server-1.20.9/hw/xfree86/common/xf86Xinput.c:373:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). atom = MakeAtom(pInfo->type_name, strlen(pInfo->type_name), TRUE); data/xorg-server-1.20.9/hw/xfree86/common/xf86Xinput.c:532:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pattern)) { data/xorg-server-1.20.9/hw/xfree86/common/xf86Xinput.c:885:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(FALLBACK_INPUT_DRIVER) > 0) { data/xorg-server-1.20.9/hw/xfree86/common/xf86pciBus.c:1285:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(line); data/xorg-server-1.20.9/hw/xfree86/common/xf86pciBus.c:1305:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ssize_t read; data/xorg-server-1.20.9/hw/xfree86/common/xf86pciBus.c:1324:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(direntry->d_name); data/xorg-server-1.20.9/hw/xfree86/common/xf86pciBus.c:1346:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(&line[4])) == 0) { data/xorg-server-1.20.9/hw/xfree86/common/xf86pciBus.c:1365:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(direntry->d_name) - 3); data/xorg-server-1.20.9/hw/xfree86/common/xf86pciBus.c:1374:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (j = 0; j < (strlen(direntry->d_name) - 3); j++) { data/xorg-server-1.20.9/hw/xfree86/common/xf86sbusBus.c:276:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(sbusDeviceTable[i].promName); data/xorg-server-1.20.9/hw/xfree86/ddc/ddcProperty.c:52:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Atom atom = MakeAtom(EDID1_ATOM_NAME, strlen(EDID1_ATOM_NAME), TRUE); data/xorg-server-1.20.9/hw/xfree86/dri/dri.c:199:9: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(100000); data/xorg-server-1.20.9/hw/xfree86/dri/dri.c:317:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((count = read(entry->fd, buf, sizeof(buf) - 1)) > 0) { data/xorg-server-1.20.9/hw/xfree86/dri/xf86dri.c:163:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). busIdStringLength = strlen(busIdString); data/xorg-server-1.20.9/hw/xfree86/dri/xf86dri.c:251:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rep.clientDriverNameLength = strlen(clientDriverName); data/xorg-server-1.20.9/hw/xfree86/dri2/dri2ext.c:126:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rep.driverNameLength = strlen(driverName); data/xorg-server-1.20.9/hw/xfree86/dri2/dri2ext.c:127:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rep.deviceNameLength = strlen(deviceName); data/xorg-server-1.20.9/hw/xfree86/drivers/modesetting/drmmode_display.c:1356:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(kmode->name, mode->name, DRM_DISPLAY_MODE_LEN); data/xorg-server-1.20.9/hw/xfree86/drivers/modesetting/drmmode_display.c:2666:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). MakeAtom(drmmode_prop->name, strlen(drmmode_prop->name), TRUE); data/xorg-server-1.20.9/hw/xfree86/drivers/modesetting/drmmode_display.c:2692:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). MakeAtom(drmmode_prop->name, strlen(drmmode_prop->name), TRUE); data/xorg-server-1.20.9/hw/xfree86/drivers/modesetting/drmmode_display.c:2696:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p->atoms[j] = MakeAtom(e->name, strlen(e->name), TRUE); data/xorg-server-1.20.9/hw/xfree86/drivers/modesetting/drmmode_display.c:3025:86: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). output->randr_output = RROutputCreate(xf86ScrnToScreen(pScrn), output->name, strlen(output->name), output); data/xorg-server-1.20.9/hw/xfree86/fbdevhw/fbdevhw.c:290:25: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(*namep, fix.id, 16); data/xorg-server-1.20.9/hw/xfree86/fbdevhw/fbdevhw.c:357:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(*namep, fix.id, 16); data/xorg-server-1.20.9/hw/xfree86/loader/loadmod.c:130:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(elem); data/xorg-server-1.20.9/hw/xfree86/loader/loadmod.c:335:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(dirname) > PATH_MAX) data/xorg-server-1.20.9/hw/xfree86/loader/loadmod.c:381:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (dirlen + strlen(dp->d_name) > PATH_MAX) data/xorg-server-1.20.9/hw/xfree86/loader/loadmod.c:406:25: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(listing[n], dp->d_name + match[1].rm_so, len); data/xorg-server-1.20.9/hw/xfree86/loader/loadmod.c:983:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(str, s + match[1].rm_so, len); data/xorg-server-1.20.9/hw/xfree86/modes/xf86Crtc.c:627:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(name) + 1; data/xorg-server-1.20.9/hw/xfree86/modes/xf86Modes.c:290:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *p = xnfrealloc(*p, strlen(*p) + strlen(new) + 2); data/xorg-server-1.20.9/hw/xfree86/modes/xf86Modes.c:290:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *p = xnfrealloc(*p, strlen(*p) + strlen(new) + 2); data/xorg-server-1.20.9/hw/xfree86/modes/xf86Modes.c:291:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(*p, " "); data/xorg-server-1.20.9/hw/xfree86/modes/xf86Modes.c:556:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(pScrn->display->modes[i])) == 0) { data/xorg-server-1.20.9/hw/xfree86/modes/xf86RandR12.c:1006:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(mode->name); data/xorg-server-1.20.9/hw/xfree86/modes/xf86RandR12.c:1595:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). modeInfo.nameLength = strlen(mode->name); data/xorg-server-1.20.9/hw/xfree86/modes/xf86RandR12.c:1735:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(output->name), output); data/xorg-server-1.20.9/hw/xfree86/modes/xf86RandR12.c:1744:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(config->name)); data/xorg-server-1.20.9/hw/xfree86/modes/xf86RandR12.c:1781:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). monitor->name = MakeAtom(buf, strlen(buf), TRUE); data/xorg-server-1.20.9/hw/xfree86/os-support/bus/Sbus.c:417:16: [1] (buffer) fscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. while (fscanf(f, "%d %63s\n", &fbNum, buffer) == 2) { data/xorg-server-1.20.9/hw/xfree86/os-support/bus/Sbus.c:420:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(procFbPrefixes[i].prefix))) data/xorg-server-1.20.9/hw/xfree86/os-support/bus/Sbus.c:614:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(pathName); data/xorg-server-1.20.9/hw/xfree86/os-support/linux/lnx_acpi.c:64:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). n = read(fd, ev, LINE_LENGTH); data/xorg-server-1.20.9/hw/xfree86/os-support/linux/lnx_apm.c:79:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((n = read(fd, linuxEvents, num * sizeof(apm_event_t))) == -1) data/xorg-server-1.20.9/hw/xfree86/os-support/linux/lnx_kmod.c:46:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int count = read(fd, mpPath, MAX_PATH - 1); data/xorg-server-1.20.9/hw/xfree86/os-support/linux/lnx_platform.c:97:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(id); data/xorg-server-1.20.9/hw/xfree86/os-support/linux/lnx_platform.c:99:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(syspath) < strlen(id)) data/xorg-server-1.20.9/hw/xfree86/os-support/linux/lnx_platform.c:99:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(syspath) < strlen(id)) data/xorg-server-1.20.9/hw/xfree86/os-support/linux/lnx_platform.c:100:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(syspath); data/xorg-server-1.20.9/hw/xfree86/os-support/shared/posix_tty.c:361:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). SYSCALL(r = read(fd, buf, count)); data/xorg-server-1.20.9/hw/xfree86/os-support/shared/posix_tty.c:438:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(fd, &c, sizeof(c)) < 1) data/xorg-server-1.20.9/hw/xfree86/parser/Files.c:100:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(str) + 1; data/xorg-server-1.20.9/hw/xfree86/parser/Files.c:103:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(ptr->file_fontpath) + strlen(str) + 1; data/xorg-server-1.20.9/hw/xfree86/parser/Files.c:103:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(ptr->file_fontpath) + strlen(str) + 1; data/xorg-server-1.20.9/hw/xfree86/parser/Files.c:104:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (ptr->file_fontpath[strlen(ptr->file_fontpath) - 1] != ',') { data/xorg-server-1.20.9/hw/xfree86/parser/Files.c:111:17: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(ptr->file_fontpath, ","); data/xorg-server-1.20.9/hw/xfree86/parser/Files.c:124:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). k = strlen(str) + 1; data/xorg-server-1.20.9/hw/xfree86/parser/Files.c:127:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). k = strlen(ptr->file_modulepath) + strlen(str) + 1; data/xorg-server-1.20.9/hw/xfree86/parser/Files.c:127:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). k = strlen(ptr->file_modulepath) + strlen(str) + 1; data/xorg-server-1.20.9/hw/xfree86/parser/Files.c:128:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (ptr->file_modulepath[strlen(ptr->file_modulepath) - 1] != data/xorg-server-1.20.9/hw/xfree86/parser/Files.c:136:17: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(ptr->file_modulepath, ","); data/xorg-server-1.20.9/hw/xfree86/parser/scan.c:170:17: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(&configBuf[pos], "\n"); data/xorg-server-1.20.9/hw/xfree86/parser/scan.c:395:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). xf86_lex_val.str = malloc(strlen(configRBuf) + 1); data/xorg-server-1.20.9/hw/xfree86/parser/scan.c:511:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(path) > 3) && !strcmp(path + strlen(path) - 3, "/..")) data/xorg-server-1.20.9/hw/xfree86/parser/scan.c:511:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(path) > 3) && !strcmp(path + strlen(path) - 3, "/..")) data/xorg-server-1.20.9/hw/xfree86/parser/scan.c:553:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(s) + l > PATH_MAX) { \ data/xorg-server-1.20.9/hw/xfree86/parser/scan.c:557:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l += strlen(s); \ data/xorg-server-1.20.9/hw/xfree86/parser/scan.c:745:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t suflen = strlen(XCONFIGSUFFIX); data/xorg-server-1.20.9/hw/xfree86/parser/scan.c:749:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(name); data/xorg-server-1.20.9/hw/xfree86/parser/scan.c:1059:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). curlen = strlen(cur); data/xorg-server-1.20.9/hw/xfree86/parser/scan.c:1076:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(add); data/xorg-server-1.20.9/hw/xfree86/parser/scan.c:1100:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(cur, "\n"); data/xorg-server-1.20.9/hw/xfree86/vgahw/vgaHW.c:712:5: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(10000); data/xorg-server-1.20.9/hw/xfree86/vgahw/vgaHW.c:2022:9: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(50000); /* let VCO stabilise */ data/xorg-server-1.20.9/hw/xfree86/x86emu/debug.c:186:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). M.x86.enc_str_pos += strlen(temp); data/xorg-server-1.20.9/hw/xfree86/xorg-wrapper.c:74:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(s) - 1; data/xorg-server-1.20.9/hw/xquartz/applewm.c:64:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). atom = MakeAtom(atom_name, strlen(atom_name), TRUE); \ data/xorg-server-1.20.9/hw/xquartz/console_redirect.c:106:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(fd, aslr->w, data/xorg-server-1.20.9/hw/xquartz/darwinEvents.c:403:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x = read(darwinEventReadFD, &nullbyte, sizeof(nullbyte)); data/xorg-server-1.20.9/hw/xquartz/mach-startup/bundle-main.c:315:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sizeof(servaddr_un.sun_path) + strlen(filename_out); data/xorg-server-1.20.9/hw/xquartz/mach-startup/bundle-main.c:558:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strcmp(asl_facility + strlen(asl_facility) - 4, ".X11") == 0) data/xorg-server-1.20.9/hw/xquartz/mach-startup/bundle-main.c:559:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). asl_facility[strlen(asl_facility) - 4] = '\0'; data/xorg-server-1.20.9/hw/xquartz/mach-startup/bundle-main.c:620:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(server_bootstrap_name); data/xorg-server-1.20.9/hw/xquartz/mach-startup/bundle-main.c:827:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(default_value) + 1; data/xorg-server-1.20.9/hw/xquartz/mach-startup/stub.c:129:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sizeof(servaddr_un.sun_path) + strlen(filename); data/xorg-server-1.20.9/hw/xquartz/mach-startup/stub.c:233:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strcmp(asl_facility + strlen(asl_facility) - 4, ".X11") == 0) data/xorg-server-1.20.9/hw/xquartz/mach-startup/stub.c:234:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). asl_facility[strlen(asl_facility) - 4] = '\0'; data/xorg-server-1.20.9/hw/xquartz/mach-startup/stub.c:287:13: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(250000); data/xorg-server-1.20.9/hw/xquartz/xpr/appledri.c:296:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rep.stringLength = strlen(path) + 1; data/xorg-server-1.20.9/hw/xquartz/xpr/xprFrame.c:62:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). atom = MakeAtom(atom_name, strlen(atom_name), TRUE); \ data/xorg-server-1.20.9/hw/xwayland/xwayland-cvt.c:308:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). modeinfo.nameLength = strlen(name); data/xorg-server-1.20.9/hw/xwayland/xwayland-input.c:1151:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). type_atom = MakeAtom(driver, strlen(driver), TRUE); data/xorg-server-1.20.9/hw/xwayland/xwayland-output.c:362:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(name), xwl_output); data/xorg-server-1.20.9/hw/xwayland/xwayland-shm.c:129:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name = malloc(strlen(path) + sizeof(template)); data/xorg-server-1.20.9/hw/xwayland/xwayland.c:517:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). type_atom = MakeAtom(atom_name, strlen(atom_name), TRUE); data/xorg-server-1.20.9/hw/xwayland/xwayland.c:1092:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). atom_wm_s0 = MakeAtom(atom_name, strlen(atom_name), TRUE); data/xorg-server-1.20.9/hw/xwayland/xwayland.c:1301:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(allow_commits), data/xorg-server-1.20.9/hw/xwin/InitOutput.c:277:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(opt); data/xorg-server-1.20.9/hw/xwin/InitOutput.c:388:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t basedirlen = strlen(basedir); data/xorg-server-1.20.9/hw/xwin/InitOutput.c:403:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t size = strlen(fontpath); data/xorg-server-1.20.9/hw/xwin/InitOutput.c:443:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). blen = strlen(str); data/xorg-server-1.20.9/hw/xwin/InitOutput.c:476:21: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fontpath + size, str, blen); data/xorg-server-1.20.9/hw/xwin/InitOutput.c:494:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t libx11dir_len = strlen(libx11dir); data/xorg-server-1.20.9/hw/xwin/InitOutput.c:499:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). endptr = oldptr + strlen(oldptr); data/xorg-server-1.20.9/hw/xwin/InitOutput.c:508:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(newpath, oldptr, newsize); data/xorg-server-1.20.9/hw/xwin/InitOutput.c:517:17: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(compose, newpath + libx11dir_len, newsize - basedirlen); data/xorg-server-1.20.9/hw/xwin/InitOutput.c:534:17: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(newfp + oldfp_len, ","); data/xorg-server-1.20.9/hw/xwin/InitOutput.c:586:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "HOME=", 5); data/xorg-server-1.20.9/hw/xwin/glx/indirect.c:176:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((errorbuffer[strlen(errorbuffer) - 1] == '\n') || data/xorg-server-1.20.9/hw/xwin/glx/indirect.c:177:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (errorbuffer[strlen(errorbuffer) - 1] == '\r')) data/xorg-server-1.20.9/hw/xwin/glx/indirect.c:178:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). errorbuffer[strlen(errorbuffer) - 1] = 0; data/xorg-server-1.20.9/hw/xwin/glx/indirect.c:180:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(errorbuffer + strlen(errorbuffer), " (%08x)", last_error); data/xorg-server-1.20.9/hw/xwin/glx/indirect.c:443:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(prefix) + strlen(strl); data/xorg-server-1.20.9/hw/xwin/glx/indirect.c:443:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(prefix) + strlen(strl); data/xorg-server-1.20.9/hw/xwin/glx/indirect.c:450:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (length + strlen(strl) + 1 > 120) { data/xorg-server-1.20.9/hw/xwin/glx/indirect.c:453:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(prefix); data/xorg-server-1.20.9/hw/xwin/glx/indirect.c:461:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = length + strlen(strl); data/xorg-server-1.20.9/hw/xwin/win.h:245:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). atom = MakeAtom (atom_name, strlen (atom_name), TRUE); \ data/xorg-server-1.20.9/hw/xwin/winauth.c:95:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_authId = GenerateAuthorization(strlen(AUTH_NAME), data/xorg-server-1.20.9/hw/xwin/winauth.c:110:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). auth_info.namelen = strlen(AUTH_NAME); data/xorg-server-1.20.9/hw/xwin/winauth.c:149:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(AUTH_NAME), g_pAuthData, g_uiAuthDataLen); data/xorg-server-1.20.9/hw/xwin/winclipboard/xevents.c:399:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). winClipboardDOStoUNIX(pszConvertData, strlen(pszConvertData)); data/xorg-server-1.20.9/hw/xwin/winclipboard/xevents.c:620:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iReturnDataLen += strlen(ppszTextList[i]); data/xorg-server-1.20.9/hw/xwin/winclipboard/xevents.c:665:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). winClipboardUNIXtoDOS(&pszReturnData, strlen(pszReturnData)); data/xorg-server-1.20.9/hw/xwin/winclipboard/xevents.c:697:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iConvertDataLen = strlen(pszConvertData) + 1; data/xorg-server-1.20.9/hw/xwin/winconfig.c:910:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = malloc(strlen(p->name) + 2 + 1); data/xorg-server-1.20.9/hw/xwin/winconfig.c:1004:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = malloc(strlen(s) + 1); data/xorg-server-1.20.9/hw/xwin/windialogs.c:101:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). DrawText(draw->hDC, str, strlen(str), &rect, DT_LEFT | DT_VCENTER); data/xorg-server-1.20.9/hw/xwin/winmultiwindowclass.c:75:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len_name = strlen((char *) prop->data); data/xorg-server-1.20.9/hw/xwin/winmultiwindowclass.c:86:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((*res_name), prop->data, len_name); data/xorg-server-1.20.9/hw/xwin/winmultiwindowclass.c:90:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len_class = (len_name >= prop->size) ? 0 : (strlen(((char *) prop->data) + 1 + len_name)); data/xorg-server-1.20.9/hw/xwin/winmultiwindowclass.c:104:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((*res_class), ((char *) prop->data) + 1 + len_name, len_class); data/xorg-server-1.20.9/hw/xwin/winmultiwindowclass.c:178:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((*res_role), prop->data, len_role); data/xorg-server-1.20.9/hw/xwin/winmultiwindowclass.c:290:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((*wmName), prop->data, len_name); data/xorg-server-1.20.9/hw/xwin/winmultiwindowicons.c:407:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). atom_cookie = xcb_intern_atom(conn, 0, strlen(atomName), atomName); data/xorg-server-1.20.9/hw/xwin/winmultiwindowwm.c:450:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pszClientHostname) && data/xorg-server-1.20.9/hw/xwin/winmultiwindowwm.c:456:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). malloc(strlen(pszWindowName) + data/xorg-server-1.20.9/hw/xwin/winmultiwindowwm.c:457:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(pszClientMachine) + 2); data/xorg-server-1.20.9/hw/xwin/winmultiwindowwm.c:459:17: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(*ppWindowName, "@"); data/xorg-server-1.20.9/hw/xwin/winmultiwindowwm.c:1013:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). atom_cookie = xcb_intern_atom(conn, 0, strlen(atomName), atomName); data/xorg-server-1.20.9/hw/xwin/winprefs.c:547:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (fname[strlen(fname) - 1] != '\\') data/xorg-server-1.20.9/hw/xwin/winprefs.c:548:21: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(file, "\\"); data/xorg-server-1.20.9/hw/xwin/winprefs.c:642:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefFile = fmemopen(defaultPrefs, strlen(defaultPrefs), "r"); data/xorg-server-1.20.9/hw/xwin/winprefs.c:686:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (fname[strlen(fname) - 1] != '/') data/xorg-server-1.20.9/hw/xwin/winprefs.c:687:13: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(fname, "/"); data/xorg-server-1.20.9/hw/xwin/winprefs.c:699:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buffer, SYSCONFDIR "/X11/system.XWinrc", sizeof(buffer)); data/xorg-server-1.20.9/hw/xwin/winprefs.c:715:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). szEnvDisplay = (char *) (malloc(strlen(szDisplay) + strlen("DISPLAY=") + 1)); data/xorg-server-1.20.9/hw/xwin/winprefs.c:715:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). szEnvDisplay = (char *) (malloc(strlen(szDisplay) + strlen("DISPLAY=") + 1)); data/xorg-server-1.20.9/hw/xwin/winprefs.c:729:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(dstParam, szDisplay, strlen(szDisplay)); data/xorg-server-1.20.9/hw/xwin/winprefs.c:730:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dstParam += strlen(szDisplay); data/xorg-server-1.20.9/hw/xwin/winprefslex.c:680:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr = malloc(strlen(str)+1); data/xorg-server-1.20.9/hw/xwin/winprefslex.c:800:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ data/xorg-server-1.20.9/hw/xwin/winprefslex.c:1134:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). yylval.sVal[strlen(yylval.sVal)-1] = 0; \ data/xorg-server-1.20.9/hw/xwin/winprefslex.c:1875:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return yy_scan_bytes( yystr, (int) strlen(yystr) ); data/xorg-server-1.20.9/hw/xwin/winprefsyacc.c:948:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define yystrlen strlen data/xorg-server-1.20.9/hw/xwin/winprefsyacc.c:1908:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (pref.iconDirectory, path, PATH_MAX); data/xorg-server-1.20.9/hw/xwin/winprefsyacc.c:1915:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (pref.defaultIconName, fname, NAME_MAX); data/xorg-server-1.20.9/hw/xwin/winprefsyacc.c:1922:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (pref.trayIconName, fname, NAME_MAX); data/xorg-server-1.20.9/hw/xwin/winprefsyacc.c:1929:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (pref.rootMenuName, menuname, MENU_MAX); data/xorg-server-1.20.9/hw/xwin/winprefsyacc.c:1936:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (pref.defaultSysMenuName, menuname, MENU_MAX); data/xorg-server-1.20.9/hw/xwin/winprefsyacc.c:1946:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(menu.menuName, menuname, MENU_MAX); data/xorg-server-1.20.9/hw/xwin/winprefsyacc.c:1959:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (menu.menuItem[menu.menuItems].text, text, MENU_MAX); data/xorg-server-1.20.9/hw/xwin/winprefsyacc.c:1964:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(menu.menuItem[menu.menuItems].param, param, PARAM_MAX); data/xorg-server-1.20.9/hw/xwin/winprefsyacc.c:2011:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(pref.icon[pref.iconItems].match, matchstr, MENU_MAX); data/xorg-server-1.20.9/hw/xwin/winprefsyacc.c:2014:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(pref.icon[pref.iconItems].iconFile, iconfile, PATH_MAX+NAME_MAX+1); data/xorg-server-1.20.9/hw/xwin/winprefsyacc.c:2046:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(pref.style[pref.styleItems].match, matchstr, MENU_MAX); data/xorg-server-1.20.9/hw/xwin/winprefsyacc.c:2078:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (pref.sysMenu[pref.sysMenuItems].match, matchstr, MENU_MAX); data/xorg-server-1.20.9/hw/xwin/winprefsyacc.c:2081:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (pref.sysMenu[pref.sysMenuItems].menuName, menuname, MENU_MAX); data/xorg-server-1.20.9/hw/xwin/winprocarg.c:639:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strncmp(argv[i], "-resize=", strlen("-resize=")) == 0)) { data/xorg-server-1.20.9/hw/xwin/winprocarg.c:646:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp(argv[i], "-resize=", strlen("-resize=")) == 0) { data/xorg-server-1.20.9/hw/xwin/winprocarg.c:647:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *option = argv[i] + strlen("-resize="); data/xorg-server-1.20.9/hw/xwin/winprocarg.c:1097:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(argv[i]) < CHARS_PER_LINE data/xorg-server-1.20.9/hw/xwin/winprocarg.c:1098:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && iCurrLen + strlen(argv[i]) > CHARS_PER_LINE) data/xorg-server-1.20.9/hw/xwin/winprocarg.c:1099:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). || strlen(argv[i]) > CHARS_PER_LINE) { data/xorg-server-1.20.9/hw/xwin/winprocarg.c:1105:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iSize += strlen(argv[i]) + 1; data/xorg-server-1.20.9/hw/xwin/winprocarg.c:1108:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iCurrLen += strlen(argv[i]); data/xorg-server-1.20.9/hw/xwin/winprocarg.c:1123:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(argv[i]) < CHARS_PER_LINE data/xorg-server-1.20.9/hw/xwin/winprocarg.c:1124:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && iCurrLen + strlen(argv[i]) > CHARS_PER_LINE) data/xorg-server-1.20.9/hw/xwin/winprocarg.c:1125:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). || strlen(argv[i]) > CHARS_PER_LINE) { data/xorg-server-1.20.9/hw/xwin/winprocarg.c:1129:13: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(g_pszCommandLine, "\n ", iSize - strlen(g_pszCommandLine)); data/xorg-server-1.20.9/hw/xwin/winprocarg.c:1129:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(g_pszCommandLine, "\n ", iSize - strlen(g_pszCommandLine)); data/xorg-server-1.20.9/hw/xwin/winprocarg.c:1132:9: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(g_pszCommandLine, argv[i], iSize - strlen(g_pszCommandLine)); data/xorg-server-1.20.9/hw/xwin/winprocarg.c:1132:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(g_pszCommandLine, argv[i], iSize - strlen(g_pszCommandLine)); data/xorg-server-1.20.9/hw/xwin/winprocarg.c:1133:9: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(g_pszCommandLine, " ", iSize - strlen(g_pszCommandLine)); data/xorg-server-1.20.9/hw/xwin/winprocarg.c:1133:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(g_pszCommandLine, " ", iSize - strlen(g_pszCommandLine)); data/xorg-server-1.20.9/hw/xwin/winprocarg.c:1136:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iCurrLen += strlen(argv[i]); data/xorg-server-1.20.9/hw/xwin/winprocarg.c:1171:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(BUILDERSTRING)) data/xorg-server-1.20.9/hw/xwin/winrandr.c:77:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). modeInfo.nameLength = strlen(name); data/xorg-server-1.20.9/hw/xwin/winwin32rootless.c:236:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(pszClass, WINDOW_CLASS_X, sizeof(pszClass)); data/xorg-server-1.20.9/hw/xwin/winwin32rootless.c:239:9: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(pszClass, "-", 1); data/xorg-server-1.20.9/hw/xwin/winwin32rootless.c:240:9: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(pszClass, res_name, CLASS_NAME_LENGTH - strlen(pszClass)); data/xorg-server-1.20.9/hw/xwin/winwin32rootless.c:240:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(pszClass, res_name, CLASS_NAME_LENGTH - strlen(pszClass)); data/xorg-server-1.20.9/hw/xwin/winwin32rootless.c:241:9: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(pszClass, "-", 1); data/xorg-server-1.20.9/hw/xwin/winwin32rootless.c:242:9: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(pszClass, res_class, CLASS_NAME_LENGTH - strlen(pszClass)); data/xorg-server-1.20.9/hw/xwin/winwin32rootless.c:242:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(pszClass, res_class, CLASS_NAME_LENGTH - strlen(pszClass)); data/xorg-server-1.20.9/hw/xwin/winwin32rootless.c:250:13: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(pszClass, "-"); data/xorg-server-1.20.9/hw/xwin/winwindowswm.c:478:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(title_bytes, (char *) &stuff[1], title_length); data/xorg-server-1.20.9/miext/rootless/rootlessWindow.c:65:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). atom = MakeAtom (atom_name, strlen (atom_name), TRUE); \ data/xorg-server-1.20.9/os/access.c:967:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fnamelen = strlen(ETC_HOST_PREFIX) + strlen(ETC_HOST_SUFFIX) + data/xorg-server-1.20.9/os/access.c:967:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fnamelen = strlen(ETC_HOST_PREFIX) + strlen(ETC_HOST_SUFFIX) + data/xorg-server-1.20.9/os/access.c:968:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(display) + 1; data/xorg-server-1.20.9/os/access.c:981:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hostlen = strlen(ohostname) + 1; data/xorg-server-1.20.9/os/access.c:1024:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (void) NewHost(FamilyNetname, hostname, strlen(hostname), data/xorg-server-1.20.9/os/access.c:1710:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). addrlen = host->len - (strlen((char *) host->addr) + 1); data/xorg-server-1.20.9/os/access.c:1741:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). typelen = strlen(addrString) + 1; data/xorg-server-1.20.9/os/auth.c:322:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(fd, buf, len); data/xorg-server-1.20.9/os/backtrace.c:267:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bytesread = read(pipefd[0], btline, sizeof(btline) - 1); data/xorg-server-1.20.9/os/client.c:166:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(argv[i]) + 1; data/xorg-server-1.20.9/os/client.c:194:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). totsize = read(fd, path, sizeof(path)); data/xorg-server-1.20.9/os/client.c:207:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int cmdsize = strlen(path) + 1; data/xorg-server-1.20.9/os/client.c:244:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). totsize = read(fd, &psinfo, sizeof(psinfo_t)); data/xorg-server-1.20.9/os/connection.c:209:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write(displayfd, display, strlen(display)) != strlen(display)) data/xorg-server-1.20.9/os/connection.c:209:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write(displayfd, display, strlen(display)) != strlen(display)) data/xorg-server-1.20.9/os/connection.c:428:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(client_uid_string); data/xorg-server-1.20.9/os/connection.c:435:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(client_uid_string); data/xorg-server-1.20.9/os/connection.c:445:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(client_uid_string); data/xorg-server-1.20.9/os/connection.c:455:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(client_uid_string); data/xorg-server-1.20.9/os/inputthread.c:163:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = read(readHead, &array, sizeof(array)); data/xorg-server-1.20.9/os/log.c:311:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(saved_log_tempname) >= strlen(logFileName)) data/xorg-server-1.20.9/os/log.c:311:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(saved_log_tempname) >= strlen(logFileName)) data/xorg-server-1.20.9/os/log.c:312:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(saved_log_tempname, logFileName, data/xorg-server-1.20.9/os/log.c:313:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(saved_log_tempname)); data/xorg-server-1.20.9/os/log.c:915:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(AUDIT_PREFIX) + strlen(autime) + 10 + 1; data/xorg-server-1.20.9/os/log.c:915:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(AUDIT_PREFIX) + strlen(autime) + 10 + 1; data/xorg-server-1.20.9/os/oscolor.c:1649:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (r == 0 && len == strlen(&BuiltinColorNames[c->name])) { data/xorg-server-1.20.9/os/osinit.c:242:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(display) + strlen(ADMPATH) + 1 < sizeof fname) data/xorg-server-1.20.9/os/osinit.c:242:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(display) + strlen(ADMPATH) + 1 < sizeof fname) data/xorg-server-1.20.9/os/rpcauth.c:122:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return (len == strlen((char *) closure) && data/xorg-server-1.20.9/os/strcasestr.c:53:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(find); data/xorg-server-1.20.9/os/strlcat.c:47:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return (dlen + strlen(s)); data/xorg-server-1.20.9/os/utils.c:274:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(LOCK_PREFIX) > strlen(LOCK_TMP_PREFIX) ? strlen(LOCK_PREFIX) : data/xorg-server-1.20.9/os/utils.c:274:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(LOCK_PREFIX) > strlen(LOCK_TMP_PREFIX) ? strlen(LOCK_PREFIX) : data/xorg-server-1.20.9/os/utils.c:274:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(LOCK_PREFIX) > strlen(LOCK_TMP_PREFIX) ? strlen(LOCK_PREFIX) : data/xorg-server-1.20.9/os/utils.c:275:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(LOCK_TMP_PREFIX); data/xorg-server-1.20.9/os/utils.c:276:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(tmppath) + strlen(port) + strlen(LOCK_SUFFIX) + 1; data/xorg-server-1.20.9/os/utils.c:276:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(tmppath) + strlen(port) + strlen(LOCK_SUFFIX) + 1; data/xorg-server-1.20.9/os/utils.c:276:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(tmppath) + strlen(port) + strlen(LOCK_SUFFIX) + 1; data/xorg-server-1.20.9/os/utils.c:340:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(lfd, pid_str, 11) != 11) { data/xorg-server-1.20.9/os/utils.c:618:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < strlen(d); i++) { data/xorg-server-1.20.9/os/utils.c:1100:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(hnameptr) + 1; data/xorg-server-1.20.9/os/utils.c:1663:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buffer); data/xorg-server-1.20.9/os/utils.c:1878:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(argv[i]) > MAX_ARG_LENGTH) { data/xorg-server-1.20.9/os/utils.c:1906:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (envp[i] && (strlen(envp[i]) > MAX_ENV_LENGTH)) { data/xorg-server-1.20.9/os/utils.c:1928:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(envp[i]) > MAX_ENV_PATH_LENGTH) { data/xorg-server-1.20.9/os/xdmcp.c:314:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). XdmcpRegisterManufacturerDisplayID(argv[i], strlen(argv[i])); data/xorg-server-1.20.9/os/xdmcp.c:603:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). XdmAuthenticationInit(xdmAuthCookie, strlen(xdmAuthCookie)); data/xorg-server-1.20.9/os/xdmcp.c:608:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(defaultDisplayClass)); data/xorg-server-1.20.9/randr/rrcrtc.c:456:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Atom syncProp = MakeAtom(syncStr, strlen(syncStr), FALSE); data/xorg-server-1.20.9/randr/rrcrtc.c:488:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Atom syncProp = MakeAtom(syncStr, strlen(syncStr), FALSE); data/xorg-server-1.20.9/randr/rrcrtc.c:1740:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nbytes = strlen(transform->filter->name); data/xorg-server-1.20.9/randr/rrcrtc.c:1757:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nbytes = strlen(transform->filter->name); data/xorg-server-1.20.9/randr/rrinfo.c:47:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). modeInfo.nameLength = strlen(name); data/xorg-server-1.20.9/randr/rrmonitor.c:36:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return MakeAtom(name, strlen(name), TRUE); data/xorg-server-1.20.9/randr/rrmonitor.c:451:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(str); data/xorg-server-1.20.9/randr/rroutput.c:117:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nonDesktopAtom = MakeAtom(RR_PROPERTY_NON_DESKTOP, strlen(RR_PROPERTY_NON_DESKTOP), TRUE); data/xorg-server-1.20.9/randr/rroutput.c:328:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Atom nonDesktopProp = MakeAtom(nonDesktopStr, strlen(nonDesktopStr), TRUE); data/xorg-server-1.20.9/randr/rrproperty.c:140:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Atom non_desktop_prop = MakeAtom(non_desktop_str, strlen(non_desktop_str), FALSE); data/xorg-server-1.20.9/randr/rrprovider.c:276:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Atom syncProp = MakeAtom(syncStr, strlen(syncStr), TRUE); data/xorg-server-1.20.9/randr/rrprovider.c:307:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Atom syncProp = MakeAtom(syncStr, strlen(syncStr), FALSE); data/xorg-server-1.20.9/render/filter.c:57:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(filter); data/xorg-server-1.20.9/render/render.c:1677:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nbytesName += 1 + strlen(ps->filters[i].name); data/xorg-server-1.20.9/render/render.c:1679:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nbytesName += 1 + strlen(ps->filterAliases[i].alias); data/xorg-server-1.20.9/render/render.c:1720:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). j = strlen(ps->filters[i].name); data/xorg-server-1.20.9/render/render.c:1728:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). j = strlen(ps->filterAliases[i].alias); data/xorg-server-1.20.9/test/bigreq/request-length.c:89:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int r = read(fd, &error, sizeof(error)); data/xorg-server-1.20.9/test/signal-logging.c:189:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(msg) > 2); \ data/xorg-server-1.20.9/test/signal-logging.c:201:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strcmp(&logmsg[strlen(logmsg) - 3], "en\n") == 0); data/xorg-server-1.20.9/test/signal-logging.c:206:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strcmp(&logmsg[strlen(logmsg) - 3], "en\n") == 0); data/xorg-server-1.20.9/test/simple-xinit.c:90:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = read(displayfd, display_string, sizeof(display_string) - 1); data/xorg-server-1.20.9/test/xfree86.c:85:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(compare, "\n"); data/xorg-server-1.20.9/test/xfree86.c:90:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(current, "\n"); data/xorg-server-1.20.9/test/xi2/protocol-xiquerydevice.c:147:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(info->name_len == strlen(dev->name)); data/xorg-server-1.20.9/xfixes/cursor.c:474:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/xorg-server-1.20.9/xfixes/cursor.c:532:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nbytes = strlen(name); data/xorg-server-1.20.9/xkb/XKBGAlloc.c:592:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). min(XkbKeyNameLength, strlen(realStr))); data/xorg-server-1.20.9/xkb/XKBGAlloc.c:602:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(alias->alias, aliasStr, min(XkbKeyNameLength, strlen(aliasStr))); data/xorg-server-1.20.9/xkb/XKBGAlloc.c:603:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(alias->real, realStr, min(XkbKeyNameLength, strlen(realStr))); data/xorg-server-1.20.9/xkb/XKBGAlloc.c:818:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(key->under.name, under, min(XkbKeyNameLength, strlen(under))); data/xorg-server-1.20.9/xkb/XKBGAlloc.c:819:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(key->over.name, over, min(XkbKeyNameLength, strlen(over))); data/xorg-server-1.20.9/xkb/ddxLoad.c:68:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(XKM_OUTPUT_DIR) < size)) { data/xorg-server-1.20.9/xkb/ddxLoad.c:73:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(Win32TempDir()) + 1 < size) { data/xorg-server-1.20.9/xkb/ddxLoad.c:75:16: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. (void) strcat(outdir, "\\"); data/xorg-server-1.20.9/xkb/ddxLoad.c:79:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen("/tmp/") < size) { data/xorg-server-1.20.9/xkb/ddxLoad.c:129:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int ld = strlen(XkbBinDirectory); data/xorg-server-1.20.9/xkb/ddxLoad.c:130:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int lps = strlen(PATHSEPARATOR); data/xorg-server-1.20.9/xkb/maprules.c:117:23: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (((ch = getc(file)) != '\n') && (ch != EOF)) { data/xorg-server-1.20.9/xkb/maprules.c:119:27: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((ch = getc(file)) == EOF) data/xorg-server-1.20.9/xkb/maprules.c:149:26: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(file); data/xorg-server-1.20.9/xkb/maprules.c:277:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(cname[i]); data/xorg-server-1.20.9/xkb/maprules.c:279:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tok) > len) { data/xorg-server-1.20.9/xkb/maprules.c:349:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int want_len = strlen(wanted); data/xorg-server-1.20.9/xkb/maprules.c:360:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/xorg-server-1.20.9/xkb/maprules.c:478:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str1) + strlen(str2) + 1; data/xorg-server-1.20.9/xkb/maprules.c:478:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str1) + strlen(str2) + 1; data/xorg-server-1.20.9/xkb/maprules.c:617:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0, p = group->words; i < group->number; i++, p += strlen(p) + 1) { data/xorg-server-1.20.9/xkb/maprules.c:762:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(name); data/xorg-server-1.20.9/xkb/maprules.c:782:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(mdefs->layout[ndx]) + extra_len; data/xorg-server-1.20.9/xkb/maprules.c:784:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(mdefs->model) + extra_len; data/xorg-server-1.20.9/xkb/maprules.c:786:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(mdefs->variant[ndx]) + extra_len; data/xorg-server-1.20.9/xkb/maprules.c:821:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). outstr += strlen(mdefs->layout[ndx]); data/xorg-server-1.20.9/xkb/maprules.c:829:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). outstr += strlen(mdefs->model); data/xorg-server-1.20.9/xkb/maprules.c:838:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). outstr += strlen(mdefs->variant[ndx]); data/xorg-server-1.20.9/xkb/maprules.c:983:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(base) + 1 > PATH_MAX) data/xorg-server-1.20.9/xkb/xkb.c:4491:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define XkbSizeCountedString(s) ((s)?((((2+strlen(s))+3)/4)*4):4) data/xorg-server-1.20.9/xkb/xkb.c:4512:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/xorg-server-1.20.9/xkb/xkb.c:4519:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&wire[sizeof(len)], str, paddedLen); data/xorg-server-1.20.9/xkb/xkbDflts.h:10:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define GET_ATOM(d,s) MakeAtom(s,strlen(s),1) data/xorg-server-1.20.9/xkb/xkbInit.c:151:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (XkbRulesUsed ? strlen(XkbRulesUsed) : 0); data/xorg-server-1.20.9/xkb/xkbInit.c:152:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += (XkbModelUsed ? strlen(XkbModelUsed) : 0); data/xorg-server-1.20.9/xkb/xkbInit.c:153:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += (XkbLayoutUsed ? strlen(XkbLayoutUsed) : 0); data/xorg-server-1.20.9/xkb/xkbInit.c:154:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += (XkbVariantUsed ? strlen(XkbVariantUsed) : 0); data/xorg-server-1.20.9/xkb/xkbInit.c:155:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += (XkbOptionsUsed ? strlen(XkbOptionsUsed) : 0); data/xorg-server-1.20.9/xkb/xkbInit.c:162:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). MakeAtom(_XKB_RF_NAMES_PROP_ATOM, strlen(_XKB_RF_NAMES_PROP_ATOM), 1); data/xorg-server-1.20.9/xkb/xkbInit.c:176:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). out += strlen(XkbRulesUsed); data/xorg-server-1.20.9/xkb/xkbInit.c:181:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). out += strlen(XkbModelUsed); data/xorg-server-1.20.9/xkb/xkbInit.c:186:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). out += strlen(XkbLayoutUsed); data/xorg-server-1.20.9/xkb/xkbInit.c:191:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). out += strlen(XkbVariantUsed); data/xorg-server-1.20.9/xkb/xkbInit.c:196:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). out += strlen(XkbOptionsUsed); data/xorg-server-1.20.9/xkb/xkbInit.c:756:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(argv[i]) < PATH_MAX) { data/xorg-server-1.20.9/xkb/xkbUtils.c:1453:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(sprop->name) != strlen(dprop->name)) { data/xorg-server-1.20.9/xkb/xkbUtils.c:1453:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(sprop->name) != strlen(dprop->name)) { data/xorg-server-1.20.9/xkb/xkbUtils.c:1454:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = realloc(dprop->name, strlen(sprop->name) + 1); data/xorg-server-1.20.9/xkb/xkbUtils.c:1459:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(sprop->value) != strlen(dprop->value)) { data/xorg-server-1.20.9/xkb/xkbUtils.c:1459:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(sprop->value) != strlen(dprop->value)) { data/xorg-server-1.20.9/xkb/xkbUtils.c:1460:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = realloc(dprop->value, strlen(sprop->value) + 1); data/xorg-server-1.20.9/xkb/xkbUtils.c:1514:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(scolor->spec) != strlen(dcolor->spec)) { data/xorg-server-1.20.9/xkb/xkbUtils.c:1514:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(scolor->spec) != strlen(dcolor->spec)) { data/xorg-server-1.20.9/xkb/xkbUtils.c:1515:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = realloc(dcolor->spec, strlen(scolor->spec) + 1); data/xorg-server-1.20.9/xkb/xkbUtils.c:1861:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = malloc(strlen(src->geom->label_font) + 1); data/xorg-server-1.20.9/xkb/xkbUtils.c:1866:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strlen(src->geom->label_font) != data/xorg-server-1.20.9/xkb/xkbUtils.c:1867:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(dst->geom->label_font)) { data/xorg-server-1.20.9/xkb/xkbUtils.c:1869:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(src->geom->label_font) + 1); data/xorg-server-1.20.9/xkb/xkbtext.c:85:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(atmstr) + 1; data/xorg-server-1.20.9/xkb/xkbtext.c:130:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(tmp) + 1; data/xorg-server-1.20.9/xkb/xkbtext.c:136:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&rtrn[5], tmp, len - 4); data/xorg-server-1.20.9/xkb/xkbtext.c:139:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(rtrn, tmp, len); data/xorg-server-1.20.9/xkb/xkbtext.c:157:13: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sprintf(rtrn, "0"); data/xorg-server-1.20.9/xkb/xkbtext.c:175:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(tmp) + 1 + (str == buf ? 0 : 1); data/xorg-server-1.20.9/xkb/xkbtext.c:199:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(mm); data/xorg-server-1.20.9/xkb/xkbtext.c:203:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(str) + (mm == NULL ? 0 : 1); data/xorg-server-1.20.9/xkb/xkbtext.c:208:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(mm); data/xorg-server-1.20.9/xkb/xkbtext.c:219:17: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(rtrn, "|"); data/xorg-server-1.20.9/xkb/xkbtext.c:221:17: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(rtrn, "+"); data/xorg-server-1.20.9/xkb/xkbtext.c:223:9: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(rtrn, str, len - i); data/xorg-server-1.20.9/xkb/xkbtext.c:255:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rtrn = tbGetBuffer(strlen(buf) + 1); data/xorg-server-1.20.9/xkb/xkbtext.c:274:13: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(buf, "0"); data/xorg-server-1.20.9/xkb/xkbtext.c:291:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str = &str[strlen(str)]; data/xorg-server-1.20.9/xkb/xkbtext.c:299:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rtrn = tbGetBuffer(strlen(buf) + 1); data/xorg-server-1.20.9/xkb/xkbtext.c:382:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buf); data/xorg-server-1.20.9/xkb/xkbtext.c:450:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(buf, "0"); data/xorg-server-1.20.9/xkb/xkbtext.c:457:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(imWhichNames[i]) + 1; data/xorg-server-1.20.9/xkb/xkbtext.c:478:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(&buf[len]); data/xorg-server-1.20.9/xkb/xkbtext.c:510:13: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(buf, "0"); data/xorg-server-1.20.9/xkb/xkbtext.c:519:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(ctrlNames[i]) + 1; data/xorg-server-1.20.9/xkb/xkbtext.c:540:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(&buf[len]); data/xorg-server-1.20.9/xkb/xkbtext.c:718:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(from); data/xorg-server-1.20.9/xkb/xkbtext.c:1232:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sz = ACTION_SZ - strlen(buf) + 2; /* room for close paren and NULL */ data/xorg-server-1.20.9/xkb/xkbtext.c:1239:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = tbGetBuffer(strlen(buf) + 1); data/xorg-server-1.20.9/xkb/xkbtext.c:1273:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = &buf[strlen(buf)]; data/xorg-server-1.20.9/xkb/xkbtext.c:1302:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = tbGetBuffer(strlen(buf) + 1); data/xorg-server-1.20.9/xkb/xkmread.c:51:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return MakeAtom(str, strlen(str), !only_if_exists); data/xorg-server-1.20.9/xkb/xkmread.c:88:11: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). tmp = getc(file); data/xorg-server-1.20.9/xkb/xkmread.c:120:13: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (getc(file) != EOF) data/xorg-server-1.20.9/xkb/xkmread.c:138:22: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((getc(file)) != EOF) data/xorg-server-1.20.9/xkb/xkmread.c:390:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(buf) == 0) ANALYSIS SUMMARY: Hits = 1920 Lines analyzed = 551740 in approximately 12.17 seconds (45328 lines/second) Physical Source Lines of Code (SLOC) = 395726 Hits@level = [0] 1153 [1] 522 [2] 1132 [3] 57 [4] 207 [5] 2 Hits@level+ = [0+] 3073 [1+] 1920 [2+] 1398 [3+] 266 [4+] 209 [5+] 2 Hits/KSLOC@level+ = [0+] 7.76547 [1+] 4.85184 [2+] 3.53275 [3+] 0.672182 [4+] 0.528143 [5+] 0.005054 Dot directories skipped = 1 (--followdotdir overrides) Suppressed hits = 16 (use --neverignore to show them) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.