Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/xschem-2.8.1/scconfig/src/util/cquote.c Examining data/xschem-2.8.1/scconfig/src/util/ls.c Examining data/xschem-2.8.1/scconfig/src/util/arg_auto_set.c Examining data/xschem-2.8.1/scconfig/src/util/arg_auto_menu.h Examining data/xschem-2.8.1/scconfig/src/util/arg_auto_menu.c Examining data/xschem-2.8.1/scconfig/src/util/sccbox.c Examining data/xschem-2.8.1/scconfig/src/util/arg_auto_set.h Examining data/xschem-2.8.1/scconfig/src/parsgen/INIT.h Examining data/xschem-2.8.1/scconfig/src/parsgen/INIT.c Examining data/xschem-2.8.1/scconfig/src/parsgen/find_parsgen.c Examining data/xschem-2.8.1/scconfig/src/gui/find_gtk3.h Examining data/xschem-2.8.1/scconfig/src/gui/find_gtk2.h Examining data/xschem-2.8.1/scconfig/src/gui/find_x.h Examining data/xschem-2.8.1/scconfig/src/gui/find_gtk3.c Examining data/xschem-2.8.1/scconfig/src/gui/INIT.h Examining data/xschem-2.8.1/scconfig/src/gui/find_gtk2.c Examining data/xschem-2.8.1/scconfig/src/gui/find_gl.h Examining data/xschem-2.8.1/scconfig/src/gui/find_x.c Examining data/xschem-2.8.1/scconfig/src/gui/INIT.c Examining data/xschem-2.8.1/scconfig/src/gui/find_cairo.h Examining data/xschem-2.8.1/scconfig/src/gui/find_gl.c Examining data/xschem-2.8.1/scconfig/src/gui/find_misc.h Examining data/xschem-2.8.1/scconfig/src/gui/find_lesstif2.h Examining data/xschem-2.8.1/scconfig/src/gui/find_gd.h Examining data/xschem-2.8.1/scconfig/src/gui/find_cairo.c Examining data/xschem-2.8.1/scconfig/src/gui/find_misc.c Examining data/xschem-2.8.1/scconfig/src/gui/find_lesstif2.c Examining data/xschem-2.8.1/scconfig/src/gui/find_gd.c Examining data/xschem-2.8.1/scconfig/src/gui/gui.c Examining data/xschem-2.8.1/scconfig/src/scripts/find_stutter.c Examining data/xschem-2.8.1/scconfig/src/scripts/INIT.h Examining data/xschem-2.8.1/scconfig/src/scripts/find_guile.c Examining data/xschem-2.8.1/scconfig/src/scripts/INIT.c Examining data/xschem-2.8.1/scconfig/src/scripts/find_perl.c Examining data/xschem-2.8.1/scconfig/src/scripts/find_mawk.c Examining data/xschem-2.8.1/scconfig/src/scripts/find_mruby.c Examining data/xschem-2.8.1/scconfig/src/scripts/find_duktape.c Examining data/xschem-2.8.1/scconfig/src/scripts/find_gpmi.c Examining data/xschem-2.8.1/scconfig/src/scripts/scripts.h Examining data/xschem-2.8.1/scconfig/src/scripts/scripts.c Examining data/xschem-2.8.1/scconfig/src/scripts/find_fungw.c Examining data/xschem-2.8.1/scconfig/src/scripts/find_tcl.c Examining data/xschem-2.8.1/scconfig/src/scripts/find_ruby.c Examining data/xschem-2.8.1/scconfig/src/scripts/find_python.c Examining data/xschem-2.8.1/scconfig/src/scripts/find_lua.c Examining data/xschem-2.8.1/scconfig/src/scripts/find_m4.c Examining data/xschem-2.8.1/scconfig/src/scripts/find_funlisp.c Examining data/xschem-2.8.1/scconfig/src/tmpasm/tmpasm_scconfig.h Examining data/xschem-2.8.1/scconfig/src/tmpasm/tmpasm.c Examining data/xschem-2.8.1/scconfig/src/tmpasm/tmpasm_scconfig.c Examining data/xschem-2.8.1/scconfig/src/tmpasm/debug.h Examining data/xschem-2.8.1/scconfig/src/tmpasm/openfiles.h Examining data/xschem-2.8.1/scconfig/src/tmpasm/tmpasm.h Examining data/xschem-2.8.1/scconfig/src/tmpasm/tester.c Examining data/xschem-2.8.1/scconfig/src/tmpasm/debug.c Examining data/xschem-2.8.1/scconfig/src/tmpasm/openfiles.c Examining data/xschem-2.8.1/scconfig/src/default/arg.c Examining data/xschem-2.8.1/scconfig/src/default/find_str.c Examining data/xschem-2.8.1/scconfig/src/default/find_thread.c Examining data/xschem-2.8.1/scconfig/src/default/lib_file.c Examining data/xschem-2.8.1/scconfig/src/default/lib_try.c Examining data/xschem-2.8.1/scconfig/src/default/find_proc.c Examining data/xschem-2.8.1/scconfig/src/default/libs.h Examining data/xschem-2.8.1/scconfig/src/default/find_time.c Examining data/xschem-2.8.1/scconfig/src/default/lib_srctree.c Examining data/xschem-2.8.1/scconfig/src/default/lib_uniqinc.c Examining data/xschem-2.8.1/scconfig/src/default/find_fstools.c Examining data/xschem-2.8.1/scconfig/src/default/hooks.h Examining data/xschem-2.8.1/scconfig/src/default/log.h Examining data/xschem-2.8.1/scconfig/src/default/find.h Examining data/xschem-2.8.1/scconfig/src/default/main.c Examining data/xschem-2.8.1/scconfig/src/default/log.c Examining data/xschem-2.8.1/scconfig/src/default/find_environ.c Examining data/xschem-2.8.1/scconfig/src/default/ht.h Examining data/xschem-2.8.1/scconfig/src/default/regex.h Examining data/xschem-2.8.1/scconfig/src/default/find_sys.c Examining data/xschem-2.8.1/scconfig/src/default/lib_compile.c Examining data/xschem-2.8.1/scconfig/src/default/dep.h Examining data/xschem-2.8.1/scconfig/src/default/ht.c Examining data/xschem-2.8.1/scconfig/src/default/regex.c Examining data/xschem-2.8.1/scconfig/src/default/dep.c Examining data/xschem-2.8.1/scconfig/src/default/str.c Examining data/xschem-2.8.1/scconfig/src/default/find_io.c Examining data/xschem-2.8.1/scconfig/src/default/find_uname.c Examining data/xschem-2.8.1/scconfig/src/default/find_types.c Examining data/xschem-2.8.1/scconfig/src/default/deps_default.h Examining data/xschem-2.8.1/scconfig/src/default/find_printf.c Examining data/xschem-2.8.1/scconfig/src/default/lib_filelist.c Examining data/xschem-2.8.1/scconfig/src/default/deps_default.c Examining data/xschem-2.8.1/scconfig/src/default/main_custom_args.h Examining data/xschem-2.8.1/scconfig/src/default/lib_pkg_config.c Examining data/xschem-2.8.1/scconfig/src/default/db.h Examining data/xschem-2.8.1/scconfig/src/default/main_custom_args.c Examining data/xschem-2.8.1/scconfig/src/default/find_libs.c Examining data/xschem-2.8.1/scconfig/src/default/find_fscalls.c Examining data/xschem-2.8.1/scconfig/src/default/find_target.c Examining data/xschem-2.8.1/scconfig/src/default/find_cc.c Examining data/xschem-2.8.1/scconfig/src/default/db.c Examining data/xschem-2.8.1/scconfig/src/default/main_lib.h Examining data/xschem-2.8.1/scconfig/src/default/arg.h Examining data/xschem-2.8.1/scconfig/src/default/find_signal.c Examining data/xschem-2.8.1/scconfig/src/default/main_lib.c Examining data/xschem-2.8.1/scconfig/hooks.c Examining data/xschem-2.8.1/src/node_hash.c Examining data/xschem-2.8.1/src/icon.c Examining data/xschem-2.8.1/src/clip.c Examining data/xschem-2.8.1/src/in_memory_undo.c Examining data/xschem-2.8.1/src/netlist.c Examining data/xschem-2.8.1/src/scheduler.c Examining data/xschem-2.8.1/src/move.c Examining data/xschem-2.8.1/src/draw.c Examining data/xschem-2.8.1/src/hilight.c Examining data/xschem-2.8.1/src/select.c Examining data/xschem-2.8.1/src/check.c Examining data/xschem-2.8.1/src/font.c Examining data/xschem-2.8.1/src/vhdl_netlist.c Examining data/xschem-2.8.1/src/callback.c Examining data/xschem-2.8.1/src/hash_iterator.c Examining data/xschem-2.8.1/src/main.c Examining data/xschem-2.8.1/src/paste.c Examining data/xschem-2.8.1/src/spice_netlist.c Examining data/xschem-2.8.1/src/actions.c Examining data/xschem-2.8.1/src/psprint.c Examining data/xschem-2.8.1/src/save.c Examining data/xschem-2.8.1/src/xschem.h Examining data/xschem-2.8.1/src/store.c Examining data/xschem-2.8.1/src/options.c Examining data/xschem-2.8.1/src/findnet.c Examining data/xschem-2.8.1/src/editprop.c Examining data/xschem-2.8.1/src/globals.c Examining data/xschem-2.8.1/src/token.c Examining data/xschem-2.8.1/src/svgdraw.c Examining data/xschem-2.8.1/src/verilog_netlist.c Examining data/xschem-2.8.1/src/tedax_netlist.c Examining data/xschem-2.8.1/src/xinit.c FINAL RESULTS: data/xschem-2.8.1/scconfig/src/default/find_fstools.c:728:14: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. const char *chmod; data/xschem-2.8.1/scconfig/src/default/find_fstools.c:743:36: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. report(" user provided (%s)...", chmod); data/xschem-2.8.1/scconfig/src/default/find_fstools.c:744:29: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. if (test_chmodx(logdepth, chmod)) return 0; data/xschem-2.8.1/scconfig/src/util/sccbox.c:421:2: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod(dst_name, st.st_mode); /* this may fail on windows or on strange FS, don't check the return value */ data/xschem-2.8.1/scconfig/src/default/db.c:310:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "%s/%s", db_cwd, key); data/xschem-2.8.1/scconfig/src/default/db.c:407:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buff, prefix); data/xschem-2.8.1/scconfig/src/default/find_cc.c:198:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name, "cc/argstd/%s", (*flg)+1); data/xschem-2.8.1/scconfig/src/default/find_cc.c:421:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(test_c, test_c_tmp, fattr); data/xschem-2.8.1/scconfig/src/default/find_cc.c:422:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(path, "cc/func_attr/%s/presents", fattr); data/xschem-2.8.1/scconfig/src/default/find_cc.c:461:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(test_c, test_c_tmp, dspec); data/xschem-2.8.1/scconfig/src/default/find_cc.c:462:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(path, "cc/declspec/%s/presents", dspec); data/xschem-2.8.1/scconfig/src/default/find_cc.c:513:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(test_c, test_c_template, dspec); data/xschem-2.8.1/scconfig/src/default/find_cc.c:740:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cflags_c, "%s -c %s", cflags, fpic); data/xschem-2.8.1/scconfig/src/default/find_cc.c:749:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(test_host_app, test_host, ld_include, libname_dyn); data/xschem-2.8.1/scconfig/src/default/find_cc.c:838:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(test_lib, test_lib_template, dspec_dllexport); data/xschem-2.8.1/scconfig/src/default/find_cc.c:859:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(test_app, test_app_template, dspec_dllimport); data/xschem-2.8.1/scconfig/src/default/find_cc.c:916:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(dll_ldflags, "-shared %s,%s", get("cc/wloutimplib"), dll_implib_name); data/xschem-2.8.1/scconfig/src/default/find_fscalls.c:228:4: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(test_c, test_c_templ, access_includes, *n); data/xschem-2.8.1/scconfig/src/default/find_fscalls.c:230:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(nodename, "libs/fs/access/macros/%s", names[name][0]); data/xschem-2.8.1/scconfig/src/default/find_fscalls.c:285:4: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(test_c, test_c_templ, *n); data/xschem-2.8.1/scconfig/src/default/find_fscalls.c:287:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(nodename, "libs/fs/stat/macros/%s", names[name][0]); data/xschem-2.8.1/scconfig/src/default/find_fscalls.c:330:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(test_c, test_c_templ, names[name]); data/xschem-2.8.1/scconfig/src/default/find_fscalls.c:331:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(nodename, "libs/fs/stat/fields/%s/presents", names[name]); data/xschem-2.8.1/scconfig/src/default/find_fscalls.c:368:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(node, "libs/fs/%s", fn); data/xschem-2.8.1/scconfig/src/default/find_fscalls.c:369:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(test_c, test_c_in, fn); data/xschem-2.8.1/scconfig/src/default/find_fscalls.c:485:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(test_c, test_c_in, dir, ", 0755"); data/xschem-2.8.1/scconfig/src/default/find_fscalls.c:496:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(test_c, test_c_in, dir, ", 0755"); data/xschem-2.8.1/scconfig/src/default/find_fscalls.c:507:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(test_c, test_c_in, dir, ""); data/xschem-2.8.1/scconfig/src/default/find_fscalls.c:548:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(test_c, test_c_in, dir, ", 0755"); data/xschem-2.8.1/scconfig/src/default/find_fscalls.c:559:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(test_c, test_c_in, dir, ""); data/xschem-2.8.1/scconfig/src/default/find_fscalls.c:646:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(test_c, test_c_in, tmp); data/xschem-2.8.1/scconfig/src/default/find_fstools.c:50:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "%s %s %s", command, src_esc, dst_esc); data/xschem-2.8.1/scconfig/src/default/find_fstools.c:109:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "%s %s %s", command, src_esc, dst_esc); data/xschem-2.8.1/scconfig/src/default/find_fstools.c:154:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "%s %s", command, dir_esc); data/xschem-2.8.1/scconfig/src/default/find_fstools.c:159:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file, "%s/test", dir); data/xschem-2.8.1/scconfig/src/default/find_fstools.c:174:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "rmdir %s", dir_esc); data/xschem-2.8.1/scconfig/src/default/find_fstools.c:215:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "%s %s", command, src_esc); data/xschem-2.8.1/scconfig/src/default/find_fstools.c:251:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "%s ru %s %s", command, dst_esc, src_esc); data/xschem-2.8.1/scconfig/src/default/find_fstools.c:253:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "%s t %s", command, dst_esc); data/xschem-2.8.1/scconfig/src/default/find_fstools.c:294:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "%s r %s %s", ar, archive_esc, obj_esc); data/xschem-2.8.1/scconfig/src/default/find_fstools.c:300:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "%s %s", command, archive_esc); data/xschem-2.8.1/scconfig/src/default/find_fstools.c:334:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "%s -v \"t=blobb\" -f %s", command, script_esc); data/xschem-2.8.1/scconfig/src/default/find_fstools.c:361:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "%s %s", command, fn_esc); data/xschem-2.8.1/scconfig/src/default/find_fstools.c:389:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "%s \"s/l/1/g\" < %s", command, fn_esc); data/xschem-2.8.1/scconfig/src/default/find_fstools.c:415:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "%s %s", command, tmp_esc); data/xschem-2.8.1/scconfig/src/default/find_fstools.c:460:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "%s %s", command, fn_esc); data/xschem-2.8.1/scconfig/src/default/find_io.c:98:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(test_c, test_c_, "fileno", "fileno", "fileno"); data/xschem-2.8.1/scconfig/src/default/find_io.c:104:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(test_c, test_c_, "fileno", "fileno", "fileno"); data/xschem-2.8.1/scconfig/src/default/find_io.c:111:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(test_c, test_c_, "_fileno", "_fileno", "_fileno"); data/xschem-2.8.1/scconfig/src/default/find_io.c:152:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(test_c, test_c_template, tmpf, *fn, *fn, *fn); data/xschem-2.8.1/scconfig/src/default/find_libs.c:37:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(cflags, cflagsf, dlc); data/xschem-2.8.1/scconfig/src/default/find_libs.c:38:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(ldflags, ldflagsf, dlc, dlc); data/xschem-2.8.1/scconfig/src/default/find_printf.c:37:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buff, test_c, trying, trying); data/xschem-2.8.1/scconfig/src/default/find_printf.c:55:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buff, test_c, trying); data/xschem-2.8.1/scconfig/src/default/find_proc.c:128:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(test_c, test_c_in, inc); data/xschem-2.8.1/scconfig/src/default/find_proc.c:132:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(test_c, test_c_in, ""); data/xschem-2.8.1/scconfig/src/default/find_signal.c:102:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(path, prefix); data/xschem-2.8.1/scconfig/src/default/find_signal.c:110:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(test_c, test_c_exists, *name); data/xschem-2.8.1/scconfig/src/default/find_signal.c:111:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pathend, *name); data/xschem-2.8.1/scconfig/src/default/find_signal.c:123:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(test_c, test_c_terms, *name); data/xschem-2.8.1/scconfig/src/default/find_signal.c:124:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(pathend, "%s/terminates", *name); data/xschem-2.8.1/scconfig/src/default/find_sys.c:136:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(test_c_blind, test_c_blind_template, endians1[index], endians1[index]); data/xschem-2.8.1/scconfig/src/default/find_sys.c:378:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "%s %s%s%s", shell, q, test, q); data/xschem-2.8.1/scconfig/src/default/find_time.c:146:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(test_c, timegm_test_c_template, "timegm"); data/xschem-2.8.1/scconfig/src/default/find_time.c:165:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(test_c, timegm_test_c_template, "_mkgmtime"); data/xschem-2.8.1/scconfig/src/default/find_types.c:52:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(test_c, inc); data/xschem-2.8.1/scconfig/src/default/find_types.c:57:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(start, test_c_template, type); data/xschem-2.8.1/scconfig/src/default/find_types.c:171:4: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(path, path_template, n, 'u'); data/xschem-2.8.1/scconfig/src/default/find_types.c:178:4: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(path, path_template, n, 's'); data/xschem-2.8.1/scconfig/src/default/find_types.c:187:4: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(path, path_template_f, n); data/xschem-2.8.1/scconfig/src/default/find_types.c:260:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(node, "%s/%s", prefix, typ); data/xschem-2.8.1/scconfig/src/default/find_types.c:279:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(test_c, test_c_include, define, *include, typ); data/xschem-2.8.1/scconfig/src/default/find_types.c:305:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(test_c, test_c_broken, define, *include, typ); data/xschem-2.8.1/scconfig/src/default/find_types.c:329:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(test_c, test_c_size, define, *include, typ); data/xschem-2.8.1/scconfig/src/default/lib_compile.c:55:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(output + len + 1, input + 1); data/xschem-2.8.1/scconfig/src/default/lib_compile.c:92:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "%s \"%s %s %s %s -o %s 2>&1\" >%s", get("/host/sys/shell"), cc_esc, cflags, fn_input_esc, ldflags, fn_output_esc, temp_out_esc); data/xschem-2.8.1/scconfig/src/default/lib_compile.c:100:8: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. ret = system(cmd); data/xschem-2.8.1/scconfig/src/default/lib_compile.c:239:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "%s %s >%s 2>>%s", emu, cmd_, fn_out_esc, temp_out_esc); data/xschem-2.8.1/scconfig/src/default/lib_compile.c:244:8: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. ret = system(cmd); data/xschem-2.8.1/scconfig/src/default/lib_compile.c:285:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "%s %s \"%s\"", emu, shell, cmd_); data/xschem-2.8.1/scconfig/src/default/lib_compile.c:287:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "%s %s %s", emu, shell, cmd_); data/xschem-2.8.1/scconfig/src/default/lib_compile.c:323:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "%s %s", interpreter, temp); data/xschem-2.8.1/scconfig/src/default/lib_file.c:66:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(s, "%sscc_%u%s", tmp, rn, suffix); data/xschem-2.8.1/scconfig/src/default/lib_file.c:70:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "%s %s", mkdir, s_esc); data/xschem-2.8.1/scconfig/src/default/lib_file.c:99:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(s, "%sscc_%u%s", tmp, rn, suffix); data/xschem-2.8.1/scconfig/src/default/lib_file.c:170:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "cd %s", path_esc); data/xschem-2.8.1/scconfig/src/default/lib_file.c:194:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(path, "%s/%s", dir, file); data/xschem-2.8.1/scconfig/src/default/lib_filelist.c:49:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "%s %s", rm, dir_esc); data/xschem-2.8.1/scconfig/src/default/lib_filelist.c:69:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn, "%s%sfile%d", dir, get("sys/path_sep"), n+1); data/xschem-2.8.1/scconfig/src/default/lib_filelist.c:87:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn, "%s%sdir%d", dir, get("sys/path_sep"), n+1); data/xschem-2.8.1/scconfig/src/default/lib_filelist.c:89:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "%s %s", mkdir, fn_esc); data/xschem-2.8.1/scconfig/src/default/lib_filelist.c:220:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(cmd, list_cmd, dir); data/xschem-2.8.1/scconfig/src/default/lib_pkg_config.c:36:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "%s --cflags %s", confname, pkgname); data/xschem-2.8.1/scconfig/src/default/lib_pkg_config.c:49:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "%s --libs %s", confname, pkgname); data/xschem-2.8.1/scconfig/src/default/lib_pkg_config.c:88:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "%s --modversion %s", confname, pkgname); data/xschem-2.8.1/scconfig/src/default/lib_try.c:30:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(c+l, test_c_in); data/xschem-2.8.1/scconfig/src/default/lib_try.c:64:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "%s/includes", prefix); data/xschem-2.8.1/scconfig/src/default/lib_try.c:70:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "%s/cflags", prefix); data/xschem-2.8.1/scconfig/src/default/lib_try.c:76:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "%s/ldflags", prefix); data/xschem-2.8.1/scconfig/src/default/lib_try.c:86:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "%s/presents", prefix); data/xschem-2.8.1/scconfig/src/default/lib_try.c:99:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(apath_end, #node); \ data/xschem-2.8.1/scconfig/src/default/lib_try.c:144:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. l = sprintf(apath, "/arg/icl/%s/", prefix); apath_end = apath+l; data/xschem-2.8.1/scconfig/src/default/lib_try.c:149:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. l = sprintf(apath, "/arg/icl/%s/%s/", db_cwd, prefix); apath_end = apath+l; data/xschem-2.8.1/scconfig/src/default/lib_try.c:158:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(apath, "%s/icl/all_manual_result", prefix); data/xschem-2.8.1/scconfig/src/default/lib_try.c:267:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "%s/presents", prefix); data/xschem-2.8.1/scconfig/src/default/lib_try.c:338:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. case 'l': sprintf(path, "/arg/icl/%s/ldflags", key+8); break; data/xschem-2.8.1/scconfig/src/default/lib_try.c:339:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. case 'c': sprintf(path, "/arg/icl/%s/cflags", key+7); break; data/xschem-2.8.1/scconfig/src/default/lib_try.c:340:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. case 'i': sprintf(path, "/arg/icl/%s/includes", key+9); break; data/xschem-2.8.1/scconfig/src/default/lib_try.c:341:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. case 'p': sprintf(path, "/arg/icl/%s/prefix", key+7); break; data/xschem-2.8.1/scconfig/src/default/lib_try.c:374:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(test_c, test_c_in, structn, fieldn); data/xschem-2.8.1/scconfig/src/default/lib_try.c:378:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(test_c, "%s/sizeof", prefix); data/xschem-2.8.1/scconfig/src/default/log.c:58:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(logfile, format, ap); data/xschem-2.8.1/scconfig/src/default/log.c:69:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, format, ap); data/xschem-2.8.1/scconfig/src/default/log.c:75:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(logfile, format, ap); data/xschem-2.8.1/scconfig/src/default/log.c:86:2: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(format, ap); data/xschem-2.8.1/scconfig/src/default/log.c:93:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(logfile, format, ap); data/xschem-2.8.1/scconfig/src/gui/find_gl.c:63:4: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(test_c, test_c_templ, *id); data/xschem-2.8.1/scconfig/src/gui/find_gl.c:77:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(test_c, test_c_templ, *id); data/xschem-2.8.1/scconfig/src/gui/find_gl.c:128:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(test_c, test_c_templ, ipr, ipr); data/xschem-2.8.1/scconfig/src/gui/find_gl.c:220:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(freeglut, "#include <%s/freeglut.h>", ipr); data/xschem-2.8.1/scconfig/src/gui/find_gl.c:227:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(freeglut, "#include <windows.h>\n#include <%s/glut.h>", ipr); data/xschem-2.8.1/scconfig/src/parsgen/find_parsgen.c:55:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "flex %s", temp_in_esc); data/xschem-2.8.1/scconfig/src/parsgen/find_parsgen.c:100:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(bisfile, temp_in); data/xschem-2.8.1/scconfig/src/parsgen/find_parsgen.c:110:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "bison %s", temp_in_esc); data/xschem-2.8.1/scconfig/src/scripts/find_gpmi.c:65:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "%s --version", *cfg); data/xschem-2.8.1/scconfig/src/scripts/find_gpmi.c:73:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "%s --id", *cfg); data/xschem-2.8.1/scconfig/src/scripts/find_ruby.c:37:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "%s/%s", basedir, files[n]); data/xschem-2.8.1/scconfig/src/scripts/find_ruby.c:42:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "%s/%s/%s/ruby.h", basedir, files[n], ifiles[m]); data/xschem-2.8.1/scconfig/src/scripts/find_ruby.c:45:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "-I%s/%s/%s", basedir, files[n], ifiles[m]); data/xschem-2.8.1/scconfig/src/scripts/find_ruby.c:47:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(ldflags, "-lruby%s", files[n]); data/xschem-2.8.1/scconfig/src/scripts/find_tcl.c:116:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "%s %s", *tclsh, temp); data/xschem-2.8.1/scconfig/src/scripts/find_tcl.c:121:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "#!/bin/sh\n. %s\necho $TCL_INCLUDE_SPEC\necho $TCL_LIB_SPEC\n", out); data/xschem-2.8.1/scconfig/src/scripts/find_tcl.c:125:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(out, "chmod +x %s", temp2); data/xschem-2.8.1/scconfig/src/scripts/find_tcl.c:126:4: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(out); data/xschem-2.8.1/scconfig/src/scripts/scripts.c:59:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(nodename, "libs/script/%s", language); data/xschem-2.8.1/scconfig/src/scripts/scripts.c:60:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(deflink, "-l%s", language); data/xschem-2.8.1/scconfig/src/scripts/scripts.c:68:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(ldflags, "%s -l%s", ldflags_base, files[n]); data/xschem-2.8.1/scconfig/src/scripts/scripts.c:70:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cflags, "-I%s/%s", basedir, files[n]); data/xschem-2.8.1/scconfig/src/tmpasm/tester.c:57:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, fmt, (ctx->runtime_error_data == NULL ? "" : ctx->runtime_error_data)); data/xschem-2.8.1/scconfig/src/tmpasm/tmpasm_scconfig.c:60:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, fmt, (ctx->runtime_error_data == NULL ? "" : ctx->runtime_error_data)); data/xschem-2.8.1/scconfig/src/tmpasm/tmpasm_scconfig.c:280:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buff, val); data/xschem-2.8.1/scconfig/src/tmpasm/tmpasm_scconfig.c:497:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(err, "%s (%s) for %s", path, fn, mode); data/xschem-2.8.1/scconfig/src/util/sccbox.c:435:7: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. f = popen("pwd", "r"); data/xschem-2.8.1/scconfig/src/util/sccbox.c:506:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(end, p); data/xschem-2.8.1/scconfig/src/util/sccbox.c:583:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, "ln -s \"%s\" \"%s\"%s", full_src, dst, supp); data/xschem-2.8.1/scconfig/src/util/sccbox.c:584:9: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. return system(cmd); data/xschem-2.8.1/src/actions.c:280:12: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execl(xschem_executable,xschem_executable,"-r",f, NULL); data/xschem-2.8.1/src/actions.c:284:12: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execl(xschem_executable,xschem_executable,"-r",f, NULL); data/xschem-2.8.1/src/editprop.c:101:19: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. size_of_print = vsnprintf(str, size, fmt, args); data/xschem-2.8.1/src/editprop.c:167:14: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. nlen = sprintf(nstr, nfmt, i); data/xschem-2.8.1/src/editprop.c:193:14: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. nlen = sprintf(nstr, nfmt, i); data/xschem-2.8.1/src/hilight.c:983:2: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(cmd2); data/xschem-2.8.1/src/hilight.c:998:4: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(cmd3); data/xschem-2.8.1/src/options.c:58:20: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if(optval) strcpy(rcfile, optval); data/xschem-2.8.1/src/save.c:959:10: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fd = popen(diff_name,"w"); data/xschem-2.8.1/src/save.c:981:7: [4] (shell) execlp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execlp("gzip", "gzip", "-c", NULL); /* replace current process with comand */ data/xschem-2.8.1/src/save.c:1047:6: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fd=popen(diff_name, "r"); data/xschem-2.8.1/src/save.c:1066:5: [4] (shell) execlp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execlp("gunzip", "gunzip", "-c", NULL); /* replace current process with command */ data/xschem-2.8.1/src/token.c:1426:9: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. sscanf(token+2, "%d:%s", &n, subtok); data/xschem-2.8.1/src/token.c:2107:6: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. sscanf(token+2, "%d:%s", &n, subtok); data/xschem-2.8.1/scconfig/src/default/find_cc.c:133:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. cc = getenv("CC"); data/xschem-2.8.1/src/main.c:76:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if(!getenv("DISPLAY") || !getenv("DISPLAY")[0]) has_x=0; data/xschem-2.8.1/src/main.c:76:29: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if(!getenv("DISPLAY") || !getenv("DISPLAY")[0]) has_x=0; data/xschem-2.8.1/src/save.c:57:5: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((unsigned short) time(NULL)); data/xschem-2.8.1/src/xinit.c:720:19: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((home_buff = getenv("HOME")) == NULL) { data/xschem-2.8.1/scconfig/src/default/db.c:55:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new, orig, l1); data/xschem-2.8.1/scconfig/src/default/db.c:56:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new + l1, value, l2); data/xschem-2.8.1/scconfig/src/default/db.c:66:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char first_level_dir[32]; data/xschem-2.8.1/scconfig/src/default/db.c:137:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(fn, "w"); data/xschem-2.8.1/scconfig/src/default/db.c:212:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024]; data/xschem-2.8.1/scconfig/src/default/db.c:217:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(fn, "r"); data/xschem-2.8.1/scconfig/src/default/db.c:314:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[256]; data/xschem-2.8.1/scconfig/src/default/db.c:324:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[256]; data/xschem-2.8.1/scconfig/src/default/db.c:423:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff + totallen, value, len); data/xschem-2.8.1/scconfig/src/default/dep.c:60:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pres, name_, len-1); data/xschem-2.8.1/scconfig/src/default/dep.c:61:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pres+len-1, "presents"); data/xschem-2.8.1/scconfig/src/default/dep.c:84:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(name, name_, len+1); /* make a copy we can modify */ data/xschem-2.8.1/scconfig/src/default/find_cc.c:120:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(targetcc, target, len); data/xschem-2.8.1/scconfig/src/default/find_cc.c:121:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(targetcc + len, "-gcc"); data/xschem-2.8.1/scconfig/src/default/find_cc.c:123:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(targetcc + len, "-cc"); data/xschem-2.8.1/scconfig/src/default/find_cc.c:196:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[128], *end; data/xschem-2.8.1/scconfig/src/default/find_cc.c:235:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[128], *end; data/xschem-2.8.1/scconfig/src/default/find_cc.c:239:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(name, "cc/argmachine/"); data/xschem-2.8.1/scconfig/src/default/find_cc.c:404:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[64]; data/xschem-2.8.1/scconfig/src/default/find_cc.c:405:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test_c[256]; data/xschem-2.8.1/scconfig/src/default/find_cc.c:444:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[64]; data/xschem-2.8.1/scconfig/src/default/find_cc.c:445:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test_c[256]; data/xschem-2.8.1/scconfig/src/default/find_cc.c:490:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test_c[256]; data/xschem-2.8.1/scconfig/src/default/find_cc.c:717:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test_host_app[1024]; data/xschem-2.8.1/scconfig/src/default/find_cc.c:803:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test_lib[1024]; data/xschem-2.8.1/scconfig/src/default/find_cc.c:804:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test_app[1024]; data/xschem-2.8.1/scconfig/src/default/find_cc.c:888:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dll_ldflags[128]; data/xschem-2.8.1/scconfig/src/default/find_environ.c:52:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(out) > 1) { data/xschem-2.8.1/scconfig/src/default/find_environ.c:90:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(out) > 1) { data/xschem-2.8.1/scconfig/src/default/find_fscalls.c:198:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test_c[256]; data/xschem-2.8.1/scconfig/src/default/find_fscalls.c:210:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nodename[128]; data/xschem-2.8.1/scconfig/src/default/find_fscalls.c:258:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test_c[256]; data/xschem-2.8.1/scconfig/src/default/find_fscalls.c:273:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nodename[128]; data/xschem-2.8.1/scconfig/src/default/find_fscalls.c:315:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test_c[256]; data/xschem-2.8.1/scconfig/src/default/find_fscalls.c:319:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nodename[128]; data/xschem-2.8.1/scconfig/src/default/find_fscalls.c:362:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test_c[384], node[64]; data/xschem-2.8.1/scconfig/src/default/find_fscalls.c:464:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test_c[1024]; data/xschem-2.8.1/scconfig/src/default/find_fscalls.c:528:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test_c[1024]; data/xschem-2.8.1/scconfig/src/default/find_fscalls.c:608:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test_c[1024]; data/xschem-2.8.1/scconfig/src/default/find_fscalls.c:643:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(tmp, "w"); data/xschem-2.8.1/scconfig/src/default/find_fstools.c:160:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(file, "w"); data/xschem-2.8.1/scconfig/src/default/find_fstools.c:319:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[1024]; data/xschem-2.8.1/scconfig/src/default/find_fstools.c:352:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[1024]; data/xschem-2.8.1/scconfig/src/default/find_fstools.c:379:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[1024]; data/xschem-2.8.1/scconfig/src/default/find_fstools.c:452:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[1024]; data/xschem-2.8.1/scconfig/src/default/find_fstools.c:617:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(targetar, target, len); data/xschem-2.8.1/scconfig/src/default/find_fstools.c:618:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(targetar + len, "-ar"); data/xschem-2.8.1/scconfig/src/default/find_fstools.c:666:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(targetranlib, target, len); data/xschem-2.8.1/scconfig/src/default/find_fstools.c:667:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(targetranlib + len, "-ranlib"); data/xschem-2.8.1/scconfig/src/default/find_io.c:80:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test_c[256]; data/xschem-2.8.1/scconfig/src/default/find_io.c:124:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test_c[3256]; data/xschem-2.8.1/scconfig/src/default/find_printf.c:34:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[512]; data/xschem-2.8.1/scconfig/src/default/find_printf.c:51:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[512]; data/xschem-2.8.1/scconfig/src/default/find_proc.c:86:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test_c[1024]; data/xschem-2.8.1/scconfig/src/default/find_signal.c:93:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test_c[256]; data/xschem-2.8.1/scconfig/src/default/find_signal.c:96:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[256], *pathend; data/xschem-2.8.1/scconfig/src/default/find_sys.c:35:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *end, W[32]; data/xschem-2.8.1/scconfig/src/default/find_sys.c:61:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(W, "%d", w * 8); data/xschem-2.8.1/scconfig/src/default/find_sys.c:104:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test_c_blind[1024]; data/xschem-2.8.1/scconfig/src/default/find_sys.c:402:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmdline[256]; data/xschem-2.8.1/scconfig/src/default/find_sys.c:417:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(cmdline, "echo "); data/xschem-2.8.1/scconfig/src/default/find_time.c:145:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test_c[1000]; data/xschem-2.8.1/scconfig/src/default/find_time.c:161:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test_c[1000]; data/xschem-2.8.1/scconfig/src/default/find_types.c:47:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test_c[512], *start; data/xschem-2.8.1/scconfig/src/default/find_types.c:70:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). size = atoi(out+3); data/xschem-2.8.1/scconfig/src/default/find_types.c:72:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(test_c, "%d", size); data/xschem-2.8.1/scconfig/src/default/find_types.c:117:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *sizearr_u[MAX_INT_WIDTH]; data/xschem-2.8.1/scconfig/src/default/find_types.c:118:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *sizearr_s[MAX_INT_WIDTH]; data/xschem-2.8.1/scconfig/src/default/find_types.c:119:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *sizearr_f[MAX_FLT_WIDTH]; data/xschem-2.8.1/scconfig/src/default/find_types.c:120:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char inc_stdint_u[MAX_INT_WIDTH]; data/xschem-2.8.1/scconfig/src/default/find_types.c:121:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char inc_stdint_s[MAX_INT_WIDTH]; data/xschem-2.8.1/scconfig/src/default/find_types.c:126:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[64]; data/xschem-2.8.1/scconfig/src/default/find_types.c:203:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test_c[512]; data/xschem-2.8.1/scconfig/src/default/find_types.c:204:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char node[256], *nodeend; data/xschem-2.8.1/scconfig/src/default/find_types.c:267:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(nodeend-1, "_ptr"); data/xschem-2.8.1/scconfig/src/default/find_types.c:283:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(nodeend, "includes"); data/xschem-2.8.1/scconfig/src/default/find_types.c:301:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(nodeend, "presents"); data/xschem-2.8.1/scconfig/src/default/find_types.c:309:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(nodeend, "broken"); data/xschem-2.8.1/scconfig/src/default/find_types.c:315:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(nodeend, "broken"); data/xschem-2.8.1/scconfig/src/default/find_types.c:333:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(nodeend, "size"); data/xschem-2.8.1/scconfig/src/default/find_uname.c:139:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, bopat[0], len); data/xschem-2.8.1/scconfig/src/default/find_uname.c:306:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fake_sep[2]; data/xschem-2.8.1/scconfig/src/default/ht.c:145:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newentry, entry, sizeof(ht_entry_t)); data/xschem-2.8.1/scconfig/src/default/lib_compile.c:53:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(output, s, len); data/xschem-2.8.1/scconfig/src/default/lib_compile.c:75:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[2048]; data/xschem-2.8.1/scconfig/src/default/lib_file.c:43:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[1024]; data/xschem-2.8.1/scconfig/src/default/lib_file.c:84:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[1024]; data/xschem-2.8.1/scconfig/src/default/lib_file.c:101:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(s, "w"); data/xschem-2.8.1/scconfig/src/default/lib_file.c:129:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(fn, "w"); data/xschem-2.8.1/scconfig/src/default/lib_file.c:145:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(name, "r"); data/xschem-2.8.1/scconfig/src/default/lib_file.c:235:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(path, "a"); data/xschem-2.8.1/scconfig/src/default/lib_filelist.c:70:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(fn, "w"); data/xschem-2.8.1/scconfig/src/default/lib_filelist.c:117:61: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (strncmp(argv[n], "dir", 3) == 0) { arr = dir; idx = atoi(argv[n]+3); } data/xschem-2.8.1/scconfig/src/default/lib_filelist.c:118:61: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (strncmp(argv[n], "file", 4) == 0) { arr = file; idx = atoi(argv[n]+4); } data/xschem-2.8.1/scconfig/src/default/lib_pkg_config.c:31:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[256]; data/xschem-2.8.1/scconfig/src/default/lib_pkg_config.c:82:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[256]; data/xschem-2.8.1/scconfig/src/default/lib_try.c:22:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c[1024]; data/xschem-2.8.1/scconfig/src/default/lib_try.c:27:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c, includes, l); data/xschem-2.8.1/scconfig/src/default/lib_try.c:137:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char apath[1024], *apath_end; data/xschem-2.8.1/scconfig/src/default/lib_try.c:335:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[1024]; data/xschem-2.8.1/scconfig/src/default/lib_try.c:363:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test_c[512]; data/xschem-2.8.1/scconfig/src/default/lib_try.c:364:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ls[16]; data/xschem-2.8.1/scconfig/src/default/lib_try.c:379:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ls, "%ld", field_accept_len); data/xschem-2.8.1/scconfig/src/default/lib_uniqinc.c:138:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(end, *arr, len); data/xschem-2.8.1/scconfig/src/default/lib_uniqinc.c:140:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(end, osep, oseplen); data/xschem-2.8.1/scconfig/src/default/lib_uniqinc.c:165:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(end, arr[ndx], len); data/xschem-2.8.1/scconfig/src/default/lib_uniqinc.c:167:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(end, osep, oseplen); data/xschem-2.8.1/scconfig/src/default/lib_uniqinc.c:298:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(end, str, len); \ data/xschem-2.8.1/scconfig/src/default/log.c:37:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). logfile = fopen(fn_log, "w"); data/xschem-2.8.1/scconfig/src/default/log.c:40:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). logfile = fopen(fn_log, "a"); data/xschem-2.8.1/scconfig/src/default/log.c:102:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[2048]; data/xschem-2.8.1/scconfig/src/default/log.c:108:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(fn, "r"); data/xschem-2.8.1/scconfig/src/default/main_custom_args.c:31:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *custom_reqs[MAX_CUSTOM_REQS]; data/xschem-2.8.1/scconfig/src/default/main_custom_args.h:2:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char *custom_reqs[MAX_CUSTOM_REQS]; data/xschem-2.8.1/scconfig/src/default/regex.c:295:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *bopat[MAXTAG]; data/xschem-2.8.1/scconfig/src/default/regex.c:296:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *eopat[MAXTAG]; data/xschem-2.8.1/scconfig/src/default/regex.c:606:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, bol, l1); data/xschem-2.8.1/scconfig/src/default/regex.c:608:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst+l1, sub, l2); data/xschem-2.8.1/scconfig/src/default/regex.c:609:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst+l1+l2, eopat[0], l3+1); data/xschem-2.8.1/scconfig/src/default/str.c:38:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret, str, l); data/xschem-2.8.1/scconfig/src/default/str.c:108:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *str[CONCAT_MAX]; data/xschem-2.8.1/scconfig/src/default/str.c:138:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(o, sep, sl); data/xschem-2.8.1/scconfig/src/default/str.c:142:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(o, str[n], len[n]); data/xschem-2.8.1/scconfig/src/gui/find_gl.c:33:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test_c[256]; data/xschem-2.8.1/scconfig/src/gui/find_gl.c:98:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test_c[256]; data/xschem-2.8.1/scconfig/src/gui/find_gl.c:178:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char freeglut[4096]; data/xschem-2.8.1/scconfig/src/parsgen/find_parsgen.c:102:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(s, ".tab.c"); data/xschem-2.8.1/scconfig/src/scripts/find_tcl.c:80:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifl[64], lfl[64]; data/xschem-2.8.1/scconfig/src/scripts/find_tcl.c:90:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(lfl, "-ltcl%d", *v); data/xschem-2.8.1/scconfig/src/scripts/find_tcl.c:93:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(lfl, "-ltcl%d.%d", major, minor); data/xschem-2.8.1/scconfig/src/scripts/find_tcl.c:96:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(lfl, "-ltcl%d", *v); data/xschem-2.8.1/scconfig/src/scripts/find_tcl.c:97:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ifl, "-I/usr/include/tcl%d", *v); data/xschem-2.8.1/scconfig/src/scripts/find_tcl.c:100:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(lfl, "-ltcl%d.%d", major, minor); data/xschem-2.8.1/scconfig/src/scripts/find_tcl.c:101:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ifl, "-I/usr/include/tcl%d.%d", major, minor); data/xschem-2.8.1/scconfig/src/scripts/find_tcl.c:175:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). rver[0] = atoi(reqver); data/xschem-2.8.1/scconfig/src/scripts/find_tcl.c:254:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). rver[0] = atoi(reqver); data/xschem-2.8.1/scconfig/src/scripts/find_tcl.c:262:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lfl[64]; data/xschem-2.8.1/scconfig/src/scripts/find_tcl.c:277:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(lfl, "-ltk%d", *v); data/xschem-2.8.1/scconfig/src/scripts/find_tcl.c:280:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(lfl, "-ltk%d.%d", major, minor); data/xschem-2.8.1/scconfig/src/scripts/scripts.c:50:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nodename[1024], deflink[sizeof(nodename)]; data/xschem-2.8.1/scconfig/src/tmpasm/openfiles.c:20:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(name, "w"); data/xschem-2.8.1/scconfig/src/tmpasm/openfiles.c:73:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). o->f = fopen(fn, mode); data/xschem-2.8.1/scconfig/src/tmpasm/tmpasm.c:23:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret, str, l); data/xschem-2.8.1/scconfig/src/tmpasm/tmpasm.c:196:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(a->data, "QWERT"); data/xschem-2.8.1/scconfig/src/tmpasm/tmpasm.c:707:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s+used, i, l); data/xschem-2.8.1/scconfig/src/tmpasm/tmpasm.h:14:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[1]; /* arg string - obviously longer than 1 char (but there's not special hack for that in C89), \0 terminated */ data/xschem-2.8.1/scconfig/src/tmpasm/tmpasm.h:150:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd_buff[TMPASM_INSTR_MAXLEN+1]; data/xschem-2.8.1/scconfig/src/tmpasm/tmpasm_scconfig.c:175:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[16]; data/xschem-2.8.1/scconfig/src/tmpasm/tmpasm_scconfig.c:176:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "%d", argc); data/xschem-2.8.1/scconfig/src/tmpasm/tmpasm_scconfig.c:196:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[16]; data/xschem-2.8.1/scconfig/src/tmpasm/tmpasm_scconfig.c:197:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "%d", argc); data/xschem-2.8.1/scconfig/src/tmpasm/tmpasm_scconfig.c:291:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. memmove((char *)(bopat[0] + slen), eopat[0], mlen); data/xschem-2.8.1/scconfig/src/tmpasm/tmpasm_scconfig.c:293:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)bopat[0], csub, slen); data/xschem-2.8.1/scconfig/src/tmpasm/tmpasm_scconfig.c:293:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. memcpy((char *)bopat[0], csub, slen); data/xschem-2.8.1/scconfig/src/tmpasm/tmpasm_scconfig.c:306:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *uniq_eres[UNIQ_ERE_MAX]; data/xschem-2.8.1/scconfig/src/tmpasm/tmpasm_scconfig.c:400:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[16]; data/xschem-2.8.1/scconfig/src/tmpasm/tmpasm_scconfig.c:401:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "%d", argc); data/xschem-2.8.1/scconfig/src/tmpasm/tmpasm_scconfig.c:457:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fin = fopen(path, "r"); data/xschem-2.8.1/scconfig/src/tmpasm/tmpasm_scconfig.c:600:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fin = fopen(path, "r"); data/xschem-2.8.1/scconfig/src/tmpasm/tmpasm_scconfig.c:609:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fout = fopen(path, "w"); data/xschem-2.8.1/scconfig/src/util/ls.c:30:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char p[MAX_PATH]; data/xschem-2.8.1/scconfig/src/util/sccbox.c:309:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, dir, dlen); data/xschem-2.8.1/scconfig/src/util/sccbox.c:311:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out+dlen, bn, blen+1); data/xschem-2.8.1/scconfig/src/util/sccbox.c:320:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[16384], dst2[MY_PATH_MAX]; data/xschem-2.8.1/scconfig/src/util/sccbox.c:353:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fs = fopen(src, "rb"); data/xschem-2.8.1/scconfig/src/util/sccbox.c:363:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = fopen(dst, "wb"); data/xschem-2.8.1/scconfig/src/util/sccbox.c:375:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = fopen(dst2, "wb"); data/xschem-2.8.1/scconfig/src/util/sccbox.c:378:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = fopen(dst2, "wb"); data/xschem-2.8.1/scconfig/src/util/sccbox.c:383:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = fopen(dst, "wb"); data/xschem-2.8.1/scconfig/src/util/sccbox.c:430:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char pwd_buff[MY_PATH_MAX]; data/xschem-2.8.1/scconfig/src/util/sccbox.c:497:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(end, "../"); data/xschem-2.8.1/scconfig/src/util/sccbox.c:515:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[MY_PATH_MAX*2+16], full_src_tmp[MY_PATH_MAX], rel_src_tmp[MY_PATH_MAX]; data/xschem-2.8.1/scconfig/src/util/sccbox.c:562:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char full_dst_tmp[MY_PATH_MAX]; data/xschem-2.8.1/scconfig/src/util/sccbox.c:592:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, path, len+1); data/xschem-2.8.1/scconfig/src/util/sccbox.c:637:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(fn, "a"); data/xschem-2.8.1/scconfig/src/util/sccbox.c:725:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MY_PATH_MAX]; data/xschem-2.8.1/src/actions.c:56:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[256]; data/xschem-2.8.1/src/actions.c:62:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "%.16g", cadsnap); data/xschem-2.8.1/src/actions.c:73:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[256]; data/xschem-2.8.1/src/actions.c:79:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "%.16g", cadgrid); data/xschem-2.8.1/src/actions.c:103:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c[PATH_MAX+1000]; data/xschem-2.8.1/src/actions.c:112:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c[PATH_MAX+1000]; data/xschem-2.8.1/src/actions.c:251:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char f[PATH_MAX]; /* overflow safe 20161122 */ data/xschem-2.8.1/src/actions.c:336:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[PATH_MAX+1000]; data/xschem-2.8.1/src/actions.c:337:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/xschem-2.8.1/src/actions.c:338:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char res[PATH_MAX]; data/xschem-2.8.1/src/actions.c:364:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fullname[PATH_MAX]; /* overflow safe 20161125 */ data/xschem-2.8.1/src/actions.c:581:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(strcmp(rot_txt,"")) rotated_text=atoi(rot_txt); /* 20171208 */ data/xschem-2.8.1/src/actions.c:699:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char name[PATH_MAX]; data/xschem-2.8.1/src/actions.c:837:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char program[PATH_MAX]; data/xschem-2.8.1/src/actions.c:883:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[PATH_MAX+1000]; data/xschem-2.8.1/src/actions.c:884:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[PATH_MAX]; data/xschem-2.8.1/src/actions.c:885:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char res[PATH_MAX]; data/xschem-2.8.1/src/actions.c:1869:49: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(strlayer[0]) textelement[lasttext].layer = atoi(strlayer); data/xschem-2.8.1/src/callback.c:76:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[PATH_MAX];/* overflow safe 20161122 */ data/xschem-2.8.1/src/callback.c:104:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( (fp=fopen(str, "r"))==NULL && (ui_state & STARTCOPY) ) data/xschem-2.8.1/src/callback.c:391:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char schname[PATH_MAX+1000]; /* overflow safe 20161122 */ data/xschem-2.8.1/src/callback.c:392:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char symname[PATH_MAX+1000]; /* overflow safe 20161122 */ data/xschem-2.8.1/src/editprop.c:61:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*dest, src, len); data/xschem-2.8.1/src/editprop.c:84:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*dest, src, n); data/xschem-2.8.1/src/editprop.c:97:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[200]; data/xschem-2.8.1/src/editprop.c:142:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(string + n, prev, l); data/xschem-2.8.1/src/editprop.c:150:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(string + n, sptr, l+1); data/xschem-2.8.1/src/editprop.c:156:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nfmt[50], nstr[50]; data/xschem-2.8.1/src/editprop.c:164:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(string + n, prev, l); data/xschem-2.8.1/src/editprop.c:172:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(string +n, nstr, nlen+1); data/xschem-2.8.1/src/editprop.c:178:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nfmt[50], nstr[50]; data/xschem-2.8.1/src/editprop.c:190:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(string + n, prev, l); data/xschem-2.8.1/src/editprop.c:198:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(string +n, nstr, nlen+1); data/xschem-2.8.1/src/editprop.c:206:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(string + n, prev, l+1); data/xschem-2.8.1/src/editprop.c:230:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*dest, src, len); data/xschem-2.8.1/src/editprop.c:248:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*str + s, append_str, a); /* 20180923 */ data/xschem-2.8.1/src/editprop.c:255:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*str, append_str, a); /* 20180923 */ data/xschem-2.8.1/src/editprop.c:272:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*str+s, append_str, a); /* 20180923 */ data/xschem-2.8.1/src/editprop.c:281:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*str, append_str, a); /* 20180923 */ data/xschem-2.8.1/src/editprop.c:394:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char property[1024];/* used for float 2 string conv (xscale and yscale) overflow safe */ data/xschem-2.8.1/src/editprop.c:515:49: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(strlayer[0]) textelement[sel].layer = atoi(strlayer); data/xschem-2.8.1/src/editprop.c:588:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char symbol[PATH_MAX]; data/xschem-2.8.1/src/editprop.c:613:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). no_change_props=atoi(tclgetvar("rbutton1") ); data/xschem-2.8.1/src/editprop.c:614:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). only_different=atoi(tclgetvar("rbutton2") ); data/xschem-2.8.1/src/editprop.c:615:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). copy_cell=atoi(tclgetvar("user_wants_copy_cell") ); /* 20150911 */ data/xschem-2.8.1/src/editprop.c:812:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_txt[50]; /* overflow safe */ data/xschem-2.8.1/src/font.c:28:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[PATH_MAX]; data/xschem-2.8.1/src/globals.c:38:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char home_dir[PATH_MAX]; /* home dir obtained via getpwuid */ data/xschem-2.8.1/src/globals.c:39:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pwd_dir[PATH_MAX]; /* obtained via getcwd() */ data/xschem-2.8.1/src/globals.c:41:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rcfile[PATH_MAX] = {'\0'}; data/xschem-2.8.1/src/globals.c:80:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pixdata_init[22][32]={ /* fill patterns... indexed by laynumb. */ data/xschem-2.8.1/src/globals.c:214:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char schematic[CADMAXHIER][PATH_MAX]; data/xschem-2.8.1/src/globals.c:222:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *sch_prefix[CADMAXHIER]; data/xschem-2.8.1/src/globals.c:261:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cairo_font_name[1024]="Monospace"; data/xschem-2.8.1/src/hilight.c:428:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). propagate = atoi(propagate_str); data/xschem-2.8.1/src/in_memory_undo.c:267:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(uslot[slot].pptr[c][i].x, polygon[c][i].x, points * sizeof(double)); data/xschem-2.8.1/src/in_memory_undo.c:268:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(uslot[slot].pptr[c][i].y, polygon[c][i].y, points * sizeof(double)); data/xschem-2.8.1/src/in_memory_undo.c:269:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(uslot[slot].pptr[c][i].selected_point, polygon[c][i].selected_point, points * sizeof(unsigned short)); data/xschem-2.8.1/src/in_memory_undo.c:377:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(polygon[c][i].x, uslot[slot].pptr[c][i].x, points * sizeof(double)); data/xschem-2.8.1/src/in_memory_undo.c:378:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(polygon[c][i].y, uslot[slot].pptr[c][i].y, points * sizeof(double)); data/xschem-2.8.1/src/in_memory_undo.c:379:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(polygon[c][i].selected_point, uslot[slot].pptr[c][i].selected_point, points * sizeof(unsigned short)); data/xschem-2.8.1/src/main.c:28:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char emergency_prefix[PATH_MAX]; data/xschem-2.8.1/src/move.c:700:53: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(strlayer[0]) textelement[lasttext].layer = atoi(strlayer); data/xschem-2.8.1/src/netlist.c:355:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[200]; /* overflow safe 20161122 */ data/xschem-2.8.1/src/netlist.c:359:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). range = atoi(Tcl_GetStringResult(interp)); data/xschem-2.8.1/src/netlist.c:401:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[2048]; data/xschem-2.8.1/src/netlist.c:563:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_str[30]; /* overflow safe */ data/xschem-2.8.1/src/netlist.c:564:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nn[PATH_MAX+30]; data/xschem-2.8.1/src/node_hash.c:325:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[2048]; /* 20161122 overflow safe */ data/xschem-2.8.1/src/options.c:30:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(optval) debug_var=atoi(optval); data/xschem-2.8.1/src/options.c:80:28: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(optval) errfp = fopen(optval, "w"); data/xschem-2.8.1/src/paste.c:47:45: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(strlayer[0]) textelement[i].layer = atoi(strlayer); data/xschem-2.8.1/src/paste.c:275:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[PATH_MAX]; data/xschem-2.8.1/src/paste.c:276:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name1[PATH_MAX]; /* overflow safe */ data/xschem-2.8.1/src/paste.c:277:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[256]; /* 20161122 overflow safe */ data/xschem-2.8.1/src/paste.c:301:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( (fd=fopen(name,"r"))!= NULL) data/xschem-2.8.1/src/psprint.c:358:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[200]; /* overflow safe 20161122 */ data/xschem-2.8.1/src/psprint.c:401:5: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd=fopen("plot.ps", "w"); data/xschem-2.8.1/src/save.c:30:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s[100]; data/xschem-2.8.1/src/save.c:51:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char str[PATH_MAX]; data/xschem-2.8.1/src/save.c:62:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str+1, prefix, prefix_size); data/xschem-2.8.1/src/save.c:81:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char str[PATH_MAX]; data/xschem-2.8.1/src/save.c:106:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char str[PATH_MAX]; data/xschem-2.8.1/src/save.c:113:33: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(stat(str, &buf) && (fd = fopen(str, "w")) ) { /* file must not exist */ data/xschem-2.8.1/src/save.c:418:43: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(strlayer[0]) textelement[i].layer = atoi(strlayer); data/xschem-2.8.1/src/save.c:609:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name_embedded[PATH_MAX]; data/xschem-2.8.1/src/save.c:610:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c[1]; data/xschem-2.8.1/src/save.c:729:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[1024]; /* overflow safe 20161122 */ data/xschem-2.8.1/src/save.c:746:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[PATH_MAX]; /* overflow safe 20161122 */ data/xschem-2.8.1/src/save.c:757:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!(fd=fopen(name,"w")) ) { data/xschem-2.8.1/src/save.c:787:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[PATH_MAX]; /* overflow safe 20161122 */ data/xschem-2.8.1/src/save.c:797:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!(fd=fopen(name,"w"))) data/xschem-2.8.1/src/save.c:873:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[PATH_MAX]; data/xschem-2.8.1/src/save.c:874:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char msg[PATH_MAX+100]; data/xschem-2.8.1/src/save.c:893:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( (fd=fopen(name,"r"))== NULL) { data/xschem-2.8.1/src/save.c:925:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char diff_name[PATH_MAX]; /* overflow safe 20161122 */ data/xschem-2.8.1/src/save.c:950:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char diff_name[PATH_MAX+100]; /* overflow safe 20161122 */ data/xschem-2.8.1/src/save.c:990:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = fopen(diff_name,"w"); data/xschem-2.8.1/src/save.c:1014:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char diff_name[PATH_MAX+12]; data/xschem-2.8.1/src/save.c:1075:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd=fopen(diff_name, "r"); data/xschem-2.8.1/src/save.c:1109:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name3[PATH_MAX]; /* 20161122 overflow safe */ data/xschem-2.8.1/src/save.c:1115:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char aux_str[1]; /* overflow safe 20161122 */ data/xschem-2.8.1/src/save.c:1134:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((fd=fopen(name3,"r"))==NULL) data/xschem-2.8.1/src/save.c:1139:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((fd=fopen(name3,"r"))==NULL) data/xschem-2.8.1/src/save.c:1292:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(strlayer[0]) tt[i].layer = atoi(strlayer); data/xschem-2.8.1/src/save.c:1427:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pindir[3] = {"in", "out", "inout"}; data/xschem-2.8.1/src/save.c:1428:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pinname[3] = {"devices/ipin", "devices/opin", "devices/iopin"}; data/xschem-2.8.1/src/save.c:1431:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char schname[PATH_MAX]; data/xschem-2.8.1/src/save.c:1452:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!(fd=fopen(schname,"w"))) data/xschem-2.8.1/src/save.c:1519:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[PATH_MAX]; /* overflow safe 20161122 */ data/xschem-2.8.1/src/save.c:1520:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name_embedded[PATH_MAX]; data/xschem-2.8.1/src/save.c:1553:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!(fd = fopen(name_embedded, "w")) ) { data/xschem-2.8.1/src/save.c:1569:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[PATH_MAX]; /* overflow safe 20161122 */ data/xschem-2.8.1/src/save.c:1587:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( (fd=fopen(name,"r"))== NULL) { data/xschem-2.8.1/src/save.c:1673:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[PATH_MAX]; data/xschem-2.8.1/src/save.c:1681:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!(fd=fopen(name,"w"))) data/xschem-2.8.1/src/scheduler.c:27:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s[2048]; data/xschem-2.8.1/src/scheduler.c:47:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[1024]; /* overflow safe 20161122 */ data/xschem-2.8.1/src/scheduler.c:64:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). callback( atoi(argv[2]), atoi(argv[3]), atoi(argv[4]), (KeySym)atol(argv[5]), data/xschem-2.8.1/src/scheduler.c:64:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). callback( atoi(argv[2]), atoi(argv[3]), atoi(argv[4]), (KeySym)atol(argv[5]), data/xschem-2.8.1/src/scheduler.c:64:43: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). callback( atoi(argv[2]), atoi(argv[3]), atoi(argv[4]), (KeySym)atol(argv[5]), data/xschem-2.8.1/src/scheduler.c:64:66: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). callback( atoi(argv[2]), atoi(argv[3]), atoi(argv[4]), (KeySym)atol(argv[5]), data/xschem-2.8.1/src/scheduler.c:65:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(argv[6]), atoi(argv[7]), atoi(argv[8]) ); data/xschem-2.8.1/src/scheduler.c:65:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(argv[6]), atoi(argv[7]), atoi(argv[8]) ); data/xschem-2.8.1/src/scheduler.c:65:43: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(argv[6]), atoi(argv[7]), atoi(argv[8]) ); data/xschem-2.8.1/src/scheduler.c:69:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[30]; /* overflow safe 20161122 */ data/xschem-2.8.1/src/scheduler.c:72:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). force = atoi(argv[2]); data/xschem-2.8.1/src/scheduler.c:245:41: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(argc==3 && opened==0 ) { errfp = fopen(argv[2], "w");opened=1; } /* added check to avoid multiple open 07102004 */ data/xschem-2.8.1/src/scheduler.c:304:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[1024]; /* overflow safe 20161122 */ data/xschem-2.8.1/src/scheduler.c:313:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). debug_var=atoi(argv[2]); data/xschem-2.8.1/src/scheduler.c:340:11: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). inst=atol(argv[3]); data/xschem-2.8.1/src/scheduler.c:387:11: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). inst=atol(argv[3]); data/xschem-2.8.1/src/scheduler.c:390:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char symbol[PATH_MAX]; data/xschem-2.8.1/src/scheduler.c:459:10: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). i=atol(argv[3]); data/xschem-2.8.1/src/scheduler.c:513:8: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). i=atol(argv[3]); data/xschem-2.8.1/src/scheduler.c:551:12: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int n=atol(argv[3]); data/xschem-2.8.1/src/scheduler.c:565:12: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int n=atol(argv[3]); data/xschem-2.8.1/src/scheduler.c:566:33: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(n<lastwire) select_wire(atol(argv[3]), SELECTED, 0); data/xschem-2.8.1/src/scheduler.c:569:12: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int n=atol(argv[3]); data/xschem-2.8.1/src/scheduler.c:570:33: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(n<lasttext) select_text(atol(argv[3]), SELECTED, 0); data/xschem-2.8.1/src/scheduler.c:577:62: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). place_symbol(-1, argv[2], atof(argv[3]), atof(argv[4]), atoi(argv[5]), atoi(argv[6]),NULL, 3, 1); data/xschem-2.8.1/src/scheduler.c:577:77: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). place_symbol(-1, argv[2], atof(argv[3]), atof(argv[4]), atoi(argv[5]), atoi(argv[6]),NULL, 3, 1); data/xschem-2.8.1/src/scheduler.c:579:62: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). place_symbol(-1, argv[2], atof(argv[3]), atof(argv[4]), atoi(argv[5]), atoi(argv[6]), argv[7], 3, 1); data/xschem-2.8.1/src/scheduler.c:579:77: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). place_symbol(-1, argv[2], atof(argv[3]), atof(argv[4]), atoi(argv[5]), atoi(argv[6]), argv[7], 3, 1); data/xschem-2.8.1/src/scheduler.c:596:22: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(argc==7) pos=atol(argv[6]); data/xschem-2.8.1/src/scheduler.c:611:22: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(argc==7) pos=atol(argv[6]); data/xschem-2.8.1/src/scheduler.c:627:22: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(argc==7) pos=atol(argv[6]); data/xschem-2.8.1/src/scheduler.c:935:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). set_fill(atoi(argv[2])); data/xschem-2.8.1/src/scheduler.c:1068:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). select = atoi(argv[3]); data/xschem-2.8.1/src/scheduler.c:1081:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). x = atoi(argv[3]); data/xschem-2.8.1/src/scheduler.c:1089:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[30]; data/xschem-2.8.1/src/scheduler.c:1236:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[30]; /* overflow safe 20161212 */ data/xschem-2.8.1/src/scheduler.c:1241:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[30]; /* overflow safe 20161122 */ data/xschem-2.8.1/src/scheduler.c:1246:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[30]; /* overflow safe 20161122 */ data/xschem-2.8.1/src/scheduler.c:1251:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[30]; /* overflow safe 20161122 */ data/xschem-2.8.1/src/scheduler.c:1256:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[30]; /* overflow safe 20161122 */ data/xschem-2.8.1/src/scheduler.c:1261:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[30]; /* overflow safe 20161122 */ data/xschem-2.8.1/src/scheduler.c:1266:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[30]; /* overflow safe 20161122 */ data/xschem-2.8.1/src/scheduler.c:1277:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[40]; data/xschem-2.8.1/src/scheduler.c:1282:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[30]; /* overflow safe 20161122 */ data/xschem-2.8.1/src/scheduler.c:1287:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[30]; /* overflow safe 20161122 */ data/xschem-2.8.1/src/scheduler.c:1292:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[30]; /* overflow safe 20161122 */ data/xschem-2.8.1/src/scheduler.c:1297:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[30]; /* overflow safe 20161122 */ data/xschem-2.8.1/src/scheduler.c:1302:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[30]; /* overflow safe 20161122 */ data/xschem-2.8.1/src/scheduler.c:1307:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[30]; /* overflow safe 20161122 */ data/xschem-2.8.1/src/scheduler.c:1312:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[30]; /* overflow safe 20161122 */ data/xschem-2.8.1/src/scheduler.c:1317:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[30]; /* overflow safe 20161122 */ data/xschem-2.8.1/src/scheduler.c:1322:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[30]; /* overflow safe 20161122 */ data/xschem-2.8.1/src/scheduler.c:1337:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). horizontal_move = atoi(tclgetvar("horizontal_move")); data/xschem-2.8.1/src/scheduler.c:1344:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). vertical_move = atoi(tclgetvar("vertical_move")); data/xschem-2.8.1/src/scheduler.c:1365:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int s = atoi(argv[3]); data/xschem-2.8.1/src/scheduler.c:1369:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int s = atoi(argv[3]); data/xschem-2.8.1/src/scheduler.c:1373:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int s = atoi(argv[3]); data/xschem-2.8.1/src/scheduler.c:1421:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). incr_hilight=atoi(argv[3]); data/xschem-2.8.1/src/scheduler.c:1424:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). auto_hilight=atoi(argv[3]); data/xschem-2.8.1/src/scheduler.c:1427:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). netlist_show=atoi(argv[3]); data/xschem-2.8.1/src/scheduler.c:1430:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). semaphore=atoi(argv[3]); data/xschem-2.8.1/src/scheduler.c:1439:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). flat_netlist=atoi(argv[3]); data/xschem-2.8.1/src/scheduler.c:1442:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). split_files=atoi(argv[3]); data/xschem-2.8.1/src/scheduler.c:1445:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). hspice_netlist=atoi(argv[3]); data/xschem-2.8.1/src/scheduler.c:1450:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). enable_stretch=atoi(argv[3]); data/xschem-2.8.1/src/scheduler.c:1453:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). a3page=atoi(argv[3]); data/xschem-2.8.1/src/scheduler.c:1456:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). color_ps=atoi(argv[3]); data/xschem-2.8.1/src/scheduler.c:1459:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). only_probes=atoi(argv[3]); data/xschem-2.8.1/src/scheduler.c:1462:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). draw_grid=atoi(argv[3]); data/xschem-2.8.1/src/scheduler.c:1465:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sym_txt=atoi(argv[3]); data/xschem-2.8.1/src/scheduler.c:1468:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). rectcolor=atoi(argv[3]); data/xschem-2.8.1/src/scheduler.c:1475:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). change_lw=atoi(argv[3]); data/xschem-2.8.1/src/scheduler.c:1478:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). draw_window=atoi(argv[3]); data/xschem-2.8.1/src/scheduler.c:1481:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ui_state=atoi(argv[3]); data/xschem-2.8.1/src/select.c:439:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[PATH_MAX]; data/xschem-2.8.1/src/select.c:538:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[1024]; /* overflow safe */ data/xschem-2.8.1/src/select.c:577:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[1024]; /* overflow safe */ data/xschem-2.8.1/src/select.c:578:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[256]; /* overflow safe */ data/xschem-2.8.1/src/select.c:619:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[1024]; /* overflow safe */ data/xschem-2.8.1/src/select.c:620:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[256]; /* overflow safe */ data/xschem-2.8.1/src/select.c:653:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[1024]; /* overflow safe */ data/xschem-2.8.1/src/select.c:654:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[256]; /* overflow safe */ data/xschem-2.8.1/src/select.c:688:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[1024]; /* overflow safe */ data/xschem-2.8.1/src/select.c:689:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[256]; /* overflow safe */ data/xschem-2.8.1/src/select.c:717:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[1024]; /* overflow safe */ data/xschem-2.8.1/src/select.c:718:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[256]; /* overflow safe */ data/xschem-2.8.1/src/select.c:739:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[1024]; /* overflow safe */ data/xschem-2.8.1/src/select.c:740:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[256]; /* overflow safe */ data/xschem-2.8.1/src/spice_netlist.c:33:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char netl[PATH_MAX]; /* overflow safe 20161122 */ data/xschem-2.8.1/src/spice_netlist.c:34:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char netl2[PATH_MAX]; /* 20081211 overflow safe 20161122 */ data/xschem-2.8.1/src/spice_netlist.c:35:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char netl3[PATH_MAX]; /* 20081211 overflow safe 20161122 */ data/xschem-2.8.1/src/spice_netlist.c:43:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[1024]; data/xschem-2.8.1/src/spice_netlist.c:53:5: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd=fopen(netl, "w"); data/xschem-2.8.1/src/spice_netlist.c:207:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char netl[PATH_MAX]; data/xschem-2.8.1/src/spice_netlist.c:208:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char netl2[PATH_MAX]; /* 20081202 */ data/xschem-2.8.1/src/spice_netlist.c:209:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char netl3[PATH_MAX]; /* 20081202 */ data/xschem-2.8.1/src/spice_netlist.c:223:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd=fopen(netl, "w"); data/xschem-2.8.1/src/svgdraw.c:378:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[200]; /* overflow safe 20161122 */ data/xschem-2.8.1/src/svgdraw.c:430:5: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd=fopen("plot.svg", "w"); data/xschem-2.8.1/src/tedax_netlist.c:29:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char netl[PATH_MAX]; /* overflow safe 20161122 */ data/xschem-2.8.1/src/tedax_netlist.c:30:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char netl2[PATH_MAX]; /* 20081211 overflow safe 20161122 */ data/xschem-2.8.1/src/tedax_netlist.c:31:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char netl3[PATH_MAX]; /* 20081211 overflow safe 20161122 */ data/xschem-2.8.1/src/tedax_netlist.c:39:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[1024]; data/xschem-2.8.1/src/tedax_netlist.c:49:5: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd=fopen(netl, "w"); data/xschem-2.8.1/src/tedax_netlist.c:116:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char netl[PATH_MAX]; data/xschem-2.8.1/src/tedax_netlist.c:117:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char netl2[PATH_MAX]; /* 20081202 */ data/xschem-2.8.1/src/tedax_netlist.c:118:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char netl3[PATH_MAX]; /* 20081202 */ data/xschem-2.8.1/src/token.c:108:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(entry->token,token, token_size + 1); data/xschem-2.8.1/src/token.c:437:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result+result_pos, token, token_pos+1); /* 20180923 */ data/xschem-2.8.1/src/token.c:440:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result+result_pos, value, value_pos+1); /* 20180923 */ data/xschem-2.8.1/src/token.c:452:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result+result_pos, token, token_pos+1); /* 20180923 */ data/xschem-2.8.1/src/token.c:633:12: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result + result_pos ,new_val, tmp + 1); /* 20180923 */ data/xschem-2.8.1/src/token.c:686:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s[PATH_MAX]; data/xschem-2.8.1/src/token.c:1217:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pin_number = atoi(token+2); data/xschem-2.8.1/src/token.c:1443:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pin_number = atoi(token+2); data/xschem-2.8.1/src/token.c:1623:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[2048]; data/xschem-2.8.1/src/token.c:1626:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_node[40]; /* 20161122 overflow safe */ data/xschem-2.8.1/src/token.c:1634:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). inst_ptr[i].node[j], atoi(inst_ptr[i].node[j]), *mult); data/xschem-2.8.1/src/token.c:1792:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pin_number = atoi(token+2); data/xschem-2.8.1/src/token.c:1952:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pin_number = atoi(token+2); data/xschem-2.8.1/src/token.c:2034:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name[PATH_MAX]; data/xschem-2.8.1/src/token.c:2090:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result+result_pos, value, tmp+1); /* 20180923 */ data/xschem-2.8.1/src/token.c:2099:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result+result_pos,tmp_sym_name, tmp+1); /* 20180923 */ data/xschem-2.8.1/src/token.c:2122:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result+result_pos, value, tmp+1); /* 20180923 */ data/xschem-2.8.1/src/token.c:2137:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result+result_pos,asctime(tm), tmp+1); /* 20180923 */ data/xschem-2.8.1/src/token.c:2148:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result+result_pos,asctime(tm), tmp+1); /* 20180923 */ data/xschem-2.8.1/src/token.c:2159:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result+result_pos,asctime(tm), tmp+1); /* 20180923 */ data/xschem-2.8.1/src/token.c:2168:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result+result_pos,schematic[currentsch], tmp+1); /* 20180923 */ data/xschem-2.8.1/src/token.c:2178:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result+result_pos,inst_ptr[inst].prop_ptr, tmp+1); /* 20180923 */ data/xschem-2.8.1/src/token.c:2189:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result+result_pos,schvhdlprop, tmp+1); /* 20180923 */ data/xschem-2.8.1/src/token.c:2201:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result+result_pos,schprop, tmp+1); /* 20180923 */ data/xschem-2.8.1/src/token.c:2214:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result+result_pos,schtedaxprop, tmp+1); /* 20180923 */ data/xschem-2.8.1/src/token.c:2227:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result+result_pos,schverilogprop, tmp+1); /* 20180923 */ data/xschem-2.8.1/src/verilog_netlist.c:33:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char netl[PATH_MAX]; /* overflow safe 20161122 */ data/xschem-2.8.1/src/verilog_netlist.c:34:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char netl2[PATH_MAX]; /* 20081203 overflow safe 20161122 */ data/xschem-2.8.1/src/verilog_netlist.c:35:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char netl3[PATH_MAX]; /* 20081203 overflow safe 20161122 */ data/xschem-2.8.1/src/verilog_netlist.c:46:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[PATH_MAX]; data/xschem-2.8.1/src/verilog_netlist.c:56:5: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd=fopen(netl, "w"); data/xschem-2.8.1/src/verilog_netlist.c:318:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char netl[PATH_MAX]; data/xschem-2.8.1/src/verilog_netlist.c:319:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char netl2[PATH_MAX]; /* 20081202 */ data/xschem-2.8.1/src/verilog_netlist.c:320:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char netl3[PATH_MAX]; /* 20081202 */ data/xschem-2.8.1/src/verilog_netlist.c:332:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd=fopen(netl, "w"); data/xschem-2.8.1/src/vhdl_netlist.c:34:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char netl[PATH_MAX]; /* overflow safe 20161122 */ data/xschem-2.8.1/src/vhdl_netlist.c:35:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char netl2[PATH_MAX]; /* 20081202 overflow safe 20161122 */ data/xschem-2.8.1/src/vhdl_netlist.c:36:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char netl3[PATH_MAX]; /* 20081202 overflow safe 20161122 */ data/xschem-2.8.1/src/vhdl_netlist.c:47:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[PATH_MAX]; data/xschem-2.8.1/src/vhdl_netlist.c:56:5: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd=fopen(netl, "w"); data/xschem-2.8.1/src/vhdl_netlist.c:353:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char netl[PATH_MAX]; data/xschem-2.8.1/src/vhdl_netlist.c:354:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char netl2[PATH_MAX]; /* 20081202 */ data/xschem-2.8.1/src/vhdl_netlist.c:355:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char netl3[PATH_MAX]; /* 20081202 */ data/xschem-2.8.1/src/vhdl_netlist.c:366:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd=fopen(netl, "w"); data/xschem-2.8.1/src/xinit.c:96:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char tmp_prop1[1024], tmp1[1024]; /* overflow safe 20161122 */ data/xschem-2.8.1/src/xinit.c:118:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char tmp_prop2[1024], tmp2[1024]; /* overflow safe */ data/xschem-2.8.1/src/xinit.c:296:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[1024]; /* overflow safe 20161122 */ data/xschem-2.8.1/src/xinit.c:347:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[256]; /* overflow safe 20161122 */ data/xschem-2.8.1/src/xinit.c:623:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(atoi(Tcl_GetStringResult(interp))>=cadlayers){ data/xschem-2.8.1/src/xinit.c:628:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(atoi(Tcl_GetStringResult(interp)) >=cadlayers){ data/xschem-2.8.1/src/xinit.c:633:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(atoi(Tcl_GetStringResult(interp))<cadlayers){ data/xschem-2.8.1/src/xinit.c:686:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1024]; data/xschem-2.8.1/src/xinit.c:706:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[PATH_MAX]; /* overflow safe 20161122 */ data/xschem-2.8.1/src/xinit.c:707:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[2*PATH_MAX+100]; /* 20161122 overflow safe */ data/xschem-2.8.1/src/xinit.c:897:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). split_files=atoi(tclgetvar("split_files")); data/xschem-2.8.1/src/xinit.c:898:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). hspice_netlist=atoi(tclgetvar("hspice_netlist")); data/xschem-2.8.1/src/xinit.c:899:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). netlist_show=atoi(tclgetvar("netlist_show")); data/xschem-2.8.1/src/xinit.c:900:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). fullscreen=atoi(tclgetvar("fullscreen")); data/xschem-2.8.1/src/xinit.c:901:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). unzoom_nodrift=atoi(tclgetvar("unzoom_nodrift")); data/xschem-2.8.1/src/xinit.c:903:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). color_ps=atoi(tclgetvar("color_ps")); data/xschem-2.8.1/src/xinit.c:908:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). change_lw=atoi(tclgetvar("change_lw")); data/xschem-2.8.1/src/xinit.c:909:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). draw_window=atoi(tclgetvar("draw_window")); data/xschem-2.8.1/src/xinit.c:910:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). incr_hilight=atoi(tclgetvar("incr_hilight")); data/xschem-2.8.1/src/xinit.c:912:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). a3page=atoi(tclgetvar("a3page")); data/xschem-2.8.1/src/xinit.c:917:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). enable_stretch=atoi(tclgetvar("enable_stretch")); data/xschem-2.8.1/src/xinit.c:918:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). draw_grid=atoi(tclgetvar("draw_grid")); data/xschem-2.8.1/src/xinit.c:919:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cadlayers=atoi(tclgetvar("cadlayers")); data/xschem-2.8.1/src/xschem.h:462:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char home_dir[PATH_MAX]; /* home dir obtained via getpwuid */ data/xschem-2.8.1/src/xschem.h:463:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char pwd_dir[PATH_MAX]; /* obtained via getcwd() */ data/xschem-2.8.1/src/xschem.h:465:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char rcfile[PATH_MAX]; data/xschem-2.8.1/src/xschem.h:511:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char schematic[CADMAXHIER][PATH_MAX]; data/xschem-2.8.1/src/xschem.h:550:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern unsigned char pixdata_init[22][32]; data/xschem-2.8.1/src/xschem.h:917:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char cairo_font_name[1024]; /* should be monospaced */ data/xschem-2.8.1/scconfig/src/default/arg.c:77:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (((a->arg[0] == '^') && (strncmp(a->arg+1, key, strlen(a->arg+1)) == 0)) || (strcmp(a->arg, key) == 0)) { data/xschem-2.8.1/scconfig/src/default/db.c:52:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l1 = strlen(orig); data/xschem-2.8.1/scconfig/src/default/db.c:53:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l2 = strlen(value); data/xschem-2.8.1/scconfig/src/default/db.c:79:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(first_level_dir, key, fld_len); data/xschem-2.8.1/scconfig/src/default/db.c:309:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(key) + strlen(db_cwd) < sizeof(tmp)-1); \ data/xschem-2.8.1/scconfig/src/default/db.c:309:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(key) + strlen(db_cwd) < sizeof(tmp)-1); \ data/xschem-2.8.1/scconfig/src/default/db.c:408:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). totallen = strlen(prefix); data/xschem-2.8.1/scconfig/src/default/db.c:418:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(value); data/xschem-2.8.1/scconfig/src/default/dep.c:54:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(name_); data/xschem-2.8.1/scconfig/src/default/dep.c:68:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *missing = !strlen(val); data/xschem-2.8.1/scconfig/src/default/dep.c:163:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(needtodo); data/xschem-2.8.1/scconfig/src/default/dep.c:183:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(path); data/xschem-2.8.1/scconfig/src/default/find_cc.c:41:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (((out == NULL) && (iscross)) || (strncmp(out, expected, strlen(expected)) == 0)) { data/xschem-2.8.1/scconfig/src/default/find_cc.c:57:67: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (((out == NULL) && (iscross)) || (strncmp(out, expected_bad, strlen(expected_bad)) != 0)) { data/xschem-2.8.1/scconfig/src/default/find_cc.c:118:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(target); data/xschem-2.8.1/scconfig/src/default/find_cc.c:240:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = name + strlen(name); data/xschem-2.8.1/scconfig/src/default/find_cc.c:739:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cflags_c = malloc(strlen(cflags) + 8 + strlen(fpic)); data/xschem-2.8.1/scconfig/src/default/find_cc.c:739:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cflags_c = malloc(strlen(cflags) + 8 + strlen(fpic)); data/xschem-2.8.1/scconfig/src/default/find_cc.c:849:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(lib_filename) - strlen(libname_ext); data/xschem-2.8.1/scconfig/src/default/find_cc.c:849:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(lib_filename) - strlen(libname_ext); data/xschem-2.8.1/scconfig/src/default/find_fstools.c:49:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd = malloc(strlen(command) + strlen(src_esc) + strlen(dst_esc) + 32); data/xschem-2.8.1/scconfig/src/default/find_fstools.c:49:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd = malloc(strlen(command) + strlen(src_esc) + strlen(dst_esc) + 32); data/xschem-2.8.1/scconfig/src/default/find_fstools.c:49:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd = malloc(strlen(command) + strlen(src_esc) + strlen(dst_esc) + 32); data/xschem-2.8.1/scconfig/src/default/find_fstools.c:108:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd = malloc(strlen(command) + strlen(src_esc) + strlen(dst_esc) + 32); data/xschem-2.8.1/scconfig/src/default/find_fstools.c:108:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd = malloc(strlen(command) + strlen(src_esc) + strlen(dst_esc) + 32); data/xschem-2.8.1/scconfig/src/default/find_fstools.c:108:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd = malloc(strlen(command) + strlen(src_esc) + strlen(dst_esc) + 32); data/xschem-2.8.1/scconfig/src/default/find_fstools.c:153:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd = malloc(strlen(command) + strlen(dir_esc) + 32); data/xschem-2.8.1/scconfig/src/default/find_fstools.c:153:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd = malloc(strlen(command) + strlen(dir_esc) + 32); data/xschem-2.8.1/scconfig/src/default/find_fstools.c:158:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). file = malloc(strlen(dir) + 32); data/xschem-2.8.1/scconfig/src/default/find_fstools.c:173:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd = malloc(strlen(dir) + 32); data/xschem-2.8.1/scconfig/src/default/find_fstools.c:214:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd = malloc(strlen(command) + strlen(src_esc) + 32); data/xschem-2.8.1/scconfig/src/default/find_fstools.c:214:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd = malloc(strlen(command) + strlen(src_esc) + 32); data/xschem-2.8.1/scconfig/src/default/find_fstools.c:250:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd = malloc(strlen(command) + strlen(src_esc) + strlen(dst_esc) + 32); data/xschem-2.8.1/scconfig/src/default/find_fstools.c:250:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd = malloc(strlen(command) + strlen(src_esc) + strlen(dst_esc) + 32); data/xschem-2.8.1/scconfig/src/default/find_fstools.c:250:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd = malloc(strlen(command) + strlen(src_esc) + strlen(dst_esc) + 32); data/xschem-2.8.1/scconfig/src/default/find_fstools.c:266:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = strncmp(expected, result, strlen(expected)) == 0; data/xschem-2.8.1/scconfig/src/default/find_fstools.c:292:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd = malloc(strlen(command) + strlen(obj_esc) + strlen(archive_esc) + 64); data/xschem-2.8.1/scconfig/src/default/find_fstools.c:292:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd = malloc(strlen(command) + strlen(obj_esc) + strlen(archive_esc) + 64); data/xschem-2.8.1/scconfig/src/default/find_fstools.c:292:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd = malloc(strlen(command) + strlen(obj_esc) + strlen(archive_esc) + 64); data/xschem-2.8.1/scconfig/src/default/find_fstools.c:367:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((out != NULL) && (strncmp(out, test_str, strlen(test_str)) == 0)) { data/xschem-2.8.1/scconfig/src/default/find_fstools.c:395:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((out != NULL) && (strncmp(out, test_str_out, strlen(test_str_out)) == 0)) { data/xschem-2.8.1/scconfig/src/default/find_fstools.c:414:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd = malloc(strlen(command) + strlen(tmp_esc) + 16); data/xschem-2.8.1/scconfig/src/default/find_fstools.c:414:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd = malloc(strlen(command) + strlen(tmp_esc) + 16); data/xschem-2.8.1/scconfig/src/default/find_fstools.c:615:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(target); data/xschem-2.8.1/scconfig/src/default/find_fstools.c:664:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(target); data/xschem-2.8.1/scconfig/src/default/find_libs.c:35:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cflags = malloc(strlen(dlc) + 64); data/xschem-2.8.1/scconfig/src/default/find_libs.c:36:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ldflags = malloc(strlen(dlc)*2 + 256); data/xschem-2.8.1/scconfig/src/default/find_printf.c:39:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(out, expected, strlen(expected)) == 0) { data/xschem-2.8.1/scconfig/src/default/find_signal.c:103:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pathend = path + strlen(prefix); data/xschem-2.8.1/scconfig/src/default/find_sys.c:187:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = cwd + strlen(cwd) - 1; data/xschem-2.8.1/scconfig/src/default/find_sys.c:233:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). c = tmp[strlen(tmp)-1]; data/xschem-2.8.1/scconfig/src/default/find_sys.c:250:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t = malloc(strlen(tmp) * 2); data/xschem-2.8.1/scconfig/src/default/find_sys.c:377:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd = malloc(strlen(test) + strlen(shell) + 8); data/xschem-2.8.1/scconfig/src/default/find_sys.c:377:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd = malloc(strlen(test) + strlen(shell) + 8); data/xschem-2.8.1/scconfig/src/default/find_sys.c:432:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). res = strncmp(start, t[1], strlen(t[1])); data/xschem-2.8.1/scconfig/src/default/find_types.c:53:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). start = test_c + strlen(inc); data/xschem-2.8.1/scconfig/src/default/find_types.c:261:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nodeend = node + strlen(node); data/xschem-2.8.1/scconfig/src/default/lib_compile.c:51:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s); data/xschem-2.8.1/scconfig/src/default/lib_compile.c:52:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). output = malloc(len + strlen(input) + 4); data/xschem-2.8.1/scconfig/src/default/lib_compile.c:177:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). out = malloc(strlen(in)*2+1); data/xschem-2.8.1/scconfig/src/default/lib_compile.c:238:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd = malloc(strlen(emu) + strlen(cmd_) + strlen(fn_out_esc) + strlen(temp_out_esc) + 32); data/xschem-2.8.1/scconfig/src/default/lib_compile.c:238:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd = malloc(strlen(emu) + strlen(cmd_) + strlen(fn_out_esc) + strlen(temp_out_esc) + 32); data/xschem-2.8.1/scconfig/src/default/lib_compile.c:238:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd = malloc(strlen(emu) + strlen(cmd_) + strlen(fn_out_esc) + strlen(temp_out_esc) + 32); data/xschem-2.8.1/scconfig/src/default/lib_compile.c:238:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd = malloc(strlen(emu) + strlen(cmd_) + strlen(fn_out_esc) + strlen(temp_out_esc) + 32); data/xschem-2.8.1/scconfig/src/default/lib_compile.c:283:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd = malloc(strlen(emu) + strlen(shell) + strlen(cmd_esc) + 16); data/xschem-2.8.1/scconfig/src/default/lib_compile.c:283:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd = malloc(strlen(emu) + strlen(shell) + strlen(cmd_esc) + 16); data/xschem-2.8.1/scconfig/src/default/lib_compile.c:283:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd = malloc(strlen(emu) + strlen(shell) + strlen(cmd_esc) + 16); data/xschem-2.8.1/scconfig/src/default/lib_compile.c:322:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd = malloc(strlen(temp) + strlen(interpreter) + 4); data/xschem-2.8.1/scconfig/src/default/lib_compile.c:322:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd = malloc(strlen(temp) + strlen(interpreter) + 4); data/xschem-2.8.1/scconfig/src/default/lib_file.c:52:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(suffix) > sizeof(s) - strlen(tmp) - 32) { data/xschem-2.8.1/scconfig/src/default/lib_file.c:52:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(suffix) > sizeof(s) - strlen(tmp) - 32) { data/xschem-2.8.1/scconfig/src/default/lib_file.c:69:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd = malloc(strlen(s_esc) + strlen(mkdir) + 16); data/xschem-2.8.1/scconfig/src/default/lib_file.c:69:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd = malloc(strlen(s_esc) + strlen(mkdir) + 16); data/xschem-2.8.1/scconfig/src/default/lib_file.c:92:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(suffix) > sizeof(s) - strlen(tmp) - 32) { data/xschem-2.8.1/scconfig/src/default/lib_file.c:92:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(suffix) > sizeof(s) - strlen(tmp) - 32) { data/xschem-2.8.1/scconfig/src/default/lib_file.c:169:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = malloc(strlen(path_esc) + 16); data/xschem-2.8.1/scconfig/src/default/lib_file.c:193:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). path = malloc(strlen(dir) + strlen(file) + 5); data/xschem-2.8.1/scconfig/src/default/lib_file.c:193:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). path = malloc(strlen(dir) + strlen(file) + 5); data/xschem-2.8.1/scconfig/src/default/lib_filelist.c:47:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd = malloc(strlen(dir) + strlen(rm) + 4); data/xschem-2.8.1/scconfig/src/default/lib_filelist.c:47:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd = malloc(strlen(dir) + strlen(rm) + 4); data/xschem-2.8.1/scconfig/src/default/lib_filelist.c:66:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fn = malloc(strlen(dir) + 32); data/xschem-2.8.1/scconfig/src/default/lib_filelist.c:84:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd = malloc(strlen(dir) + 64); data/xschem-2.8.1/scconfig/src/default/lib_filelist.c:151:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(dir); data/xschem-2.8.1/scconfig/src/default/lib_filelist.c:219:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd = malloc(strlen(dir) + strlen(list_cmd) + 32); data/xschem-2.8.1/scconfig/src/default/lib_filelist.c:219:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd = malloc(strlen(dir) + strlen(list_cmd) + 32); data/xschem-2.8.1/scconfig/src/default/lib_pkg_config.c:33:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(pkgname) < sizeof(cmd) - 64); data/xschem-2.8.1/scconfig/src/default/lib_pkg_config.c:85:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(pkgname) < sizeof(cmd) - 64); data/xschem-2.8.1/scconfig/src/default/lib_srctree.c:36:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int keylen = strlen(key); data/xschem-2.8.1/scconfig/src/default/lib_try.c:26:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(includes); data/xschem-2.8.1/scconfig/src/default/lib_try.c:58:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = malloc(strlen(prefix) + 32); data/xschem-2.8.1/scconfig/src/default/lib_try.c:266:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = malloc(strlen(prefix) + 32); data/xschem-2.8.1/scconfig/src/default/lib_uniqinc.c:137:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(*arr); data/xschem-2.8.1/scconfig/src/default/lib_uniqinc.c:164:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(arr[ndx]); data/xschem-2.8.1/scconfig/src/default/lib_uniqinc.c:187:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). oseplen = strlen(osep); data/xschem-2.8.1/scconfig/src/default/lib_uniqinc.c:195:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(*s) + oseplen + 1; data/xschem-2.8.1/scconfig/src/default/lib_uniqinc.c:226:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). long w1len = strlen(word1), w2len = strlen(word2), tlen; data/xschem-2.8.1/scconfig/src/default/lib_uniqinc.c:226:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). long w1len = strlen(word1), w2len = strlen(word2), tlen; data/xschem-2.8.1/scconfig/src/default/lib_uniqinc.c:242:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tlen = strlen(s); data/xschem-2.8.1/scconfig/src/default/lib_uniqinc.c:264:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tlen = strlen(includes); data/xschem-2.8.1/scconfig/src/default/log.c:123:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (line[strlen(line)-1] != '\n') data/xschem-2.8.1/scconfig/src/default/regex.c:596:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = bol + strlen(bol); data/xschem-2.8.1/scconfig/src/default/regex.c:599:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l2 = strlen(sub); data/xschem-2.8.1/scconfig/src/default/str.c:36:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(str)+1; data/xschem-2.8.1/scconfig/src/default/str.c:54:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = str + strlen(str) - 1; data/xschem-2.8.1/scconfig/src/default/str.c:91:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). o = out = malloc(strlen(str)+1); data/xschem-2.8.1/scconfig/src/default/str.c:129:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len[v] = strlen(str[v]); data/xschem-2.8.1/scconfig/src/default/str.c:133:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = strlen(sep); data/xschem-2.8.1/scconfig/src/parsgen/find_parsgen.c:54:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd = malloc(strlen(temp_in_esc) + 16); data/xschem-2.8.1/scconfig/src/parsgen/find_parsgen.c:99:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bisfile = malloc(strlen(temp_in) + 32); data/xschem-2.8.1/scconfig/src/parsgen/find_parsgen.c:109:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd = malloc(strlen(temp_in_esc) + 16); data/xschem-2.8.1/scconfig/src/scripts/find_ruby.c:36:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = malloc(strlen(basedir) + strlen(files[n]) + 4); data/xschem-2.8.1/scconfig/src/scripts/find_ruby.c:36:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = malloc(strlen(basedir) + strlen(files[n]) + 4); data/xschem-2.8.1/scconfig/src/scripts/find_ruby.c:41:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = malloc(strlen(basedir) + strlen(files[n]) + strlen(ifiles[m]) + 16); data/xschem-2.8.1/scconfig/src/scripts/find_ruby.c:41:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = malloc(strlen(basedir) + strlen(files[n]) + strlen(ifiles[m]) + 16); data/xschem-2.8.1/scconfig/src/scripts/find_ruby.c:41:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = malloc(strlen(basedir) + strlen(files[n]) + strlen(ifiles[m]) + 16); data/xschem-2.8.1/scconfig/src/scripts/find_ruby.c:46:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ldflags = malloc(strlen(files[n]) + 16); data/xschem-2.8.1/scconfig/src/scripts/find_tcl.c:114:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd = malloc(strlen(temp) + 16); data/xschem-2.8.1/scconfig/src/scripts/find_tcl.c:120:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmd = malloc(strlen(out) + 256); data/xschem-2.8.1/scconfig/src/scripts/find_tcl.c:124:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). out = malloc(strlen(temp2) + 32); data/xschem-2.8.1/scconfig/src/scripts/scripts.c:57:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). llen = strlen(language); data/xschem-2.8.1/scconfig/src/scripts/scripts.c:67:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ldflags = malloc(strlen(files[n]) + strlen(ldflags_base) + 16); data/xschem-2.8.1/scconfig/src/scripts/scripts.c:67:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ldflags = malloc(strlen(files[n]) + strlen(ldflags_base) + 16); data/xschem-2.8.1/scconfig/src/scripts/scripts.c:69:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cflags = malloc(strlen(files[n]) + strlen(basedir) + 16); data/xschem-2.8.1/scconfig/src/scripts/scripts.c:69:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cflags = malloc(strlen(files[n]) + strlen(basedir) + 16); data/xschem-2.8.1/scconfig/src/tmpasm/tmpasm.c:21:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(str)+1; data/xschem-2.8.1/scconfig/src/tmpasm/tmpasm.c:702:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(i); data/xschem-2.8.1/scconfig/src/tmpasm/tmpasm_scconfig.c:275:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(csub); data/xschem-2.8.1/scconfig/src/tmpasm/tmpasm_scconfig.c:277:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buff = malloc(strlen(val)*(slen+3)+32); /* big enough for worst case, when every letter and $ and ^ are replaced with sub */ data/xschem-2.8.1/scconfig/src/tmpasm/tmpasm_scconfig.c:279:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buff = malloc(strlen(val)+slen+32); /* only one replacement will be done */ data/xschem-2.8.1/scconfig/src/tmpasm/tmpasm_scconfig.c:287:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = buff + strlen(buff); data/xschem-2.8.1/scconfig/src/tmpasm/tmpasm_scconfig.c:297:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buff = realloc(buff, strlen(buff)+1); data/xschem-2.8.1/scconfig/src/tmpasm/tmpasm_scconfig.c:430:7: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = fgetc(fin); data/xschem-2.8.1/scconfig/src/tmpasm/tmpasm_scconfig.c:496:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *err = malloc(strlen(fn) + strlen(path) + strlen(mode) + 16); data/xschem-2.8.1/scconfig/src/tmpasm/tmpasm_scconfig.c:496:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *err = malloc(strlen(fn) + strlen(path) + strlen(mode) + 16); data/xschem-2.8.1/scconfig/src/tmpasm/tmpasm_scconfig.c:496:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *err = malloc(strlen(fn) + strlen(path) + strlen(mode) + 16); data/xschem-2.8.1/scconfig/src/util/arg_auto_set.c:83:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pl = strlen(padding); data/xschem-2.8.1/scconfig/src/util/arg_auto_set.c:89:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int kl = strlen(t->arg_key); data/xschem-2.8.1/scconfig/src/util/cquote.c:33:13: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((c = getc(stdin)) != EOF) { data/xschem-2.8.1/scconfig/src/util/cquote.c:79:13: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((c = getc(stdin)) != EOF) { data/xschem-2.8.1/scconfig/src/util/sccbox.c:293:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const char *s = path + strlen(path); data/xschem-2.8.1/scconfig/src/util/sccbox.c:304:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t dlen = strlen(dir), blen = strlen(bn); data/xschem-2.8.1/scconfig/src/util/sccbox.c:304:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t dlen = strlen(dir), blen = strlen(bn); data/xschem-2.8.1/scconfig/src/util/sccbox.c:449:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = pwd_buff + strlen(pwd_buff) - 1; data/xschem-2.8.1/scconfig/src/util/sccbox.c:503:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(p); data/xschem-2.8.1/scconfig/src/util/sccbox.c:590:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int res = 1, len = strlen(path); data/xschem-2.8.1/src/editprop.c:59:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(src)+1; data/xschem-2.8.1/src/editprop.c:145:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(sptr); data/xschem-2.8.1/src/editprop.c:160:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(nfmt, fmt, l); data/xschem-2.8.1/src/editprop.c:183:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(nfmt, fmt, l); data/xschem-2.8.1/src/editprop.c:228:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(src)+1; data/xschem-2.8.1/src/editprop.c:244:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = strlen(*str); data/xschem-2.8.1/src/editprop.c:246:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). a = strlen(append_str) + 1; data/xschem-2.8.1/src/editprop.c:253:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). a = strlen(append_str) + 1; data/xschem-2.8.1/src/editprop.c:265:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). a = strlen(append_str)+1; data/xschem-2.8.1/src/editprop.c:269:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = strlen(*str); data/xschem-2.8.1/src/paste.c:308:10: [1] (buffer) fscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if(fscanf(fd,"%4095s",name1)==EOF) break; data/xschem-2.8.1/src/save.c:34:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(s); data/xschem-2.8.1/src/save.c:60:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix_size = strlen(prefix); data/xschem-2.8.1/src/save.c:694:5: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c=fgetc(fd); data/xschem-2.8.1/src/save.c:704:8: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c=fgetc(fd); data/xschem-2.8.1/src/save.c:1476:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ln = 100+strlen(sub_prop); data/xschem-2.8.1/src/save.c:1502:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ln = 100+strlen(sub2_prop); data/xschem-2.8.1/src/scheduler.c:1126:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). llen = strlen(l); data/xschem-2.8.1/src/scheduler.c:1357:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( strlen(argv[3]) < sizeof(cairo_font_name) ) { data/xschem-2.8.1/src/token.c:384:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(s); data/xschem-2.8.1/src/token.c:622:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = strlen(new_val); data/xschem-2.8.1/src/token.c:659:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = strlen(new_val) + strlen(tok) + 2; data/xschem-2.8.1/src/token.c:659:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = strlen(new_val) + strlen(tok) + 2; data/xschem-2.8.1/src/token.c:671:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = strlen(new_val) + strlen(tok) + 2; /* 20171104 */ data/xschem-2.8.1/src/token.c:671:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = strlen(new_val) + strlen(tok) + 2; /* 20171104 */ data/xschem-2.8.1/src/token.c:691:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s); data/xschem-2.8.1/src/token.c:1227:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = token_pos + strlen(name) + strlen(inst_ptr[inst].name) + 100; data/xschem-2.8.1/src/token.c:1227:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = token_pos + strlen(name) + strlen(inst_ptr[inst].name) + 100; data/xschem-2.8.1/src/token.c:1454:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = token_pos + strlen(name) + strlen(inst_ptr[inst].name) + 100; data/xschem-2.8.1/src/token.c:1454:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = token_pos + strlen(name) + strlen(inst_ptr[inst].name) + 100; data/xschem-2.8.1/src/token.c:1802:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = token_pos + strlen(name) + strlen(inst_ptr[inst].name) + 100; data/xschem-2.8.1/src/token.c:1802:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = token_pos + strlen(name) + strlen(inst_ptr[inst].name) + 100; data/xschem-2.8.1/src/token.c:1962:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = token_pos + strlen(name) + strlen(inst_ptr[inst].name) + 100; data/xschem-2.8.1/src/token.c:1962:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = token_pos + strlen(name) + strlen(inst_ptr[inst].name) + 100; data/xschem-2.8.1/src/token.c:2094:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp=strlen(tmp_sym_name); data/xschem-2.8.1/src/token.c:2117:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp=strlen(value); data/xschem-2.8.1/src/token.c:2132:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp=strlen( asctime(tm)); data/xschem-2.8.1/src/token.c:2143:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp=strlen( asctime(tm)); data/xschem-2.8.1/src/token.c:2154:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp=strlen( asctime(tm)); data/xschem-2.8.1/src/token.c:2163:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp=strlen(schematic[currentsch]); data/xschem-2.8.1/src/token.c:2172:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp=strlen(inst_ptr[inst].prop_ptr); data/xschem-2.8.1/src/token.c:2183:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp=strlen(schvhdlprop); data/xschem-2.8.1/src/token.c:2195:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp=strlen(schprop); data/xschem-2.8.1/src/token.c:2208:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp=strlen(schtedaxprop); data/xschem-2.8.1/src/token.c:2221:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp=strlen(schverilogprop); data/xschem-2.8.1/src/xinit.c:90:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!arg_copy || strlen(arg_copy) == 0) { data/xschem-2.8.1/src/xinit.c:121:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(p2) == 0) { data/xschem-2.8.1/src/xinit.c:131:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(p1) == 0) { ANALYSIS SUMMARY: Hits = 830 Lines analyzed = 41148 in approximately 1.36 seconds (30303 lines/second) Physical Source Lines of Code (SLOC) = 33338 Hits@level = [0] 1437 [1] 193 [2] 472 [3] 5 [4] 156 [5] 4 Hits@level+ = [0+] 2267 [1+] 830 [2+] 637 [3+] 165 [4+] 160 [5+] 4 Hits/KSLOC@level+ = [0+] 68.0005 [1+] 24.8965 [2+] 19.1073 [3+] 4.94931 [4+] 4.79933 [5+] 0.119983 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.