Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/zsh-5.8/Src/Zle/compctl.h
Examining data/zsh-5.8/Src/Zle/compmatch.c
Examining data/zsh-5.8/Src/Zle/zle_bindings.c
Examining data/zsh-5.8/Src/Zle/compresult.c
Examining data/zsh-5.8/Src/Zle/zle_params.c
Examining data/zsh-5.8/Src/Zle/textobjects.c
Examining data/zsh-5.8/Src/Zle/zle_word.c
Examining data/zsh-5.8/Src/Zle/zle_vi.c
Examining data/zsh-5.8/Src/Zle/deltochar.c
Examining data/zsh-5.8/Src/Zle/zle_move.c
Examining data/zsh-5.8/Src/Zle/compcore.c
Examining data/zsh-5.8/Src/Zle/zle_utils.c
Examining data/zsh-5.8/Src/Zle/complete.c
Examining data/zsh-5.8/Src/Zle/zle_tricky.c
Examining data/zsh-5.8/Src/Zle/compctl.c
Examining data/zsh-5.8/Src/Zle/zle_refresh.c
Examining data/zsh-5.8/Src/Zle/comp.h
Examining data/zsh-5.8/Src/Zle/zleparameter.c
Examining data/zsh-5.8/Src/Zle/zle_main.c
Examining data/zsh-5.8/Src/Zle/zle_thingy.c
Examining data/zsh-5.8/Src/Zle/zle_hist.c
Examining data/zsh-5.8/Src/Zle/computil.c
Examining data/zsh-5.8/Src/Zle/zle_keymap.c
Examining data/zsh-5.8/Src/Zle/zle_misc.c
Examining data/zsh-5.8/Src/Zle/complist.c
Examining data/zsh-5.8/Src/Zle/zle.h
Examining data/zsh-5.8/Src/math.c
Examining data/zsh-5.8/Src/compat.c
Examining data/zsh-5.8/Src/linklist.c
Examining data/zsh-5.8/Src/exec.c
Examining data/zsh-5.8/Src/loop.c
Examining data/zsh-5.8/Src/lex.c
Examining data/zsh-5.8/Src/hashtable.h
Examining data/zsh-5.8/Src/init.c
Examining data/zsh-5.8/Src/zsh_system.h
Examining data/zsh-5.8/Src/modentry.c
Examining data/zsh-5.8/Src/mem.c
Examining data/zsh-5.8/Src/sort.c
Examining data/zsh-5.8/Src/module.c
Examining data/zsh-5.8/Src/zsh.h
Examining data/zsh-5.8/Src/watch.c
Examining data/zsh-5.8/Src/hashnameddir.c
Examining data/zsh-5.8/Src/cond.c
Examining data/zsh-5.8/Src/string.c
Examining data/zsh-5.8/Src/signals.h
Examining data/zsh-5.8/Src/prompt.c
Examining data/zsh-5.8/Src/glob.c
Examining data/zsh-5.8/Src/openssh_bsd_setres_id.c
Examining data/zsh-5.8/Src/Builtins/sched.c
Examining data/zsh-5.8/Src/Builtins/rlimits.c
Examining data/zsh-5.8/Src/hist.c
Examining data/zsh-5.8/Src/prototypes.h
Examining data/zsh-5.8/Src/input.c
Examining data/zsh-5.8/Src/utils.c
Examining data/zsh-5.8/Src/main.c
Examining data/zsh-5.8/Src/jobs.c
Examining data/zsh-5.8/Src/hashtable.c
Examining data/zsh-5.8/Src/text.c
Examining data/zsh-5.8/Src/builtin.c
Examining data/zsh-5.8/Src/ztype.h
Examining data/zsh-5.8/Src/params.c
Examining data/zsh-5.8/Src/context.c
Examining data/zsh-5.8/Src/parse.c
Examining data/zsh-5.8/Src/Modules/tcp.h
Examining data/zsh-5.8/Src/Modules/zselect.c
Examining data/zsh-5.8/Src/Modules/nearcolor.c
Examining data/zsh-5.8/Src/Modules/pcre.c
Examining data/zsh-5.8/Src/Modules/param_private.c
Examining data/zsh-5.8/Src/Modules/mathfunc.c
Examining data/zsh-5.8/Src/Modules/cap.c
Examining data/zsh-5.8/Src/Modules/files.c
Examining data/zsh-5.8/Src/Modules/system.c
Examining data/zsh-5.8/Src/Modules/db_gdbm.c
Examining data/zsh-5.8/Src/Modules/curses.c
Examining data/zsh-5.8/Src/Modules/mapfile.c
Examining data/zsh-5.8/Src/Modules/socket.c
Examining data/zsh-5.8/Src/Modules/attr.c
Examining data/zsh-5.8/Src/Modules/terminfo.c
Examining data/zsh-5.8/Src/Modules/example.c
Examining data/zsh-5.8/Src/Modules/tcp.c
Examining data/zsh-5.8/Src/Modules/termcap.c
Examining data/zsh-5.8/Src/Modules/zutil.c
Examining data/zsh-5.8/Src/Modules/langinfo.c
Examining data/zsh-5.8/Src/Modules/parameter.c
Examining data/zsh-5.8/Src/Modules/zpty.c
Examining data/zsh-5.8/Src/Modules/stat.c
Examining data/zsh-5.8/Src/Modules/zprof.c
Examining data/zsh-5.8/Src/Modules/newuser.c
Examining data/zsh-5.8/Src/Modules/clone.c
Examining data/zsh-5.8/Src/Modules/zftp.c
Examining data/zsh-5.8/Src/Modules/datetime.c
Examining data/zsh-5.8/Src/Modules/regex.c
Examining data/zsh-5.8/Src/wcwidth9.h
Examining data/zsh-5.8/Src/options.c
Examining data/zsh-5.8/Src/pattern.c
Examining data/zsh-5.8/Src/subst.c
Examining data/zsh-5.8/Src/signals.c
FINAL RESULTS:
data/zsh-5.8/Src/Modules/files.c:636:8: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if(chmod(rp, chm->mode)) {
data/zsh-5.8/Src/Modules/files.c:676:8: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if(chown(rp, chm->uid, chm->gid)) {
data/zsh-5.8/Src/Modules/stat.c:225:10: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
(num = readlink(fname, outbuf, PATH_MAX)) > 0) {
data/zsh-5.8/Src/glob.c:304:37: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
return access(buf, F_OK) && (!l || readlink(buf, lbuf, 1) < 0);
data/zsh-5.8/Src/utils.c:953:7: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
t0 = readlink(unmeta(xbuf2), xbuf3, PATH_MAX);
data/zsh-5.8/Src/zsh_system.h:767:10: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
# define readlink(PATH, BUF, BUFSZ) \
data/zsh-5.8/Src/zsh_system.h:779:17: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
# define lchown chown
data/zsh-5.8/Src/Builtins/sched.c:366:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(*aptr, "%s:%s:%s", tbuf, flagstr, sch->cmd);
data/zsh-5.8/Src/Modules/curses.c:1200:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(evstr, "%s%d", zcmelp->name,
data/zsh-5.8/Src/Modules/db_gdbm.c:790:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(work, to_copy);
data/zsh-5.8/Src/Modules/files.c:328:3: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access(qbuf, W_OK)) {
data/zsh-5.8/Src/Modules/files.c:489:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(files + fileslen, fn);
data/zsh-5.8/Src/Modules/files.c:497:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(narg,arg);
data/zsh-5.8/Src/Modules/files.c:499:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(narg + arglen, fn);
data/zsh-5.8/Src/Modules/files.c:563:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access(rp, W_OK)) {
data/zsh-5.8/Src/Modules/newuser.c:61:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/%s", dotdir, fname);
data/zsh-5.8/Src/Modules/newuser.c:63:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return access(buf, F_OK);
data/zsh-5.8/Src/Modules/newuser.c:98:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/newuser", *sp);
data/zsh-5.8/Src/Modules/parameter.c:231:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pm->u.str, *(cmd->u.name));
data/zsh-5.8/Src/Modules/parameter.c:233:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pm->u.str, name);
data/zsh-5.8/Src/Modules/parameter.c:270:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pm.u.str, *(cmd->u.name));
data/zsh-5.8/Src/Modules/parameter.c:272:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pm.u.str, cmd->node.nam);
data/zsh-5.8/Src/Modules/parameter.c:417:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(h, start);
data/zsh-5.8/Src/Modules/parameter.c:418:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(h, t);
data/zsh-5.8/Src/Modules/parameter.c:420:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(h, n);
data/zsh-5.8/Src/Modules/parameter.c:495:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pm.u.str, start);
data/zsh-5.8/Src/Modules/parameter.c:496:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pm.u.str, t);
data/zsh-5.8/Src/Modules/parameter.c:498:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pm.u.str, n);
data/zsh-5.8/Src/Modules/parameter.c:662:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(colonpair, "%s:%lld", f->caller, f->lineno);
data/zsh-5.8/Src/Modules/parameter.c:664:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(colonpair, "%s:%ld", f->caller, (long)f->lineno);
data/zsh-5.8/Src/Modules/parameter.c:694:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(colonpair, "%s:%lld", fname, f->flineno);
data/zsh-5.8/Src/Modules/parameter.c:696:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(colonpair, "%s:%ld", fname, (long)f->flineno);
data/zsh-5.8/Src/Modules/parameter.c:733:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(colonpair, "%s:%lld", f->caller, f->lineno);
data/zsh-5.8/Src/Modules/parameter.c:735:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(colonpair, "%s:%ld", f->caller, (long)f->lineno);
data/zsh-5.8/Src/Modules/parameter.c:757:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(colonpair, "%s:%lld", fname, flineno);
data/zsh-5.8/Src/Modules/parameter.c:759:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(colonpair, "%s:%ld", fname, (long)flineno);
data/zsh-5.8/Src/Modules/parameter.c:1260:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ret, pn->text);
data/zsh-5.8/Src/Modules/parameter.c:1357:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf((state = buf2), "%s (core dumped)",
data/zsh-5.8/Src/Modules/parameter.c:1362:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, ":%d=%s", (int)pn->pid, state);
data/zsh-5.8/Src/Modules/stat.c:50:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(outbuf, (flags & STF_OCTAL) ? "0%lo" : "%lu",
data/zsh-5.8/Src/Modules/stat.c:123:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outbuf, pm);
data/zsh-5.8/Src/Modules/stat.c:144:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outbuf, pwd->pw_name);
data/zsh-5.8/Src/Modules/stat.c:173:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outbuf, gr->gr_name);
data/zsh-5.8/Src/Modules/stat.c:239:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(outbuf, (flags & (STF_PICK|STF_ARRAY)) ?
data/zsh-5.8/Src/Modules/system.c:520:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s%s", pfx, msg);
data/zsh-5.8/Src/Modules/tcp.c:82:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, inet_ntoa(*(struct in_addr *)cp));
data/zsh-5.8/Src/Modules/zftp.c:554:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(line, cmd);
data/zsh-5.8/Src/Modules/zftp.c:557:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, *aptr);
data/zsh-5.8/Src/Modules/zftp.c:3026:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fullname, cnam);
data/zsh-5.8/Src/Modules/zselect.c:215:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, data);
data/zsh-5.8/Src/Modules/zutil.c:1013:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr, cp + 1);
data/zsh-5.8/Src/Modules/zutil.c:1017:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf + suf, cp + 1);
data/zsh-5.8/Src/Modules/zutil.c:1135:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cp, pattern);
data/zsh-5.8/Src/Modules/zutil.c:1142:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cp, lookahead);
data/zsh-5.8/Src/Modules/zutil.c:1591:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s + 1, d->name);
data/zsh-5.8/Src/Modules/zutil.c:1592:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(s, arg);
data/zsh-5.8/Src/Modules/zutil.c:1644:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*ap++, *dp);
data/zsh-5.8/Src/Modules/zutil.c:1960:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(n + 1, d->name);
data/zsh-5.8/Src/Modules/zutil.c:1970:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(n, v->arg);
data/zsh-5.8/Src/Zle/compcore.c:1397:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, ip);
data/zsh-5.8/Src/Zle/compcore.c:1398:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(str, p);
data/zsh-5.8/Src/Zle/compcore.c:1399:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(str, s);
data/zsh-5.8/Src/Zle/compcore.c:1550:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp + 2 + noffs, s + noffs);
data/zsh-5.8/Src/Zle/compcore.c:2342:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, globflag);
data/zsh-5.8/Src/Zle/compcore.c:2343:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp, lpre);
data/zsh-5.8/Src/Zle/compcore.c:2345:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, lpre);
data/zsh-5.8/Src/Zle/compcore.c:2347:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp + llpl + gfl + is, lsuf);
data/zsh-5.8/Src/Zle/compcore.c:2390:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, compprefix);
data/zsh-5.8/Src/Zle/compcore.c:2391:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp + pflen, compsuffix);
data/zsh-5.8/Src/Zle/compcore.c:2465:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ibuf + ppl, s);
data/zsh-5.8/Src/Zle/compcore.c:2467:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ibuf + ppl + sl, dat->psuf);
data/zsh-5.8/Src/Zle/compcore.c:2914:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pb, "%s%s", (cm->prpre ? cm->prpre : "./"), orig);
data/zsh-5.8/Src/Zle/compcore.c:3005:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(e, cm->ppre);
data/zsh-5.8/Src/Zle/compcore.c:3008:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(e, str);
data/zsh-5.8/Src/Zle/compcore.c:3011:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(e, cm->psuf);
data/zsh-5.8/Src/Zle/compctl.c:362:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf((ac ? "compctl -M" : "MATCH"));
data/zsh-5.8/Src/Zle/compctl.c:2242:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p + o, psuf);
data/zsh-5.8/Src/Zle/compctl.c:2264:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
tt = !access(p, F_OK);
data/zsh-5.8/Src/Zle/compctl.c:2347:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, *compquote == '$' ? compquote+1 : compquote);
data/zsh-5.8/Src/Zle/compctl.c:2828:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, ss);
data/zsh-5.8/Src/Zle/compctl.c:2832:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp + sl + 2 + noffs, s + noffs);
data/zsh-5.8/Src/Zle/compctl.c:3262:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, rpre);
data/zsh-5.8/Src/Zle/compctl.c:3266:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p + rpl + 1, rsuf);
data/zsh-5.8/Src/Zle/compctl.c:3268:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p + rpl, rsuf);
data/zsh-5.8/Src/Zle/compctl.c:3323:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lppre + bp->qpos,
data/zsh-5.8/Src/Zle/compctl.c:3383:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, fpre);
data/zsh-5.8/Src/Zle/compctl.c:3387:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p + t2, fsuf);
data/zsh-5.8/Src/Zle/compctl.c:3430:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, lpre);
data/zsh-5.8/Src/Zle/compctl.c:3433:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(p, lsuf);
data/zsh-5.8/Src/Zle/compctl.c:3467:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tp, *pp);
data/zsh-5.8/Src/Zle/compctl.c:3469:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tp + pl + 1, ppre);
data/zsh-5.8/Src/Zle/compctl.c:3483:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tp, cc->withd);
data/zsh-5.8/Src/Zle/compctl.c:3485:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tp + pl + 1, ppre);
data/zsh-5.8/Src/Zle/compctl.c:3541:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pa, prpre);
data/zsh-5.8/Src/Zle/compctl.c:3584:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pa + o, g);
data/zsh-5.8/Src/Zle/compctl.c:3767:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpbuf, "foo %s", cc->str); /* KLUDGE! */
data/zsh-5.8/Src/Zle/compctl.c:3891:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p, "%s%s%s", m->ppre, m->str, s);
data/zsh-5.8/Src/Zle/complist.c:569:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, mcolors.files[COL_LC]->col);
data/zsh-5.8/Src/Zle/complist.c:570:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, cap);
data/zsh-5.8/Src/Zle/complist.c:571:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, mcolors.files[COL_RC]->col);
data/zsh-5.8/Src/Zle/complist.c:575:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(last_cap, cap);
data/zsh-5.8/Src/Zle/complist.c:1200:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(nc, "%-9s", nbuf);
data/zsh-5.8/Src/Zle/complist.c:1213:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(nc, "%-9s", nbuf);
data/zsh-5.8/Src/Zle/complist.c:2235:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(status, p + pl - h - 3);
data/zsh-5.8/Src/Zle/complist.c:2237:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(status, p);
data/zsh-5.8/Src/Zle/complist.c:2244:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(status, s);
data/zsh-5.8/Src/Zle/complist.c:2556:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
int l = sprintf(status, "%s%sisearch%s: ",
data/zsh-5.8/Src/Zle/complist.c:2906:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(status, u->status);
data/zsh-5.8/Src/Zle/compresult.c:512:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(s, (char *) getdata(node));
data/zsh-5.8/Src/Zle/compresult.c:1069:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p, "%s%s%c",
data/zsh-5.8/Src/Zle/compresult.c:1102:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p, "%s%s%s", (*prpre ?
data/zsh-5.8/Src/Zle/compresult.c:2202:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, m->str);
data/zsh-5.8/Src/Zle/computil.c:674:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, str->str);
data/zsh-5.8/Src/Zle/computil.c:686:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, cd_state.sep);
data/zsh-5.8/Src/Zle/computil.c:698:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, d);
data/zsh-5.8/Src/Zle/computil.c:791:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dbuf, cd_state.sep);
data/zsh-5.8/Src/Zle/computil.c:798:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, d);
data/zsh-5.8/Src/Zle/computil.c:2471:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%soption%s-%d",
data/zsh-5.8/Src/Zle/computil.c:2474:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%soption%s-rest",
data/zsh-5.8/Src/Zle/computil.c:2701:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, n);
data/zsh-5.8/Src/Zle/computil.c:2703:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(str, p->descr);
data/zsh-5.8/Src/Zle/computil.c:3527:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, p->name);
data/zsh-5.8/Src/Zle/computil.c:3529:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(str, p->descr);
data/zsh-5.8/Src/Zle/computil.c:3987:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(n, *a);
data/zsh-5.8/Src/Zle/computil.c:3990:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(n + al + 1, c + 1);
data/zsh-5.8/Src/Zle/computil.c:4180:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, p);
data/zsh-5.8/Src/Zle/computil.c:4181:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf + l, suf);
data/zsh-5.8/Src/Zle/computil.c:4200:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(testbuf, buf);
data/zsh-5.8/Src/Zle/computil.c:4659:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, o);
data/zsh-5.8/Src/Zle/computil.c:4660:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str + ol, skipped);
data/zsh-5.8/Src/Zle/computil.c:4661:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str + ol + sl, *p);
data/zsh-5.8/Src/Zle/computil.c:4665:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, o);
data/zsh-5.8/Src/Zle/computil.c:4666:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str + ol, skipped);
data/zsh-5.8/Src/Zle/computil.c:4668:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str + ol + sl + 1, *p);
data/zsh-5.8/Src/Zle/computil.c:4754:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(a, m);
data/zsh-5.8/Src/Zle/computil.c:4755:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(a, skipped);
data/zsh-5.8/Src/Zle/computil.c:4756:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(a, f);
data/zsh-5.8/Src/Zle/zle.h:45:19: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
#define ZS_strcpy wcscpy
data/zsh-5.8/Src/Zle/zle.h:134:24: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
{ return (ZLE_STRING_T)strcpy((char*)t, (char*)f); }
data/zsh-5.8/Src/Zle/zle.h:141:24: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define ZS_strcpy(t,f) strcpy((char*)(t),(char*)(f))
data/zsh-5.8/Src/Zle/zle_hist.c:1194:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ibuf, ISEARCH_PROMPT);
data/zsh-5.8/Src/Zle/zle_hist.c:1635:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sbuf + sbptr, paste);
data/zsh-5.8/Src/Zle/zle_hist.c:1898:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newbuf, sbuf);
data/zsh-5.8/Src/Zle/zle_misc.c:841:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, mbstr);
data/zsh-5.8/Src/Zle/zle_misc.c:1242:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cmdbuf, prmt);
data/zsh-5.8/Src/Zle/zle_misc.c:1339:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr, insert);
data/zsh-5.8/Src/Zle/zle_misc.c:1404:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr = cmdbuf, peekfirst(namedcmdll));
data/zsh-5.8/Src/Zle/zle_misc.c:1410:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cmdbuf, peekfirst(namedcmdll));
data/zsh-5.8/Src/Zle/zle_refresh.c:435:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(*arrp, "%s%s %s ",
data/zsh-5.8/Src/Zle/zle_thingy.c:290:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dotn + 1, name);
data/zsh-5.8/Src/Zle/zle_tricky.c:682:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(zlemetaline, ol);
data/zsh-5.8/Src/Zle/zle_tricky.c:943:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(zlemetaline + zlemetacs + 1 + addspace, (*ptmp) + zlemetacs);
data/zsh-5.8/Src/Zle/zle_tricky.c:959:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t, str);
data/zsh-5.8/Src/Zle/zle_tricky.c:1247:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(rdop, "%d%s", tokfd, tokstrings[tok]);
data/zsh-5.8/Src/Zle/zle_tricky.c:1249:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rdop, tokstrings[tok]);
data/zsh-5.8/Src/Zle/zle_tricky.c:1250:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rdstr, rdop);
data/zsh-5.8/Src/Zle/zle_tricky.c:2848:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(zlemetaline, ol);
data/zsh-5.8/Src/Zle/zle_vi.c:110:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(curvichg.buf, keybuf);
data/zsh-5.8/Src/Zle/zleparameter.c:48:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(t, w->u.comp.wid);
data/zsh-5.8/Src/Zle/zleparameter.c:50:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(t, w->u.comp.func);
data/zsh-5.8/Src/builtin.c:776:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(fmt, pos++);
data/zsh-5.8/Src/builtin.c:946:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(d + len3, argv[1]);
data/zsh-5.8/Src/builtin.c:947:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(d, u + len1);
data/zsh-5.8/Src/builtin.c:1165:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, pwd);
data/zsh-5.8/Src/builtin.c:1167:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf + dlen + 1, pfix);
data/zsh-5.8/Src/builtin.c:1169:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf + dlen + pfl + 2, dest);
data/zsh-5.8/Src/builtin.c:1178:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, pwd);
data/zsh-5.8/Src/builtin.c:1180:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf + dlen + 1, dest);
data/zsh-5.8/Src/builtin.c:1407:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(isset(RCQUOTES) ? "''" : "'\\''");
data/zsh-5.8/Src/builtin.c:1726:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(newmem, newstr);
data/zsh-5.8/Src/builtin.c:1728:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(newmem, newpos + strlen(oldstr));
data/zsh-5.8/Src/builtin.c:3175:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/%s", shf2->filename, funcname);
data/zsh-5.8/Src/builtin.c:3178:26: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(buf, R_OK)) {
data/zsh-5.8/Src/builtin.c:4404:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
count += fprintf(fout, spec, width, prec, VAL); \
data/zsh-5.8/Src/builtin.c:4406:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
count += fprintf(fout, spec, width, VAL);
data/zsh-5.8/Src/builtin.c:4621:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(arg, "~%s%s", d->node.nam, args[n] + dirlen);
data/zsh-5.8/Src/builtin.c:5898:25: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (*name != '.' && access(s, F_OK) == 0
data/zsh-5.8/Src/builtin.c:5930:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(s, F_OK) == 0 && stat(s, &st) >= 0
data/zsh-5.8/Src/compat.c:73:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, uts.nodename);
data/zsh-5.8/Src/cond.c:116:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(overridename = overridebuf, "-%s-match", modname+4);
data/zsh-5.8/Src/cond.c:444:13: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return !access(unmeta(s), c);
data/zsh-5.8/Src/exec.c:478:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf + 2, pth);
data/zsh-5.8/Src/exec.c:480:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf + 2, "%s/%s", pwd, pth);
data/zsh-5.8/Src/exec.c:587:30: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return ((e != EACCES || !access(dir, X_OK)) &&
data/zsh-5.8/Src/exec.c:698:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf2, "-%s", arg0);
data/zsh-5.8/Src/exec.c:759:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(nn, cn->u.cmd);
data/zsh-5.8/Src/exec.c:770:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(z, arg0);
data/zsh-5.8/Src/exec.c:775:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(nn, cn->u.name ? *(cn->u.name) : "");
data/zsh-5.8/Src/exec.c:777:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(nn, cn->node.nam);
data/zsh-5.8/Src/exec.c:795:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(z, arg0);
data/zsh-5.8/Src/exec.c:852:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(nn, cn->u.cmd);
data/zsh-5.8/Src/exec.c:861:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(z, arg0);
data/zsh-5.8/Src/exec.c:864:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(nn, cn->u.name ? *(cn->u.name) : "");
data/zsh-5.8/Src/exec.c:866:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(nn, cn->node.nam);
data/zsh-5.8/Src/exec.c:876:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(z, arg0);
data/zsh-5.8/Src/exec.c:894:13: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return (access(us, X_OK) == 0 && stat(us, &statbuf) >= 0 &&
data/zsh-5.8/Src/exec.c:905:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fullnam, cn->u.cmd);
data/zsh-5.8/Src/exec.c:909:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fullnam, *(cn->u.name));
data/zsh-5.8/Src/exec.c:911:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fullnam, cn->node.nam);
data/zsh-5.8/Src/exec.c:952:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, arg0);
data/zsh-5.8/Src/exec.c:1563:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(list_pipe_text, old_list_pipe_text);
data/zsh-5.8/Src/exec.c:1925:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(list_pipe_text,
data/zsh-5.8/Src/exec.c:2430:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(xtrerr,
data/zsh-5.8/Src/exec.c:2549:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(zunderscore, str);
data/zsh-5.8/Src/exec.c:3146:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, exec_argv0);
data/zsh-5.8/Src/exec.c:4941:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pnam, "%s/%d", PATH_DEV_FD, pipes[!out]);
data/zsh-5.8/Src/exec.c:5575:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(n, shf->node.nam);
data/zsh-5.8/Src/exec.c:6036:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/%s", *pp, s);
data/zsh-5.8/Src/exec.c:6038:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, s);
data/zsh-5.8/Src/exec.c:6045:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(buf, R_OK) && (fd = open(buf, O_RDONLY | O_NOCTTY)) != -1) {
data/zsh-5.8/Src/exec.c:6182:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(unmeta(s), X_OK) == 0)
data/zsh-5.8/Src/exec.c:6189:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sbuf, "%s/%s", *cp, s);
data/zsh-5.8/Src/exec.c:6191:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sbuf, s);
data/zsh-5.8/Src/exec.c:6229:13: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ret = !(access(us, X_OK) || stat(us, &buf) || !S_ISDIR(buf.st_mode));
data/zsh-5.8/Src/exec.c:6247:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(es->list_pipe_text, list_pipe_text);
data/zsh-5.8/Src/exec.c:6283:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(list_pipe_text, en->list_pipe_text);
data/zsh-5.8/Src/glob.c:290:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, pathbuf + pathbufcwd);
data/zsh-5.8/Src/glob.c:291:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf + pathpos - pathbufcwd, s);
data/zsh-5.8/Src/glob.c:304:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return access(buf, F_OK) && (!l || readlink(buf, lbuf, 1) < 0);
data/zsh-5.8/Src/glob.c:346:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(news, s);
data/zsh-5.8/Src/glob.c:631:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(subdirs + subdirlen, fn);
data/zsh-5.8/Src/glob.c:2288:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p + strp + nclen, str2 + 1);
data/zsh-5.8/Src/glob.c:2293:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(p + strp, str2 + 1);
data/zsh-5.8/Src/glob.c:2372:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(p + strp, str2 + 1);
data/zsh-5.8/Src/glob.c:2419:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str + pl + 2, str2);
data/zsh-5.8/Src/glob.c:2423:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str + pl + 1, str2);
data/zsh-5.8/Src/glob.c:2455:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(zz, str2);
data/zsh-5.8/Src/glob.c:2597:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rr, buf);
data/zsh-5.8/Src/hashtable.c:647:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pathbuf, "%s/", unmetadir);
data/zsh-5.8/Src/hashtable.c:661:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pathptr, fn);
data/zsh-5.8/Src/hashtable.c:667:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
(access(pathbuf, X_OK) == 0 &&
data/zsh-5.8/Src/hashtable.c:925:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf((printflags & PRINT_WHENCE_WORD) ? ": function" :
data/zsh-5.8/Src/hist.c:2355:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pp, in);
data/zsh-5.8/Src/hist.c:3269:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(lockfile, "%s.LOCK", fn);
data/zsh-5.8/Src/hist.c:3499:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(b, "%d%s", tokfd, tokstrings[tok]);
data/zsh-5.8/Src/init.c:1195:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(funmeta, F_OK) == 0 &&
data/zsh-5.8/Src/init.c:1545:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/%s", h, s);
data/zsh-5.8/Src/input.c:364:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(inbuf + oldlen, ingetcline);
data/zsh-5.8/Src/jobs.c:1195:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fout, (job > 9) ? " " : " ");
data/zsh-5.8/Src/jobs.c:1451:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pn->text, text);
data/zsh-5.8/Src/jobs.c:2840:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "TRAP%s", sigs[sig]);
data/zsh-5.8/Src/jobs.c:2846:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "TRAP%s", alt_sigs[i].name);
data/zsh-5.8/Src/module.c:1588:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/%s.%s", **pp ? *pp : ".", name, DL_EXT);
data/zsh-5.8/Src/module.c:1772:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, name);
data/zsh-5.8/Src/module.c:3463:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(feature, "%c:%s", fchar, fnam);
data/zsh-5.8/Src/params.c:734:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
tenv = strcpy(zhalloc(strlen(env) + 1), env);
data/zsh-5.8/Src/params.c:845:29: [4] (misc) getlogin:
It's often easy to fool getlogin. Sometimes it does not work at all,
because some program messed up the utmp file. Often, it gives only the
first 8 characters of the login name. The user currently logged in on the
controlling tty of our program need not be the user who started it. Avoid
getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid())
and extract the desired information instead.
ztrdup_metafy((str = getlogin()) && *str ?
data/zsh-5.8/Src/params.c:1535:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(d + 1, s);
data/zsh-5.8/Src/params.c:1541:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(d, s);
data/zsh-5.8/Src/params.c:1556:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(d + 1, s);
data/zsh-5.8/Src/params.c:1558:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(d, s);
data/zsh-5.8/Src/params.c:2593:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(x + v->start, val);
data/zsh-5.8/Src/params.c:2594:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(x + v->start, z + v->end);
data/zsh-5.8/Src/params.c:3146:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(val, var);
data/zsh-5.8/Src/params.c:3147:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(val + lvar, copy);
data/zsh-5.8/Src/params.c:5255:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, name);
data/zsh-5.8/Src/params.c:5465:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fout, fmt, digits, dval);
data/zsh-5.8/Src/params.c:5474:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, fmt, digits, dval);
data/zsh-5.8/Src/parse.c:3274:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fdversion(pre), ZSH_VERSION);
data/zsh-5.8/Src/prompt.c:1786:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr, fg_bg == COL_SEQ_FG ? "fg=" : "bg=");
data/zsh-5.8/Src/prompt.c:1805:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr, digbuf);
data/zsh-5.8/Src/prompt.c:1810:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr, ansi_colours[colour]);
data/zsh-5.8/Src/prompt.c:1872:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr, hp->name);
data/zsh-5.8/Src/prompt.c:2111:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(colseq_buf, fg_bg == COL_SEQ_FG ? TC_COL_FG_START : TC_COL_BG_START);
data/zsh-5.8/Src/prompt.c:2113:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(colseq_buf, fg_bg_sequences[fg_bg].start);
data/zsh-5.8/Src/prompt.c:2118:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr, fg_bg == COL_SEQ_FG ? TC_COL_FG_DEFAULT : TC_COL_BG_DEFAULT);
data/zsh-5.8/Src/prompt.c:2120:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr, fg_bg_sequences[fg_bg].def);
data/zsh-5.8/Src/prompt.c:2131:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr, fg_bg == COL_SEQ_FG ? TC_COL_FG_END : TC_COL_BG_END);
data/zsh-5.8/Src/prompt.c:2133:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr, fg_bg_sequences[fg_bg].end);
data/zsh-5.8/Src/prototypes.h:73:7: [4] (tmpfile) mktemp:
Temporary file race condition (CWE-377).
char *mktemp _((char *));
data/zsh-5.8/Src/signals.c:1359:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "TRAP%s", sigs[sig]);
data/zsh-5.8/Src/string.c:40:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t, s);
data/zsh-5.8/Src/string.c:71:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t, s);
data/zsh-5.8/Src/string.c:84:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t, s);
data/zsh-5.8/Src/string.c:99:5: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(t, s);
data/zsh-5.8/Src/string.c:118:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr, s1);
data/zsh-5.8/Src/string.c:119:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr + l1, s2);
data/zsh-5.8/Src/string.c:120:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr + l1 + l2, s3);
data/zsh-5.8/Src/string.c:133:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr, s1);
data/zsh-5.8/Src/string.c:134:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr + l1, s2);
data/zsh-5.8/Src/string.c:135:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr + l1 + l2, s3);
data/zsh-5.8/Src/string.c:150:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr, s1);
data/zsh-5.8/Src/string.c:151:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr + l1, s2);
data/zsh-5.8/Src/string.c:164:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr, s1);
data/zsh-5.8/Src/string.c:165:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr + l1, s2);
data/zsh-5.8/Src/string.c:200:12: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
return strcat(realloc(base, strlen(base) + strlen(append) + 1), append);
data/zsh-5.8/Src/subst.c:417:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str2, str3);
data/zsh-5.8/Src/subst.c:418:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str2 + l1, s);
data/zsh-5.8/Src/subst.c:427:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str2, str3);
data/zsh-5.8/Src/subst.c:428:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str2 + l1, s);
data/zsh-5.8/Src/subst.c:429:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
str = strcpy(str2 + l1 + l2, str);
data/zsh-5.8/Src/subst.c:828:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dest, src);
data/zsh-5.8/Src/subst.c:833:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dest, s);
data/zsh-5.8/Src/subst.c:3740:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((*ap) + pre, tmp);
data/zsh-5.8/Src/subst.c:3783:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(val + pre, tmp);
data/zsh-5.8/Src/subst.c:3945:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(y, ostr);
data/zsh-5.8/Src/subst.c:3949:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*str, aval[0]);
data/zsh-5.8/Src/subst.c:3952:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*str, fstr);
data/zsh-5.8/Src/subst.c:4173:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(t, rest);
data/zsh-5.8/Src/text.c:104:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tpending + oldlen, "\n%s%s", str1, str2);
data/zsh-5.8/Src/text.c:107:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tpending, "%s%s", str1, str2);
data/zsh-5.8/Src/utils.c:714:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, nicechar((int)c));
data/zsh-5.8/Src/utils.c:822:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/%s", *pp, prog);
data/zsh-5.8/Src/utils.c:824:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(funmeta, F_OK) == 0 &&
data/zsh-5.8/Src/utils.c:957:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(xbuf, *pp);
data/zsh-5.8/Src/utils.c:973:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(xbuf, xbuf3);
data/zsh-5.8/Src/utils.c:976:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(xbuf + xbuflen + 1, xbuf3);
data/zsh-5.8/Src/utils.c:987:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(xbuf + len + 1, *pp);
data/zsh-5.8/Src/utils.c:1054:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(xbuflink, xbuf);
data/zsh-5.8/Src/utils.c:1204:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(finddir_full, s);
data/zsh-5.8/Src/utils.c:2226:20: [4] (tmpfile) mktemp:
Temporary file race condition (CWE-377).
ret = (char *) mktemp(ret);
data/zsh-5.8/Src/utils.c:3169:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(unmeta(guess), F_OK) == 0)
data/zsh-5.8/Src/utils.c:3213:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(u + (t - *s), best + preflen);
data/zsh-5.8/Src/utils.c:3217:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(u + 1, best);
data/zsh-5.8/Src/utils.c:4548:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/%s", dir, mindistguess);
data/zsh-5.8/Src/utils.c:4551:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mindistbest, mindistguess);
data/zsh-5.8/Src/utils.c:4566:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/%s", dir, fn);
data/zsh-5.8/Src/utils.c:4570:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mindistbest, fn);
data/zsh-5.8/Src/utils.c:6305:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outstr, "$'%s'", substr);
data/zsh-5.8/Src/zsh_system.h:464:10: [4] (misc) getlogin:
It's often easy to fool getlogin. Sometimes it does not work at all,
because some program messed up the utmp file. Often, it gives only the
first 8 characters of the login name. The user currently logged in on the
controlling tty of our program need not be the user who started it. Avoid
getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid())
and extract the desired information instead.
# define getlogin() cuserid(NULL)
data/zsh-5.8/Src/zsh_system.h:464:21: [4] (misc) cuserid:
Exactly what cuserid() does is poorly defined (e.g., some systems use the
effective uid, like Linux, while others like System V use the real uid).
Thus, you can't trust what it does. It's certainly not portable (The
cuserid function was included in the 1988 version of POSIX, but removed
from the 1990 version). Also, if passed a non-null parameter, there's a
risk of a buffer overflow if the passed-in buffer is not at least L_cuserid
characters long (CWE-120). Use getpwuid(geteuid()) and extract the desired
information instead.
# define getlogin() cuserid(NULL)
data/zsh-5.8/Src/Modules/mathfunc.c:503:9: [3] (random) seed48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
(void)seed48(seedbufptr);
data/zsh-5.8/Src/Modules/mathfunc.c:506:16: [3] (random) erand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ret.u.d = erand48(seedbufptr);
data/zsh-5.8/Src/hist.c:1965:13: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
(real = realpath(*junkptr, NULL))
data/zsh-5.8/Src/hist.c:1967:5: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
realpath(*junkptr, real)
data/zsh-5.8/Src/init.c:969:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned int)(shtimer.tv_sec + shtimer.tv_usec)); /* seed $RANDOM */
data/zsh-5.8/Src/params.c:4305:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned int)v);
data/zsh-5.8/Src/params.c:5151:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
return getenv(name);
data/zsh-5.8/Src/zsh_system.h:958:10: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
# define srand srand_deterministic
data/zsh-5.8/Src/Builtins/sched.c:164:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sn = atoi(arg);
data/zsh-5.8/Src/Builtins/sched.c:208:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[60], *flagstr, *endstr;
data/zsh-5.8/Src/Builtins/sched.c:352:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[40], *flagstr;
data/zsh-5.8/Src/Builtins/sched.c:357:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tbuf, "%lld", (long long)t);
data/zsh-5.8/Src/Builtins/sched.c:359:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tbuf, "%ld", (long)t);
data/zsh-5.8/Src/Modules/clone.c:49:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ttyfd = open(*args, O_RDWR|O_NOCTTY);
data/zsh-5.8/Src/Modules/clone.c:76:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cttyfd = open(*args, O_RDWR);
data/zsh-5.8/Src/Modules/clone.c:86:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cttyfd = open("/dev/tty", O_RDWR);
data/zsh-5.8/Src/Modules/curses.c:357:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
f = atoi(cp);
data/zsh-5.8/Src/Modules/curses.c:363:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
b = atoi(bg+1);
data/zsh-5.8/Src/Modules/curses.c:514:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nlines = atoi(args[1]);
data/zsh-5.8/Src/Modules/curses.c:515:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ncols = atoi(args[2]);
data/zsh-5.8/Src/Modules/curses.c:516:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
begin_y = atoi(args[3]);
data/zsh-5.8/Src/Modules/curses.c:517:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
begin_x = atoi(args[4]);
data/zsh-5.8/Src/Modules/curses.c:681:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
y = atoi(args[1]);
data/zsh-5.8/Src/Modules/curses.c:682:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
x = atoi(args[2]);
data/zsh-5.8/Src/Modules/curses.c:1042:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char instr[3];
data/zsh-5.8/Src/Modules/curses.c:1164:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digits[DIGBUFSIZE];
data/zsh-5.8/Src/Modules/curses.c:1180:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(digits, "%d", (int)mevent.id);
data/zsh-5.8/Src/Modules/curses.c:1182:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(digits, "%d", mevent.x);
data/zsh-5.8/Src/Modules/curses.c:1184:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(digits, "%d", mevent.y);
data/zsh-5.8/Src/Modules/curses.c:1186:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(digits, "%d", mevent.z);
data/zsh-5.8/Src/Modules/curses.c:1220:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fbuf[DIGBUFSIZE+1];
data/zsh-5.8/Src/Modules/curses.c:1231:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fbuf, "F%d", keypadnum - KEY_F0);
data/zsh-5.8/Src/Modules/curses.c:1234:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fbuf, "%d", keypadnum);
data/zsh-5.8/Src/Modules/curses.c:1348:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char **array, dbuf[DIGBUFSIZE];
data/zsh-5.8/Src/Modules/curses.c:1371:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dbuf, "%d", intarr[i]);
data/zsh-5.8/Src/Modules/curses.c:1398:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char instr[3];
data/zsh-5.8/Src/Modules/curses.c:1456:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digits[DIGBUFSIZE];
data/zsh-5.8/Src/Modules/curses.c:1457:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(digits, "%d", (int)cp);
data/zsh-5.8/Src/Modules/curses.c:1501:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
y = atoi(args[0]);
data/zsh-5.8/Src/Modules/curses.c:1502:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
x = atoi(args[1]);
data/zsh-5.8/Src/Modules/datetime.c:76:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[DIGBUFSIZE];
data/zsh-5.8/Src/Modules/datetime.c:222:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[DIGBUFSIZE];
data/zsh-5.8/Src/Modules/datetime.c:228:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%ld", (long)now.tv_sec);
data/zsh-5.8/Src/Modules/datetime.c:230:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%ld", (long)now.tv_nsec);
data/zsh-5.8/Src/Modules/db_gdbm.c:786:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to_return, work, sizeof(char)*my_new_len); /* memcpy handles $'\0' */
data/zsh-5.8/Src/Modules/files.c:387:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((ds.dirfd = open(".", O_RDONLY|O_NOCTTY)) < 0 &&
data/zsh-5.8/Src/Modules/files.c:389:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ds.dirfd = open("..", O_RDONLY|O_NOCTTY);
data/zsh-5.8/Src/Modules/mapfile.c:88:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(fd = open(name, O_RDWR|O_CREAT|O_NOCTTY, 0666)) >= 0 &&
data/zsh-5.8/Src/Modules/mapfile.c:97:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mmptr, value, len);
data/zsh-5.8/Src/Modules/mapfile.c:112:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fout = fopen(name, "w"))) {
data/zsh-5.8/Src/Modules/mapfile.c:178:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(fname, O_RDONLY | O_NOCTTY)) < 0 ||
data/zsh-5.8/Src/Modules/mapfile.c:199:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(fname, O_RDONLY | O_NOCTTY)) >= 0) {
data/zsh-5.8/Src/Modules/mathfunc.c:510:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outbuf[13];
data/zsh-5.8/Src/Modules/mathfunc.c:511:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outbuf, "%04x%04x%04x", (int)seedbufptr[0],
data/zsh-5.8/Src/Modules/parameter.c:419:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(h, "\n\t");
data/zsh-5.8/Src/Modules/parameter.c:421:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(h, " \"$@\"");
data/zsh-5.8/Src/Modules/parameter.c:497:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(pm.u.str, "\n\t");
data/zsh-5.8/Src/Modules/parameter.c:499:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(pm.u.str, " \"$@\"");
data/zsh-5.8/Src/Modules/parameter.c:1176:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (ok && (he = quietgethist(atoi(name))))
data/zsh-5.8/Src/Modules/parameter.c:1192:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[40];
data/zsh-5.8/Src/Modules/parameter.c:1262:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(ret, " | ");
data/zsh-5.8/Src/Modules/parameter.c:1301:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[40];
data/zsh-5.8/Src/Modules/parameter.c:1311:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", job);
data/zsh-5.8/Src/Modules/parameter.c:1329:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256], buf2[128], *ret, *state, *cp;
data/zsh-5.8/Src/Modules/parameter.c:1351:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf((state = buf2), "exit %d", (pn->status));
data/zsh-5.8/Src/Modules/parameter.c:1402:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[40];
data/zsh-5.8/Src/Modules/parameter.c:1412:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", job);
data/zsh-5.8/Src/Modules/parameter.c:1468:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[40];
data/zsh-5.8/Src/Modules/parameter.c:1478:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", job);
data/zsh-5.8/Src/Modules/parameter.c:2092:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[DIGBUFSIZE];
data/zsh-5.8/Src/Modules/parameter.c:2094:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", (int)gaptr->gid);
data/zsh-5.8/Src/Modules/parameter.c:2129:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[DIGBUFSIZE];
data/zsh-5.8/Src/Modules/parameter.c:2131:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", (int)gaptr->gid);
data/zsh-5.8/Src/Modules/pcre.c:173:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char offset_all[50];
data/zsh-5.8/Src/Modules/pcre.c:186:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(offset_all, "%d %d", ovec[0], ovec[1]);
data/zsh-5.8/Src/Modules/pcre.c:265:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[DIGBUFSIZE];
data/zsh-5.8/Src/Modules/regex.c:157:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[DIGBUFSIZE];
data/zsh-5.8/Src/Modules/socket.c:71:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
targetfd = atoi(OPT_ARG(ops,'d'));
data/zsh-5.8/Src/Modules/socket.c:152:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lfd = atoi(args[0]);
data/zsh-5.8/Src/Modules/stat.c:53:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outbuf, " (");
data/zsh-5.8/Src/Modules/stat.c:67:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pm[11];
data/zsh-5.8/Src/Modules/stat.c:135:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outbuf, "%lu", (unsigned long)uid);
data/zsh-5.8/Src/Modules/stat.c:137:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outbuf, " (");
data/zsh-5.8/Src/Modules/stat.c:151:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(optr, "%lu", (unsigned long)uid);
data/zsh-5.8/Src/Modules/stat.c:164:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outbuf, "%lu", (unsigned long)gid);
data/zsh-5.8/Src/Modules/stat.c:166:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outbuf, " (");
data/zsh-5.8/Src/Modules/stat.c:180:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(optr, "%lu", (unsigned long)gid);
data/zsh-5.8/Src/Modules/stat.c:194:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outbuf, "%ld", (unsigned long)tim);
data/zsh-5.8/Src/Modules/stat.c:196:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outbuf, " (");
data/zsh-5.8/Src/Modules/stat.c:213:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outbuf, "%lu", num);
data/zsh-5.8/Src/Modules/stat.c:556:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outbuf[PATH_MAX + 9]; /* "link " + link name + NULL */
data/zsh-5.8/Src/Modules/stat.c:562:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outbuf, "%d", fd);
data/zsh-5.8/Src/Modules/system.c:330:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
explicit = atoi(fdvar);
data/zsh-5.8/Src/Modules/system.c:371:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(*args, flags, perms);
data/zsh-5.8/Src/Modules/system.c:373:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(*args, flags);
data/zsh-5.8/Src/Modules/system.c:503:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num = atoi(*args);
data/zsh-5.8/Src/Modules/system.c:627:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((flock_fd = open(unmeta(args[0]), flags)) < 0) {
data/zsh-5.8/Src/Modules/system.c:765:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[DIGBUFSIZE];
data/zsh-5.8/Src/Modules/system.c:783:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", num);
data/zsh-5.8/Src/Modules/tcp.c:173:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char nbuf[16];
data/zsh-5.8/Src/Modules/tcp.c:176:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pbuf[INET6_ADDRSTRLEN];
data/zsh-5.8/Src/Modules/tcp.c:178:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pbuf[INET_ADDRSTRLEN];
data/zsh-5.8/Src/Modules/tcp.c:321:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(sess->peer.in6.sin6_addr), addrp, zhost->h_length);
data/zsh-5.8/Src/Modules/tcp.c:332:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(sess->peer.in.sin_addr), addrp, zhost->h_length);
data/zsh-5.8/Src/Modules/tcp.c:362:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
targetfd = atoi(OPT_ARG(ops,'d'));
data/zsh-5.8/Src/Modules/tcp.c:375:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
targetfd = atoi(args[0]);
data/zsh-5.8/Src/Modules/tcp.c:411:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lport = htons(atoi(args[0]));
data/zsh-5.8/Src/Modules/tcp.c:437:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[DIGBUFSIZE];
data/zsh-5.8/Src/Modules/tcp.c:482:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lfd = atoi(args[0]);
data/zsh-5.8/Src/Modules/tcp.c:627:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
destport = htons(atoi(args[1]));
data/zsh-5.8/Src/Modules/termcap.c:82:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s, buf[2048], *t, *u;
data/zsh-5.8/Src/Modules/termcap.c:132:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num = (argv[1]) ? atoi(argv[1]) : atoi(*argv);
data/zsh-5.8/Src/Modules/termcap.c:132:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num = (argv[1]) ? atoi(argv[1]) : atoi(*argv);
data/zsh-5.8/Src/Modules/termcap.c:133:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tputs(tgoto(t, num, atoi(*argv)), 1, putraw);
data/zsh-5.8/Src/Modules/termcap.c:147:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tcstr, buf[2048], *u, *nameu;
data/zsh-5.8/Src/Modules/termcap.c:204:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char **capcode, *tcstr, buf[2048], *u;
data/zsh-5.8/Src/Modules/terminfo.c:116:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pars[arg] = atoi(argv[arg]);
data/zsh-5.8/Src/Modules/zftp.c:116:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bytes[2];
data/zsh-5.8/Src/Modules/zftp.c:227:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *lastmsg, lastcodestr[4];
data/zsh-5.8/Src/Modules/zftp.c:559:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(line, "\r\n");
data/zsh-5.8/Src/Modules/zftp.c:704:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256], *ptr, *verbose;
data/zsh-5.8/Src/Modules/zftp.c:722:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lastcodestr, "000");
data/zsh-5.8/Src/Modules/zftp.c:729:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lastcode = atoi(lastcodestr);
data/zsh-5.8/Src/Modules/zftp.c:897:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char delim, portbuf[6], *pbp;
data/zsh-5.8/Src/Modules/zftp.c:917:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(portbuf, ptr, (end-ptr));
data/zsh-5.8/Src/Modules/zftp.c:930:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iaddr[4], iport[2];
data/zsh-5.8/Src/Modules/zftp.c:951:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&zdsockp->in.sin_addr, iaddr, sizeof(iaddr));
data/zsh-5.8/Src/Modules/zftp.c:952:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&zdsockp->in.sin_port, iport, sizeof(iport));
data/zsh-5.8/Src/Modules/zftp.c:970:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char portcmd[8+INET6_ADDRSTRLEN+9];
data/zsh-5.8/Src/Modules/zftp.c:972:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char portcmd[40];
data/zsh-5.8/Src/Modules/zftp.c:1015:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(portcmd, "EPRT |2|");
data/zsh-5.8/Src/Modules/zftp.c:1018:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(strchr(portcmd, 0), "|%u|\r\n",
data/zsh-5.8/Src/Modules/zftp.c:1025:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(portcmd, "PORT %d,%d,%d,%d,%d,%d\r\n",
data/zsh-5.8/Src/Modules/zftp.c:1250:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmbuf[20];
data/zsh-5.8/Src/Modules/zftp.c:1463:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lsbuf[ZF_BUFSIZE], *ascbuf = NULL, *optr;
data/zsh-5.8/Src/Modules/zftp.c:1642:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char msg[4] = { IAC, IP, IAC, SYNCH };
data/zsh-5.8/Src/Modules/zftp.c:1884:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pbuf[INET6_ADDRSTRLEN];
data/zsh-5.8/Src/Modules/zftp.c:1886:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pbuf[INET_ADDRSTRLEN];
data/zsh-5.8/Src/Modules/zftp.c:2005:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char instr[256], *strret;
data/zsh-5.8/Src/Modules/zftp.c:2121:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *user, tbuf[2] = "X";
data/zsh-5.8/Src/Modules/zftp.c:2428:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *str, nt, tbuf[2] = "A";
data/zsh-5.8/Src/Modules/zftp.c:3004:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullname[20] = "zftp ";
data/zsh-5.8/Src/Modules/zpty.c:196:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((mfd = open("/dev/ptmx", O_RDWR|O_NOCTTY)) < 0)
data/zsh-5.8/Src/Modules/zpty.c:208:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((sfd = open(name, O_RDWR
data/zsh-5.8/Src/Modules/zpty.c:267:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char name[11];
data/zsh-5.8/Src/Modules/zpty.c:272:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(name, "/dev/ptyxx");
data/zsh-5.8/Src/Modules/zpty.c:281:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((mfd = open(name, O_RDWR|O_NOCTTY)) >= 0) {
data/zsh-5.8/Src/Modules/zpty.c:290:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((sfd = open(name, O_RDWR|O_NOCTTY)) >= 0) {
data/zsh-5.8/Src/Modules/zpty.c:564:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, cmd->old, cmd->olen);
data/zsh-5.8/Src/Modules/zpty.c:681:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->old, buf, cmd->olen);
data/zsh-5.8/Src/Modules/zpty.c:751:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/zsh-5.8/Src/Modules/zselect.c:70:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char fdchar[3] = "rwe";
data/zsh-5.8/Src/Modules/zselect.c:197:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BDIGBUFSIZE];
data/zsh-5.8/Src/Modules/zutil.c:849:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, *outp, *olenp);
data/zsh-5.8/Src/Modules/zutil.c:854:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*outp + *ousedp, spec, outl);
data/zsh-5.8/Src/Modules/zutil.c:862:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*outp + *ousedp, spec, len);
data/zsh-5.8/Src/Modules/zutil.c:865:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*outp + *ousedp, spec, len);
data/zsh-5.8/Src/Modules/zutil.c:878:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, *outp, *olenp);
data/zsh-5.8/Src/Modules/zutil.c:882:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*outp + *ousedp, start, len);
data/zsh-5.8/Src/Modules/zutil.c:891:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, *outp, *olenp);
data/zsh-5.8/Src/Modules/zutil.c:916:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char **ap, *specs[256], *out;
data/zsh-5.8/Src/Modules/zutil.c:984:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + pre, args[1], sl);
data/zsh-5.8/Src/Modules/zutil.c:1001:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, copy, (cpp - copy));
data/zsh-5.8/Src/Modules/zutil.c:1011:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, args[1], sl);
data/zsh-5.8/Src/Modules/zutil.c:1016:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, copy, (cpp - copy));
data/zsh-5.8/Src/Modules/zutil.c:1133:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cp, "(#b)((#B)");
data/zsh-5.8/Src/Modules/zutil.c:1140:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cp, "(#B)");
data/zsh-5.8/Src/Modules/zutil.c:1152:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(st->guard, s + 1, l - 1);
data/zsh-5.8/Src/Modules/zutil.c:1160:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(st->action, s + 1, l - 1);
data/zsh-5.8/Src/Modules/zutil.c:1254:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(action, s + 1, l - 2);
data/zsh-5.8/Src/Modules/zutil.c:1360:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
len = atoi(mend[0]);
data/zsh-5.8/Src/Zle/compcore.c:548:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/zsh-5.8/Src/Zle/compcore.c:733:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(compiprefix, zlemetaline + parwb, l);
data/zsh-5.8/Src/Zle/compcore.c:736:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(compisuffix, zlemetaline + we, l);
data/zsh-5.8/Src/Zle/compcore.c:805:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", (*(minfo.cur))->gnum);
data/zsh-5.8/Src/Zle/compcore.c:871:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
insmnum = atoi(compinsert);
data/zsh-5.8/Src/Zle/compcore.c:876:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
insgnum = atoi(m + 1);
data/zsh-5.8/Src/Zle/compcore.c:896:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
insmnum = atoi(++p);
data/zsh-5.8/Src/Zle/compcore.c:901:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
insgnum = atoi(p + 1);
data/zsh-5.8/Src/Zle/compcore.c:1548:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 1, s, noffs);
data/zsh-5.8/Src/Zle/compcore.c:1833:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p+1, compqstack, tl);
data/zsh-5.8/Src/Zle/compcore.c:2464:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ibuf, dat->ppre, ppl);
data/zsh-5.8/Src/Zle/compcore.c:2790:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(apre, qipre, qipl);
data/zsh-5.8/Src/Zle/compcore.c:2792:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(apre + qipl, ipre, ipl);
data/zsh-5.8/Src/Zle/compcore.c:2794:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(apre + qipl + ipl, pre, pl);
data/zsh-5.8/Src/Zle/compcore.c:2796:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(apre + qipl + ipl + pl, ppre, ppl);
data/zsh-5.8/Src/Zle/compcore.c:2851:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_str, str, t - str);
data/zsh-5.8/Src/Zle/compctl.c:209:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nbuf[14];
data/zsh-5.8/Src/Zle/compctl.c:214:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nbuf, "%d", zlemetacs + 1);
data/zsh-5.8/Src/Zle/compctl.c:234:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nbuf[14];
data/zsh-5.8/Src/Zle/compctl.c:239:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nbuf, "%d", clwpos + 1);
data/zsh-5.8/Src/Zle/compctl.c:759:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cct.hnum = atoi((*argv) + 1);
data/zsh-5.8/Src/Zle/compctl.c:761:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cct.hnum = atoi(*++argv);
data/zsh-5.8/Src/Zle/compctl.c:1040:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
c->u.r.a[l] = atoi(tt);
data/zsh-5.8/Src/Zle/compctl.c:1054:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
c->u.r.b[l] = atoi(tt);
data/zsh-5.8/Src/Zle/compctl.c:1109:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
c->u.s.p[l] = atoi(tt);
data/zsh-5.8/Src/Zle/compctl.c:2142:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *) peekfirst(l)) && ((char *) peekfirst(l))[0])
data/zsh-5.8/Src/Zle/compctl.c:2158:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *n, p[PATH_MAX+1], *q = NULL, *e, *pathpref;
data/zsh-5.8/Src/Zle/compctl.c:2191:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, pathpref, pathpreflen+1);
data/zsh-5.8/Src/Zle/compctl.c:2225:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q, ums, umlen);
data/zsh-5.8/Src/Zle/compctl.c:2321:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[3];
data/zsh-5.8/Src/Zle/compctl.c:2830:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + sl + 1, s, noffs);
data/zsh-5.8/Src/Zle/compctl.c:3201:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lpre, s, lpl);
data/zsh-5.8/Src/Zle/complete.c:763:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dat.dummies = atoi(p + 1);
data/zsh-5.8/Src/Zle/complete.c:767:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dat.dummies = atoi(*argv);
data/zsh-5.8/Src/Zle/complete.c:1164:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
na = atoi(sa);
data/zsh-5.8/Src/Zle/complete.c:1165:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nb = (sb ? atoi(sb) : -1);
data/zsh-5.8/Src/Zle/complete.c:1177:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
na = atoi(sa);
data/zsh-5.8/Src/Zle/complete.c:1182:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
na = atoi(sa);
data/zsh-5.8/Src/Zle/complist.c:143:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char **patcols, *curiscols[MAX_POS];
data/zsh-5.8/Src/Zle/complist.c:228:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cols[MAX_POS + 1];
data/zsh-5.8/Src/Zle/complist.c:1067:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p, nc[2*DIGBUFSIZE + 12], nbuf[2*DIGBUFSIZE + 12];
data/zsh-5.8/Src/Zle/complist.c:1120:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nc, "%d", n);
data/zsh-5.8/Src/Zle/complist.c:1191:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nc, "%d/%d", (n ? mlastm : mselect),
data/zsh-5.8/Src/Zle/complist.c:1198:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nbuf, "%d/%d", (n ? mlastm : mselect),
data/zsh-5.8/Src/Zle/complist.c:1206:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nc, "%d/%d", ml + 1, listdat.nlines);
data/zsh-5.8/Src/Zle/complist.c:1212:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nbuf, "%d/%d", ml + 1, listdat.nlines);
data/zsh-5.8/Src/Zle/complist.c:1220:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(nc, "Bottom");
data/zsh-5.8/Src/Zle/complist.c:1222:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nc, "%d%%",
data/zsh-5.8/Src/Zle/complist.c:1225:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(nc, "Top");
data/zsh-5.8/Src/Zle/complist.c:1232:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(nc, "Bottom");
data/zsh-5.8/Src/Zle/complist.c:1234:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nc, "%2d%% ",
data/zsh-5.8/Src/Zle/complist.c:1237:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(nc, "Top ");
data/zsh-5.8/Src/Zle/complist.c:2219:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zlemetaline, sline, sll);
data/zsh-5.8/Src/Zle/complist.c:2232:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(status, "interactive: ");
data/zsh-5.8/Src/Zle/complist.c:2234:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(status, "...");
data/zsh-5.8/Src/Zle/complist.c:2239:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(status, "[]");
data/zsh-5.8/Src/Zle/complist.c:2242:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(status, "...");
data/zsh-5.8/Src/Zle/complist.c:2384:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char status[MAX_STATUS], *modeline = NULL;
data/zsh-5.8/Src/Zle/complist.c:2393:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(dat && dat->num < atoi(s))))) {
data/zsh-5.8/Src/Zle/complist.c:2680:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(s->info), &minfo, sizeof(struct menuinfo));
data/zsh-5.8/Src/Zle/complist.c:2754:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(saveline, zlemetaline, zlemetall);
data/zsh-5.8/Src/Zle/complist.c:2819:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(s->info), &minfo, sizeof(struct menuinfo));
data/zsh-5.8/Src/Zle/complist.c:2877:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&minfo, &(u->info), sizeof(struct menuinfo));
data/zsh-5.8/Src/Zle/complist.c:3306:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char insert[2];
data/zsh-5.8/Src/Zle/compmatch.c:199:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t, l, sizeof(*t));
data/zsh-5.8/Src/Zle/compmatch.c:342:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, matchbuf, matchbuflen);
data/zsh-5.8/Src/Zle/compmatch.c:356:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(matchbuf, w, wl);
data/zsh-5.8/Src/Zle/compmatch.c:358:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(matchbuf + matchbufadded, w, wl);
data/zsh-5.8/Src/Zle/compmatch.c:1187:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wpfx, matchbuf, wpl);
data/zsh-5.8/Src/Zle/compmatch.c:2054:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rp, convstr, convlen);
data/zsh-5.8/Src/Zle/compmatch.c:2485:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&omd, &md, sizeof(struct cmdata));
data/zsh-5.8/Src/Zle/compmatch.c:2494:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&md, &omd, sizeof(struct cmdata));
data/zsh-5.8/Src/Zle/compresult.c:469:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r, zlemetaline + ocs, i);
data/zsh-5.8/Src/Zle/compresult.c:493:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[40], *s;
data/zsh-5.8/Src/Zle/compresult.c:502:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, ":%ld", -p);
data/zsh-5.8/Src/Zle/compresult.c:505:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%ld", p);
data/zsh-5.8/Src/Zle/compresult.c:628:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lastprebr, zlemetaline + a, pcs - a);
data/zsh-5.8/Src/Zle/compresult.c:670:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lastpostbr, zlemetaline + brb, zlemetacs - brb);
data/zsh-5.8/Src/Zle/compresult.c:705:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oline, zlemetaline, zlemetall);
data/zsh-5.8/Src/Zle/compresult.c:714:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zlemetaline, oline, oll);
data/zsh-5.8/Src/Zle/compresult.c:785:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(old, zlemetaline + wb, we - wb);
data/zsh-5.8/Src/Zle/compresult.c:903:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mi, &minfo, sizeof(struct menuinfo));
data/zsh-5.8/Src/Zle/compresult.c:948:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&minfo, &mi, sizeof(struct menuinfo));
data/zsh-5.8/Src/Zle/compresult.c:1320:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lastbrbeg->str, zlemetaline + brpcs, l);
data/zsh-5.8/Src/Zle/compresult.c:2211:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "...");
data/zsh-5.8/Src/Zle/computil.c:497:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cd_state.maxmlen = atoi(mlen);
data/zsh-5.8/Src/Zle/computil.c:703:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pp, d, l);
data/zsh-5.8/Src/Zle/computil.c:756:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/zsh-5.8/Src/Zle/computil.c:758:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "-E%d", run->count);
data/zsh-5.8/Src/Zle/computil.c:777:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20], *p, *pp, *d;
data/zsh-5.8/Src/Zle/computil.c:780:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "-E%d", i);
data/zsh-5.8/Src/Zle/computil.c:804:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pp, d, l);
data/zsh-5.8/Src/Zle/computil.c:1888:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int n = atoi(x);
data/zsh-5.8/Src/Zle/computil.c:2044:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ca_laststate, &state, sizeof(state));
data/zsh-5.8/Src/Zle/computil.c:2287:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ca_laststate, &state, sizeof(state));
data/zsh-5.8/Src/Zle/computil.c:2319:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ca_laststate, &state, sizeof(state));
data/zsh-5.8/Src/Zle/computil.c:2336:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ca_laststate, &state, sizeof(state));
data/zsh-5.8/Src/Zle/computil.c:2432:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nbuf[40], *buf;
data/zsh-5.8/Src/Zle/computil.c:2477:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nbuf, "argument-%d", arg->num);
data/zsh-5.8/Src/Zle/computil.c:2605:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sp, &ca_laststate, sizeof(*sp));
data/zsh-5.8/Src/Zle/computil.c:2612:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ca_laststate, states, sizeof(*sp));
data/zsh-5.8/Src/Zle/computil.c:3414:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cv_laststate, &state, sizeof(state));
data/zsh-5.8/Src/Zle/computil.c:3545:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2];
data/zsh-5.8/Src/Zle/computil.c:3557:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2];
data/zsh-5.8/Src/Zle/computil.c:4054:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *dummy[2];
data/zsh-5.8/Src/Zle/computil.c:4104:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX2 + 1], *suf, *p;
data/zsh-5.8/Src/Zle/computil.c:4282:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, add, addlen);
data/zsh-5.8/Src/Zle/computil.c:4294:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, add, addlen);
data/zsh-5.8/Src/Zle/computil.c:4314:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, add, addlen);
data/zsh-5.8/Src/Zle/computil.c:4433:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, add, addlen);
data/zsh-5.8/Src/Zle/computil.c:4775:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *dpats[2];
data/zsh-5.8/Src/Zle/textobjects.c:246:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, chline, hptr - chline);
data/zsh-5.8/Src/Zle/textobjects.c:247:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p + (hptr - chline), linein, ll);
data/zsh-5.8/Src/Zle/textobjects.c:253:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, linein, ll);
data/zsh-5.8/Src/Zle/zle.h:115:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define ZS_memcpy memcpy
data/zsh-5.8/Src/Zle/zle_hist.c:740:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lastinsert, s, lastlen);
data/zsh-5.8/Src/Zle/zle_hist.c:1047:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*search, sbuf, sbptr);
data/zsh-5.8/Src/Zle/zle_hist.c:1196:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ibuf + NORM_PROMPT_POS, (dir == 1) ? "fwd" : "bck", 3);
data/zsh-5.8/Src/Zle/zle_hist.c:1261:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ibuf, INVALID_TEXT, BAD_TEXT_LEN);
data/zsh-5.8/Src/Zle/zle_hist.c:1410:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ibuf, nomatch == 2 ? INVALID_TEXT :FAILING_TEXT,
data/zsh-5.8/Src/Zle/zle_hist.c:1532:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ibuf, nomatch == 2 ? INVALID_TEXT : FAILING_TEXT,
data/zsh-5.8/Src/Zle/zle_hist.c:1549:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ibuf + NORM_PROMPT_POS,
data/zsh-5.8/Src/Zle/zle_hist.c:1609:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sbuf, previous_search, sbptr = previous_search_len);
data/zsh-5.8/Src/Zle/zle_hist.c:1611:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ibuf + NORM_PROMPT_POS, (dir == 1) ? "fwd" : "bck", 3);
data/zsh-5.8/Src/Zle/zle_keymap.c:336:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(kn, k, sizeof(*k));
data/zsh-5.8/Src/Zle/zle_keymap.c:363:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m[3];
data/zsh-5.8/Src/Zle/zle_keymap.c:388:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m[3];
data/zsh-5.8/Src/Zle/zle_keymap.c:559:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fs[3];
data/zsh-5.8/Src/Zle/zle_keymap.c:948:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m[3], *str;
data/zsh-5.8/Src/Zle/zle_keymap.c:1029:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m[3];
data/zsh-5.8/Src/Zle/zle_keymap.c:1240:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/zsh-5.8/Src/Zle/zle_keymap.c:1266:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "\33[%c", defchar);
data/zsh-5.8/Src/Zle/zle_keymap.c:1298:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[3], *ed;
data/zsh-5.8/Src/Zle/zle_main.c:191:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
mod_export char *zlenoargs[1] = { NULL };
data/zsh-5.8/Src/Zle/zle_main.c:725:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lwatch_fds, watch_fds, lnwatch*sizeof(struct watch_fd));
data/zsh-5.8/Src/Zle/zle_main.c:741:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BDIGBUFSIZE];
data/zsh-5.8/Src/Zle/zle_main.c:1068:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *args[2];
data/zsh-5.8/Src/Zle/zle_main.c:1510:3: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open("/dev/null", O_RDWR | O_NOCTTY); /* ignore failure */
data/zsh-5.8/Src/Zle/zle_main.c:1787:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((SHTTY = open(OPT_ISSET(ops,'t') ? OPT_ARG(ops,'t') : "/dev/tty",
data/zsh-5.8/Src/Zle/zle_misc.c:816:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[100];
data/zsh-5.8/Src/Zle/zle_misc.c:844:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, " (0%o, %u, 0x%x)", (unsigned int)c,
data/zsh-5.8/Src/Zle/zle_misc.c:848:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, " point %d of %d(%d%%) column %d", zlecs+1, zlell+1,
data/zsh-5.8/Src/Zle/zle_misc.c:954:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
zmod.mult = atoi(*args);
data/zsh-5.8/Src/Zle/zle_misc.c:1673:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/zsh-5.8/Src/Zle/zle_misc.c:1688:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", suffixfunclen);
data/zsh-5.8/Src/Zle/zle_params.c:1008:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, str, slen);
data/zsh-5.8/Src/Zle/zle_refresh.c:92:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define ZR_memcpy(d, s, l) memcpy((d), (s), (l)*sizeof(REFRESH_ELEMENT))
data/zsh-5.8/Src/Zle/zle_refresh.c:416:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digbuf1[DIGBUFSIZE], digbuf2[DIGBUFSIZE];
data/zsh-5.8/Src/Zle/zle_refresh.c:419:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(digbuf1, "%d", rhp->start);
data/zsh-5.8/Src/Zle/zle_refresh.c:420:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(digbuf2, "%d", rhp->end);
data/zsh-5.8/Src/Zle/zle_refresh.c:1381:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dispchars[11];
data/zsh-5.8/Src/Zle/zle_refresh.c:1389:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dispchars, "<%.02x>", c);
data/zsh-5.8/Src/Zle/zle_refresh.c:1393:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dispchars, "<%.08x>", (unsigned)*t);
data/zsh-5.8/Src/Zle/zle_refresh.c:1395:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dispchars, "<%.04x>", (unsigned)*t);
data/zsh-5.8/Src/Zle/zle_refresh.c:2362:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[DIGBUFSIZE], *str;
data/zsh-5.8/Src/Zle/zle_refresh.c:2368:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", arg);
data/zsh-5.8/Src/Zle/zle_refresh.c:2605:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dispchars[11];
data/zsh-5.8/Src/Zle/zle_refresh.c:2611:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dispchars, "<%.08x>", (unsigned)tmpline[t0]);
data/zsh-5.8/Src/Zle/zle_refresh.c:2613:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dispchars, "<%.04x>", (unsigned)tmpline[t0]);
data/zsh-5.8/Src/Zle/zle_thingy.c:728:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char skip_this_arg[2] = "x";
data/zsh-5.8/Src/Zle/zle_thingy.c:747:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
zmod.mult = atoi(num);
data/zsh-5.8/Src/Zle/zle_thingy.c:913:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_fds, watch_fds, i*sizeof(struct watch_fd));
data/zsh-5.8/Src/Zle/zle_thingy.c:916:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_fds+i, watch_fds+i+1,
data/zsh-5.8/Src/Zle/zle_tricky.c:373:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char rdstrbuf[20];
data/zsh-5.8/Src/Zle/zle_tricky.c:862:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zlemetaline, origline, origll);
data/zsh-5.8/Src/Zle/zle_tricky.c:939:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zlemetaline, *ptmp, zlemetacs);
data/zsh-5.8/Src/Zle/zle_tricky.c:1814:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, t, tlen);
data/zsh-5.8/Src/Zle/zle_tricky.c:1847:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zlemetaline + i, t, tlen);
data/zsh-5.8/Src/Zle/zle_tricky.c:2306:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zlemetaline, origline, origll);
data/zsh-5.8/Src/Zle/zle_tricky.c:2448:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nc, "%d", n);
data/zsh-5.8/Src/Zle/zle_utils.c:520:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outstr, instr, ll);
data/zsh-5.8/Src/Zle/zle_utils.c:1732:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *args[2];
data/zsh-5.8/Src/Zle/zle_vi.c:131:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m[3], *str;
data/zsh-5.8/Src/Zle/zleparameter.c:47:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t, "completion:");
data/zsh-5.8/Src/builtin.c:238:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newptr, ops->args, ops->argsalloc * sizeof(char *));
data/zsh-5.8/Src/builtin.c:1006:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[PATH_MAX+1];
data/zsh-5.8/Src/builtin.c:1691:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((cmd = atoi(s)) != 0 || *s == '0') {
data/zsh-5.8/Src/builtin.c:1776:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[DIGBUFSIZE];
data/zsh-5.8/Src/builtin.c:1825:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[DIGBUFSIZE];
data/zsh-5.8/Src/builtin.c:3031:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *fargv[3];
data/zsh-5.8/Src/builtin.c:3059:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *spec_path[2];
data/zsh-5.8/Src/builtin.c:3156:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX+1];
data/zsh-5.8/Src/builtin.c:3279:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newsh, shf, sizeof(*newsh));
data/zsh-5.8/Src/builtin.c:3764:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *arr[2];
data/zsh-5.8/Src/builtin.c:4898:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ent->words, words, nwords*sizeof(short));
data/zsh-5.8/Src/builtin.c:5472:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, pparams, (l - num) * sizeof(char *));
data/zsh-5.8/Src/builtin.c:5477:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, pparams + num, (l - num + 1) * sizeof(char *));
data/zsh-5.8/Src/builtin.c:5505:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *str, optbuf[2] = " ", *p, opch;
data/zsh-5.8/Src/builtin.c:6054:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char saveopts[OPT_SIZE], new_opts[OPT_SIZE];
data/zsh-5.8/Src/builtin.c:6096:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmdopts, opts, OPT_SIZE);
data/zsh-5.8/Src/builtin.c:6117:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(saveopts, opts, sizeof(opts));
data/zsh-5.8/Src/builtin.c:6118:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_opts, opts, sizeof(opts));
data/zsh-5.8/Src/builtin.c:6275:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((SHTTY = open("/dev/tty", O_RDWR|O_NOCTTY)) != -1) {
data/zsh-5.8/Src/compat.c:319:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nbuf[PATH_MAX+3];
data/zsh-5.8/Src/compat.c:336:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(nbuf, "../");
data/zsh-5.8/Src/compat.c:432:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newbuf + bufsiz, buf, bufsiz);
data/zsh-5.8/Src/compat.c:437:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + pos, nbuf + 2, len);
data/zsh-5.8/Src/compat.c:559:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
currdir = open(".", O_RDONLY|O_NOCTTY);
data/zsh-5.8/Src/compat.c:598:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char llbuf[DIGBUFSIZE];
data/zsh-5.8/Src/cond.c:36:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *condstr[COND_MOD] = {
data/zsh-5.8/Src/cond.c:73:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *left, *right, *overridename, overridebuf[13];
data/zsh-5.8/Src/cond.c:134:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *sbuf[3];
data/zsh-5.8/Src/cond.c:442:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return !faccessx(atoi(s + 8), c, ACC_SELF);
data/zsh-5.8/Src/cond.c:459:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (fstat(atoi(s + 8), &st))
data/zsh-5.8/Src/exec.c:47:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char opts[OPT_SIZE];
data/zsh-5.8/Src/exec.c:424:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char list_pipe_text[JOBTEXTSIZE];
data/zsh-5.8/Src/exec.c:468:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[PATH_MAX * 2+1];
data/zsh-5.8/Src/exec.c:496:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char execvebuf[POUNDBANGLIMIT + 1], *ptr, *ptr2, *argv0;
data/zsh-5.8/Src/exec.c:499:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(pth, O_RDONLY|O_NOCTTY)) >= 0) {
data/zsh-5.8/Src/exec.c:655:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXCMDLEN+1], buf2[MAXCMDLEN+1];
data/zsh-5.8/Src/exec.c:736:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pbuf[PATH_MAX+1];
data/zsh-5.8/Src/exec.c:756:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nn[PATH_MAX+1], *dptr;
data/zsh-5.8/Src/exec.c:827:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *z, *s, buf[MAXCMDLEN];
data/zsh-5.8/Src/exec.c:849:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nn[PATH_MAX+1];
data/zsh-5.8/Src/exec.c:902:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullnam[MAXCMDLEN];
data/zsh-5.8/Src/exec.c:940:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s, buf[PATH_MAX+1];
data/zsh-5.8/Src/exec.c:1030:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (open("/dev/null", O_RDWR | O_NOCTTY)) {
data/zsh-5.8/Src/exec.c:2148:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(unmeta(f->name),
data/zsh-5.8/Src/exec.c:2152:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(unmeta(f->name),
data/zsh-5.8/Src/exec.c:2160:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(unmeta(f->name), O_WRONLY | O_NOCTTY)) != -1) {
data/zsh-5.8/Src/exec.c:2180:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[TCBUFSIZE];
data/zsh-5.8/Src/exec.c:2384:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
mfds[fd1] = hrealloc((char *)mfds[fd1], old, new);
data/zsh-5.8/Src/exec.c:3144:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s, "ARGV0=");
data/zsh-5.8/Src/exec.c:3657:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fil = open(unmeta(fn->name), O_RDONLY | O_NOCTTY);
data/zsh-5.8/Src/exec.c:3659:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fil = open(unmeta(fn->name),
data/zsh-5.8/Src/exec.c:3776:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fdstr[DIGBUFSIZE];
data/zsh-5.8/Src/exec.c:3781:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fdstr, "%d", fn->fd2);
data/zsh-5.8/Src/exec.c:3794:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fil = open(unmeta(fn->name),
data/zsh-5.8/Src/exec.c:4540:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(s, O_RDONLY | O_NOCTTY);
data/zsh-5.8/Src/exec.c:4601:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((stream = open(unmeta(s), O_RDONLY | O_NOCTTY)) == -1) {
data/zsh-5.8/Src/exec.c:4668:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *buf, *bufptr, *ptr, inbuf[64];
data/zsh-5.8/Src/exec.c:4704:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pp, buf, cnt - 1);
data/zsh-5.8/Src/exec.c:4803:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(nam, O_WRONLY | O_CREAT | O_EXCL | O_NOCTTY, 0600)) < 0) {
data/zsh-5.8/Src/exec.c:4921:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(pnam, out ? O_WRONLY | O_NOCTTY : O_RDONLY | O_NOCTTY);
data/zsh-5.8/Src/exec.c:5216:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prog->prog, state->pc, plen);
data/zsh-5.8/Src/exec.c:5217:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prog->strs, state->strs + sbeg, nstrs);
data/zsh-5.8/Src/exec.c:5347:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newsticky->on_opts, src->on_opts, sz);
data/zsh-5.8/Src/exec.c:5353:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newsticky->off_opts, src->off_opts, sz);
data/zsh-5.8/Src/exec.c:5531:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *spec_path[2];
data/zsh-5.8/Src/exec.c:5703:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(funcsave->pipestats, pipestats, bytes);
data/zsh-5.8/Src/exec.c:5722:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(funcsave->opts, opts, sizeof(opts));
data/zsh-5.8/Src/exec.c:5927:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pipestats, funcsave->pipestats, sizeof(int)*numpipestats);
data/zsh-5.8/Src/exec.c:5978:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ou, zunderscore, underscoreused);
data/zsh-5.8/Src/exec.c:6024:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char **pp, buf[PATH_MAX+1];
data/zsh-5.8/Src/exec.c:6045:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!access(buf, R_OK) && (fd = open(buf, O_RDONLY | O_NOCTTY)) != -1) {
data/zsh-5.8/Src/exec.c:6153:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret->prog, pc, plen);
data/zsh-5.8/Src/exec.c:6154:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret->strs, prog->strs + sbeg, nstrs);
data/zsh-5.8/Src/exec.c:6178:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[PATH_MAX+1], **cp;
data/zsh-5.8/Src/glob.c:229:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(N), &curglobdata, sizeof(struct globdata)); \
data/zsh-5.8/Src/glob.c:242:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&curglobdata, &(N), sizeof(struct globdata)); \
data/zsh-5.8/Src/glob.c:286:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX+1];
data/zsh-5.8/Src/glob.c:303:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[1];
data/zsh-5.8/Src/glob.c:338:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf2, &buf, sizeof(buf));
data/zsh-5.8/Src/glob.c:370:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf2, &buf, sizeof(buf));
data/zsh-5.8/Src/glob.c:412:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf2, &buf, sizeof(buf));
data/zsh-5.8/Src/glob.c:634:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(subdirs + subdirlen, (char *)&errsfound,
data/zsh-5.8/Src/glob.c:655:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&errsfound, fn, sizeof(int));
data/zsh-5.8/Src/glob.c:2286:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, str3, strp);
data/zsh-5.8/Src/glob.c:2287:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p + strp, ncptr, nclen);
data/zsh-5.8/Src/glob.c:2291:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, str3, strp);
data/zsh-5.8/Src/glob.c:2292:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p + strp, "%c", cend);
data/zsh-5.8/Src/glob.c:2368:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p + strp, "%0*lld", minw, rend);
data/zsh-5.8/Src/glob.c:2370:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p + strp, "%0*ld", minw, (long)rend);
data/zsh-5.8/Src/glob.c:2386:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ccl[256], *p;
data/zsh-5.8/Src/glob.c:2425:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, str3, pl);
data/zsh-5.8/Src/glob.c:2509:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80], *r, *p, *rr, *replstr = imd->replstr;
data/zsh-5.8/Src/glob.c:2550:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d ", MB_METASTRLEN2END(imd->mstr, 0, imd->mstr+b) + 1);
data/zsh-5.8/Src/glob.c:2555:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf + bl, "%d ",
data/zsh-5.8/Src/glob.c:2561:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf + bl, "%d ", MB_METASTRLEN2END(imd->mstr+b, 0,
data/zsh-5.8/Src/glob.c:3163:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t, s + i, rd->b - i);
data/zsh-5.8/Src/glob.c:3170:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t, s + i, l - i);
data/zsh-5.8/Src/glob.c:3467:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t, s + i, rd->b - i);
data/zsh-5.8/Src/glob.c:3474:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t, s + i, l - i);
data/zsh-5.8/Src/glob.c:3878:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *tmparr[2];
data/zsh-5.8/Src/hashnameddir.c:110:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char name[40], dir[PATH_MAX + 1];
data/zsh-5.8/Src/hashnameddir.c:116:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, ec[0].ec_value.ec_value_val, nl);
data/zsh-5.8/Src/hashnameddir.c:118:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dir, ec[5].ec_value.ec_value_val, dl);
data/zsh-5.8/Src/hashnameddir.c:158:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ], *p, *d, *de;
data/zsh-5.8/Src/hashnameddir.c:162:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char domain[YPMAXDOMAIN];
data/zsh-5.8/Src/hashnameddir.c:197:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((pwf = fopen(PASSWD_FILE, "r")) != NULL) {
data/zsh-5.8/Src/hashtable.c:1558:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dcnew, dircache, ind * sizeof(*dcnew));
data/zsh-5.8/Src/hashtable.c:1560:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dcnew + ind, dcptr + 1,
data/zsh-5.8/Src/hist.c:1604:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(he->words, chwords, chwordpos * sizeof(short));
data/zsh-5.8/Src/hist.c:1934:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *lastpos, *nonreal, pathbuf[PATH_MAX+1];
data/zsh-5.8/Src/hist.c:2642:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((in = fopen(unmeta(fn), "r"))) {
data/zsh-5.8/Src/hist.c:2765:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(he->words, words, nwordpos*sizeof(short));
data/zsh-5.8/Src/hist.c:2821:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((flock_fd = open(unmeta(fn), O_RDWR | O_NOCTTY)) < 0)
data/zsh-5.8/Src/hist.c:2855:15: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
char *t, *tmpfile, *start = NULL;
data/zsh-5.8/Src/hist.c:2896:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(unmeta(fn), O_CREAT | O_WRONLY | O_APPEND | O_NOCTTY, 0600);
data/zsh-5.8/Src/hist.c:2900:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(unmeta(fn), O_CREAT | O_WRONLY | O_TRUNC | O_NOCTTY, 0600);
data/zsh-5.8/Src/hist.c:2905:13: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (unlink(tmpfile) < 0 && errno != ENOENT)
data/zsh-5.8/Src/hist.c:2917:8: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
free(tmpfile);
data/zsh-5.8/Src/hist.c:2929:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(tmpfile, O_CREAT | O_WRONLY | O_EXCL, 0600);
data/zsh-5.8/Src/hist.c:2929:17: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
int fd = open(tmpfile, O_CREAT | O_WRONLY | O_EXCL, 0600);
data/zsh-5.8/Src/hist.c:3024:10: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (tmpfile) {
data/zsh-5.8/Src/hist.c:3025:14: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (rename(tmpfile, unmeta(fn)) < 0) {
data/zsh-5.8/Src/hist.c:3066:6: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (tmpfile)
data/zsh-5.8/Src/hist.c:3071:9: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (tmpfile)
data/zsh-5.8/Src/hist.c:3072:7: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
free(tmpfile);
data/zsh-5.8/Src/hist.c:3130:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pidbuf[32], *lnk;
data/zsh-5.8/Src/hist.c:3132:8: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
char *tmpfile;
data/zsh-5.8/Src/hist.c:3146:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pidbuf, "/pid-%ld/host-", (long)mypid);
data/zsh-5.8/Src/hist.c:3172:32: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if ((fd = gettempfile(fn, 0, &tmpfile)) >= 0) {
data/zsh-5.8/Src/hist.c:3179:18: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
while (link(tmpfile, lockfile) < 0) {
data/zsh-5.8/Src/hist.c:3200:13: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
unlink(tmpfile);
data/zsh-5.8/Src/hist.c:3201:11: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
free(tmpfile);
data/zsh-5.8/Src/hist.c:3205:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
while ((fd = open(lockfile, O_WRONLY|O_CREAT|O_EXCL, 0644)) < 0) {
data/zsh-5.8/Src/hist.c:3349:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, buf, l);
data/zsh-5.8/Src/hist.c:3373:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, chline, hptr - chline);
data/zsh-5.8/Src/hist.c:3374:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p + (hptr - chline), linein, ll);
data/zsh-5.8/Src/hist.c:3388:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, linein, ll);
data/zsh-5.8/Src/hist.c:3497:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[20];
data/zsh-5.8/Src/init.c:71:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
mod_export char *tcstr[TC_COUNT];
data/zsh-5.8/Src/init.c:571:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char outbuf[BUFSIZ], errbuf[BUFSIZ];
data/zsh-5.8/Src/init.c:619:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SHTTY = movefd(open(ttystrname, O_RDWR | O_NOCTTY));
data/zsh-5.8/Src/init.c:660:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(SHTTY = movefd(open("/dev/tty", O_RDWR | O_NOCTTY))) != -1) {
data/zsh-5.8/Src/init.c:707:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char shoutbuf[BUFSIZ];
data/zsh-5.8/Src/init.c:740:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *tccapnams[TC_COUNT] = {
data/zsh-5.8/Src/init.c:767:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char termbuf[2048]; /* the termcap buffer */
data/zsh-5.8/Src/init.c:792:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[1024], *pp;
data/zsh-5.8/Src/init.c:805:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
tcstr[t0] = (char *) zalloc(tclen[t0] + 1);
data/zsh-5.8/Src/init.c:806:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tcstr[t0], pp, tclen[t0] + 1);
data/zsh-5.8/Src/init.c:1207:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(SHIN = movefd(open(funmeta, O_RDONLY | O_NOCTTY)))
data/zsh-5.8/Src/init.c:1381:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SHIN = movefd(open("/dev/null", O_RDONLY | O_NOCTTY));
data/zsh-5.8/Src/init.c:1416:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(tempfd = movefd(open(us, O_RDONLY | O_NOCTTY))) == -1)) {
data/zsh-5.8/Src/input.c:142:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/zsh-5.8/Src/input.c:163:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(line + ll, buf, p - buf);
data/zsh-5.8/Src/input.c:176:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(line + ll, buf, p - buf);
data/zsh-5.8/Src/input.c:361:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(inbuf, oinbuf, oldlen);
data/zsh-5.8/Src/input.c:494:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(in = fopen(unmeta(fn), "r"))) {
data/zsh-5.8/Src/jobs.c:420:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pipestats, jpipestats, sizeof(int)*i);
data/zsh-5.8/Src/jobs.c:1706:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oldjobtab, jobtab, sz);
data/zsh-5.8/Src/jobs.c:1934:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
jobnum = atoi(s);
data/zsh-5.8/Src/jobs.c:2261:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hackzero, *argv, len);
data/zsh-5.8/Src/jobs.c:2359:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pid_t pid = (long)atoi(*argv);
data/zsh-5.8/Src/jobs.c:2511:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20], *pids = "";
data/zsh-5.8/Src/jobs.c:2517:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " -%d", pn->pid);
data/zsh-5.8/Src/jobs.c:2521:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " %d", pn->pid);
data/zsh-5.8/Src/jobs.c:2525:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " %d", pn->pid);
data/zsh-5.8/Src/jobs.c:2529:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " -%d", jobtab[job].gleader);
data/zsh-5.8/Src/jobs.c:2749:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int pid = atoi(*argv);
data/zsh-5.8/Src/jobs.c:2780:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
x = atoi(s);
data/zsh-5.8/Src/jobs.c:2831:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[20];
data/zsh-5.8/Src/lex.c:171:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
mod_export char *tokstrings[WHILE + 1] = {
data/zsh-5.8/Src/lex.c:406:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char lexact1[256], lexact2[256], lextok2[256];
data/zsh-5.8/Src/lex.c:1683:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, tokstr, toklen);
data/zsh-5.8/Src/lex.c:1775:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, t, tlen);
data/zsh-5.8/Src/loop.c:309:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(str);
data/zsh-5.8/Src/math.c:1071:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BDIGBUFSIZE];
data/zsh-5.8/Src/mem.c:733:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, p, old);
data/zsh-5.8/Src/mem.c:820:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hnew, h, h->size);
data/zsh-5.8/Src/mem.c:870:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t, p, old > new ? new : old);
data/zsh-5.8/Src/mem.c:1706:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r, (char *)p, (size > l) ? l : size);
data/zsh-5.8/Src/mem.c:1743:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *b, *c, buf[40];
data/zsh-5.8/Src/mem.c:1813:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%ld %ld %ld", (long)(M_SNUM - ms->used),
data/zsh-5.8/Src/module.c:1459:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *dlerrstr[256];
data/zsh-5.8/Src/module.c:1579:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX + 1];
data/zsh-5.8/Src/module.c:2030:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *arg[2];
data/zsh-5.8/Src/options.c:46:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
mod_export char opts[OPT_SIZE];
data/zsh-5.8/Src/options.c:914:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[LAST_OPT - FIRST_OPT + 2];
data/zsh-5.8/Src/params.c:792:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50], *str, *iname, *ivalue, *hostnam;
data/zsh-5.8/Src/params.c:853:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_environ, environ, envsize);
data/zsh-5.8/Src/params.c:914:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", (int)++shlvl);
data/zsh-5.8/Src/params.c:2164:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BDIGBUFSIZE];
data/zsh-5.8/Src/params.c:2171:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", v->start);
data/zsh-5.8/Src/params.c:2246:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, t, t0);
data/zsh-5.8/Src/params.c:2316:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t, s, preflen);
data/zsh-5.8/Src/params.c:2317:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t + preflen + fwidth,
data/zsh-5.8/Src/params.c:2381:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[DIGBUFSIZE];
data/zsh-5.8/Src/params.c:2384:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", v->start);
data/zsh-5.8/Src/params.c:2479:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BDIGBUFSIZE], *val;
data/zsh-5.8/Src/params.c:2600:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(z + v->start, val, vlen);
data/zsh-5.8/Src/params.c:2681:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BDIGBUFSIZE], *p;
data/zsh-5.8/Src/params.c:3216:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new+1, val, sizeof(char *) * (lv + 1));
data/zsh-5.8/Src/params.c:3573:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BDIGBUFSIZE];
data/zsh-5.8/Src/params.c:4120:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sepbuf[3];
data/zsh-5.8/Src/params.c:4759:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[2];
data/zsh-5.8/Src/params.c:4799:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[4];
data/zsh-5.8/Src/params.c:4987:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[DIGBUFSIZE], **p;
data/zsh-5.8/Src/params.c:4991:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", *q);
data/zsh-5.8/Src/params.c:5009:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pipestats[i] = atoi(*x);
data/zsh-5.8/Src/params.c:5330:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "0x");
data/zsh-5.8/Src/params.c:5334:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "%d#", base);
data/zsh-5.8/Src/params.c:5394:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(retptr, s, len - ndigits);
data/zsh-5.8/Src/params.c:5946:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2];
data/zsh-5.8/Src/parse.c:503:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p + s->aoffs, s->str, strlen(s->str) + 1);
data/zsh-5.8/Src/parse.c:534:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret->prog, ecbuf, ecused * sizeof(wordcode));
data/zsh-5.8/Src/parse.c:2717:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r->prog, p->prog, r->len - (p->npats * sizeof(Patprog)));
data/zsh-5.8/Src/parse.c:2780:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[4];
data/zsh-5.8/Src/parse.c:2816:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[4];
data/zsh-5.8/Src/parse.c:3184:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(name, O_RDONLY)) < 0) {
data/zsh-5.8/Src/parse.c:3223:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(head, buf, (FD_PRELEN + 1) * sizeof(wordcode));
data/zsh-5.8/Src/parse.c:3330:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((dfd = open(dump, O_WRONLY|O_CREAT, 0444)) < 0) {
data/zsh-5.8/Src/parse.c:3347:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(*files, O_RDONLY)) < 0 ||
data/zsh-5.8/Src/parse.c:3466:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((dfd = open(dump, O_WRONLY|O_CREAT, 0444)) < 0) {
data/zsh-5.8/Src/parse.c:3623:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(dump, O_RDONLY)) < 0)
data/zsh-5.8/Src/parse.c:3841:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(file, O_RDONLY)) < 0 ||
data/zsh-5.8/Src/pattern.c:248:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char zpc_chars[ZPC_COUNT] = {
data/zsh-5.8/Src/pattern.c:258:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
mod_export const char *zpc_strings[ZPC_COUNT] = {
data/zsh-5.8/Src/pattern.c:268:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
mod_export char zpc_disables[ZPC_COUNT];
data/zsh-5.8/Src/pattern.c:289:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zpc_special[ZPC_COUNT];
data/zsh-5.8/Src/pattern.c:462:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zpc_special, zpc_chars, ZPC_COUNT);
data/zsh-5.8/Src/pattern.c:728:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)newp, (char *)p, patsize);
data/zsh-5.8/Src/pattern.c:732:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)newp, (char *)p, patsize);
data/zsh-5.8/Src/pattern.c:1211:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outstr, "[:");
data/zsh-5.8/Src/pattern.c:1213:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outstr, found, newlen);
data/zsh-5.8/Src/pattern.c:1215:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outstr, ":]");
data/zsh-5.8/Src/pattern.c:1865:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *patbeginp[NSUBEXP]; /* Pointer to backref beginnings */
data/zsh-5.8/Src/pattern.c:1866:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *patendp[NSUBEXP]; /* Pointer to backref ends */
data/zsh-5.8/Src/pattern.c:2558:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numbuf[DIGBUFSIZE];
data/zsh-5.8/Src/pattern.c:2579:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(numbuf, "%ld",
data/zsh-5.8/Src/pattern.c:2584:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(numbuf, "%ld",
data/zsh-5.8/Src/pattern.c:2809:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&from, start, sizeof(zrange_t));
data/zsh-5.8/Src/pattern.c:2817:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&to, start, sizeof(zrange_t));
data/zsh-5.8/Src/prompt.c:47:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *cmdnames[CS_COUNT] = {
data/zsh-5.8/Src/prompt.c:481:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bv->bp, "%d", numjobs);
data/zsh-5.8/Src/prompt.c:712:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bv->bp, "%lld", shlvl);
data/zsh-5.8/Src/prompt.c:714:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bv->bp, "%ld", (long)shlvl);
data/zsh-5.8/Src/prompt.c:721:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bv->bp, "%lld", lastval);
data/zsh-5.8/Src/prompt.c:723:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bv->bp, "%ld", (long)lastval);
data/zsh-5.8/Src/prompt.c:816:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bv->bp, "%d", depth);
data/zsh-5.8/Src/prompt.c:834:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bv->bp, "%lld", flineno);
data/zsh-5.8/Src/prompt.c:836:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bv->bp, "%ld", (long)flineno);
data/zsh-5.8/Src/prompt.c:846:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bv->bp, "%lld", lineno);
data/zsh-5.8/Src/prompt.c:848:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bv->bp, "%ld", (long)lineno);
data/zsh-5.8/Src/prompt.c:1791:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
atrlen += buf ? sprintf(ptr, "#%02x%02x%02x", colour >> 16,
data/zsh-5.8/Src/prompt.c:1800:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digbuf[DIGBUFSIZE];
data/zsh-5.8/Src/prompt.c:1801:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(digbuf, "%d", colour);
data/zsh-5.8/Src/prompt.c:1880:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ptr, "none");
data/zsh-5.8/Src/prompt.c:2124:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ptr += sprintf(ptr, "8;2;%d;%d;%d", colour >> 16,
data/zsh-5.8/Src/prompt.c:2127:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ptr += sprintf(ptr, "%d", colour);
data/zsh-5.8/Src/prototypes.h:133:13: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
extern void bcopy _((const void *, void *, size_t));
data/zsh-5.8/Src/signals.c:1295:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *name, num[4];
data/zsh-5.8/Src/signals.c:1362:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(num, "%d", sig);
data/zsh-5.8/Src/sort.c:296:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, metaptr - src);
data/zsh-5.8/Src/string.c:55:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t, s, len);
data/zsh-5.8/Src/string.c:177:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r, s, len);
data/zsh-5.8/Src/string.c:189:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r, s, len);
data/zsh-5.8/Src/subst.c:59:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char marker[2] = { Marker, '\0' };
data/zsh-5.8/Src/subst.c:60:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char marker_plus[3] = { Marker, '+', '\0' };
data/zsh-5.8/Src/subst.c:264:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sptr, str3, str3len);
data/zsh-5.8/Src/subst.c:268:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sptr, subst, sublen);
data/zsh-5.8/Src/subst.c:272:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sptr, rest, restlen);
data/zsh-5.8/Src/subst.c:1500:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[11];
data/zsh-5.8/Src/subst.c:1503:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "\\U%.8x", (unsigned int)ires & 0xFFFFFFFFu);
data/zsh-5.8/Src/subst.c:1511:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ptr, "%c", (int)ires);
data/zsh-5.8/Src/subst.c:2972:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *arr[2], **t, **a, **p;
data/zsh-5.8/Src/subst.c:3521:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[14];
data/zsh-5.8/Src/subst.c:3546:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%ld", len);
data/zsh-5.8/Src/subst.c:4155:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BDIGBUFSIZE], *b;
data/zsh-5.8/Src/text.c:161:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, s, sl);
data/zsh-5.8/Src/text.c:317:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char jbuf[JOBTEXTSIZE];
data/zsh-5.8/Src/text.c:947:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c2[4];
data/zsh-5.8/Src/utils.c:261:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(file = fopen(filename, "a")) != NULL) {
data/zsh-5.8/Src/utils.c:294:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[ERRBUFSIZE];
data/zsh-5.8/Src/utils.c:321:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, str, num);
data/zsh-5.8/Src/utils.c:457:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/zsh-5.8/Src/utils.c:524:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[10];
data/zsh-5.8/Src/utils.c:706:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "\\U%.8x", (unsigned int)c);
data/zsh-5.8/Src/utils.c:710:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "\\u%.4x", (unsigned int)c);
data/zsh-5.8/Src/utils.c:881:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char xbuf[PATH_MAX*2+1];
data/zsh-5.8/Src/utils.c:920:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xbuf2[PATH_MAX*3+1], xbuf3[PATH_MAX*2+1];
data/zsh-5.8/Src/utils.c:950:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xbuf2, xbuf, xbuflen);
data/zsh-5.8/Src/utils.c:952:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xbuf2 + xbuflen + 1, *pp, pplen);
data/zsh-5.8/Src/utils.c:1047:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xbuflink[PATH_MAX+1];
data/zsh-5.8/Src/utils.c:1534:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arrnam, name, namlen);
data/zsh-5.8/Src/utils.c:1535:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arrnam + namlen, HOOK_SUFFIX, HOOK_SUFFIX_LEN);
data/zsh-5.8/Src/utils.c:1645:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *x[2];
data/zsh-5.8/Src/utils.c:1688:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX * 2 + 1], **arr, **ap;
data/zsh-5.8/Src/utils.c:1726:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(usav, zunderscore, underscoreused);
data/zsh-5.8/Src/utils.c:2213:7: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
fd = mkstemp(ret);
data/zsh-5.8/Src/utils.c:2255:10: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
fd = mkstemp(fn);
data/zsh-5.8/Src/utils.c:2271:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(fn, O_RDWR | O_CREAT | O_EXCL, 0600)) >= 0)
data/zsh-5.8/Src/utils.c:3186:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bestcd[PATH_MAX + 1];
data/zsh-5.8/Src/utils.c:3332:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
digs = atoi(dstart);
data/zsh-5.8/Src/utils.c:3378:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%0*ld", digs, fnsec);
data/zsh-5.8/Src/utils.c:3444:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%09ld", nsec);
data/zsh-5.8/Src/utils.c:3470:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", year);
data/zsh-5.8/Src/utils.c:3869:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sepbuf[2];
data/zsh-5.8/Src/utils.c:3999:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arrnam, name, namlen);
data/zsh-5.8/Src/utils.c:4000:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arrnam + namlen, HOOK_SUFFIX, HOOK_SUFFIX_LEN);
data/zsh-5.8/Src/utils.c:4473:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p, spnameguess[PATH_MAX + 1], spnamebest[PATH_MAX + 1];
data/zsh-5.8/Src/utils.c:4474:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char newname[PATH_MAX + 1];
data/zsh-5.8/Src/utils.c:4769:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mbuf[PATH_MAX*2+1];
data/zsh-5.8/Src/utils.c:4790:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
buf = memcpy(zalloc(len + meta + 1), buf, len);
data/zsh-5.8/Src/utils.c:4794:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
buf = memcpy(zhalloc(len + meta + 1), buf, len);
data/zsh-5.8/Src/utils.c:4803:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
buf = memcpy(mbuf, buf, len);
data/zsh-5.8/Src/utils.c:5379:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outptr, fmt, outlen);
data/zsh-5.8/Src/utils.c:6644:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *buf, tmp[1];
data/zsh-5.8/Src/utils.c:6657:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[4];
data/zsh-5.8/Src/utils.c:7144:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX+1];
data/zsh-5.8/Src/utils.c:7193:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX + 1], *ptr;
data/zsh-5.8/Src/utils.c:7244:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((d->dirfd = open(".", O_RDONLY | O_NOCTTY)) < 0 &&
data/zsh-5.8/Src/utils.c:7246:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
d->dirfd = open("..", O_RDONLY | O_NOCTTY);
data/zsh-5.8/Src/watch.c:170:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(in = fopen(WATCH_WTMP_FILE, "r")))
data/zsh-5.8/Src/watch.c:245:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[40], buf2[80];
data/zsh-5.8/Src/watch.c:502:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uptr, tmp, sizeof (WATCH_STRUCT_UTMP));
data/zsh-5.8/Src/watch.c:504:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(in = fopen(WATCH_UTMP_FILE, "r")))
data/zsh-5.8/Src/zsh.h:1084:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[JOBTEXTSIZE]; /* text to print when 'jobs' is run */
data/zsh-5.8/Src/zsh.h:1099:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char list_pipe_text[JOBTEXTSIZE];
data/zsh-5.8/Src/zsh.h:1382:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ind[MAX_OPS];
data/zsh-5.8/Src/zsh_system.h:783:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# define memcpy memmove
data/zsh-5.8/Src/zsh_system.h:789:35: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# define memmove(dest, src, len) (bcopy((src), zmmv = (dest), (len)), zmmv)
data/zsh-5.8/Src/Builtins/rlimits.c:562:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(recs[limnum], s, strlen(s))) {
data/zsh-5.8/Src/Builtins/rlimits.c:722:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(recs[limnum], *argv, strlen(*argv))) {
data/zsh-5.8/Src/Builtins/sched.c:365:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*aptr = (char *)zhalloc(5 + strlen(tbuf) + strlen(sch->cmd));
data/zsh-5.8/Src/Builtins/sched.c:365:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*aptr = (char *)zhalloc(5 + strlen(tbuf) + strlen(sch->cmd));
data/zsh-5.8/Src/Modules/attr.c:194:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(p) + 1;
data/zsh-5.8/Src/Modules/attr.c:200:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(p) + 1;
data/zsh-5.8/Src/Modules/attr.c:205:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(p) + 1;
data/zsh-5.8/Src/Modules/curses.c:263:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (win==NULL || strlen(win) < 1) {
data/zsh-5.8/Src/Modules/curses.c:781:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wptr = wstr = zhalloc((strlen(str)+1) * sizeof(wchar_t));
data/zsh-5.8/Src/Modules/curses.c:1199:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *evstr = zhalloc(strlen(zcmelp->name)+2);
data/zsh-5.8/Src/Modules/datetime.c:158:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufsize = strlen(argv[0]) * 8;
data/zsh-5.8/Src/Modules/example.c:87:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(s1) == v;
data/zsh-5.8/Src/Modules/example.c:138:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret.u.l = strlen(arg);
data/zsh-5.8/Src/Modules/files.c:49:13: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int a = getchar(), c;
data/zsh-5.8/Src/Modules/files.c:51:6: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getchar();
data/zsh-5.8/Src/Modules/files.c:71:21: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
mode_t oumask = umask(0);
data/zsh-5.8/Src/Modules/files.c:75:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(oumask);
data/zsh-5.8/Src/Modules/files.c:133:14: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
oumask = umask(0);
data/zsh-5.8/Src/Modules/files.c:135:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(oumask);
data/zsh-5.8/Src/Modules/files.c:275:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
blen = strlen(buf);
data/zsh-5.8/Src/Modules/files.c:484:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int arglen = strlen(arg) + 1;
data/zsh-5.8/Src/Modules/files.c:487:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(fn) + 1;
data/zsh-5.8/Src/Modules/files.c:494:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(fn) + 1;
data/zsh-5.8/Src/Modules/mathfunc.c:436:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
send = arg + strlen(arg);
data/zsh-5.8/Src/Modules/mathfunc.c:455:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((seedstr = getsparam(arg)) && strlen(seedstr) >= 12) {
data/zsh-5.8/Src/Modules/newuser.c:60:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
VARARR(char, buf, strlen(dotdir) + strlen(fname) + 2);
data/zsh-5.8/Src/Modules/newuser.c:60:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
VARARR(char, buf, strlen(dotdir) + strlen(fname) + 2);
data/zsh-5.8/Src/Modules/newuser.c:97:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
VARARR(char, buf, strlen(*sp) + 9);
data/zsh-5.8/Src/Modules/parameter.c:230:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pm->u.str = zhalloc(strlen(*(cmd->u.name)) + strlen(name) + 2);
data/zsh-5.8/Src/Modules/parameter.c:230:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pm->u.str = zhalloc(strlen(*(cmd->u.name)) + strlen(name) + 2);
data/zsh-5.8/Src/Modules/parameter.c:232:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(pm->u.str, "/");
data/zsh-5.8/Src/Modules/parameter.c:268:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pm.u.str = zhalloc(strlen(*(cmd->u.name)) +
data/zsh-5.8/Src/Modules/parameter.c:269:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(cmd->node.nam) + 2);
data/zsh-5.8/Src/Modules/parameter.c:271:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(pm.u.str, "/");
data/zsh-5.8/Src/Modules/parameter.c:290:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
val = metafy(val, strlen(val), META_REALLOC);
data/zsh-5.8/Src/Modules/parameter.c:416:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
h = (char *) zhalloc(strlen(start) + strlen(t) + strlen(n) + 8);
data/zsh-5.8/Src/Modules/parameter.c:416:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
h = (char *) zhalloc(strlen(start) + strlen(t) + strlen(n) + 8);
data/zsh-5.8/Src/Modules/parameter.c:416:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
h = (char *) zhalloc(strlen(start) + strlen(t) + strlen(n) + 8);
data/zsh-5.8/Src/Modules/parameter.c:494:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(start) + strlen(t) + strlen(n) + 8);
data/zsh-5.8/Src/Modules/parameter.c:494:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(start) + strlen(t) + strlen(n) + 8);
data/zsh-5.8/Src/Modules/parameter.c:494:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(start) + strlen(t) + strlen(n) + 8);
data/zsh-5.8/Src/Modules/parameter.c:660:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
colonpair = zhalloc(strlen(f->caller) + (f->lineno > 9999 ? 24 : 6));
data/zsh-5.8/Src/Modules/parameter.c:692:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
colonpair = zhalloc(strlen(fname) + (f->flineno > 9999 ? 24 : 6));
data/zsh-5.8/Src/Modules/parameter.c:730:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
colonpair = zhalloc(strlen(f->caller) +
data/zsh-5.8/Src/Modules/parameter.c:755:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
colonpair = zhalloc(strlen(fname) + (flineno > 9999 ? 24 : 6));
data/zsh-5.8/Src/Modules/parameter.c:1254:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(pn->text) + 3;
data/zsh-5.8/Src/Modules/pcre.c:108:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int)strlen(target) != target_len) {
data/zsh-5.8/Src/Modules/pcre.c:424:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int)strlen(rhre_plain) != rhre_plain_len) {
data/zsh-5.8/Src/Modules/socket.c:102:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(soun.sun_path, localfn, sizeof(soun.sun_path)-1);
data/zsh-5.8/Src/Modules/socket.c:243:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(soun.sun_path, args[0], sizeof(soun.sun_path)-1);
data/zsh-5.8/Src/Modules/stat.c:125:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(outbuf, ")");
data/zsh-5.8/Src/Modules/stat.c:154:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(outbuf, ")");
data/zsh-5.8/Src/Modules/stat.c:183:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(outbuf, ")");
data/zsh-5.8/Src/Modules/stat.c:199:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *oend = outbuf + strlen(outbuf);
data/zsh-5.8/Src/Modules/stat.c:204:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(oend, ")");
data/zsh-5.8/Src/Modules/stat.c:241:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
optr += strlen(outbuf);
data/zsh-5.8/Src/Modules/stat.c:389:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(arg);
data/zsh-5.8/Src/Modules/system.c:189:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((count = read(infd, inbuf, bufsize)) < 0) {
data/zsh-5.8/Src/Modules/system.c:314:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(read ? O_RDWR : O_WRONLY) : O_RDONLY);
data/zsh-5.8/Src/Modules/system.c:519:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str = (char *)zalloc(strlen(msg) + strlen(pfx) + 1);
data/zsh-5.8/Src/Modules/system.c:519:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str = (char *)zalloc(strlen(msg) + strlen(pfx) + 1);
data/zsh-5.8/Src/Modules/system.c:558:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
optptr += strlen(fdvar) - 1;
data/zsh-5.8/Src/Modules/system.c:578:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
optptr += strlen(optarg) - 1;
data/zsh-5.8/Src/Modules/zftp.c:548:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int clen = strlen(cmd) + 3;
data/zsh-5.8/Src/Modules/zftp.c:552:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
clen += strlen(*aptr) + 1;
data/zsh-5.8/Src/Modules/zftp.c:556:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(line, " ");
data/zsh-5.8/Src/Modules/zftp.c:598:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(zfsess->cin);
data/zsh-5.8/Src/Modules/zftp.c:611:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(zfsess->cin);
data/zsh-5.8/Src/Modules/zftp.c:638:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(zfsess->cin);
data/zsh-5.8/Src/Modules/zftp.c:642:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(zfsess->cin);
data/zsh-5.8/Src/Modules/zftp.c:652:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(zfsess->cin);
data/zsh-5.8/Src/Modules/zftp.c:726:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lastcodestr, ptr, 3);
data/zsh-5.8/Src/Modules/zftp.c:843:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = write(zfsess->control->fd, cmd, strlen(cmd));
data/zsh-5.8/Src/Modules/zftp.c:1312:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read(fd, bf, sz);
data/zsh-5.8/Src/Modules/zftp.c:1321:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(fd, bf, sz);
data/zsh-5.8/Src/Modules/zftp.c:2042:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (instr[len = strlen(instr)-1] == '\n')
data/zsh-5.8/Src/Modules/zftp.c:2074:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(*aptr);
data/zsh-5.8/Src/Modules/zpty.c:50:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read;
data/zsh-5.8/Src/Modules/zpty.c:462:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(master, &syncch, 1);
data/zsh-5.8/Src/Modules/zpty.c:524:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (cmd->read != -1 || cmd->fin)
data/zsh-5.8/Src/Modules/zpty.c:526:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((r = read(cmd->fd, &c, 1)) <= 0) {
data/zsh-5.8/Src/Modules/zpty.c:572:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (cmd->read != -1) {
data/zsh-5.8/Src/Modules/zpty.c:573:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
buf[used] = (char) cmd->read;
data/zsh-5.8/Src/Modules/zpty.c:611:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
pollret = read(cmd->fd, &cmd->read, 1);
data/zsh-5.8/Src/Modules/zpty.c:611:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
pollret = read(cmd->fd, &cmd->read, 1);
data/zsh-5.8/Src/Modules/zpty.c:623:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (cmd->read != -1 || (ret = read(cmd->fd, buf + used, 1)) == 1) {
data/zsh-5.8/Src/Modules/zpty.c:623:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (cmd->read != -1 || (ret = read(cmd->fd, buf + used, 1)) == 1) {
data/zsh-5.8/Src/Modules/zpty.c:625:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (cmd->read != -1) {
data/zsh-5.8/Src/Modules/zpty.c:627:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
readchar = cmd->read;
data/zsh-5.8/Src/Modules/zpty.c:753:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((n = read(0, buf, BUFSIZ)) > 0)
data/zsh-5.8/Src/Modules/zutil.c:841:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len = strlen(spec)) > max && max >= 0)
data/zsh-5.8/Src/Modules/zutil.c:971:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((d = strlen(cp + 1)) > suf)
data/zsh-5.8/Src/Modules/zutil.c:976:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sl = strlen(args[1]);
data/zsh-5.8/Src/Modules/zutil.c:1006:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rempad = prechars - strlen(copy);
data/zsh-5.8/Src/Modules/zutil.c:1101:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(s);
data/zsh-5.8/Src/Modules/zutil.c:1118:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
2 <= (l = strlen(s)) && s[l - 1] == '%') {
data/zsh-5.8/Src/Modules/zutil.c:1137:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(cp, ")");
data/zsh-5.8/Src/Modules/zutil.c:1145:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(cp, "*");
data/zsh-5.8/Src/Modules/zutil.c:1150:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(s);
data/zsh-5.8/Src/Modules/zutil.c:1158:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(s);
data/zsh-5.8/Src/Modules/zutil.c:1249:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((s = *rparseargs) && s[0] == '{' && s[(l = strlen(s)) - 1] == '}') {
data/zsh-5.8/Src/Modules/zutil.c:1588:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *s = (char *) zhalloc(strlen(d->name) + strlen(arg) + 2);
data/zsh-5.8/Src/Modules/zutil.c:1588:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *s = (char *) zhalloc(strlen(d->name) + strlen(arg) + 2);
data/zsh-5.8/Src/Modules/zutil.c:1643:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*ap = (char *) zalloc(strlen(*dp) + 1);
data/zsh-5.8/Src/Modules/zutil.c:1901:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *e = o + strlen(d->name) + 1;
data/zsh-5.8/Src/Modules/zutil.c:1958:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*ap++ = n = (char *) zalloc(strlen(d->name) + 2);
data/zsh-5.8/Src/Modules/zutil.c:1963:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
num += (v->arg ? strlen(v->arg) : 0);
data/zsh-5.8/Src/Modules/zutil.c:1971:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n += strlen(v->arg);
data/zsh-5.8/Src/Zle/compcore.c:447:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zlemetall = strlen(zlemetaline);
data/zsh-5.8/Src/Zle/compcore.c:747:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
origlpre = (strlen(compqiprefix) + strlen(compiprefix) +
data/zsh-5.8/Src/Zle/compcore.c:747:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
origlpre = (strlen(compqiprefix) + strlen(compiprefix) +
data/zsh-5.8/Src/Zle/compcore.c:748:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(compprefix));
data/zsh-5.8/Src/Zle/compcore.c:749:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
origlsuf = (strlen(compqisuffix) + strlen(compisuffix) +
data/zsh-5.8/Src/Zle/compcore.c:749:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
origlsuf = (strlen(compqisuffix) + strlen(compisuffix) +
data/zsh-5.8/Src/Zle/compcore.c:750:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(compsuffix));
data/zsh-5.8/Src/Zle/compcore.c:879:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
insspace = (compinsert[strlen(compinsert) - 1] == ' ');
data/zsh-5.8/Src/Zle/compcore.c:1393:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lp = strlen(p);
data/zsh-5.8/Src/Zle/compcore.c:1394:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ls = strlen(s);
data/zsh-5.8/Src/Zle/compcore.c:1395:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lip = strlen(ip);
data/zsh-5.8/Src/Zle/compcore.c:1545:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tl = strlen(s) + 2;
data/zsh-5.8/Src/Zle/compcore.c:1731:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (nsptr[strlen(nsptr) - 1] == *nsptr && nsptr[1])
data/zsh-5.8/Src/Zle/compcore.c:1786:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int rl = strlen(ns), ql = strlen(multiquote(ns, !!compqstack[1]));
data/zsh-5.8/Src/Zle/compcore.c:1786:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int rl = strlen(ns), ql = strlen(multiquote(ns, !!compqstack[1]));
data/zsh-5.8/Src/Zle/compcore.c:1813:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sl = strlen(s);
data/zsh-5.8/Src/Zle/compcore.c:1816:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int)strlen(ns) > swe - swb + 1)
data/zsh-5.8/Src/Zle/compcore.c:1820:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sl = strlen(ns);
data/zsh-5.8/Src/Zle/compcore.c:1830:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tl = strlen(compqstack);
data/zsh-5.8/Src/Zle/compcore.c:1885:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((i = strlen(compprefix)) > 1 && compprefix[i - 1] == '\\' &&
data/zsh-5.8/Src/Zle/compcore.c:2221:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
llpl = strlen(lpre);
data/zsh-5.8/Src/Zle/compcore.c:2222:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
llsl = strlen(lsuf);
data/zsh-5.8/Src/Zle/compcore.c:2224:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (llpl + (int)strlen(compqiprefix) + (int)strlen(lipre) != origlpre
data/zsh-5.8/Src/Zle/compcore.c:2224:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (llpl + (int)strlen(compqiprefix) + (int)strlen(lipre) != origlpre
data/zsh-5.8/Src/Zle/compcore.c:2225:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| llsl + (int)strlen(compqisuffix) + (int)strlen(lisuf) != origlsuf)
data/zsh-5.8/Src/Zle/compcore.c:2225:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| llsl + (int)strlen(compqisuffix) + (int)strlen(lisuf) != origlsuf)
data/zsh-5.8/Src/Zle/compcore.c:2255:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lpl = strlen(dat->ppre);
data/zsh-5.8/Src/Zle/compcore.c:2260:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lsl = strlen(dat->psuf);
data/zsh-5.8/Src/Zle/compcore.c:2300:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bpadd = strlen(s) - ml;
data/zsh-5.8/Src/Zle/compcore.c:2326:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bsadd = strlen(s) - ml;
data/zsh-5.8/Src/Zle/compcore.c:2388:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pflen = strlen(compprefix);
data/zsh-5.8/Src/Zle/compcore.c:2389:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *tmp = zhalloc(pflen + strlen(compsuffix) + 1);
data/zsh-5.8/Src/Zle/compcore.c:2445:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ppl = strlen(dat->ppre);
data/zsh-5.8/Src/Zle/compcore.c:2447:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
psl = strlen(dat->psuf);
data/zsh-5.8/Src/Zle/compcore.c:2456:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sl = strlen(s);
data/zsh-5.8/Src/Zle/compcore.c:2476:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
addit = !((filell = strlen(*pt)) < il &&
data/zsh-5.8/Src/Zle/compcore.c:2496:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sl = strlen(ms = multiquote(s, 0));
data/zsh-5.8/Src/Zle/compcore.c:2630:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
salen = (psl = strlen(psuf));
data/zsh-5.8/Src/Zle/compcore.c:2632:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
salen += (isl = strlen(isuf));
data/zsh-5.8/Src/Zle/compcore.c:2634:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
salen += (qisl = strlen(qisuf));
data/zsh-5.8/Src/Zle/compcore.c:2723:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
palen = (qipl = strlen(qipre));
data/zsh-5.8/Src/Zle/compcore.c:2725:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
palen += (ipl = strlen(ipre));
data/zsh-5.8/Src/Zle/compcore.c:2727:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
palen += (pl = strlen(pre));
data/zsh-5.8/Src/Zle/compcore.c:2729:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
palen += (ppl = strlen(ppre));
data/zsh-5.8/Src/Zle/compcore.c:2831:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stl = strlen(str);
data/zsh-5.8/Src/Zle/compcore.c:2908:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((flags & CMF_FILE) && orig[0] && orig[strlen(orig) - 1] != '/') {
data/zsh-5.8/Src/Zle/compcore.c:2912:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pb = (char *) zhalloc((cm->prpre ? strlen(cm->prpre) : 0) +
data/zsh-5.8/Src/Zle/compcore.c:2913:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
3 + strlen(orig));
data/zsh-5.8/Src/Zle/compcore.c:2983:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lpl = (cm->ppre ? strlen(cm->ppre) : 0);
data/zsh-5.8/Src/Zle/compcore.c:2984:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lsl = (cm->psuf ? strlen(cm->psuf) : 0);
data/zsh-5.8/Src/Zle/compctl.c:273:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j = i, len = 0; j < clwnum; len += strlen(clwords[j++]));
data/zsh-5.8/Src/Zle/compctl.c:1959:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ppl = (ppre ? strlen(ppre) : 0), psl = (psuf ? strlen(psuf) : 0);
data/zsh-5.8/Src/Zle/compctl.c:1959:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ppl = (ppre ? strlen(ppre) : 0), psl = (psuf ? strlen(psuf) : 0);
data/zsh-5.8/Src/Zle/compctl.c:1970:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int filell, sl = strlen(s);
data/zsh-5.8/Src/Zle/compctl.c:1973:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((filell = strlen(*pt)) < sl &&
data/zsh-5.8/Src/Zle/compctl.c:2031:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&bpl, strlen(p1), &bsl, strlen(s1),
data/zsh-5.8/Src/Zle/compctl.c:2031:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&bpl, strlen(p1), &bsl, strlen(s1),
data/zsh-5.8/Src/Zle/compctl.c:2037:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&bpl, strlen(p2), &bsl, strlen(s2),
data/zsh-5.8/Src/Zle/compctl.c:2037:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&bpl, strlen(p2), &bsl, strlen(s2),
data/zsh-5.8/Src/Zle/compctl.c:2083:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (s = d ? str + strlen(str) - 1 : str;
data/zsh-5.8/Src/Zle/compctl.c:2168:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
q = psuf + strlen(psuf) - 1;
data/zsh-5.8/Src/Zle/compctl.c:2205:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
e = n + strlen(n) - fsl;
data/zsh-5.8/Src/Zle/compctl.c:2237:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int o = strlen(p), tt;
data/zsh-5.8/Src/Zle/compctl.c:2239:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (o + strlen(psuf) > PATH_MAX)
data/zsh-5.8/Src/Zle/compctl.c:2249:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int tl = strlen(p);
data/zsh-5.8/Src/Zle/compctl.c:2690:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a = strlen(sc);
data/zsh-5.8/Src/Zle/compctl.c:2744:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!strncmp(s, sc, strlen(sc)) :
data/zsh-5.8/Src/Zle/compctl.c:2762:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!strncmp(s, sc, strlen(sc)) :
data/zsh-5.8/Src/Zle/compctl.c:2811:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sl = strlen(ss), tl, got = 0, i = 0, cur = -1, oll = zlemetall, remq;
data/zsh-5.8/Src/Zle/compctl.c:2827:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = (char *) zhalloc(tl = sl + 3 + strlen(s));
data/zsh-5.8/Src/Zle/compctl.c:2921:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (nsptr[strlen(nsptr) - 1] == *nsptr && nsptr[1])
data/zsh-5.8/Src/Zle/compctl.c:2956:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int rl = strlen(ns), ql = strlen(multiquote(ns, !!compqstack[1]));
data/zsh-5.8/Src/Zle/compctl.c:2956:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int rl = strlen(ns), ql = strlen(multiquote(ns, !!compqstack[1]));
data/zsh-5.8/Src/Zle/compctl.c:2968:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sl = strlen(s);
data/zsh-5.8/Src/Zle/compctl.c:2971:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int)strlen(ns) > swe - swb + 1)
data/zsh-5.8/Src/Zle/compctl.c:2975:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sl = strlen(ns);
data/zsh-5.8/Src/Zle/compctl.c:3061:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zlemetacs = we, offs = strlen(s);
data/zsh-5.8/Src/Zle/compctl.c:3140:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sl = strlen(sdup), suffixll;
data/zsh-5.8/Src/Zle/compctl.c:3152:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*sd && (suffixll = strlen(sd)) >= sl &&
data/zsh-5.8/Src/Zle/compctl.c:3205:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lsl = strlen(lsuf);
data/zsh-5.8/Src/Zle/compctl.c:3233:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (s1 = NULL, sf1 = 0, p = rpre + (rpl = strlen(rpre)) - 1;
data/zsh-5.8/Src/Zle/compctl.c:3243:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rsl = strlen(rsuf);
data/zsh-5.8/Src/Zle/compctl.c:3276:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rpl = strlen(rpre);
data/zsh-5.8/Src/Zle/compctl.c:3277:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rsl = strlen(rsuf);
data/zsh-5.8/Src/Zle/compctl.c:3316:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(qipre) -
data/zsh-5.8/Src/Zle/compctl.c:3324:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lppre + bp->qpos + strlen(bp->str));
data/zsh-5.8/Src/Zle/compctl.c:3328:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lppl = strlen(lppre);
data/zsh-5.8/Src/Zle/compctl.c:3334:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lppl = strlen(lppre);
data/zsh-5.8/Src/Zle/compctl.c:3345:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ql = strlen(qisuf);
data/zsh-5.8/Src/Zle/compctl.c:3357:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *p1 = p2 - strlen(bp->str);
data/zsh-5.8/Src/Zle/compctl.c:3358:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p1, p2, strlen(p2) + 1);
data/zsh-5.8/Src/Zle/compctl.c:3363:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lpsl = (lpsuf ? strlen(lpsuf) : 0);
data/zsh-5.8/Src/Zle/compctl.c:3382:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = (char *) zhalloc((t2 = strlen(fpre)) + strlen(fsuf) + 2);
data/zsh-5.8/Src/Zle/compctl.c:3382:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = (char *) zhalloc((t2 = strlen(fpre)) + strlen(fsuf) + 2);
data/zsh-5.8/Src/Zle/compctl.c:3394:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fpl = strlen(fpre);
data/zsh-5.8/Src/Zle/compctl.c:3395:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fsl = strlen(fsuf);
data/zsh-5.8/Src/Zle/compctl.c:3432:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(p, "*");
data/zsh-5.8/Src/Zle/compctl.c:3435:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(p, "*");
data/zsh-5.8/Src/Zle/compctl.c:3459:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int tl = strlen(ppre) + 2, pl;
data/zsh-5.8/Src/Zle/compctl.c:3465:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pl = strlen(*pp);
data/zsh-5.8/Src/Zle/compctl.c:3466:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp = (char *) zhalloc(strlen(*pp) + tl);
data/zsh-5.8/Src/Zle/compctl.c:3480:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pl = strlen(cc->withd);
data/zsh-5.8/Src/Zle/compctl.c:3482:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ta[0] = tp = (char *) zhalloc(strlen(ppre) + pl + 2);
data/zsh-5.8/Src/Zle/compctl.c:3524:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ns, pl = strlen(prpre), o, paalloc;
data/zsh-5.8/Src/Zle/compctl.c:3539:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
o = strlen(prpre);
data/zsh-5.8/Src/Zle/compctl.c:3580:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int minlen = o + strlen(g);
data/zsh-5.8/Src/Zle/compctl.c:3766:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmpbuf = (char *)zhalloc(strlen(cc->str) + 5);
data/zsh-5.8/Src/Zle/compctl.c:3888:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *p = (char *) zhalloc(strlen(m->ppre) + strlen(m->str) +
data/zsh-5.8/Src/Zle/compctl.c:3888:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *p = (char *) zhalloc(strlen(m->ppre) + strlen(m->str) +
data/zsh-5.8/Src/Zle/compctl.c:3889:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(s) + 1);
data/zsh-5.8/Src/Zle/complete.c:581:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
next = opt + strlen(opt);
data/zsh-5.8/Src/Zle/complete.c:764:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(p+1);
data/zsh-5.8/Src/Zle/complete.c:793:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(p+1);
data/zsh-5.8/Src/Zle/complete.c:851:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pl = strlen(compprefix);
data/zsh-5.8/Src/Zle/complete.c:875:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sl = strlen(compsuffix);
data/zsh-5.8/Src/Zle/complete.c:1004:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *end = compsuffix + strlen(compsuffix);
data/zsh-5.8/Src/Zle/complete.c:1014:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int)strlen(test == CVT_PRENUM ? compprefix : compsuffix) < na)
data/zsh-5.8/Src/Zle/complete.c:1038:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(l = strlen(compprefix)))
data/zsh-5.8/Src/Zle/complete.c:1077:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(ol = l = strlen(compsuffix)))
data/zsh-5.8/Src/Zle/complete.c:1458:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = p = zhalloc(2*strlen(compqstack)+1);
data/zsh-5.8/Src/Zle/complist.c:526:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((max_caplen = strlen(mcolors.files[COL_MA]->col)) <
data/zsh-5.8/Src/Zle/complist.c:527:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(l = strlen(mcolors.files[COL_EC]->col)))
data/zsh-5.8/Src/Zle/complist.c:547:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(l = strlen(mcolors.files[i]->col)) > max_caplen)
data/zsh-5.8/Src/Zle/complist.c:550:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lr_caplen = strlen(mcolors.files[COL_LC]->col) +
data/zsh-5.8/Src/Zle/complist.c:551:2: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(mcolors.files[COL_RC]->col);
data/zsh-5.8/Src/Zle/complist.c:754:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
width = strlen(sptr);
data/zsh-5.8/Src/Zle/complist.c:969:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(filename);
data/zsh-5.8/Src/Zle/complist.c:1124:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc += strlen(nc);
data/zsh-5.8/Src/Zle/complist.c:1244:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(nc);
data/zsh-5.8/Src/Zle/complist.c:1498:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(*pq);
data/zsh-5.8/Src/Zle/complist.c:2207:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(p, zlemetaline + wb, zlemetacs - wb);
data/zsh-5.8/Src/Zle/complist.c:2213:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(s, zlemetaline + zlemetacs, lastend - zlemetacs);
data/zsh-5.8/Src/Zle/complist.c:2225:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pl = strlen(p);
data/zsh-5.8/Src/Zle/complist.c:2226:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sl = strlen(s);
data/zsh-5.8/Src/Zle/complist.c:2241:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(status, s, h - 3);
data/zsh-5.8/Src/Zle/complist.c:2428:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(origline);
data/zsh-5.8/Src/Zle/complist.c:2442:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(zlemetaline, origline, l);
data/zsh-5.8/Src/Zle/complist.c:2561:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(status, msearchstr, MAX_STATUS - l - 1);
data/zsh-5.8/Src/Zle/complist.c:2649:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(origline);
data/zsh-5.8/Src/Zle/complist.c:2660:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(zlemetaline, origline, l);
data/zsh-5.8/Src/Zle/complist.c:2721:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(origline);
data/zsh-5.8/Src/Zle/complist.c:2733:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(zlemetaline, origline, l);
data/zsh-5.8/Src/Zle/complist.c:2873:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
spaceinline(l = strlen(u->line));
data/zsh-5.8/Src/Zle/complist.c:2874:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(zlemetaline, u->line, l);
data/zsh-5.8/Src/Zle/complist.c:3264:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(zlemetaline, origline, origll);
data/zsh-5.8/Src/Zle/compmatch.c:505:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ll = strlen(l), lw = strlen(w);
data/zsh-5.8/Src/Zle/compmatch.c:505:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ll = strlen(l), lw = strlen(w);
data/zsh-5.8/Src/Zle/compmatch.c:1164:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wl = strlen(w);
data/zsh-5.8/Src/Zle/compmatch.c:1172:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wl = strlen(w);
data/zsh-5.8/Src/Zle/compmatch.c:1246:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pl = strlen(pfx);
data/zsh-5.8/Src/Zle/compmatch.c:2128:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
o->wlen = strlen(j);
data/zsh-5.8/Src/Zle/compresult.c:190:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
olen -= strlen(bp->str);
data/zsh-5.8/Src/Zle/compresult.c:195:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
olen -= strlen(bp->str);
data/zsh-5.8/Src/Zle/compresult.c:242:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bl = strlen(brp->str);
data/zsh-5.8/Src/Zle/compresult.c:270:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bl = strlen(brs->str);
data/zsh-5.8/Src/Zle/compresult.c:294:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bl = strlen(brp->str);
data/zsh-5.8/Src/Zle/compresult.c:325:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bl = strlen(brs->str);
data/zsh-5.8/Src/Zle/compresult.c:346:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bl = strlen(brp->str);
data/zsh-5.8/Src/Zle/compresult.c:355:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bl = strlen(brs->str);
data/zsh-5.8/Src/Zle/compresult.c:386:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bl = strlen(brp->str);
data/zsh-5.8/Src/Zle/compresult.c:396:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bl = strlen(brs->str);
data/zsh-5.8/Src/Zle/compresult.c:507:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l += 1 + strlen(buf);
data/zsh-5.8/Src/Zle/compresult.c:515:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(s, ":");
data/zsh-5.8/Src/Zle/compresult.c:593:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inststrlen(p, 1, (l = strlen(p)));
data/zsh-5.8/Src/Zle/compresult.c:598:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inststrlen(m->pre, 1, (l = strlen(m->pre)));
data/zsh-5.8/Src/Zle/compresult.c:603:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inststrlen(m->ppre, 1, (l = strlen(m->ppre)));
data/zsh-5.8/Src/Zle/compresult.c:607:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inststrlen(m->str, 1, (l = strlen(m->str)));
data/zsh-5.8/Src/Zle/compresult.c:616:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bradd = (m->pre ? strlen(m->pre) : 0);
data/zsh-5.8/Src/Zle/compresult.c:620:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(bp->str);
data/zsh-5.8/Src/Zle/compresult.c:634:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inststrlen(m->psuf, 1, (l = strlen(m->psuf)));
data/zsh-5.8/Src/Zle/compresult.c:643:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(bp->str);
data/zsh-5.8/Src/Zle/compresult.c:660:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inststrlen(m->suf, 1, (l = strlen(m->suf)));
data/zsh-5.8/Src/Zle/compresult.c:665:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inststrlen(m->isuf, 1, (l = strlen(m->isuf)));
data/zsh-5.8/Src/Zle/compresult.c:1012:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
minfo.insc = strlen(m->suf);
data/zsh-5.8/Src/Zle/compresult.c:1066:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = (char *) zhalloc(strlen((m->flags & CMF_ISPAR) ?
data/zsh-5.8/Src/Zle/compresult.c:1068:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(str) + 2);
data/zsh-5.8/Src/Zle/compresult.c:1080:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
e = n + strlen(n) - 1;
data/zsh-5.8/Src/Zle/compresult.c:1100:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = (char *) zhalloc(strlen(prpre) + strlen(str) +
data/zsh-5.8/Src/Zle/compresult.c:1100:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = (char *) zhalloc(strlen(prpre) + strlen(str) +
data/zsh-5.8/Src/Zle/compresult.c:1101:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(psuf) + 3);
data/zsh-5.8/Src/Zle/compresult.c:1152:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int al = strlen(m->autoq);
data/zsh-5.8/Src/Zle/compresult.c:1179:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zlemetacs += strlen(psuf);
data/zsh-5.8/Src/Zle/compresult.c:1180:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zlemetacs += m->suf ? strlen(m->suf) : 0;
data/zsh-5.8/Src/Zle/compresult.c:2198:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = strlen(m->str) + add;
data/zsh-5.8/Src/Zle/compresult.c:2201:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, " ");
data/zsh-5.8/Src/Zle/compresult.c:2208:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, " ");
data/zsh-5.8/Src/Zle/compresult.c:2209:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buf, m->str, len);
data/zsh-5.8/Src/Zle/computil.c:109:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zfree(s->sortstr, strlen(s->str) + 1);
data/zsh-5.8/Src/Zle/computil.c:200:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((l = strlen(str->str)) > cd_state.pre)
data/zsh-5.8/Src/Zle/computil.c:206:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((l = strlen(str->desc)) > cd_state.suf) /* ### strlen() assumes no \n */
data/zsh-5.8/Src/Zle/computil.c:492:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cd_state.slen = strlen(sep);
data/zsh-5.8/Src/Zle/computil.c:540:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str->len = strlen(str->str);
data/zsh-5.8/Src/Zle/computil.c:564:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(str->str, str->str + 2, strlen(str->str) - 1);
data/zsh-5.8/Src/Zle/computil.c:566:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(str->str, str->str + 1, strlen(str->str));
data/zsh-5.8/Src/Zle/computil.c:800:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pp += strlen(d);
data/zsh-5.8/Src/Zle/computil.c:1070:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r = p = zhalloc((2 * strlen(s)) + 1);
data/zsh-5.8/Src/Zle/computil.c:1225:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(p+1);
data/zsh-5.8/Src/Zle/computil.c:1233:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(p+1);
data/zsh-5.8/Src/Zle/computil.c:1281:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(p) - 1;
data/zsh-5.8/Src/Zle/computil.c:1303:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(p) - 1;
data/zsh-5.8/Src/Zle/computil.c:1704:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*end = line + strlen(line);
data/zsh-5.8/Src/Zle/computil.c:1714:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(p->name);
data/zsh-5.8/Src/Zle/computil.c:1839:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sep += strlen(sep);
data/zsh-5.8/Src/Zle/computil.c:2468:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf = (char *) zhalloc((arg->gsname ? strlen(arg->gsname) : 0) +
data/zsh-5.8/Src/Zle/computil.c:2469:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(arg->opt) + 40);
data/zsh-5.8/Src/Zle/computil.c:2694:30: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
default: l = equal; break;
data/zsh-5.8/Src/Zle/computil.c:2698:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(n) + strlen(p->descr) + 2;
data/zsh-5.8/Src/Zle/computil.c:2698:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(n) + strlen(p->descr) + 2;
data/zsh-5.8/Src/Zle/computil.c:2702:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(str, ":");
data/zsh-5.8/Src/Zle/computil.c:2721:27: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
set_list_array(args[4], equal);
data/zsh-5.8/Src/Zle/computil.c:3364:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ign = strlen(compsuffix);
data/zsh-5.8/Src/Zle/computil.c:3372:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ign = strlen(as);
data/zsh-5.8/Src/Zle/computil.c:3374:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ign = (ns ? strlen(ns) : 0);
data/zsh-5.8/Src/Zle/computil.c:3381:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ign = strlen(as);
data/zsh-5.8/Src/Zle/computil.c:3524:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(p->name) + strlen(p->descr) + 2;
data/zsh-5.8/Src/Zle/computil.c:3524:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(p->name) + strlen(p->descr) + 2;
data/zsh-5.8/Src/Zle/computil.c:3528:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(str, ":");
data/zsh-5.8/Src/Zle/computil.c:3851:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(args[1]);
data/zsh-5.8/Src/Zle/computil.c:3969:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = (c ? strlen(c + 1) + 2 : 1), al;
data/zsh-5.8/Src/Zle/computil.c:3986:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = (char *) zhalloc((al = strlen(*a)) + l);
data/zsh-5.8/Src/Zle/computil.c:4162:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sl = strlen(skipped) + (compprefix ? strlen(compprefix) : 0) +
data/zsh-5.8/Src/Zle/computil.c:4162:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sl = strlen(skipped) + (compprefix ? strlen(compprefix) : 0) +
data/zsh-5.8/Src/Zle/computil.c:4163:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(compsuffix ? strlen(compsuffix) : 0);
data/zsh-5.8/Src/Zle/computil.c:4172:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(p = (char *) getdata(node));
data/zsh-5.8/Src/Zle/computil.c:4184:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sl = strlen(buf);
data/zsh-5.8/Src/Zle/computil.c:4473:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int al = strlen(add), zl = ztrlen(add), tl, cl;
data/zsh-5.8/Src/Zle/computil.c:4576:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
add = (char *) zhalloc(strlen(compprefix) * 2 + 1);
data/zsh-5.8/Src/Zle/computil.c:4595:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = q + strlen(q) - 1;
data/zsh-5.8/Src/Zle/computil.c:4650:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ol, sl = strlen(skipped), pl, dot;
data/zsh-5.8/Src/Zle/computil.c:4655:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ol = strlen(o = (char *) getdata(node));
data/zsh-5.8/Src/Zle/computil.c:4657:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pl = strlen(*p);
data/zsh-5.8/Src/Zle/computil.c:4705:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sl = strlen(skipped) + 1;
data/zsh-5.8/Src/Zle/computil.c:4753:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a = (char *) zhalloc(strlen(m) + sl + strlen(f));
data/zsh-5.8/Src/Zle/computil.c:4753:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a = (char *) zhalloc(strlen(m) + sl + strlen(f));
data/zsh-5.8/Src/Zle/computil.c:4804:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pl = strlen(path), tpar, tpwd, found;
data/zsh-5.8/Src/Zle/zle.h:44:19: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define ZS_strlen wcslen
data/zsh-5.8/Src/Zle/zle.h:46:20: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define ZS_strncpy wcsncpy
data/zsh-5.8/Src/Zle/zle.h:49:18: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define ZS_width wcslen
data/zsh-5.8/Src/Zle/zle.h:132:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ return strlen((char*)s); }
data/zsh-5.8/Src/Zle/zle.h:136:24: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{ return (ZLE_STRING_T)strncpy((char*)t, (char*)f, l); }
data/zsh-5.8/Src/Zle/zle.h:140:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define ZS_strlen(s) strlen((char*)(s))
data/zsh-5.8/Src/Zle/zle.h:142:27: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define ZS_strncpy(t,f,l) strncpy((char*)(t),(char*)(f),(l))
data/zsh-5.8/Src/Zle/zle_hist.c:729:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = s + strlen(s);
data/zsh-5.8/Src/Zle/zle_hist.c:1364:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pos >= (int)strlen(zt) - 1)
data/zsh-5.8/Src/Zle/zle_hist.c:1417:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos = (dir == 1) ? 0 : strlen(zt);
data/zsh-5.8/Src/Zle/zle_hist.c:1628:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t pastelen = strlen(paste);
data/zsh-5.8/Src/Zle/zle_hist.c:1831:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(visrchstr)) {
data/zsh-5.8/Src/Zle/zle_keymap.c:1004:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rps.prefixlen = strlen(rps.prefix);
data/zsh-5.8/Src/Zle/zle_keymap.c:1102:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bs.prefixlen = strlen(bs.prefix);
data/zsh-5.8/Src/Zle/zle_keymap.c:1714:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ungetbytes_unmeta(str, strlen(str));
data/zsh-5.8/Src/Zle/zle_main.c:390:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
EOF : read(fd, buf, n));
data/zsh-5.8/Src/Zle/zle_main.c:393:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
# define read breakread
data/zsh-5.8/Src/Zle/zle_main.c:558:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(SHTTY, cptr, 1);
data/zsh-5.8/Src/Zle/zle_main.c:836:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(SHTTY, cptr, 1);
data/zsh-5.8/Src/Zle/zle_main.c:849:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(SHTTY, cptr, 1);
data/zsh-5.8/Src/Zle/zle_main.c:1748:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newstr = zhalloc(strlen(*aptr)+sepcount+1);
data/zsh-5.8/Src/Zle/zle_main.c:1847:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (t[strlen(t) - 1] == '\n')
data/zsh-5.8/Src/Zle/zle_main.c:1848:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t[strlen(t) - 1] = '\0';
data/zsh-5.8/Src/Zle/zle_misc.c:846:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s);
data/zsh-5.8/Src/Zle/zle_misc.c:1236:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(prmt);
data/zsh-5.8/Src/Zle/zle_misc.c:1335:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t inslen = strlen(insert);
data/zsh-5.8/Src/Zle/zle_misc.c:1405:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ptr);
data/zsh-5.8/Src/Zle/zle_params.c:688:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n, len = strlen(*p);
data/zsh-5.8/Src/Zle/zle_params.c:998:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(str);
data/zsh-5.8/Src/Zle/zle_refresh.c:423:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
alloclen = atrlen + strlen(digbuf1) + strlen(digbuf2) +
data/zsh-5.8/Src/Zle/zle_refresh.c:423:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
alloclen = atrlen + strlen(digbuf1) + strlen(digbuf2) +
data/zsh-5.8/Src/Zle/zle_refresh.c:438:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void)output_highlight(rhp->atr, *arrp + strlen(*arrp));
data/zsh-5.8/Src/Zle/zle_refresh.c:2287:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int)strlen(lpromptbuf) == lpromptw)
data/zsh-5.8/Src/Zle/zle_refresh.c:2418:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SELECT_ADD_COST(strlen(result));
data/zsh-5.8/Src/Zle/zle_thingy.c:283:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
VARARR(char, dotn, strlen(name) + 2);
data/zsh-5.8/Src/Zle/zle_thingy.c:475:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *b = unmeta(*args), *p = b + strlen(b);
data/zsh-5.8/Src/Zle/zle_tricky.c:437:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int t0, n, l = strlen(p), e = 0;
data/zsh-5.8/Src/Zle/zle_tricky.c:444:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int)strlen(hn->nam) == l)
data/zsh-5.8/Src/Zle/zle_tricky.c:683:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zlemetall = strlen(zlemetaline);
data/zsh-5.8/Src/Zle/zle_tricky.c:938:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zlemetaline = zhalloc(strlen(zlemetaline) + 3 + addspace);
data/zsh-5.8/Src/Zle/zle_tricky.c:957:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(str);
data/zsh-5.8/Src/Zle/zle_tricky.c:960:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(t+len, " ");
data/zsh-5.8/Src/Zle/zle_tricky.c:1422:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sl = strlen(tokstr);
data/zsh-5.8/Src/Zle/zle_tricky.c:1544:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zlemetall = strlen(zlemetaline);
data/zsh-5.8/Src/Zle/zle_tricky.c:1669:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(s, zlemetaline + wb, we - wb);
data/zsh-5.8/Src/Zle/zle_tricky.c:1727:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sl = strlen(s);
data/zsh-5.8/Src/Zle/zle_tricky.c:1803:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tlen = strlen(t);
data/zsh-5.8/Src/Zle/zle_tricky.c:1929:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *curs = s + (isset(COMPLETEINWORD) ? offs : (int)strlen(s));
data/zsh-5.8/Src/Zle/zle_tricky.c:2037:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new->qpos = strlen(quotename(predup));
data/zsh-5.8/Src/Zle/zle_tricky.c:2041:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(dbeg, dbeg + len, 1+strlen(dbeg+len));
data/zsh-5.8/Src/Zle/zle_tricky.c:2100:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new->qpos = strlen(quotename(predup));
data/zsh-5.8/Src/Zle/zle_tricky.c:2104:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(dbeg, dbeg + len, 1+strlen(dbeg+len));
data/zsh-5.8/Src/Zle/zle_tricky.c:2179:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new->qpos = strlen(quotename(predup));
data/zsh-5.8/Src/Zle/zle_tricky.c:2182:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(dbeg, dbeg + len, 1+strlen(dbeg+len));
data/zsh-5.8/Src/Zle/zle_tricky.c:2193:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bp->pos = strlen(predup + p + l);
data/zsh-5.8/Src/Zle/zle_tricky.c:2194:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bp->qpos = strlen(quotename(predup + p + l));
data/zsh-5.8/Src/Zle/zle_tricky.c:2231:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/zsh-5.8/Src/Zle/zle_tricky.c:2234:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(zlemetaline + zlemetacs, str, len);
data/zsh-5.8/Src/Zle/zle_tricky.c:2410:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *s2 = s + strlen(s) - 1, *t2 = t + strlen(t) - 1;
data/zsh-5.8/Src/Zle/zle_tricky.c:2410:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *s2 = s + strlen(s) - 1, *t2 = t + strlen(t) - 1;
data/zsh-5.8/Src/Zle/zle_tricky.c:2692:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlines += 1 + (strlen(*p) / zterm_columns);
data/zsh-5.8/Src/Zle/zle_tricky.c:3022:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zlecs += cmdwe - cmdwb + strlen(str);
data/zsh-5.8/Src/Zle/zle_utils.c:1325:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
width = strlen(n);
data/zsh-5.8/Src/Zle/zle_utils.c:1360:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc += strlen(n);
data/zsh-5.8/Src/Zle/zleparameter.c:44:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *t = (char *) zhalloc(13 + strlen(w->u.comp.wid) +
data/zsh-5.8/Src/Zle/zleparameter.c:45:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(w->u.comp.func));
data/zsh-5.8/Src/Zle/zleparameter.c:49:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(t, ":");
data/zsh-5.8/Src/builtin.c:916:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strspn(argv[0]+1, "0123456789") == strlen(argv[0]+1)) {
data/zsh-5.8/Src/builtin.c:941:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len1 = strlen(argv[0]);
data/zsh-5.8/Src/builtin.c:942:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen(argv[1]);
data/zsh-5.8/Src/builtin.c:944:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
d = (char *)zalloc(len3 + len2 + strlen(u + len1) + 1);
data/zsh-5.8/Src/builtin.c:945:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(d, pwd, len3);
data/zsh-5.8/Src/builtin.c:1159:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pfl = strlen(pfix);
data/zsh-5.8/Src/builtin.c:1160:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dlen = strlen(pwd);
data/zsh-5.8/Src/builtin.c:1163:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf = zalloc(dlen + pfl + strlen(dest) + 3);
data/zsh-5.8/Src/builtin.c:1174:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dlen = strlen(pwd);
data/zsh-5.8/Src/builtin.c:1177:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf = zalloc(dlen + strlen(dest) + 2);
data/zsh-5.8/Src/builtin.c:1724:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(newstr) + strlen(newpos + strlen(oldstr)));
data/zsh-5.8/Src/builtin.c:1724:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(newstr) + strlen(newpos + strlen(oldstr)));
data/zsh-5.8/Src/builtin.c:1724:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(newstr) + strlen(newpos + strlen(oldstr)));
data/zsh-5.8/Src/builtin.c:1727:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
oldpos = newmem + strlen(newmem);
data/zsh-5.8/Src/builtin.c:1728:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcat(newmem, newpos + strlen(oldstr));
data/zsh-5.8/Src/builtin.c:3173:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(shf2->filename) + strlen(funcname) + 1 < PATH_MAX)
data/zsh-5.8/Src/builtin.c:3173:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(shf2->filename) + strlen(funcname) + 1 < PATH_MAX)
data/zsh-5.8/Src/builtin.c:4619:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int dirlen = strlen(d->dir);
data/zsh-5.8/Src/builtin.c:4620:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *arg = zhalloc(len[n] - dirlen + strlen(d->node.nam) + 2);
data/zsh-5.8/Src/builtin.c:4623:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len[n] = strlen(args[n]);
data/zsh-5.8/Src/builtin.c:4908:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen += strlen(*pargs);
data/zsh-5.8/Src/builtin.c:6487:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((val = read(readfd, bptr, nchars)) < 0) {
data/zsh-5.8/Src/builtin.c:6536:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (val > 0 && read(SHTTY, &d, 1) == 1 && d != '\n');
data/zsh-5.8/Src/builtin.c:6970:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(readfd, &cc, 1);
data/zsh-5.8/Src/builtin.c:7291:10: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
um = umask(0777);
data/zsh-5.8/Src/builtin.c:7292:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(um);
data/zsh-5.8/Src/builtin.c:7389:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(um);
data/zsh-5.8/Src/compat.c:69:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(uts.nodename) >= namelen) {
data/zsh-5.8/Src/compat.c:224:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
long taillen = (tail ? strlen(tail) : (strlen(dir) + 1));
data/zsh-5.8/Src/compat.c:224:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
long taillen = (tail ? strlen(tail) : (strlen(dir) + 1));
data/zsh-5.8/Src/compat.c:236:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
long dirlen = strlen(dir);
data/zsh-5.8/Src/compat.c:404:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(nbuf + 3, fn, PATH_MAX);
data/zsh-5.8/Src/compat.c:413:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(nbuf + 3, fn, PATH_MAX);
data/zsh-5.8/Src/compat.c:428:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(nbuf + 2);
data/zsh-5.8/Src/compat.c:551:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(dir) < PATH_MAX)
data/zsh-5.8/Src/cond.c:44:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
checkglobqual(*strp, strlen(*strp), 1, NULL)) {
data/zsh-5.8/Src/cond.c:348:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (!strlen(left));
data/zsh-5.8/Src/cond.c:372:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return !!(strlen(left));
data/zsh-5.8/Src/cond.c:506:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s) == 1)
data/zsh-5.8/Src/exec.c:503:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ct = read(fd, execvebuf, POUNDBANGLIMIT);
data/zsh-5.8/Src/exec.c:633:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ps) >= plen)
data/zsh-5.8/Src/exec.c:638:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((s - pbuf) + strlen(cmd) >= plen)
data/zsh-5.8/Src/exec.c:718:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(arg0) >= PATH_MAX) {
data/zsh-5.8/Src/exec.c:776:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(nn, "/");
data/zsh-5.8/Src/exec.c:839:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(arg0) > PATH_MAX)
data/zsh-5.8/Src/exec.c:865:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(nn, "/");
data/zsh-5.8/Src/exec.c:910:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(fullnam, "/");
data/zsh-5.8/Src/exec.c:950:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((s - buf) + strlen(arg0) >= PATH_MAX)
data/zsh-5.8/Src/exec.c:2211:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((len = read(mn->pipe, buf, TCBUFSIZE)) != 0) {
data/zsh-5.8/Src/exec.c:2224:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((len = read(mn->fds[i], buf, TCBUFSIZE)) != 0) {
data/zsh-5.8/Src/exec.c:2543:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(str) + 1, nl = (l + 31) & ~31;
data/zsh-5.8/Src/exec.c:3072:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (argdata && IS_DASH(*argdata) && strlen(argdata) >= 2) {
data/zsh-5.8/Src/exec.c:3095:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmdopt += strlen(cmdopt+1);
data/zsh-5.8/Src/exec.c:3142:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sz = strlen(exec_argv0);
data/zsh-5.8/Src/exec.c:3373:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(s);
data/zsh-5.8/Src/exec.c:4684:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
readret = read(in, inbuf, 64);
data/zsh-5.8/Src/exec.c:4935:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pnam = zhalloc(strlen(PATH_DEV_FD) + 1 + DIGBUFSIZE);
data/zsh-5.8/Src/exec.c:5574:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
VARARR(char, n, strlen(shf->node.nam) + 1);
data/zsh-5.8/Src/exec.c:6033:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(*pp) + strlen(s) + 1 >= PATH_MAX)
data/zsh-5.8/Src/exec.c:6033:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(*pp) + strlen(s) + 1 >= PATH_MAX)
data/zsh-5.8/Src/exec.c:6057:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rlen = read(fd, d, len)) >= 0) {
data/zsh-5.8/Src/exec.c:6186:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(*cp) + strlen(s) + 1 >= PATH_MAX)
data/zsh-5.8/Src/exec.c:6186:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(*cp) + strlen(s) + 1 >= PATH_MAX)
data/zsh-5.8/Src/glob.c:288:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DPUTS(strlen(s) + !*s + pathpos - pathbufcwd >= PATH_MAX,
data/zsh-5.8/Src/glob.c:343:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ll = strlen(s);
data/zsh-5.8/Src/glob.c:571:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(fn) + pathpos - pathbufcwd >= PATH_MAX) {
data/zsh-5.8/Src/glob.c:628:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(fn) + 1;
data/zsh-5.8/Src/glob.c:652:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(fn);
data/zsh-5.8/Src/glob.c:1264:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sl = strlen(str);
data/zsh-5.8/Src/glob.c:2277:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenalloc = strp + strlen(str2+1) + 1;
data/zsh-5.8/Src/glob.c:2284:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nclen = strlen(ncptr);
data/zsh-5.8/Src/glob.c:2411:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = pl + strlen(++str2) + 2;
data/zsh-5.8/Src/glob.c:2452:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zz = (char *) hcalloc(prev + (str - str4) + strlen(str2) + 1);
data/zsh-5.8/Src/glob.c:2454:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(zz, str4, str - str4);
data/zsh-5.8/Src/glob.c:2542:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ll += strlen(replstr);
data/zsh-5.8/Src/glob.c:2551:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ll += (bl = strlen(buf));
data/zsh-5.8/Src/glob.c:2557:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ll += (bl = strlen(buf));
data/zsh-5.8/Src/glob.c:2563:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ll += (bl = strlen(buf));
data/zsh-5.8/Src/glob.c:2801:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ioff, l = strlen(*sp), matched = 1, umltot = ztrlen(*sp);
data/zsh-5.8/Src/glob.c:3155:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lleft += strlen(rd->replstr); /* the replaced bit */
data/zsh-5.8/Src/glob.c:3208:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ioff, l = strlen(*sp), uml = ztrlen(*sp), matched = 1, umlen;
data/zsh-5.8/Src/glob.c:3459:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lleft += strlen(rd->replstr); /* the replaced bit */
data/zsh-5.8/Src/hashnameddir.c:248:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nd->diff = strlen(nd->dir) - strlen(nam);
data/zsh-5.8/Src/hashnameddir.c:248:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nd->diff = strlen(nd->dir) - strlen(nam);
data/zsh-5.8/Src/hashtable.c:645:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dirlen = strlen(unmetadir);
data/zsh-5.8/Src/hashtable.c:657:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fn) > PATH_MAX) {
data/zsh-5.8/Src/hist.c:516:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ptr1)) {
data/zsh-5.8/Src/hist.c:926:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (here[strlen(here)-1] != '/')
data/zsh-5.8/Src/hist.c:1834:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(str);
data/zsh-5.8/Src/hist.c:2150:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *str2 = zhalloc(2 * strlen(str) + 1);
data/zsh-5.8/Src/hist.c:2317:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inlen = strlen(in);
data/zsh-5.8/Src/hist.c:2319:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outlen = strlen(sptr);
data/zsh-5.8/Src/hist.c:2582:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = start + strlen(buf + start);
data/zsh-5.8/Src/hist.c:3268:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lockfile = zalloc(strlen(fn) + 5 + 1);
data/zsh-5.8/Src/hist.c:3346:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(buf);
data/zsh-5.8/Src/hist.c:3361:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zlemetall = strlen(p) ;
data/zsh-5.8/Src/hist.c:3487:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int plen = strlen(p);
data/zsh-5.8/Src/hist.c:3525:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plen = strlen(p);
data/zsh-5.8/Src/hist.c:3658:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(wptr);
data/zsh-5.8/Src/init.c:804:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tclen[t0] = strlen(pp);
data/zsh-5.8/Src/init.c:1108:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((ptr = zgetenv("PWD")) && (strlen(ptr) < PATH_MAX) &&
data/zsh-5.8/Src/init.c:1544:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
VARARR(char, buf, strlen(h) + strlen(s) + 2);
data/zsh-5.8/Src/init.c:1544:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
VARARR(char, buf, strlen(h) + strlen(s) + 2);
data/zsh-5.8/Src/input.c:153:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(bshin);
data/zsh-5.8/Src/input.c:313:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ingetcline[strlen(ingetcline) - 1] == '\n' &&
data/zsh-5.8/Src/input.c:317:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *stripptr = ingetcline + strlen(ingetcline) - 2;
data/zsh-5.8/Src/input.c:355:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int newlen = strlen(ingetcline);
data/zsh-5.8/Src/input.c:392:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inbufleft = strlen(inbuf);
data/zsh-5.8/Src/input.c:629:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*t && t[strlen(t) - 1] == ' ') {
data/zsh-5.8/Src/jobs.c:1106:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
llen = strlen(sigmsg(sig));
data/zsh-5.8/Src/jobs.c:1121:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int)strlen(sigmsg(sig)) > len)
data/zsh-5.8/Src/jobs.c:1122:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(sigmsg(sig));
data/zsh-5.8/Src/jobs.c:1181:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int)strlen(qn->text) + len2 + ((qn->next) ? 3 : 0)
data/zsh-5.8/Src/jobs.c:1184:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 += strlen(qn->text) + 2;
data/zsh-5.8/Src/jobs.c:1230:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(sigmsg(WTERMSIG(pn->status)))), "");
data/zsh-5.8/Src/jobs.c:2949:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(0, NULL, 0) != 0) {} /* Might generate SIGT* */
data/zsh-5.8/Src/lex.c:1626:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(*s), err;
data/zsh-5.8/Src/lex.c:1656:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(s), err, toklen;
data/zsh-5.8/Src/lex.c:1709:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int c, l = strlen(s), err;
data/zsh-5.8/Src/lex.c:1758:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tlen = strlen(t);
data/zsh-5.8/Src/lex.c:1881:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
VARARR(char, copy, (strlen(tokstr) + 1));
data/zsh-5.8/Src/loop.c:355:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(*ap) > longest)
data/zsh-5.8/Src/loop.c:356:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
longest = strlen(*ap);
data/zsh-5.8/Src/loop.c:371:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t t2 = strlen(*ap) + 2;
data/zsh-5.8/Src/math.c:1031:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a[strlen(a) - 1] = '\0';
data/zsh-5.8/Src/mem.c:1661:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zfree(p, strlen(p) + 1);
data/zsh-5.8/Src/module.c:1584:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = 1 + strlen(name) + 1 + strlen(DL_EXT);
data/zsh-5.8/Src/module.c:1584:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = 1 + strlen(name) + 1 + strlen(DL_EXT);
data/zsh-5.8/Src/module.c:1586:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (l + (**pp ? strlen(*pp) : 1) > PATH_MAX)
data/zsh-5.8/Src/module.c:1769:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
VARARR(char, buf, strlen(name) + strlen(m->node.nam)*2 + 1);
data/zsh-5.8/Src/module.c:1769:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
VARARR(char, buf, strlen(name) + strlen(m->node.nam)*2 + 1);
data/zsh-5.8/Src/module.c:3462:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
feature = zhalloc(strlen(fnam) + 3);
data/zsh-5.8/Src/params.c:734:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tenv = strcpy(zhalloc(strlen(env) + 1), env);
data/zsh-5.8/Src/params.c:1515:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r -= (zlong)strlen(s);
data/zsh-5.8/Src/params.c:1520:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r = - (zlong)strlen(t); /* keep negative */
data/zsh-5.8/Src/params.c:1530:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(s);
data/zsh-5.8/Src/params.c:1542:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(d, "*");
data/zsh-5.8/Src/params.c:1552:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(s);
data/zsh-5.8/Src/params.c:1655:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*w = r + strlen(ta[i]) - 1;
data/zsh-5.8/Src/params.c:1670:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(d);
data/zsh-5.8/Src/params.c:1935:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zlong startoff = start + strlen(t);
data/zsh-5.8/Src/params.c:2304:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t0 = strlen(s);
data/zsh-5.8/Src/params.c:2342:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s);
data/zsh-5.8/Src/params.c:2545:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
v->pm->width = strlen(val);
data/zsh-5.8/Src/params.c:2551:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zlen = strlen(z);
data/zsh-5.8/Src/params.c:2583:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vlen = strlen(val);
data/zsh-5.8/Src/params.c:2592:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(x, z, v->start);
data/zsh-5.8/Src/params.c:2623:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
v->pm->width = strlen(val);
data/zsh-5.8/Src/params.c:2643:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
v->pm->width = strlen(val);
data/zsh-5.8/Src/params.c:3126:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
v->start = v->end = strlen(v->pm->gsu.s->getfn(v->pm)) +
data/zsh-5.8/Src/params.c:3144:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lvar = strlen(var);
data/zsh-5.8/Src/params.c:3145:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
val = (char *)zalloc(lvar + strlen(val) + 1);
data/zsh-5.8/Src/params.c:5130:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = eq ? eq - name : (int)strlen(name);
data/zsh-5.8/Src/params.c:5250:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_name = strlen(name);
data/zsh-5.8/Src/params.c:5332:6: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(s, "0");
data/zsh-5.8/Src/params.c:5337:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s);
data/zsh-5.8/Src/params.c:5391:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s);
data/zsh-5.8/Src/params.c:5476:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, ".");
data/zsh-5.8/Src/params.c:5526:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s);
data/zsh-5.8/Src/parse.c:405:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((l = strlen(s) + 1) && l <= 4) {
data/zsh-5.8/Src/parse.c:503:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(p + s->aoffs, s->str, strlen(s->str) + 1);
data/zsh-5.8/Src/parse.c:1308:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sl = strlen(str);
data/zsh-5.8/Src/parse.c:1837:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((type2 = strlen(tokstr) - 1) && tokstr[type2] == '+') {
data/zsh-5.8/Src/parse.c:1881:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *eptr = tokstr + strlen(tokstr) - 1;
data/zsh-5.8/Src/parse.c:3189:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, buf, (FD_PRELEN + 1) * sizeof(wordcode)) !=
data/zsh-5.8/Src/parse.c:3214:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd, buf, (FD_PRELEN + 1) * sizeof(wordcode)) !=
data/zsh-5.8/Src/parse.c:3226:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, head + (FD_PRELEN + 1), len) != len) {
data/zsh-5.8/Src/parse.c:3288:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(n) + sizeof(wordcode)) / sizeof(wordcode);
data/zsh-5.8/Src/parse.c:3297:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = strlen(n) + 1;
data/zsh-5.8/Src/parse.c:3361:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, file, flen) != flen) {
data/zsh-5.8/Src/parse.c:3390:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
flen = (strlen(*files) + sizeof(wordcode)) / sizeof(wordcode);
data/zsh-5.8/Src/parse.c:3446:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((strlen(shf->node.nam) + sizeof(wordcode)) / sizeof(wordcode)));
data/zsh-5.8/Src/parse.c:3582:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(filename, f->filename, strlen(f->filename)) &&
data/zsh-5.8/Src/parse.c:3850:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, ((char *) d) + po, h->len) != (int)h->len) {
data/zsh-5.8/Src/pattern.c:1138:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(*csp) == len && !strncmp(start, *csp, len))
data/zsh-5.8/Src/pattern.c:1209:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int newlen = strlen(found);
data/zsh-5.8/Src/pattern.c:2081:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*stringlen = strlen(*string);
data/zsh-5.8/Src/prompt.c:125:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
modp = tricat("~", nd->node.nam, p + strlen(nd->dir));
data/zsh-5.8/Src/prompt.c:130:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (sptr = modp + strlen(modp); sptr > modp; sptr--) {
data/zsh-5.8/Src/prompt.c:313:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ss += strlen(nd->dir);
data/zsh-5.8/Src/prompt.c:474:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bv->bp += strlen(bv->bp);
data/zsh-5.8/Src/prompt.c:482:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bv->bp += strlen(bv->bp);
data/zsh-5.8/Src/prompt.c:499:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (ss = hostnam + strlen(hostnam); ss > hostnam; ss--)
data/zsh-5.8/Src/prompt.c:676:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(j = 0, t0 = strlen(tmfmt)*8; j < 3; j++, t0*=2) {
data/zsh-5.8/Src/prompt.c:686:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bv->bp += strlen(bv->bp);
data/zsh-5.8/Src/prompt.c:716:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bv->bp += strlen(bv->bp);
data/zsh-5.8/Src/prompt.c:725:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bv->bp += strlen(bv->bp);
data/zsh-5.8/Src/prompt.c:817:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bv->bp += strlen(bv->bp);
data/zsh-5.8/Src/prompt.c:838:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bv->bp += strlen(bv->bp);
data/zsh-5.8/Src/prompt.c:850:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bv->bp += strlen(bv->bp);
data/zsh-5.8/Src/prompt.c:876:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bv->bp += strlen(bv->bp);
data/zsh-5.8/Src/prompt.c:977:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
addbufspc(strlen(pc));
data/zsh-5.8/Src/prompt.c:1294:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ntrunc = strlen(t);
data/zsh-5.8/Src/prompt.c:1496:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(bv->bp, skiptext, strlen(skiptext)+1);
data/zsh-5.8/Src/prompt.c:1757:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char *val = teststr + strlen(hl->name);
data/zsh-5.8/Src/prompt.c:1802:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(digbuf);
data/zsh-5.8/Src/prompt.c:1807:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ansi_colours[colour]);
data/zsh-5.8/Src/prompt.c:1847:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(ptr, ",");
data/zsh-5.8/Src/prompt.c:1865:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(ptr, ",");
data/zsh-5.8/Src/prompt.c:1869:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(hp->name);
data/zsh-5.8/Src/prompt.c:1977:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenfg = strlen(fg_bg_sequences[COL_SEQ_FG].def);
data/zsh-5.8/Src/prompt.c:1981:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenfg += strlen(fg_bg_sequences[COL_SEQ_FG].start) +
data/zsh-5.8/Src/prompt.c:1982:2: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(fg_bg_sequences[COL_SEQ_FG].end);
data/zsh-5.8/Src/prompt.c:1984:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenbg = strlen(fg_bg_sequences[COL_SEQ_BG].def);
data/zsh-5.8/Src/prompt.c:1988:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenbg += strlen(fg_bg_sequences[COL_SEQ_BG].start) +
data/zsh-5.8/Src/prompt.c:1989:2: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(fg_bg_sequences[COL_SEQ_BG].end);
data/zsh-5.8/Src/prompt.c:2115:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = colseq_buf + strlen(colseq_buf);
data/zsh-5.8/Src/signals.c:1358:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = (char *) zalloc(5 + strlen(sigs[sig]));
data/zsh-5.8/Src/sort.c:283:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(char *)zhalloc(((sortwhat & SORTIT_IGNORING_CASE)?2:1)*strlen(src)+1);
data/zsh-5.8/Src/string.c:39:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = (char *) zhalloc(strlen((char *)s) + 1);
data/zsh-5.8/Src/string.c:70:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = (char *) zhalloc((*len_ret = strlen((char *)s)) + 1);
data/zsh-5.8/Src/string.c:83:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = (char *)zalloc(strlen((char *)s) + 1);
data/zsh-5.8/Src/string.c:98:46: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = (wchar_t *)zalloc(sizeof(wchar_t) * (wcslen((wchar_t *)s) + 1));
data/zsh-5.8/Src/string.c:114:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l1 = strlen(s1);
data/zsh-5.8/Src/string.c:115:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l2 = strlen(s2);
data/zsh-5.8/Src/string.c:117:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = (char *)zalloc(l1 + l2 + strlen(s3) + 1);
data/zsh-5.8/Src/string.c:129:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l1 = strlen(s1);
data/zsh-5.8/Src/string.c:130:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l2 = strlen(s2);
data/zsh-5.8/Src/string.c:132:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = (char *)zhalloc(l1 + l2 + strlen(s3) + 1);
data/zsh-5.8/Src/string.c:147:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l1 = strlen(s1);
data/zsh-5.8/Src/string.c:149:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = (char *)zhalloc(l1 + strlen(s2) + 1);
data/zsh-5.8/Src/string.c:161:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l1 = strlen(s1);
data/zsh-5.8/Src/string.c:163:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = (char *)zalloc(l1 + strlen(s2) + 1);
data/zsh-5.8/Src/string.c:200:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strcat(realloc(base, strlen(base) + strlen(append) + 1), append);
data/zsh-5.8/Src/string.c:200:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strcat(realloc(base, strlen(base) + strlen(append) + 1), append);
data/zsh-5.8/Src/string.c:212:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return str + strlen (str) - 1;
data/zsh-5.8/Src/subst.c:230:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*pstrdpos = strret + (strdpos - strstart) + strlen(strsub);
data/zsh-5.8/Src/subst.c:260:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sublen = strlen(subst);
data/zsh-5.8/Src/subst.c:261:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
restlen = strlen(rest);
data/zsh-5.8/Src/subst.c:370:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str3, str2, 1);
data/zsh-5.8/Src/subst.c:407:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str = (char *)memmove(str2, str, strlen(str)+1);
data/zsh-5.8/Src/subst.c:413:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l2 = strlen(s);
data/zsh-5.8/Src/subst.c:423:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l2 = strlen(s);
data/zsh-5.8/Src/subst.c:425:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str2 = (char *) hcalloc(l1 + l2 + strlen(str) + 1);
data/zsh-5.8/Src/subst.c:825:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*d = dest = hcalloc(pl + l + (s ? strlen(s) : 0) + 1);
data/zsh-5.8/Src/subst.c:826:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest, pb, pl);
data/zsh-5.8/Src/subst.c:935:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lr = strlen(str) + strlen(premul) * prenum + strlen(postmul) * postnum;
data/zsh-5.8/Src/subst.c:935:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lr = strlen(str) + strlen(premul) * prenum + strlen(postmul) * postnum;
data/zsh-5.8/Src/subst.c:935:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lr = strlen(str) + strlen(premul) * prenum + strlen(postmul) * postnum;
data/zsh-5.8/Src/subst.c:940:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lr += strlen(preone);
data/zsh-5.8/Src/subst.c:942:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lr += strlen(postone);
data/zsh-5.8/Src/subst.c:3738:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sl = strlen(tmp);
data/zsh-5.8/Src/subst.c:3781:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sl = strlen(tmp);
data/zsh-5.8/Src/subst.c:3943:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vallen = aval[0] ? strlen(aval[0]) : 0;
data/zsh-5.8/Src/subst.c:3944:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
y = (char *) hcalloc((aptr - ostr) + vallen + strlen(fstr) + 1);
data/zsh-5.8/Src/subst.c:4004:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xlen = strlen(x);
data/zsh-5.8/Src/subst.c:4052:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xlen = strlen(x);
data/zsh-5.8/Src/subst.c:4091:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xlen = strlen(x);
data/zsh-5.8/Src/subst.c:4130:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xlen = strlen(x);
data/zsh-5.8/Src/subst.c:4167:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = *bptr = (char *) hcalloc(strlen(*bptr) + strlen(b) +
data/zsh-5.8/Src/subst.c:4167:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = *bptr = (char *) hcalloc(strlen(*bptr) + strlen(b) +
data/zsh-5.8/Src/subst.c:4168:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(rest) + 1);
data/zsh-5.8/Src/subst.c:4452:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (here[strlen(here)-1] != '/')
data/zsh-5.8/Src/subst.c:4462:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nl = al + strlen(t) + strlen(copy);
data/zsh-5.8/Src/subst.c:4462:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nl = al + strlen(t) + strlen(copy);
data/zsh-5.8/Src/subst.c:4538:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (here[strlen(here)-1] != '/')
data/zsh-5.8/Src/text.c:91:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(str1) + strlen(str2) + 1;
data/zsh-5.8/Src/text.c:91:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(str1) + strlen(str2) + 1;
data/zsh-5.8/Src/text.c:102:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int oldlen = strlen(tpending);
data/zsh-5.8/Src/text.c:148:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sl = strlen(s);
data/zsh-5.8/Src/text.c:1064:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fnamelen = strlen(f->name);
data/zsh-5.8/Src/utils.c:81:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
VARARR(wchar_t, tmpwcs, strlen(mb_array));
data/zsh-5.8/Src/utils.c:722:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*swidep = buf + strlen(buf);
data/zsh-5.8/Src/utils.c:816:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(*pp);
data/zsh-5.8/Src/utils.c:820:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf = zhalloc(ppmaxlen + strlen(prog) + 2);
data/zsh-5.8/Src/utils.c:922:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zulong xbuflen = strlen(xbuf), pplen;
data/zsh-5.8/Src/utils.c:944:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pplen = strlen(*pp) + 1;
data/zsh-5.8/Src/utils.c:956:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(xbuf, "/");
data/zsh-5.8/Src/utils.c:974:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((len += strlen(xbuf3) + 1) < sizeof(xbuf)) {
data/zsh-5.8/Src/utils.c:975:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(xbuf + xbuflen, "/");
data/zsh-5.8/Src/utils.c:984:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zulong newlen = len + strlen(*pp) + 1;
data/zsh-5.8/Src/utils.c:986:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(xbuf + len, "/");
data/zsh-5.8/Src/utils.c:1002:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(xbuf, "");
data/zsh-5.8/Src/utils.c:1006:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xbuflen = strlen(xbuf);
data/zsh-5.8/Src/utils.c:1011:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xbuflen = strlen(xbuf);
data/zsh-5.8/Src/utils.c:1081:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fputs(unmeta(s + strlen(d->dir)), f);
data/zsh-5.8/Src/utils.c:1100:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return zhtricat("~", d->node.nam, quotestring(s + strlen(d->dir),
data/zsh-5.8/Src/utils.c:1180:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
homenode.diff = home ? strlen(home) : 0;
data/zsh-5.8/Src/utils.c:1200:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int)strlen(s) >= ffsz) {
data/zsh-5.8/Src/utils.c:1202:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
finddir_full = zalloc(ffsz = strlen(s) * 2);
data/zsh-5.8/Src/utils.c:1217:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
finddir_last->diff = len - strlen(finddir_last->node.nam);
data/zsh-5.8/Src/utils.c:1252:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!t || *t != '/' || strlen(t) >= PATH_MAX) {
data/zsh-5.8/Src/utils.c:1265:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
eptr = t + strlen(t);
data/zsh-5.8/Src/utils.c:1532:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int namlen = strlen(name);
data/zsh-5.8/Src/utils.c:2247:17: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
old_umask = umask(0177);
data/zsh-5.8/Src/utils.c:2265:17: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
old_umask = umask(0177);
data/zsh-5.8/Src/utils.c:2280:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(old_umask);
data/zsh-5.8/Src/utils.c:2730:48: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((polltty || setblock_fd(0, fd, &mode)) && read(fd, &c, 1) > 0) {
data/zsh-5.8/Src/utils.c:2884:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t ret = read(fd, buf, len);
data/zsh-5.8/Src/utils.c:2934:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read(SHTTY, &c, 1) != 1) {
data/zsh-5.8/Src/utils.c:2958:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(SHTTY, &c, 1) != 1) {
data/zsh-5.8/Src/utils.c:3072:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nd = spdist(hn->nam, guess, (int) strlen(guess) / 4 + 1);
data/zsh-5.8/Src/utils.c:3167:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
preflen = strlen(guess) - strlen(t);
data/zsh-5.8/Src/utils.c:3167:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
preflen = strlen(guess) - strlen(t);
data/zsh-5.8/Src/utils.c:3202:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (best && (int)strlen(best) > 1 && strcmp(best, guess)) {
data/zsh-5.8/Src/utils.c:3211:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
u = (char *) zhalloc(t - *s + strlen(best + preflen) + 1);
data/zsh-5.8/Src/utils.c:3212:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(u, *s, t - *s);
data/zsh-5.8/Src/utils.c:3215:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
u = (char *) zhalloc(strlen(best) + 2);
data/zsh-5.8/Src/utils.c:3475:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ztrftimebuf(&bufsize, strlen(astr[tm->tm_wday]) - 2))
data/zsh-5.8/Src/utils.c:3480:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ztrftimebuf(&bufsize, strlen(estr[tm->tm_mon]) - 2))
data/zsh-5.8/Src/utils.c:3513:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp, fmtstart, size);
data/zsh-5.8/Src/utils.c:3542:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
decr = strlen(buf);
data/zsh-5.8/Src/utils.c:3567:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(*s) + 1 + (imeta(delim) ? 1 : 0);
data/zsh-5.8/Src/utils.c:3606:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int)strlen(*p) == t - s && ! strncmp(*p, s, t - s))
data/zsh-5.8/Src/utils.c:3797:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sl = strlen(sep);
data/zsh-5.8/Src/utils.c:3824:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sl = strlen(sep);
data/zsh-5.8/Src/utils.c:3884:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sl = strlen(sep);
data/zsh-5.8/Src/utils.c:3885:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (t = s, l = 1 - sl; *t; l += strlen(*t) + sl, t++);
data/zsh-5.8/Src/utils.c:3911:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sl = strlen(sep);
data/zsh-5.8/Src/utils.c:3921:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(*p, tt, t - tt);
data/zsh-5.8/Src/utils.c:3997:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int namlen = strlen(name);
data/zsh-5.8/Src/utils.c:4546:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(buf = zalloc((dirlen = strlen(dir)) + strlen(mindistguess) + 2)))
data/zsh-5.8/Src/utils.c:4546:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(buf = zalloc((dirlen = strlen(dir)) + strlen(mindistguess) + 2)))
data/zsh-5.8/Src/utils.c:4561:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)strlen(mindistguess) / 4 + 1);
data/zsh-5.8/Src/utils.c:4564:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(buf = zrealloc(buf, dirlen + strlen(fn) + 2)))
data/zsh-5.8/Src/utils.c:4637:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((!*p && strlen(q) == 1) || (!*q && strlen(p) == 1))
data/zsh-5.8/Src/utils.c:4637:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((!*p && strlen(q) == 1) || (!*q && strlen(p) == 1))
data/zsh-5.8/Src/utils.c:5151:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
orig_name_len = strlen(de->d_name);
data/zsh-5.8/Src/utils.c:5200:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int c, len = strlen(s) * 5 + 1;
data/zsh-5.8/Src/utils.c:5274:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l += strlen(nicechar(c));
data/zsh-5.8/Src/utils.c:5310:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outleft = outalloc = 5 * strlen(s);
data/zsh-5.8/Src/utils.c:5337:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newl = strlen(fmt);
data/zsh-5.8/Src/utils.c:5369:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int outlen = strlen(fmt);
data/zsh-5.8/Src/utils.c:5978:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(s);
data/zsh-5.8/Src/utils.c:6304:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outstr = (char *)zhalloc(4 + strlen(substr));
data/zsh-5.8/Src/utils.c:6323:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(s) + 2;
data/zsh-5.8/Src/utils.c:6452:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(s) * 4 + 2;
data/zsh-5.8/Src/utils.c:7133:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ls = strlen(s), lt = strlen(t);
data/zsh-5.8/Src/utils.c:7133:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ls = strlen(s), lt = strlen(t);
data/zsh-5.8/Src/utils.c:7479:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t plen = strlen(path), dlen;
data/zsh-5.8/Src/utils.c:7543:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dlen = strlen(dir) + 1; /* include the "/" */
data/zsh-5.8/Src/watch.c:456:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!watchlog_match(v, u->ut_host, strlen(v)))
ANALYSIS SUMMARY:
Hits = 1737
Lines analyzed = 149141 in approximately 3.66 seconds (40746 lines/second)
Physical Source Lines of Code (SLOC) = 107513
Hits@level = [0] 478 [1] 742 [2] 666 [3] 8 [4] 314 [5] 7
Hits@level+ = [0+] 2215 [1+] 1737 [2+] 995 [3+] 329 [4+] 321 [5+] 7
Hits/KSLOC@level+ = [0+] 20.6022 [1+] 16.1562 [2+] 9.25469 [3+] 3.0601 [4+] 2.98569 [5+] 0.0651084
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.