f1000)directory/c-sdk/ldap/libraries/libldap/request.c:638 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1001)directory/c-sdk/ldap/libraries/libldap/request.c:648 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1002)directory/c-sdk/ldap/libraries/libldap/request.c:655 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1003)directory/c-sdk/ldap/libraries/libldap/request.c:685 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1004)directory/c-sdk/ldap/libraries/libldap/request.c:693 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1005)directory/c-sdk/ldap/libraries/libldap/request.c:697 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1006)directory/c-sdk/ldap/libraries/libldap/request.c:709 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1007)directory/c-sdk/ldap/libraries/libldap/request.c:715 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1008)directory/c-sdk/ldap/libraries/libldap/request.c:1075 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1009)directory/c-sdk/ldap/libraries/libldap/request.c:1077 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
f1010)directory/c-sdk/ldap/libraries/libldap/request.c:1079 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1011)directory/c-sdk/ldap/libraries/libldap/test.c:99 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1012)directory/c-sdk/ldap/libraries/libldap/test.c:301 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1013)directory/c-sdk/ldap/libraries/libldap/test.c:530 [3] (buffer) getopt: this does not protect against buffer overflows by itself, so use with caution. .
f1014)directory/c-sdk/ldap/libraries/libldap/test.c:593 [4] (format) fprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1015)directory/c-sdk/ldap/libraries/libldap/test.c:654 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1016)directory/c-sdk/ldap/libraries/libldap/test.c:698 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1017)directory/c-sdk/ldap/libraries/libldap/test.c:747 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1018)directory/c-sdk/ldap/libraries/libldap/test.c:788 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1019)directory/c-sdk/ldap/libraries/libldap/test.c:931 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1020)directory/c-sdk/ldap/libraries/libldap/test.c:944 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1021)directory/c-sdk/ldap/libraries/libldap/test.c:997 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1022)directory/c-sdk/ldap/libraries/libldap/test.c:1013 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1023)directory/c-sdk/ldap/libraries/libldap/test.c:1066 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1024)directory/c-sdk/ldap/libraries/libldap/test.c:1147 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1025)directory/c-sdk/ldap/libraries/libldap/test.c:1303 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1026)directory/c-sdk/ldap/libraries/libldap/test.c:1654 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1027)directory/c-sdk/ldap/libraries/libldap/tmplout.c:185 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1028)directory/c-sdk/ldap/libraries/libldap/tmplout.c:189 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1029)directory/c-sdk/ldap/libraries/libldap/tmplout.c:193 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1030)directory/c-sdk/ldap/libraries/libldap/tmplout.c:204 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1031)directory/c-sdk/ldap/libraries/libldap/tmplout.c:216 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1032)directory/c-sdk/ldap/libraries/libldap/tmplout.c:226 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1033)directory/c-sdk/ldap/libraries/libldap/tmplout.c:228 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1034)directory/c-sdk/ldap/libraries/libldap/tmplout.c:239 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1035)directory/c-sdk/ldap/libraries/libldap/tmplout.c:364 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1036)directory/c-sdk/ldap/libraries/libldap/tmplout.c:677 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1037)directory/c-sdk/ldap/libraries/libldap/tmplout.c:679 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1038)directory/c-sdk/ldap/libraries/libldap/tmplout.c:704 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1039)directory/c-sdk/ldap/libraries/libldap/tmplout.c:706 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1040)directory/c-sdk/ldap/libraries/libldap/tmplout.c:748 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1041)directory/c-sdk/ldap/libraries/libldap/tmplout.c:750 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1042)directory/c-sdk/ldap/libraries/libldap/tmplout.c:757 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1043)directory/c-sdk/ldap/libraries/libldap/tmplout.c:764 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1044)directory/c-sdk/ldap/libraries/libldap/tmplout.c:766 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1045)directory/c-sdk/ldap/libraries/libldap/tmplout.c:809 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1046)directory/c-sdk/ldap/libraries/libldap/tmplout.c:812 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1047)directory/c-sdk/ldap/libraries/libldap/tmplout.c:820 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1048)directory/c-sdk/ldap/libraries/libldap/tmplout.c:839 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1049)directory/c-sdk/ldap/libraries/libldap/tmplout.c:841 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
f1050)directory/c-sdk/ldap/libraries/libldap/tmplout.c:843 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1051)directory/c-sdk/ldap/libraries/libldap/tmplout.c:851 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
f1052)directory/c-sdk/ldap/libraries/libldap/tmplout.c:853 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1053)directory/c-sdk/ldap/libraries/libldap/tmplout.c:857 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
f1054)directory/c-sdk/ldap/libraries/libldap/tmplout.c:862 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1055)directory/c-sdk/ldap/libraries/libldap/tmplout.c:954 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1056)directory/c-sdk/ldap/libraries/libldap/tmplout.c:1072 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1057)directory/c-sdk/ldap/libraries/libldap/tmplout.c:1076 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
f1058)directory/c-sdk/ldap/libraries/libldap/tmplout.c:1078 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1059)directory/c-sdk/ldap/libraries/libldap/ufn.c:123 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1060)directory/c-sdk/ldap/libraries/libldap/ufn.c:314 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1061)directory/c-sdk/ldap/libraries/libldap/ufn.c:316 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
f1062)directory/c-sdk/ldap/libraries/libprldap/ldappr-io.c:325 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1063)directory/c-sdk/ldap/libraries/libprldap/ldappr-io.c:335 [4] (format) fprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1064)directory/c-sdk/ldap/libraries/libssldap/clientinit.c:264 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1065)directory/c-sdk/ldap/libraries/libutil/getopt.c:66 [3] (buffer) getopt: this does not protect against buffer overflows by itself, so use with caution. .
f1066)directory/c-sdk/ldap/libraries/macintosh/getopt.c:62 [3] (buffer) getopt: this does not protect against buffer overflows by itself, so use with caution. .
f1067)directory/c-sdk/ldap/libraries/macintosh/kerberos-macos.c:75 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1068)directory/c-sdk/ldap/libraries/macintosh/kerberos-macos.c:77 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1069)directory/c-sdk/ldap/libraries/macintosh/ldap-macos.h:71 [3] (buffer) getopt: this does not protect against buffer overflows by itself, so use with caution. .
f1070)directory/c-sdk/ldap/libraries/macintosh/strings.c:113 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1071)directory/c-sdk/ldap/libraries/msdos/winsock/mozock.c:286 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1072)directory/c-sdk/ldap/libraries/msdos/winsock/mozock.c:287 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1073)modules/libimg/png/png.c:598 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1074)modules/libimg/png/png.c:606 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1075)modules/libimg/png/png.h:2183 [4] (format) fprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1076)modules/libimg/png/png.h:2189 [4] (format) fprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1077)modules/libimg/png/png.h:2195 [4] (format) fprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1078)modules/libimg/png/pngconf.h:1208 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1079)modules/libimg/png/pnggccrd.c:4781 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1080)modules/libimg/png/pnggccrd.c:4783 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1081)modules/libimg/png/pnggccrd.c:4785 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1082)modules/libimg/png/pnggccrd.c:4787 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1083)modules/libimg/png/pnggccrd.c:4789 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1084)modules/libimg/png/pnggccrd.c:4791 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1085)modules/libimg/png/pngpread.c:1406 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1086)modules/libimg/png/pngrtran.c:1136 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1087)modules/libimg/png/pngrutil.c:256 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1088)modules/libimg/png/pngrutil.c:259 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1089)modules/libimg/png/pngrutil.c:262 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1090)modules/libimg/png/pngrutil.c:290 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1091)modules/libimg/png/pngrutil.c:2112 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1092)modules/libimg/png/pngset.c:476 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1093)modules/libimg/png/pngvcrd.c:3647 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1094)modules/libimg/png/pngvcrd.c:3649 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1095)modules/libimg/png/pngvcrd.c:3651 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1096)modules/libimg/png/pngvcrd.c:3653 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1097)modules/libimg/png/pngvcrd.c:3655 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1098)modules/libimg/png/pngvcrd.c:3657 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1099)modules/libimg/png/pngwutil.c:179 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1100)modules/libimg/png/pngwutil.c:1118 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1101)modules/libimg/png/pngwutil.c:1481 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1102)modules/libimg/png/pngwutil.c:1482 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1103)modules/libimg/png/pngwutil.c:1508 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1104)modules/libimg/png/pngwutil.c:1509 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1105)modules/libjar/nsJAR.cpp:287 [5] (race) chmod: this accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead.
f1106)modules/libjar/nsZipArchive.cpp:676 [5] (race) chmod: this accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead.
f1107)modules/libjar/nsZipArchive.cpp:1779 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1108)modules/libjar/nsZipArchive.cpp:1792 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1109)modules/libjar/nsZipArchive.cpp:1825 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1110)modules/libjar/zipstub.h:41 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1111)modules/libpref/src/prefapi.cpp:1244 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
f1113)modules/libreg/src/VerReg.c:603 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1117)modules/libreg/src/vr_stubs.h:100 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1118)modules/libreg/src/vr_stubs.h:103 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1119)modules/libreg/src/vr_stubs.h:105 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1120)modules/libreg/src/vr_stubs.h:207 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1122)modules/libutil/public/nsTimer.h:90 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1123)modules/libutil/public/nsTimer.h:136 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1124)modules/libutil/public/nsTimer.h:182 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1125)modules/libutil/public/nsTimer.h:185 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1126)modules/libutil/public/stopwatch.h:55 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1127)modules/libutil/public/stopwatch.h:66 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1132)modules/plugin/base/src/ns4xPlugin.cpp:494 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1133)modules/plugin/base/src/nsPluginHostImpl.cpp:821 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1135)modules/plugin/base/src/nsPluginStreamPeer.cpp:174 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1136)modules/plugin/base/src/nsPluginsDirDarwin.cpp:130 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1137)modules/plugin/samples/4x-scriptable/plugin.cpp:64 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1138)modules/plugin/samples/4x-scriptable/plugin.cpp:137 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1139)modules/plugin/samples/4x-scriptable/plugin.cpp:154 [1] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant character.
f1140)modules/plugin/samples/4x-scriptable/plugin.cpp:168 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1141)modules/plugin/samples/SanePlugin/nsSanePlugin.cpp:268 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1142)modules/plugin/samples/SanePlugin/nsSanePlugin.cpp:327 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1143)modules/plugin/samples/SanePlugin/nsSanePlugin.cpp:349 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1144)modules/plugin/samples/SanePlugin/nsSanePlugin.cpp:1406 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
f1145)modules/plugin/samples/SanePlugin/nsSanePlugin.cpp:1490 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1146)modules/plugin/samples/SanePlugin/nsSanePlugin.cpp:1515 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1147)modules/plugin/samples/SanePlugin/nsSanePlugin.cpp:1532 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1148)modules/plugin/samples/SanePlugin/nsSanePlugin.cpp:1713 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1149)modules/plugin/samples/SanePlugin/nsSanePlugin.cpp:1896 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1150)modules/plugin/samples/SanePlugin/nsSanePlugin.cpp:1901 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1151)modules/plugin/samples/SanePlugin/nsSanePlugin.cpp:1903 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1152)modules/plugin/samples/SanePlugin/nsSanePlugin.cpp:2609 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1153)modules/plugin/samples/SanePlugin/nsSanePlugin.cpp:2610 [4] (tmpfile) system: this calls out to a new process and is difficult to use safely. try using a library call that implements the same functionality if available..
f1154)modules/plugin/samples/backward/badapter.cpp:1389 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1155)modules/plugin/samples/backward/badapter.cpp:1393 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1156)modules/plugin/samples/default/mac/NullPlugin.cpp:566 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1157)modules/plugin/samples/default/mac/NullPlugin.cpp:879 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1158)modules/plugin/samples/default/mac/NullPlugin.cpp:881 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1159)modules/plugin/samples/default/mac/NullPlugin.cpp:891 [4] (format) sprintf: Potential format string problem. Make format string constant.
f1160)modules/plugin/samples/default/mac/NullPlugin.cpp:922 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1161)modules/plugin/samples/default/mac/NullPlugin.cpp:924 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1162)modules/plugin/samples/default/mac/NullPlugin.cpp:934 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1163)modules/plugin/samples/default/os2/plugin.cpp:112 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1164)modules/plugin/samples/default/os2/plugin.cpp:119 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1165)modules/plugin/samples/default/os2/plugin.cpp:126 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1166)modules/plugin/samples/default/os2/plugin.cpp:133 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1167)modules/plugin/samples/default/os2/plugin.cpp:144 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1168)modules/plugin/samples/default/os2/plugin.cpp:289 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1169)modules/plugin/samples/default/os2/plugin.cpp:308 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1170)modules/plugin/samples/default/os2/plugin.cpp:316 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1171)modules/plugin/samples/default/os2/plugin.cpp:331 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1172)modules/plugin/samples/default/os2/plugin.cpp:339 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1173)modules/plugin/samples/default/os2/plugin.cpp:351 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1174)modules/plugin/samples/default/os2/plugin.cpp:451 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1175)modules/plugin/samples/default/os2/utils.cpp:129 [1] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant character.
f1176)modules/plugin/samples/default/os2/utils.cpp:148 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1177)modules/plugin/samples/default/os2/utils.cpp:160 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1178)modules/plugin/samples/default/os2/utils.cpp:161 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
f1179)modules/plugin/samples/default/unix/nullplugin.c:83 [4] (format) sprintf: Potential format string problem. Make format string constant.
f1180)modules/plugin/samples/default/unix/nullplugin.c:101 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1181)modules/plugin/samples/default/unix/nullplugin.c:160 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1182)modules/plugin/samples/npthread/windows/action.cpp:45 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1183)modules/plugin/samples/npthread/windows/action.cpp:48 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1184)modules/plugin/samples/npthread/windows/action.cpp:51 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1185)modules/plugin/samples/npthread/windows/action.cpp:54 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1186)modules/plugin/samples/npthread/windows/action.cpp:57 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1187)modules/plugin/samples/npthread/windows/action.cpp:60 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1188)modules/plugin/samples/npthread/windows/action.cpp:63 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1189)modules/plugin/samples/npthread/windows/action.cpp:66 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1190)modules/plugin/samples/npthread/windows/action.cpp:69 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1191)modules/plugin/samples/npthread/windows/action.cpp:72 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1192)modules/plugin/samples/npthread/windows/action.cpp:75 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1193)modules/plugin/samples/npthread/windows/action.cpp:78 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1194)modules/plugin/samples/npthread/windows/action.cpp:81 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1195)modules/plugin/samples/npthread/windows/action.cpp:84 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1196)modules/plugin/samples/npthread/windows/action.cpp:87 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1197)modules/plugin/samples/npthread/windows/action.cpp:90 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1198)modules/plugin/samples/npthread/windows/action.cpp:93 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1199)modules/plugin/samples/npthread/windows/action.cpp:96 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1200)modules/plugin/samples/npthread/windows/action.cpp:99 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1201)modules/plugin/samples/npthread/windows/action.cpp:102 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1202)modules/plugin/samples/npthread/windows/action.cpp:105 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1203)modules/plugin/samples/npthread/windows/action.cpp:108 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1204)modules/plugin/samples/npthread/windows/action.cpp:111 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1205)modules/plugin/samples/npthread/windows/action.cpp:115 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1206)modules/plugin/samples/npthread/windows/action.cpp:118 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1207)modules/plugin/samples/npthread/windows/action.cpp:121 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1208)modules/plugin/samples/npthread/windows/action.cpp:124 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1209)modules/plugin/samples/npthread/windows/action.cpp:127 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1210)modules/plugin/samples/npthread/windows/action.cpp:130 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1211)modules/plugin/samples/npthread/windows/action.cpp:133 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1212)modules/plugin/samples/npthread/windows/action.cpp:136 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1213)modules/plugin/samples/npthread/windows/action.cpp:139 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1214)modules/plugin/samples/npthread/windows/action.cpp:142 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1215)modules/plugin/samples/npthread/windows/action.cpp:145 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1216)modules/plugin/samples/npthread/windows/action.cpp:148 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1217)modules/plugin/samples/npthread/windows/action.cpp:151 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1218)modules/plugin/samples/npthread/windows/action.cpp:154 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1219)modules/plugin/samples/npthread/windows/action.cpp:157 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1220)modules/plugin/samples/npthread/windows/plugload.cpp:59 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
f1221)modules/plugin/samples/npthread/windows/plugload.cpp:78 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1222)modules/plugin/samples/npthread/windows/plugload.cpp:79 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
f1223)modules/plugin/samples/npthread/windows/plugload.cpp:92 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1224)modules/plugin/samples/npthread/windows/plugload.cpp:93 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
f1225)modules/plugin/samples/npthread/windows/plugload.cpp:94 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1226)modules/plugin/samples/simple/npsimple.cpp:816 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1227)modules/plugin/samples/simple/npsimple.cpp:822 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1228)modules/plugin/samples/simple/npsimple.cpp:838 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1229)modules/plugin/samples/simple/npsimple.cpp:857 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1230)modules/plugin/samples/simple/npsimple.cpp:873 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1231)modules/plugin/samples/simple/npsimple.cpp:885 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1232)modules/plugin/samples/testevents/npevents.cpp:600 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1233)modules/plugin/samples/testevents/npevents.cpp:616 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1234)modules/plugin/samples/testevents/npevents.cpp:629 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1462)modules/zlib/src/example.c:71 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1463)modules/zlib/src/example.c:119 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1464)modules/zlib/src/example.c:209 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1465)modules/zlib/src/example.c:305 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1466)modules/zlib/src/example.c:384 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1467)modules/zlib/src/example.c:465 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1468)modules/zlib/src/gzio.c:108 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1469)modules/zlib/src/gzio.c:201 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1470)modules/zlib/src/gzio.c:533 [4] (format) vsnprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1471)modules/zlib/src/gzio.c:535 [4] (format) vsprintf: Potential format string problem. Make format string constant.
f1472)modules/zlib/src/gzio.c:556 [4] (format) snprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1473)modules/zlib/src/gzio.c:559 [4] (format) sprintf: Potential format string problem. Make format string constant.
f1474)modules/zlib/src/gzio.c:871 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1475)modules/zlib/src/gzio.c:872 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
f1476)modules/zlib/src/gzio.c:873 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1477)modules/zlib/src/minigzip.c:203 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1478)modules/zlib/src/minigzip.c:204 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1479)modules/zlib/src/minigzip.c:234 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1480)modules/zlib/src/minigzip.c:243 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1481)modules/zlib/src/minigzip.c:278 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1482)modules/zlib/src/zutil.h:197 [4] (format) fprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1483)modules/zlib/src/zutil.h:198 [4] (format) fprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1484)modules/zlib/src/zutil.h:199 [4] (format) fprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1485)modules/zlib/src/zutil.h:200 [4] (format) fprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1486)modules/zlib/src/zutil.h:201 [4] (format) fprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1487)editor/libeditor/html/nsEditorTxnLog.cpp:391 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1488)editor/libeditor/html/nsEditorTxnLog.cpp:405 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1489)editor/libeditor/html/nsHTMLEditorLog.cpp:913 [4] (format) sprintf: Potential format string problem. Make format string constant.
f1490)editor/libeditor/html/nsHTMLEditorLog.cpp:942 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1491)editor/libeditor/html/nsHTMLEditorLog.cpp:944 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1494)extensions/inspector/base/src/inBitmap.cpp:112 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1495)extensions/layout-debug/plugin/plugin.cpp:169 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1496)extensions/python/xpcom/src/ErrorUtils.cpp:49 [4] (format) vsprintf: Potential format string problem. Make format string constant.
f1497)extensions/python/xpcom/src/ErrorUtils.cpp:202 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1498)extensions/python/xpcom/src/ErrorUtils.cpp:210 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1499)extensions/python/xpcom/src/PyGBase.cpp:586 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1500)extensions/python/xpcom/src/PyGBase.cpp:633 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1501)extensions/python/xpcom/src/PyGWeakReference.cpp:43 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1502)extensions/python/xpcom/src/PyIID.cpp:186 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1503)extensions/python/xpcom/src/PyISupports.cpp:110 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1504)extensions/python/xpcom/src/TypeObject.cpp:133 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1505)extensions/python/xpcom/src/VariantUtils.cpp:473 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1506)extensions/python/xpcom/src/VariantUtils.cpp:1986 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1507)extensions/python/xpcom/src/loader/pyloader.cpp:183 [4] (format) vsprintf: Potential format string problem. Make format string constant.
f1508)extensions/python/xpcom/src/loader/pyloader.cpp:321 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1509)extensions/python/xpcom/src/loader/pyloader.cpp:329 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1510)extensions/transformiix/source/base/Double.cpp:243 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1511)extensions/transformiix/source/xml/parser/xmlwf-ignore/xmlwf.c:78 [4] (format) fprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1512)extensions/transformiix/source/xml/parser/xmlwf-ignore/xmlwf.c:83 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1513)extensions/transformiix/source/xml/parser/xmlwf-ignore/xmlwf.c:84 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1514)extensions/transformiix/source/xslt/functions/GenerateIdFunctionCall.cpp:98 [4] (format) sprintf: Potential format string problem. Make format string constant.
f1515)extensions/transformiix/source/xslt/functions/txFormatNumberFunctionCall.cpp:304 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1516)extensions/transformiix/source/xslt/functions/txFormatNumberFunctionCall.cpp:306 [4] (format) sprintf: Potential format string problem. Make format string constant.
f1519)extensions/xmlextras/soap/src/nsHTTPSOAPTransport.cpp:79 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1520)extensions/xmlterm/lineterm/ltermEscape.c:807 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1521)extensions/xmlterm/lineterm/ltermEscape.c:1163 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1522)extensions/xmlterm/lineterm/ltermEscape.c:1167 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1523)extensions/xmlterm/lineterm/ltermManager.c:1366 [2] (race) vfork: on some old systems, vfork() permits race conditions, and it's very difficult to use correctly. Use fork() instead.
f1525)extensions/xmlterm/lineterm/ptystream.c:158 [2] (race) vfork: on some old systems, vfork() permits race conditions, and it's very difficult to use correctly. Use fork() instead.
f1526)extensions/xmlterm/lineterm/ptystream.c:199 [4] (tmpfile) execvp: this calls out to a new process and is difficult to use safely. try using a library call that implements the same functionality if available..
f1528)extensions/xmlterm/lineterm/ptystream.c:212 [4] (tmpfile) execle: this calls out to a new process and is difficult to use safely. try using a library call that implements the same functionality if available..
f1529)extensions/xmlterm/lineterm/ptystream.c:214 [4] (tmpfile) execlp: this calls out to a new process and is difficult to use safely. try using a library call that implements the same functionality if available..
f1530)extensions/xmlterm/lineterm/ptystream.c:307 [4] (race) access: this usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly.
f1531)extensions/xmlterm/lineterm/tracelog.c:190 [4] (format) vfprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1532)extensions/xmlterm/lineterm/tracelog.c:205 [4] (format) vfprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1534)extensions/xmlterm/linetest/lterm.c:638 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1535)extensions/xmlterm/linetest/lterm.c:641 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1536)extensions/xmlterm/linetest/lterm.c:646 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1537)extensions/xmlterm/linetest/lterm.c:649 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1538)extensions/xmlterm/linetest/lterm.c:654 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1539)extensions/xmlterm/linetest/lterm.c:659 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1540)extensions/xmlterm/linetest/lterm.c:673 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1541)extensions/xmlterm/linetest/ptytest.c:282 [4] (tmpfile) execvp: this calls out to a new process and is difficult to use safely. try using a library call that implements the same functionality if available..
f1545)dbm/src/h_page.c:1184 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1549)dbm/src/h_page.c:1195 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1550)dbm/src/h_page.c:1199 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1551)dbm/src/mktemp.c:73 [2] (tmpfile) tmpfile: tmpfile() has a security flaw on some systems (e.g., older System V systems). .
f1552)dbm/src/mktemp.c:92 [4] (tmpfile) mktemp: temporary file race condition. .
f1553)dbm/src/ndbm.c:82 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1554)dbm/src/ndbm.c:83 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1555)dbm/src/nsres.c:57 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1556)dbm/src/nsres.c:66 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1557)dbm/src/nsres.c:67 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1558)dbm/src/snprintf.c:27 [4] (format) snprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1559)dbm/src/snprintf.c:29 [4] (format) snprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1560)dbm/src/snprintf.c:48 [4] (format) vsprintf: Potential format string problem. Make format string constant.
f1561)dbm/src/snprintf.c:52 [4] (format) vsprintf: Potential format string problem. Make format string constant.
f1562)dbm/src/snprintf.c:59 [4] (format) vsnprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1563)dbm/src/snprintf.c:66 [4] (format) vsprintf: Potential format string problem. Make format string constant.
f1564)dbm/src/snprintf.c:68 [4] (format) vsprintf: Potential format string problem. Make format string constant.
f1568)config/gtscc.c:207 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1569)config/gtscc.c:217 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
f1570)config/gtscc.c:218 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1571)config/gtscc.c:223 [3] (buffer) realpath: this does not protect against buffer overflows by itself, so use with caution. .
f1572)config/gtscc.c:228 [3] (buffer) realpath: this does not protect against buffer overflows by itself, so use with caution. .
f1573)config/gtscc.c:233 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
f1574)config/gtscc.c:238 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1575)config/gtscc.c:360 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1576)config/gtscc.c:361 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
f1577)config/gtscc.c:362 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1578)config/gtscc.c:1256 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1579)config/gtscc.c:1415 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1580)config/gtscc.c:1589 [4] (tmpfile) execvp: this calls out to a new process and is difficult to use safely. try using a library call that implements the same functionality if available..
f1581)config/gtscc.c:1683 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1582)config/gtscc.c:1686 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1583)config/gtscc.c:1687 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
f1584)config/gtscc.c:1689 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1585)config/gtscc.c:1690 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
f1586)config/gtscc.c:1775 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1587)config/gtscc.c:1776 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1588)config/gtscc.c:1855 [4] (format) sprintf: Potential format string problem. Make format string constant.
f1589)config/gtscc.c:1882 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1590)config/gtscc.c:1883 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1591)config/gtscc.c:1910 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1592)config/gtscc.c:1911 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
f1593)config/gtscc.c:1927 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1594)config/gtscc.c:1928 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
f1595)config/gtscc.c:1930 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1596)config/gtscc.c:2003 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1597)config/gtscc.c:2004 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
f1598)config/gtscc.c:2006 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1599)config/gtscc.c:2038 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1600)config/gtscc.c:2039 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
f1601)config/gtscc.c:2043 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1602)config/gtscc.c:2045 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
f1603)config/gtscc.c:2046 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1604)config/gtscc.c:2389 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
f1605)config/gtscc.c:2390 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1606)config/gtscc.c:2395 [3] (buffer) realpath: this does not protect against buffer overflows by itself, so use with caution. .
f1607)config/gtscc.c:2400 [3] (buffer) realpath: this does not protect against buffer overflows by itself, so use with caution. .
f1608)config/gtscc.c:2404 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
f1609)config/makecopy.cpp:325 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1610)config/makecopy.cpp:329 [1] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant character.
f1611)config/makecopy.cpp:340 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1612)config/makecopy.cpp:341 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1613)config/makecopy.cpp:398 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1614)config/makecopy.cpp:555 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1615)config/makecopy.cpp:559 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
f1616)config/makecopy.cpp:573 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1617)config/makecopy.cpp:587 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1618)config/makecopy.cpp:588 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1619)config/makedep.cpp:167 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1620)config/makedep.cpp:509 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1621)config/mangle.c:72 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1622)config/mangle.c:134 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1623)config/mantomak.c:181 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1624)config/mantomak.c:216 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1625)config/mantomak.c:483 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1626)config/mantomak.c:484 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
f1627)config/mantomak.c:494 [4] (format) sprintf: Potential format string problem. Make format string constant.
f1628)config/mantomak.c:495 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
f1629)config/mantomak.c:497 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1630)config/nsinstall.c:77 [3] (buffer) getopt: this does not protect against buffer overflows by itself, so use with caution. .
f1631)config/nsinstall.c:129 [4] (race) access: this usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly.
f1632)config/nsinstall.c:130 [5] (race) chown: this accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchown( ) instead.
f1633)config/nsinstall.c:241 [4] (race) access: this usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly.
f1634)config/nsinstall.c:244 [5] (race) chmod: this accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead.
f1635)config/nsinstall.c:282 [5] (race) chmod: this accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead.
f1636)config/nsinstall.c:301 [5] (race) chmod: this accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead.
f1637)config/nsinstall.c:320 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1638)config/nsinstall.c:336 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1639)config/nsinstall.c:337 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1640)config/nsinstall.c:369 [3] (buffer) getopt: this does not protect against buffer overflows by itself, so use with caution. .
f1641)config/nsinstall.c:438 [3] (buffer) getwd: this does not protect against buffer overflows by itself, so use with caution. .
f1642)config/nsinstall.c:452 [3] (buffer) getwd: this does not protect against buffer overflows by itself, so use with caution. .
f1643)config/nsinstall.c:467 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1644)config/nsinstall.c:478 [5] (race) chown: this accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchown( ) instead.
f1645)config/nsinstall.c:481 [4] (race) access: this usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly.
f1646)config/nsinstall.c:492 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1647)config/nsinstall.c:500 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1648)config/pathsub.c:91 [4] (format) vfprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1649)config/pathsub.c:172 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1650)config/pathsub.c:208 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1651)config/pathsub.c:216 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1652)config/pathsub.c:220 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1653)config/pathsub.c:234 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1654)config/pathsub.c:245 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1655)config/pathsub.c:255 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1656)config/trace.cpp:187 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1657)config/trace.cpp:188 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
f1658)config/trace.cpp:195 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
f1659)config/trace.cpp:304 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1660)config/trace.cpp:305 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
f1661)config/mkdepend/cppsetup.c:147 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1662)config/mkdepend/include.c:64 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1663)config/mkdepend/include.c:151 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1664)config/mkdepend/include.c:284 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1665)config/mkdepend/include.c:288 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1666)config/mkdepend/include.c:305 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1667)config/mkdepend/main.c:469 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1668)config/mkdepend/main.c:651 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1669)config/mkdepend/main.c:682 [5] (race) chmod: this accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead.
f1670)config/mkdepend/main.c:703 [4] (format) vfprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1671)config/mkdepend/main.c:706 [4] (format) fprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1672)config/mkdepend/main.c:726 [4] (format) vfprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1673)config/mkdepend/main.c:729 [4] (format) fprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1674)config/mkdepend/main.c:745 [4] (format) vfprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1675)config/mkdepend/main.c:748 [4] (format) fprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1676)config/mkdepend/pr.c:92 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1677)config/mkdepend/pr.c:98 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1678)config/os2/dirent.c:162 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
f1679)config/os2/dirent.c:168 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
f1680)config/os2/dirent.c:170 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1681)config/os2/dirent.c:172 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
f1682)config/os2/dirent.c:174 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
f1683)config/os2/dirent.c:283 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1684)config/os2/dirent.c:284 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
f1685)config/os2/getopt.c:77 [3] (buffer) getopt: this does not protect against buffer overflows by itself, so use with caution. .
f1686)db/mork/src/morkConfig.cpp:69 [4] (race) access: this usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly.
f1687)db/mork/src/morkConfig.cpp:76 [4] (race) access: this usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly.
f1688)db/mork/src/morkConfig.cpp:80 [4] (race) access: this usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly.
f1689)db/mork/src/morkConfig.h:169 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1746)embedding/browser/activex/src/control/MozillaBrowser.cpp:615 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1747)embedding/browser/activex/src/plugin/LegacyPlugin.cpp:167 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1748)embedding/browser/activex/src/plugin/LegacyPlugin.cpp:171 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1749)embedding/browser/activex/src/pluginhostctrl/nsPluginHostCtrl.cpp:687 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1750)embedding/browser/activex/src/pluginhostctrl/nsPluginHostCtrl.cpp:689 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1751)embedding/browser/activex/src/pluginhostctrl/pluginsdk_include/jni.h:1742 [4] (format) vfprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1752)embedding/browser/activex/src/tlb2xpt/TypeDesc.cpp:126 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1756)embedding/browser/photon/src/EmbedProgress.cpp:98 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1757)embedding/browser/photon/src/EmbedProgress.cpp:186 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1758)embedding/browser/photon/src/PtMozilla.cpp:398 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1759)embedding/browser/photon/src/PtMozilla.cpp:460 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1760)embedding/browser/photon/src/PtMozilla.cpp:479 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1761)embedding/browser/photon/src/PtMozilla.cpp:521 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1762)embedding/browser/photon/src/PtMozilla.cpp:531 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1763)embedding/browser/photon/src/PtMozilla.cpp:559 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1764)embedding/browser/photon/src/PtMozilla.cpp:631 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1765)embedding/browser/photon/src/PtMozilla.cpp:805 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1766)embedding/browser/photon/src/PtMozilla.cpp:810 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1767)embedding/browser/photon/src/PtMozilla.cpp:815 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1768)embedding/browser/photon/src/PtMozilla.cpp:820 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1769)embedding/browser/photon/src/PtMozilla.cpp:825 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1770)embedding/browser/photon/src/PtMozilla.cpp:830 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1771)embedding/browser/photon/src/PtMozilla.cpp:845 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1772)embedding/browser/photon/src/PtMozilla.cpp:855 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1773)embedding/browser/photon/src/PtMozilla.cpp:857 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1774)embedding/browser/photon/src/PtMozilla.cpp:864 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1775)embedding/browser/photon/src/PtMozilla.cpp:869 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1776)embedding/browser/photon/src/PtMozilla.cpp:876 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1777)embedding/browser/photon/src/PtMozilla.cpp:881 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1778)embedding/browser/photon/src/PtMozilla.cpp:886 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1779)embedding/browser/photon/src/PtMozilla.cpp:893 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1780)embedding/browser/photon/src/PtMozilla.cpp:898 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1781)embedding/browser/photon/src/PtMozilla.cpp:905 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1782)embedding/browser/photon/src/PtMozilla.cpp:915 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1783)embedding/browser/photon/src/PtMozilla.cpp:920 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1784)embedding/browser/photon/src/PtMozilla.cpp:927 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1785)embedding/browser/photon/src/PtMozilla.cpp:932 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1786)embedding/browser/photon/src/PtMozilla.cpp:940 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1787)embedding/browser/photon/src/PtMozilla.cpp:947 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1788)embedding/browser/photon/src/PtMozilla.cpp:952 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1792)embedding/browser/photon/src/nsUnknownContentTypeHandler.cpp:121 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1793)embedding/browser/photon/src/nsUnknownContentTypeHandler.cpp:122 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1801)embedding/components/printingui/src/win/nsPrintDialogUtil.cpp:880 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1808)gc/boehm/dyn_load.c:302 [4] (buffer) sscanf: the scanf() family's %s operation, without a limit specification, permits buffer overflows. Specify a limit to %s, or use a different input function.
f1809)gc/boehm/dyn_load.c:312 [4] (buffer) sscanf: the scanf() family's %s operation, without a limit specification, permits buffer overflows. Specify a limit to %s, or use a different input function.
f1810)gc/boehm/dyn_load.c:315 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1811)gc/boehm/dyn_load.c:458 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1812)gc/boehm/gc_fragments.cpp:89 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1813)gc/boehm/gc_fragments.cpp:90 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1814)gc/boehm/gc_fragments.cpp:204 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1815)gc/boehm/gc_fragments.cpp:205 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1816)gc/boehm/if_mach.c:16 [4] (tmpfile) execvp: this calls out to a new process and is difficult to use safely. try using a library call that implements the same functionality if available..
f1817)gc/boehm/if_not_there.c:19 [4] (tmpfile) execvp: this calls out to a new process and is difficult to use safely. try using a library call that implements the same functionality if available..
f1818)gc/boehm/misc.c:710 [4] (format) sprintf: Potential format string problem. Make format string constant.
f1819)gc/boehm/misc.c:722 [4] (format) sprintf: Potential format string problem. Make format string constant.
f1820)gc/boehm/os_dep.c:1996 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1821)gc/boehm/solaris_threads.c:234 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1822)gc/boehm/test.c:38 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1823)gc/boehm/test.c:40 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1824)gc/boehm/cord/cordbscs.c:286 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1825)gc/boehm/cord/cordbscs.c:436 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1826)gc/boehm/cord/cordprnt.c:306 [4] (format) vsprintf: Potential format string problem. Make format string constant.
f1827)gc/boehm/cord/cordtest.c:214 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1828)gc/boehm/cord/de.c:64 [4] (format) fprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1829)gc/boehm/cord/de.c:69 [4] (format) fprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1830)gc/boehm/cord/de_win.c:70 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1831)gc/boehm/cord/de_win.c:105 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1832)include/xp_str.h:66 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1839)intl/locale/src/nsLocaleService.cpp:406 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1840)intl/locale/src/nsLocaleService.cpp:462 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1841)intl/locale/src/nsLocaleService.cpp:471 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1842)intl/locale/src/nsScriptableDateFormat.cpp:149 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1843)intl/locale/src/mac/nsDateTimeFormatMac.cpp:434 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
f1844)intl/locale/src/mac/nsDateTimeFormatMac.cpp:435 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1848)intl/uconv/public/nsICharsetConverterManager.h:121 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1855)jpeg/jerror.c:199 [4] (format) sprintf: Potential format string problem. Make format string constant.
f1856)jpeg/jerror.c:201 [4] (format) sprintf: Potential format string problem. Make format string constant.
f1857)jpeg/jmemansi.c:144 [2] (tmpfile) tmpfile: tmpfile() has a security flaw on some systems (e.g., older System V systems). .
f1861)jpeg/jmemdos.c:151 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1864)jpeg/jmemname.c:102 [4] (format) sprintf: Potential format string problem. Make format string constant.
f1865)jpeg/jmemname.c:129 [4] (format) sprintf: Potential format string problem. Make format string constant.
f1866)jpeg/jmemname.c:130 [4] (tmpfile) mktemp: temporary file race condition. .
f1867)js/jsd/jsd_scpt.c:198 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1868)js/jsd/jsd_step.c:106 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1869)js/jsd/jsd_xpc.cpp:71 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1870)js/src/js.c:112 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1871)js/src/js.c:155 [4] (format) fprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1872)js/src/js.c:165 [4] (format) vsnprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1873)js/src/js.c:177 [4] (format) vsnprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1875)js/src/js.c:265 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1876)js/src/js.c:274 [4] (format) fprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1877)js/src/js.c:281 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1878)js/src/js.c:1883 [4] (tmpfile) execvp: this calls out to a new process and is difficult to use safely. try using a library call that implements the same functionality if available..
f1880)js/src/js.c:1957 [4] (race) access: this usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly.
f1884)js/src/jsdtoa.c:1922 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1885)js/src/jsdtoa.c:2684 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1886)js/src/jsfile.c:66 [4] (tmpfile) popen: this calls out to a new process and is difficult to use safely. try using a library call that implements the same functionality if available..
f1887)js/src/jsfile.c:203 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1888)js/src/jsfile.c:289 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1889)js/src/jsfile.c:299 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1890)js/src/jsfile.c:483 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1891)js/src/jsfile.c:488 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1892)js/src/jsfile.c:508 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1893)js/src/jsfile.c:515 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1894)js/src/jsfile.c:586 [1] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant character.
f1895)js/src/jsfile.c:1954 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1896)js/src/jsfile.c:2268 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
f1897)js/src/jsfile.c:2269 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
f1898)js/src/jsfile.c:2273 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
f1899)js/src/jsfile.c:2274 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
f1900)js/src/jsfile.c:2278 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
f1901)js/src/jsfile.c:2279 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
f1902)js/src/jsfile.c:2283 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
f1903)js/src/jsfile.c:2284 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
f1904)js/src/jsfile.c:2288 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
f1905)js/src/jsfile.c:2289 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
f1906)js/src/jsfile.c:2293 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
f1907)js/src/jsfile.c:2294 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
f1908)js/src/jsfile.c:2298 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
f1909)js/src/jsfile.c:2299 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
f1910)js/src/jsgc.c:866 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1911)js/src/jsgc.c:869 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1912)js/src/jsgc.c:872 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1913)js/src/jsgc.c:891 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1914)js/src/jsgc.c:897 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
f1915)js/src/jsprf.c:358 [4] (format) sprintf: Potential format string problem. Make format string constant.
f1917)js/src/liveconnect/jsj_JavaArray.c:185 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1918)js/src/liveconnect/jsj_JavaPackage.c:71 [4] (race) access: this usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly.
f1919)js/src/liveconnect/jsj_JavaPackage.c:76 [4] (race) access: this usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly.
f1920)js/src/liveconnect/jsj_JavaPackage.c:489 [4] (race) access: this usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly.
f1921)js/src/liveconnect/jsj_private.h:656 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1922)js/src/liveconnect/jsjava.h:185 [4] (race) access: this usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly.
f1923)js/src/xpconnect/shell/xpcshell.cpp:416 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1924)js/src/xpconnect/shell/xpcshell.cpp:425 [4] (format) fprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1925)js/src/xpconnect/shell/xpcshell.cpp:428 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1926)js/src/xpconnect/src/xpcdebug.cpp:290 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1927)js/src/xpconnect/src/xpcdebug.cpp:362 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1928)js/src/xpconnect/src/xpcdebug.cpp:365 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1929)js/src/xpconnect/src/xpcwrappedjsclass.cpp:1265 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1930)js/src/xpconnect/src/xpcwrappedjsclass.cpp:1266 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1931)js/src/xpconnect/src/xpcwrappedjsclass.cpp:1270 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1932)js/src/xpconnect/src/xpcwrappedjsclass.cpp:1275 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1933)js/src/xpconnect/src/xpcwrappedjsclass.cpp:1276 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1939)lib/mac/MacMemoryAllocator/src/LowLevel.c:431 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1940)lib/mac/MacMemoryAllocator/src/LowLevel.c:439 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1941)lib/mac/MacMemoryAllocator/src/LowLevel.c:442 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1942)lib/mac/MacMemoryAllocator/src/LowLevel.c:445 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1943)lib/mac/MacMemoryAllocator/src/LowLevel.c:448 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1944)lib/mac/MacMemoryAllocator/src/LowLevel.c:451 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1945)lib/mac/MacMemoryAllocator/src/LowLevel.c:456 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1946)lib/mac/MacMemoryAllocator/src/LowLevel.c:459 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1947)lib/mac/MacMemoryAllocator/src/MemoryTracker.c:649 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1948)lib/mac/MacMemoryAllocator/src/MemoryTracker.c:785 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1949)lib/mac/MacMemoryAllocator/src/MemoryTracker.c:1018 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
f1950)lib/mac/MacMemoryAllocator/src/MemoryTracker.c:1059 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1951)lib/mac/MacMemoryAllocator/src/MemoryTracker.c:1074 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
f1952)lib/mac/MacMemoryAllocator/src/MemoryTracker.c:1077 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1953)lib/mac/MacMemoryAllocator/src/MemoryTracker.c:1087 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1954)lib/mac/MacMemoryAllocator/src/MemoryTracker.c:1108 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1955)lib/mac/MacMemoryAllocator/src/StdCLevel.c:851 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1956)lib/mac/MacMemoryAllocator/src/StdCLevel.c:853 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1957)lib/mac/MacMemoryAllocator/src/StdCLevel.c:936 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1958)lib/mac/MacMemoryAllocator/src/StdCLevel.c:987 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1959)lib/mac/MacMemoryAllocator/src/StdCLevel.c:996 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1960)lib/mac/MacMemoryAllocator/src/StdCLevel.c:1012 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1961)lib/mac/MacMemoryAllocator/src/StdCLevel.c:1050 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1962)lib/mac/MacMemoryAllocator/src/StdCLevel.c:1052 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1963)lib/mac/MacMemoryAllocator/src/StdCLevel.c:1054 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1964)lib/mac/MacMemoryAllocator/src/StdCLevel.c:1056 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1965)lib/mac/MacMemoryAllocator/src/StdCLevel.c:1059 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1966)lib/mac/MacMemoryAllocator/src/StdCLevel.c:1074 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1967)lib/mac/MacMemoryAllocator/src/StdCLevel.c:1076 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1968)lib/mac/MacMemoryAllocator/src/StdCLevel.c:1078 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1969)lib/mac/MacMemoryAllocator/src/StdCLevel.c:1080 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1970)lib/mac/MacMemoryAllocator/src/StdCLevel.c:1083 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1971)lib/mac/MacMemoryAllocator/src/StdCLevel.c:2769 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
f1972)lib/mac/MacMemoryAllocator/src/StdCLevel.c:2816 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1973)lib/mac/MacMemoryAllocator/src/StdCLevel.c:2817 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
f1974)lib/mac/MacMemoryAllocator/src/StdCLevel.c:2834 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1975)lib/mac/MacMemoryAllocator/src/StdCLevel.c:2844 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
f1976)lib/mac/MacMemoryAllocator/src/fastmem.c:586 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1977)lib/mac/MacMemoryAllocator/src/fastmem.c:676 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
f1978)lib/mac/NSStdLib/src/nsEnvironment.cpp:54 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1979)lib/mac/NSStdLib/src/nsEnvironment.cpp:58 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1986)debug/gfx/src/gtk/xprintutil.c:267 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1987)debug/gfx/src/gtk/xprintutil.c:281 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1988)debug/gfx/src/gtk/xprintutil.c:533 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
f1989)debug/gfx/src/gtk/xprintutil.c:683 [4] (buffer) sscanf: the scanf() family's %s operation, without a limit specification, permits buffer overflows. Specify a limit to %s, or use a different input function.
f1990)debug/gfx/src/gtk/xprintutil.c:812 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
f1991)debug/gfx/src/gtk/nsFT2FontCatalog.cpp:292 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1992)debug/gfx/src/gtk/nsFT2FontCatalog.cpp:983 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1993)debug/gfx/src/gtk/nsFT2FontCatalog.cpp:1032 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1994)debug/gfx/src/gtk/nsFT2FontCatalog.cpp:1042 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1995)debug/gfx/src/gtk/nsFT2FontCatalog.cpp:1328 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1996)debug/gfx/src/gtk/nsFT2FontCatalog.cpp:1340 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1997)debug/gfx/src/gtk/nsFT2FontCatalog.cpp:2306 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1998)debug/gfx/src/gtk/nsFT2FontCatalog.cpp:2311 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
f1999)debug/gfx/src/gtk/nsFT2FontCatalog.cpp:2314 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.