f2000) | debug/gfx/src/gtk/nsFT2FontCatalog.cpp:2317 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2001) | debug/gfx/src/gtk/nsFT2FontCatalog.cpp:2320 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2002) | debug/gfx/src/gtk/nsFT2FontCatalog.cpp:2322 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2003) | debug/gfx/src/gtk/nsFT2FontCatalog.cpp:2325 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2004) | debug/gfx/src/gtk/nsFT2FontCatalog.cpp:2327 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2005) | debug/gfx/src/gtk/nsFT2FontCatalog.cpp:2329 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2006) | debug/gfx/src/gtk/nsFT2FontCatalog.cpp:2331 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2007) | debug/gfx/src/gtk/nsFT2FontCatalog.cpp:2333 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2008) | debug/gfx/src/gtk/nsFT2FontCatalog.cpp:2335 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2009) | debug/gfx/src/gtk/nsFT2FontCatalog.cpp:2337 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2010) | debug/gfx/src/gtk/nsFT2FontCatalog.cpp:2339 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2011) | debug/gfx/src/gtk/nsFT2FontCatalog.cpp:2344 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2012) | debug/gfx/src/gtk/nsFT2FontCatalog.cpp:2366 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2013) | debug/gfx/src/gtk/nsFT2FontCatalog.cpp:2392 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2014) | debug/gfx/src/gtk/nsFT2FontCatalog.cpp:2395 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2015) | debug/gfx/src/gtk/nsFT2FontCatalog.cpp:2469 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2016) | debug/gfx/src/gtk/nsX11AlphaBlend.cpp:55 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2017) | debug/gfx/src/xprint/nsFontMetricsXlib.cpp:4053 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2018) | debug/gfx/src/xprint/nsFontMetricsXlib.cpp:4214 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2020) | debug/modules/libreg/standalone/VerReg.c:603 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2023) | debug/modules/libjar/standalone/nsZipArchive.cpp:676 [5] (race) chmod: this accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead.
|
f2024) | debug/modules/libjar/standalone/nsZipArchive.cpp:1779 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2025) | debug/modules/libjar/standalone/nsZipArchive.cpp:1792 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2026) | debug/modules/libjar/standalone/nsZipArchive.cpp:1825 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2027) | debug/modules/libjar/standalone/nsJAR.cpp:287 [5] (race) chmod: this accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead.
|
f2028) | debug/modules/zlib/standalone/gzio.c:108 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2029) | debug/modules/zlib/standalone/gzio.c:201 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2030) | debug/modules/zlib/standalone/gzio.c:533 [4] (format) vsnprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2031) | debug/modules/zlib/standalone/gzio.c:535 [4] (format) vsprintf: Potential format string problem. Make format string constant.
|
f2032) | debug/modules/zlib/standalone/gzio.c:556 [4] (format) snprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2033) | debug/modules/zlib/standalone/gzio.c:559 [4] (format) sprintf: Potential format string problem. Make format string constant.
|
f2034) | debug/modules/zlib/standalone/gzio.c:871 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2035) | debug/modules/zlib/standalone/gzio.c:872 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2036) | debug/modules/zlib/standalone/gzio.c:873 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2037) | debug/xpcom/glue/standalone/nsDebug.cpp:118 [4] (format) vsnprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2038) | debug/xpcom/glue/standalone/nsDebug.cpp:140 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2040) | debug/xpcom/glue/standalone/nsDebug.cpp:237 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
|
f2042) | debug/xpcom/glue/standalone/nsDebug.cpp:359 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2043) | debug/xpcom/glue/standalone/nsDebug.cpp:423 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2045) | debug/xpcom/glue/standalone/nsGenericFactory.cpp:113 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2046) | debug/xpcom/glue/standalone/nsGenericFactory.cpp:127 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2047) | debug/dist/include/xp_str.h:66 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2051) | debug/dist/include/nspr/md/_pcos.h:59 [3] (buffer) getopt: this does not protect against buffer overflows by itself, so use with caution. .
|
f2052) | debug/dist/include/nspr/md/sunos4.h:73 [3] (buffer) getopt: this does not protect against buffer overflows by itself, so use with caution. .
|
f2053) | debug/dist/include/nspr/md/sunos4.h:76 [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation. use a more secure technique for acquiring random values.
|
f2054) | debug/dist/include/nspr/md/sunos4.h:77 [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation. use a more secure technique for acquiring random values.
|
f2055) | debug/dist/include/nspr/md/sunos4.h:92 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2056) | debug/dist/include/nspr/md/sunos4.h:93 [4] (format) fprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2057) | debug/dist/include/nspr/md/sunos4.h:94 [4] (format) vprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2058) | debug/dist/include/nspr/md/sunos4.h:95 [4] (format) vfprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2059) | debug/dist/include/nspr/md/sunos4.h:96 [4] (format) vsprintf: Potential format string problem. Make format string constant.
|
f2060) | debug/dist/include/nspr/md/sunos4.h:97 [4] (buffer) scanf: the scanf() family's %s operation, without a limit specification, permits buffer overflows. Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable.
|
f2061) | debug/dist/include/nspr/md/sunos4.h:98 [4] (buffer) sscanf: the scanf() family's %s operation, without a limit specification, permits buffer overflows. Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable.
|
f2062) | debug/dist/include/nspr/md/sunos4.h:99 [4] (buffer) fscanf: the scanf() family's %s operation, without a limit specification, permits buffer overflows. Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable.
|
f2063) | debug/dist/include/nspr/md/sunos4.h:114 [4] (tmpfile) system: this calls out to a new process and is difficult to use safely. try using a library call that implements the same functionality if available..
|
f2064) | debug/dist/include/nspr/md/sunos4.h:115 [4] (tmpfile) popen: this calls out to a new process and is difficult to use safely. try using a library call that implements the same functionality if available..
|
f2065) | debug/dist/include/nspr/md/sunos4.h:125 [3] (random) lrand48: This function is not sufficiently random for security-related functions such as key and nonce creation. use a more secure technique for acquiring random values.
|
f2066) | debug/dist/include/nspr/md/sunos4.h:126 [3] (random) drand48: This function is not sufficiently random for security-related functions such as key and nonce creation. use a more secure technique for acquiring random values.
|
f2067) | debug/dist/include/nspr/md/sunos4.h:156 [3] (buffer) getwd: this does not protect against buffer overflows by itself, so use with caution. .
|
f2069) | debug/dist/include/xpcom/nsTextFormatter.h:55 [4] (format) snprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2070) | debug/dist/include/xpcom/nsTextFormatter.h:81 [4] (format) vsnprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2071) | debug/dist/include/uconv/nsICharsetConverterManager.h:121 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2072) | debug/dist/include/jar/zipstub.h:41 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2073) | debug/dist/include/java/jsjava.h:185 [4] (race) access: this usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly.
|
f2074) | debug/dist/include/java/jni.h:1744 [4] (format) vfprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2075) | debug/dist/include/util/stopwatch.h:55 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2076) | debug/dist/include/util/stopwatch.h:66 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2077) | debug/dist/include/util/nsTimer.h:90 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2078) | debug/dist/include/util/nsTimer.h:136 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2079) | debug/dist/include/util/nsTimer.h:182 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2080) | debug/dist/include/util/nsTimer.h:185 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2081) | debug/dist/include/png/png.h:2183 [4] (format) fprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2082) | debug/dist/include/png/png.h:2189 [4] (format) fprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2083) | debug/dist/include/png/png.h:2195 [4] (format) fprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2084) | debug/dist/include/png/pngconf.h:1208 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2085) | debug/dist/include/xpnet/nsHTTPConn.h:104 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2086) | debug/dist/include/xpnet/nsSocket.h:113 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2087) | debug/dist/public/ldap-private/portable.h:359 [4] (format) fprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2088) | debug/dist/public/ldap-private/ldaplog.h:80 [4] (format) sprintf: Potential format string problem. Make format string constant.
|
f2092) | debug/dist/public/ldap-nspr/md/_pcos.h:59 [3] (buffer) getopt: this does not protect against buffer overflows by itself, so use with caution. .
|
f2093) | debug/dist/public/ldap-nspr/md/sunos4.h:73 [3] (buffer) getopt: this does not protect against buffer overflows by itself, so use with caution. .
|
f2094) | debug/dist/public/ldap-nspr/md/sunos4.h:76 [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation. use a more secure technique for acquiring random values.
|
f2095) | debug/dist/public/ldap-nspr/md/sunos4.h:77 [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation. use a more secure technique for acquiring random values.
|
f2096) | debug/dist/public/ldap-nspr/md/sunos4.h:92 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2097) | debug/dist/public/ldap-nspr/md/sunos4.h:93 [4] (format) fprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2098) | debug/dist/public/ldap-nspr/md/sunos4.h:94 [4] (format) vprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2099) | debug/dist/public/ldap-nspr/md/sunos4.h:95 [4] (format) vfprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2100) | debug/dist/public/ldap-nspr/md/sunos4.h:96 [4] (format) vsprintf: Potential format string problem. Make format string constant.
|
f2101) | debug/dist/public/ldap-nspr/md/sunos4.h:97 [4] (buffer) scanf: the scanf() family's %s operation, without a limit specification, permits buffer overflows. Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable.
|
f2102) | debug/dist/public/ldap-nspr/md/sunos4.h:98 [4] (buffer) sscanf: the scanf() family's %s operation, without a limit specification, permits buffer overflows. Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable.
|
f2103) | debug/dist/public/ldap-nspr/md/sunos4.h:99 [4] (buffer) fscanf: the scanf() family's %s operation, without a limit specification, permits buffer overflows. Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable.
|
f2104) | debug/dist/public/ldap-nspr/md/sunos4.h:114 [4] (tmpfile) system: this calls out to a new process and is difficult to use safely. try using a library call that implements the same functionality if available..
|
f2105) | debug/dist/public/ldap-nspr/md/sunos4.h:115 [4] (tmpfile) popen: this calls out to a new process and is difficult to use safely. try using a library call that implements the same functionality if available..
|
f2106) | debug/dist/public/ldap-nspr/md/sunos4.h:125 [3] (random) lrand48: This function is not sufficiently random for security-related functions such as key and nonce creation. use a more secure technique for acquiring random values.
|
f2107) | debug/dist/public/ldap-nspr/md/sunos4.h:126 [3] (random) drand48: This function is not sufficiently random for security-related functions such as key and nonce creation. use a more secure technique for acquiring random values.
|
f2108) | debug/dist/public/ldap-nspr/md/sunos4.h:156 [3] (buffer) getwd: this does not protect against buffer overflows by itself, so use with caution. .
|
f2110) | debug/dist/public/security/secport.h:204 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2111) | debug/dist/public/security/secport.h:208 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2112) | debug/dist/private/security/ssl3prot.h:168 [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation. use a more secure technique for acquiring random values.
|
f2113) | debug/dist/private/security/ssl3prot.h:177 [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation. use a more secure technique for acquiring random values.
|
f2114) | debug/dist/private/security/ssl3prot.h:253 [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation. use a more secure technique for acquiring random values.
|
f2115) | debug/nss/swfci/nslib.c:463 [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation. use a more secure technique for acquiring random values.
|
f2116) | debug/nss/swfci/nslib.c:467 [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation. use a more secure technique for acquiring random values.
|
f2117) | debug/nss/swfci/nslib.c:998 [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation. use a more secure technique for acquiring random values.
|
f2118) | debug/nss/swfci/nslib.c:1018 [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation. use a more secure technique for acquiring random values.
|
f2120) | debug/nss/swfci/nslib.c:1028 [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation. use a more secure technique for acquiring random values.
|
f2121) | netwerk/base/src/nsAsyncStreamListener.cpp:243 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2122) | netwerk/cache/src/nsDiskCacheMap.cpp:801 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2123) | netwerk/cache/src/nsDiskCacheMap.cpp:836 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2125) | netwerk/dns/daemon/nsDnsAsyncLookup.cpp:314 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2126) | netwerk/dns/daemon/nsDnsAsyncLookup.cpp:526 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2128) | netwerk/mime/src/nsXMLMIMEDataSource.cpp:393 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2129) | netwerk/mime/src/nsXMLMIMEDataSource.cpp:402 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2130) | netwerk/protocol/ftp/src/nsFTPChannel.cpp:697 [4] (race) access: this usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly.
|
f2131) | netwerk/protocol/ftp/src/nsFtpConnectionThread.cpp:2057 [4] (race) access: this usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly.
|
f2132) | netwerk/protocol/ftp/src/nsFtpConnectionThread.cpp:2058 [4] (race) access: this usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly.
|
f2133) | netwerk/protocol/ftp/src/nsFtpConnectionThread.cpp:2062 [4] (race) access: this usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly.
|
f2134) | netwerk/protocol/http/src/nsHttpChannel.cpp:3135 [4] (race) access: this usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly.
|
f2135) | netwerk/protocol/http/src/nsHttpChannel.cpp:3139 [4] (race) access: this usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly.
|
f2136) | netwerk/protocol/http/src/nsHttpChannel.cpp:3149 [4] (race) access: this usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly.
|
f2137) | netwerk/streamconv/converters/nsHTTPChunkConv.cpp:150 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2138) | netwerk/streamconv/src/nsAppleFileDecoder.h:89 [4] (race) access: this usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly.
|
f2139) | netwerk/test/TestCacheBlockFiles.cpp:209 [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation. use a more secure technique for acquiring random values.
|
f2140) | netwerk/test/TestDNSDaemon.cpp:78 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2141) | netwerk/test/TestDNSDaemon.cpp:88 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
|
f2142) | netwerk/test/TestDNSDaemon.cpp:89 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2143) | netwerk/test/TestFileInput.cpp:148 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2144) | netwerk/test/TestFileTransport.cpp:68 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2145) | netwerk/test/TestPageLoad.cpp:114 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2146) | netwerk/test/TestPageLoad.cpp:117 [4] (buffer) sscanf: the scanf() family's %s operation, without a limit specification, permits buffer overflows. Specify a limit to %s, or use a different input function.
|
f2147) | netwerk/test/TestPageLoad.cpp:143 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2148) | netwerk/test/TestProtocols.cpp:568 [4] (buffer) scanf: the scanf() family's %s operation, without a limit specification, permits buffer overflows. Specify a limit to %s, or use a different input function.
|
f2149) | netwerk/test/TestSocketInput.cpp:120 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2150) | netwerk/test/TestSyncHTTP.cpp:53 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2151) | netwerk/test/TestThreadedIO.cpp:139 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2152) | netwerk/test/TestWriteSpeed.cpp:87 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2153) | netwerk/test/TestWriteStream.cpp:181 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2154) | plugin/oji/MRJ/plugin/Source/BackwardAdapter.cpp:2080 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2155) | plugin/oji/MRJ/plugin/Source/BackwardAdapter.cpp:2084 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2156) | plugin/oji/MRJ/plugin/Source/EmbeddedFrame.cpp:139 [4] (format) sprintf: Potential format string problem. Make format string constant.
|
f2157) | plugin/oji/MRJ/plugin/Source/JSEvaluator.cpp:84 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2158) | plugin/oji/MRJ/plugin/Source/JSEvaluator.cpp:85 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2159) | plugin/oji/MRJ/plugin/Source/MRJPlugin.cpp:370 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2160) | plugin/oji/MRJ/plugin/Source/MRJPlugin.cpp:376 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2162) | plugin/oji/MRJ/plugin/Source/MRJSession.cpp:128 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2163) | plugin/oji/MRJ/plugin/Source/MRJSession.cpp:132 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2164) | plugin/oji/MRJ/plugin/Source/MRJSession.cpp:136 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2165) | plugin/oji/MRJ/plugin/Source/MRJSession.cpp:192 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2166) | plugin/oji/MRJ/plugin/Source/StringUtils.cpp:82 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2167) | plugin/oji/MRJ/plugin/Source/nsLiveConnect.cpp:103 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2168) | plugin/oji/MRJ/plugin/Source/nsLiveConnect.cpp:104 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2169) | profile/src/nsProfile.cpp:1422 [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation. use a more secure technique for acquiring random values.
|
f2170) | rdf/datasource/src/nsFileSystemDataSource.cpp:1139 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2171) | rdf/opendir/genopendir.c:90 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2172) | rdf/opendir/genopendir.c:173 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2173) | rdf/opendir/genopendir.c:176 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2174) | rdf/opendir/genopendir.c:222 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2175) | rdf/opendir/genopendir.c:315 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2176) | rdf/opendir/genopendir.c:325 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2177) | rdf/opendir/rdfparse.c:388 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2178) | rdf/opendir/rdfparse.c:397 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2179) | rdf/opendir/rdfparse.c:418 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2180) | rdf/opendir/rdfparse.c:420 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2181) | rdf/opendir/spf2ldiff.c:64 [5] (buffer) gets: does not check for buffer overflows. Use fgets() instead.
|
f2182) | rdf/opendir/spf2ldiff.c:300 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2183) | rdf/opendir/spf2ldiff.c:318 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2184) | rdf/opendir/spf2ldiff.c:327 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2185) | rdf/opendir/spf2ldiff.c:351 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2186) | rdf/opendir/spf2ldiff.c:354 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2187) | rdf/opendir/test.c:52 [5] (buffer) gets: does not check for buffer overflows. Use fgets() instead.
|
f2191) | sun-java/stubs/include/jni.h:1744 [4] (format) vfprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2192) | tools/leaky/leaky.cpp:117 [3] (buffer) getopt: this does not protect against buffer overflows by itself, so use with caution. .
|
f2195) | tools/preloader/preloader.cpp:124 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2196) | tools/preloader/preloader.cpp:274 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2197) | tools/preloader/preloader.cpp:350 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2198) | tools/preloader/preloader.cpp:417 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2199) | tools/preloader/preloader.cpp:467 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2200) | tools/preloader/preloader.cpp:578 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2201) | tools/preloader/preloader.cpp:579 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2202) | tools/preloader/preloader.cpp:760 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2203) | tools/preloader/preloader.cpp:763 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2204) | tools/preloader/preloader.cpp:766 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2205) | tools/preloader/preloader.cpp:769 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2206) | tools/preloader/preloader.cpp:772 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2207) | tools/preloader/preloader.cpp:775 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2208) | tools/preloader/preloader.cpp:778 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2209) | uriloader/exthandler/nsExternalHelperAppService.cpp:1053 [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation. use a more secure technique for acquiring random values.
|
f2210) | uriloader/exthandler/mac/nsDecodeAppleFile.h:92 [4] (race) access: this usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly.
|
f2211) | xpcom/base/nsLeakDetector.cpp:55 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2212) | xpcom/base/nsLeakDetector.cpp:70 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2213) | xpcom/base/nsTraceMalloc.c:405 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2214) | xpcom/base/nsTraceMalloc.c:1777 [4] (tmpfile) execvp: this calls out to a new process and is difficult to use safely. try using a library call that implements the same functionality if available..
|
f2220) | xpcom/base/nsTraceRefcnt.cpp:1364 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2221) | xpcom/base/nsTraceRefcnt.cpp:1371 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2222) | xpcom/base/nsWinTraceMalloc.cpp:37 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2223) | xpcom/base/nsWinTraceMalloc.cpp:38 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2224) | xpcom/base/nsWinTraceMalloc.cpp:41 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2225) | xpcom/base/nsWinTraceMalloc.cpp:61 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2226) | xpcom/base/nsWinTraceMalloc.cpp:63 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2227) | xpcom/base/nsWinTraceMalloc.cpp:70 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2228) | xpcom/base/nsWinTraceMalloc.cpp:73 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2229) | xpcom/build/dlldeps.cpp:112 [4] (format) snprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2230) | xpcom/components/nsComponentManager.cpp:2265 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2233) | xpcom/components/nsRegistry.cpp:1790 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2235) | xpcom/ds/nsTextFormatter.cpp:1440 [4] (format) snprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2236) | xpcom/ds/nsTextFormatter.cpp:1451 [4] (format) vsnprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2237) | xpcom/ds/nsTextFormatter.cpp:1456 [4] (format) vsnprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2238) | xpcom/ds/nsTextFormatter.cpp:1530 [4] (format) snprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2239) | xpcom/ds/nsTextFormatter.h:55 [4] (format) snprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2240) | xpcom/ds/nsTextFormatter.h:81 [4] (format) vsnprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2243) | xpcom/glue/nsDebug.cpp:118 [4] (format) vsnprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2244) | xpcom/glue/nsDebug.cpp:140 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2246) | xpcom/glue/nsDebug.cpp:237 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
|
f2248) | xpcom/glue/nsDebug.cpp:359 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2249) | xpcom/glue/nsDebug.cpp:423 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2251) | xpcom/glue/nsGenericFactory.cpp:113 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2252) | xpcom/glue/nsGenericFactory.cpp:127 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2254) | xpcom/io/nsDirectoryService.cpp:317 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2255) | xpcom/io/nsFastLoadFile.cpp:80 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2256) | xpcom/io/nsFastLoadFile.cpp:87 [4] (format) vfprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2257) | xpcom/io/nsFileSpec.cpp:161 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2258) | xpcom/io/nsFileSpec.cpp:184 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2259) | xpcom/io/nsFileSpec.cpp:185 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2260) | xpcom/io/nsFileSpec.cpp:367 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2261) | xpcom/io/nsFileSpec.cpp:373 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2262) | xpcom/io/nsFileSpec.cpp:462 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2263) | xpcom/io/nsFileSpec.cpp:463 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
|
f2264) | xpcom/io/nsFileSpec.cpp:919 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2265) | xpcom/io/nsFileSpecBeOS.cpp:391 [5] (race) chmod: this accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead.
|
f2266) | xpcom/io/nsFileSpecBeOS.cpp:451 [4] (tmpfile) system: this calls out to a new process and is difficult to use safely. try using a library call that implements the same functionality if available..
|
f2267) | xpcom/io/nsFileSpecBeOS.cpp:470 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2268) | xpcom/io/nsFileSpecMac.cpp:193 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2269) | xpcom/io/nsFileSpecOS2.cpp:106 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
|
f2270) | xpcom/io/nsFileSpecOS2.cpp:730 [4] (tmpfile) system: this calls out to a new process and is difficult to use safely. try using a library call that implements the same functionality if available..
|
f2271) | xpcom/io/nsFileSpecOS2.cpp:799 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
|
f2272) | xpcom/io/nsFileSpecUnix.cpp:118 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
|
f2273) | xpcom/io/nsFileSpecUnix.cpp:119 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2274) | xpcom/io/nsFileSpecUnix.cpp:239 [3] (buffer) realpath: this does not protect against buffer overflows by itself, so use with caution. .
|
f2275) | xpcom/io/nsFileSpecUnix.cpp:447 [5] (race) chmod: this accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead.
|
f2276) | xpcom/io/nsFileSpecUnix.cpp:507 [4] (tmpfile) system: this calls out to a new process and is difficult to use safely. try using a library call that implements the same functionality if available..
|
f2277) | xpcom/io/nsFileSpecUnix.cpp:532 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2278) | xpcom/io/nsFileSpecWin.cpp:670 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
|
f2279) | xpcom/io/nsFileStream.cpp:162 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2280) | xpcom/io/nsFileStream.cpp:171 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2281) | xpcom/io/nsFileStream.cpp:180 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2282) | xpcom/io/nsFileStream.cpp:189 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2283) | xpcom/io/nsFileStream.cpp:198 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2284) | xpcom/io/nsFileStream.cpp:207 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2285) | xpcom/io/nsLocalFileOS2.cpp:447 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2286) | xpcom/io/nsLocalFileOS2.cpp:448 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2287) | xpcom/io/nsLocalFileOS2.cpp:487 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
|
f2288) | xpcom/io/nsLocalFileOS2.cpp:496 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2289) | xpcom/io/nsLocalFileOS2.cpp:925 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
|
f2290) | xpcom/io/nsLocalFileOS2.cpp:926 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2291) | xpcom/io/nsLocalFileOS2.cpp:927 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2292) | xpcom/io/nsLocalFileOS2.cpp:928 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
|
f2293) | xpcom/io/nsLocalFileOS2.cpp:929 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2294) | xpcom/io/nsLocalFileOS2.cpp:930 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2295) | xpcom/io/nsLocalFileOS2.cpp:1422 [5] (race) chmod: this accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead.
|
f2296) | xpcom/io/nsLocalFileOS2.cpp:1437 [5] (race) chmod: this accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead.
|
f2297) | xpcom/io/nsLocalFileOS2.cpp:1598 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
|
f2298) | xpcom/io/nsLocalFileUnix.cpp:329 [4] (race) access: this usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly.
|
f2299) | xpcom/io/nsLocalFileUnix.cpp:498 [3] (buffer) realpath: this does not protect against buffer overflows by itself, so use with caution. .
|
f2300) | xpcom/io/nsLocalFileUnix.cpp:1030 [5] (race) chmod: this accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead.
|
f2301) | xpcom/io/nsLocalFileUnix.cpp:1201 [4] (race) access: this usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly.
|
f2302) | xpcom/io/nsLocalFileUnix.cpp:1211 [4] (race) access: this usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly.
|
f2303) | xpcom/io/nsLocalFileUnix.cpp:1223 [4] (race) access: this usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly.
|
f2304) | xpcom/io/nsLocalFileUnix.cpp:1235 [4] (race) access: this usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly.
|
f2305) | xpcom/io/nsLocalFileWin.cpp:519 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2306) | xpcom/io/nsLocalFileWin.cpp:520 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2307) | xpcom/io/nsLocalFileWin.cpp:547 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
|
f2308) | xpcom/io/nsLocalFileWin.cpp:555 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2309) | xpcom/io/nsLocalFileWin.cpp:1416 [5] (race) chmod: this accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead.
|
f2310) | xpcom/io/nsLocalFileWin.cpp:1431 [5] (race) chmod: this accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead.
|
f2311) | xpcom/io/nsLocalFileWin.cpp:1570 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
|
f2313) | xpcom/io/nsSpecialSystemDirectory.cpp:426 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2315) | xpcom/io/nsSpecialSystemDirectory.cpp:529 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2317) | xpcom/io/nsSpecialSystemDirectory.cpp:533 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2319) | xpcom/io/nsStdFileStream.h:699 [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation. use a more secure technique for acquiring random values.
|
f2320) | xpcom/io/nsStdFileStream.h:736 [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation. use a more secure technique for acquiring random values.
|
f2321) | xpcom/io/nsStdFileStream.h:745 [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation. use a more secure technique for acquiring random values.
|
f2322) | xpcom/io/nsStdFileStream.h:773 [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation. use a more secure technique for acquiring random values.
|
f2323) | xpcom/io/nsStdFileStream.h:812 [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation. use a more secure technique for acquiring random values.
|
f2324) | xpcom/io/nsStdFileStream.h:821 [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation. use a more secure technique for acquiring random values.
|
f2325) | xpcom/io/nsStdFileStream.h:883 [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation. use a more secure technique for acquiring random values.
|
f2326) | xpcom/io/nsStdFileStream.h:919 [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation. use a more secure technique for acquiring random values.
|
f2327) | xpcom/io/nsStdFileStream.h:928 [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation. use a more secure technique for acquiring random values.
|
f2328) | xpcom/reflect/xptinfo/src/xptiprivate.h:93 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2329) | xpcom/reflect/xptinfo/src/xptiprivate.h:94 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2330) | xpcom/reflect/xptinfo/src/xptiprivate.h:95 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2337) | xpcom/threads/plevent.c:786 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2338) | xpcom/threads/plevent.c:787 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2339) | xpcom/typelib/xpidl/xpidl.c:89 [4] (format) fprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2340) | xpcom/typelib/xpidl/xpidl_header.c:853 [4] (format) fprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2341) | xpcom/typelib/xpidl/xpidl_typelib.c:96 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2342) | xpcom/typelib/xpidl/xpidl_typelib.c:97 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
|
f2343) | xpcom/typelib/xpidl/xpidl_typelib.c:98 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2344) | xpcom/typelib/xpidl/xpidl_typelib.c:428 [4] (format) sprintf: Potential format string problem. Make format string constant.
|
f2345) | xpcom/typelib/xpidl/xpidl_typelib.c:435 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2346) | xpcom/typelib/xpidl/xpidl_util.c:63 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2347) | xpcom/typelib/xpidl/xpidl_util.c:100 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2348) | xpcom/typelib/xpidl/xpidl_util.c:140 [4] (buffer) sscanf: the scanf() family's %s operation, without a limit specification, permits buffer overflows. Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable.
|
f2349) | xpcom/typelib/xpidl/glib/glib-1.2.1/gcompletion.c:276 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2350) | xpcom/typelib/xpidl/glib/glib-1.2.1/gerror.c:155 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2351) | xpcom/typelib/xpidl/glib/glib-1.2.1/gerror.c:218 [4] (tmpfile) execvp: this calls out to a new process and is difficult to use safely. try using a library call that implements the same functionality if available..
|
f2352) | xpcom/typelib/xpidl/glib/glib-1.2.1/glib.h:247 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2353) | xpcom/typelib/xpidl/glib/glib-1.2.1/glib.h:249 [4] (buffer) scanf: the scanf() family's %s operation, without a limit specification, permits buffer overflows. Specify a limit to %s, or use a different input function.
|
f2354) | xpcom/typelib/xpidl/glib/glib-1.2.1/glib.h:2623 [4] (race) access: this usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly.
|
f2355) | xpcom/typelib/xpidl/glib/glib-1.2.1/glib.h:2630 [4] (tmpfile) popen: this calls out to a new process and is difficult to use safely. try using a library call that implements the same functionality if available..
|
f2356) | xpcom/typelib/xpidl/glib/glib-1.2.1/gmessages.c:343 [4] (format) vsprintf: Potential format string problem. Make format string constant.
|
f2357) | xpcom/typelib/xpidl/glib/glib-1.2.1/gmessages.c:348 [4] (format) vsnprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2358) | xpcom/typelib/xpidl/glib/glib-1.2.1/gstrfuncs.c:57 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2359) | xpcom/typelib/xpidl/glib/glib-1.2.1/gstrfuncs.c:127 [4] (format) vsprintf: Potential format string problem. Make format string constant.
|
f2360) | xpcom/typelib/xpidl/glib/glib-1.2.1/gstrfuncs.c:170 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2361) | xpcom/typelib/xpidl/glib/glib-1.2.1/gstrfuncs.c:175 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2362) | xpcom/typelib/xpidl/glib/glib-1.2.1/gstrfuncs.c:660 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2363) | xpcom/typelib/xpidl/glib/glib-1.2.1/gstrfuncs.c:787 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2364) | xpcom/typelib/xpidl/glib/glib-1.2.1/gstrfuncs.c:1110 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2365) | xpcom/typelib/xpidl/glib/glib-1.2.1/gstrfuncs.c:1223 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2366) | xpcom/typelib/xpidl/glib/glib-1.2.1/gstrfuncs.c:1226 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2367) | xpcom/typelib/xpidl/glib/glib-1.2.1/gstrfuncs.c:1227 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2368) | xpcom/typelib/xpidl/glib/glib-1.2.1/gstrfuncs.c:1269 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2369) | xpcom/typelib/xpidl/glib/glib-1.2.1/gstrfuncs.c:1273 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2370) | xpcom/typelib/xpidl/glib/glib-1.2.1/gstrfuncs.c:1274 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2371) | xpcom/typelib/xpidl/glib/glib-1.2.1/gstring.c:159 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2372) | xpcom/typelib/xpidl/glib/glib-1.2.1/gstring.c:301 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2373) | xpcom/typelib/xpidl/glib/glib-1.2.1/gutils.c:146 [4] (format) vsnprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2374) | xpcom/typelib/xpidl/glib/glib-1.2.1/gutils.c:176 [4] (format) vsnprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2375) | xpcom/typelib/xpidl/glib/glib-1.2.1/gutils.c:324 [3] (buffer) getwd: this does not protect against buffer overflows by itself, so use with caution. .
|
f2380) | xpcom/typelib/xpidl/glib/glib-1.2.1/gutils.c:841 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2381) | xpcom/typelib/xpidl/glib/glib-1.2.1/gmodule/gmodule-win32.c:46 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2382) | xpcom/typelib/xpidl/glib/glib-1.2.1/gmodule/gmodule-win32.c:62 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2383) | xpcom/typelib/xpidl/glib/glib-1.2.1/gmodule/gmodule-win32.c:76 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2384) | xpcom/typelib/xpidl/glib/glib-1.2.1/gmodule/gmodule-win32.c:91 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2392) | xpcom/typelib/xpidl/libidl/libIDL-0.6.5/lexer.c:1110 [4] (buffer) sscanf: the scanf() family's %s operation, without a limit specification, permits buffer overflows. Specify a limit to %s, or use a different input function.
|
f2393) | xpcom/typelib/xpidl/libidl/libIDL-0.6.5/ns.c:330 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2394) | xpcom/typelib/xpidl/libidl/libIDL-0.6.5/ns.c:331 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2395) | xpcom/typelib/xpidl/libidl/libIDL-0.6.5/parser.c:2436 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2396) | xpcom/typelib/xpidl/libidl/libIDL-0.6.5/parser.c:2437 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2397) | xpcom/typelib/xpidl/libidl/libIDL-0.6.5/parser.c:2537 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
|
f2398) | xpcom/typelib/xpidl/libidl/libIDL-0.6.5/parser.c:2546 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2399) | xpcom/typelib/xpidl/libidl/libIDL-0.6.5/parser.c:2547 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2400) | xpcom/typelib/xpidl/libidl/libIDL-0.6.5/parser.c:2548 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
|
f2401) | xpcom/typelib/xpidl/libidl/libIDL-0.6.5/parser.c:2726 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
|
f2402) | xpcom/typelib/xpidl/libidl/libIDL-0.6.5/parser.c:2778 [1] (buffer) sscanf: the scanf() family's %s operation, without a limit specification, permits buffer overflows. Specify a limit to %s, or use a different input function. Only low-risk scanf formats detected.
|
f2403) | xpcom/typelib/xpidl/libidl/libIDL-0.6.5/util.c:223 [4] (race) access: this usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly.
|
f2404) | xpcom/typelib/xpidl/libidl/libIDL-0.6.5/util.c:250 [3] (tmpfile) tmpnam: temporary file race condition. .
|
f2405) | xpcom/typelib/xpidl/libidl/libIDL-0.6.5/util.c:265 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2406) | xpcom/typelib/xpidl/libidl/libIDL-0.6.5/util.c:266 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
|
f2407) | xpcom/typelib/xpidl/libidl/libIDL-0.6.5/util.c:267 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2408) | xpcom/typelib/xpidl/libidl/libIDL-0.6.5/util.c:276 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2409) | xpcom/typelib/xpidl/libidl/libIDL-0.6.5/util.c:277 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2410) | xpcom/typelib/xpidl/libidl/libIDL-0.6.5/util.c:304 [4] (tmpfile) popen: this calls out to a new process and is difficult to use safely. try using a library call that implements the same functionality if available..
|
f2411) | xpcom/typelib/xpidl/libidl/libIDL-0.6.5/util.c:2477 [4] (format) vfprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2412) | xpcom/typelib/xpidl/libidl/libIDL-0.6.5/util.c:2501 [4] (format) vfprintf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2413) | xpcom/typelib/xpidl/macplugin/mac_xpidl.cpp:280 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2414) | xpcom/typelib/xpidl/macplugin/mac_xpt_linker.cpp:443 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
|
f2415) | xpcom/typelib/xpidl/macplugin/mac_xpt_linker.cpp:444 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2416) | xpcom/typelib/xpidl/macplugin/mac_xpt_linker.cpp:445 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2417) | xpcom/typelib/xpidl/macplugin/mac_xpt_linker.cpp:446 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2418) | xpcom/typelib/xpt/src/xpt_xdr.c:65 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2420) | xpinstall/cleanup/InstallCleanupUnix.cpp:102 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2421) | xpinstall/cleanup/InstallCleanupUnix.cpp:103 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2422) | xpinstall/cleanup/InstallCleanupWin.cpp:92 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2423) | xpinstall/cleanup/InstallCleanupWin.cpp:96 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2424) | xpinstall/cleanup/InstallCleanupWin.cpp:99 [1] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant character.
|
f2425) | xpinstall/packager/mac/ASEncoder/src/nsAppleSingleEncoder.cpp:332 [4] (race) access: this usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly.
|
f2426) | xpinstall/src/ScheduledTasks.h:37 [2] (tmpfile) tmpfile: tmpfile() has a security flaw on some systems (e.g., older System V systems). .
|
f2427) | xpinstall/src/nsAppleSingleDecoder.h:81 [4] (race) access: this usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly.
|
f2428) | xpinstall/src/nsInstall.cpp:2830 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2429) | xpinstall/src/nsInstallPatch.cpp:378 [4] (format) sprintf: Potential format string problem. Make format string constant.
|
f2430) | xpinstall/src/nsInstallUninstall.cpp:116 [4] (format) sprintf: Potential format string problem. Make format string constant.
|
f2431) | xpinstall/src/nsInstallUninstall.cpp:162 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2432) | xpinstall/src/nsInstallUninstall.cpp:165 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
|
f2433) | xpinstall/src/nsInstallUninstall.cpp:166 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2434) | xpinstall/src/nsJSInstall.cpp:284 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2435) | xpinstall/stub/xpistub.cpp:135 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2436) | xpinstall/wizard/libxpnet/GUSI/include/GUSIDevice.h:232 [5] (race) chmod: this accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead.
|
f2437) | xpinstall/wizard/libxpnet/GUSI/include/GUSIDevice.h:236 [4] (race) access: this usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly.
|
f2438) | xpinstall/wizard/libxpnet/GUSI/include/GUSIDevice.h:304 [5] (race) chmod: this accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead.
|
f2439) | xpinstall/wizard/libxpnet/GUSI/include/GUSIDevice.h:308 [4] (race) access: this usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly.
|
f2440) | xpinstall/wizard/libxpnet/GUSI/include/GUSIMacFile.h:132 [5] (race) chmod: this accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead.
|
f2441) | xpinstall/wizard/libxpnet/GUSI/include/GUSIMacFile.h:136 [4] (race) access: this usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly.
|
f2442) | xpinstall/wizard/libxpnet/GUSI/include/unistd.h:54 [4] (race) access: this usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly.
|
f2443) | xpinstall/wizard/libxpnet/GUSI/include/unistd.h:114 [3] (buffer) getpass: this does not protect against buffer overflows by itself, so use with caution. .
|
f2444) | xpinstall/wizard/libxpnet/GUSI/include/unistd.h:116 [3] (buffer) getwd: this does not protect against buffer overflows by itself, so use with caution. .
|
f2445) | xpinstall/wizard/libxpnet/GUSI/include/unistd.h:121 [4] (tmpfile) mktemp: temporary file race condition. .
|
f2446) | xpinstall/wizard/libxpnet/GUSI/include/unistd.h:158 [2] (race) vfork: on some old systems, vfork() permits race conditions, and it's very difficult to use correctly. Use fork() instead.
|
f2447) | xpinstall/wizard/libxpnet/GUSI/include/sys/stat.h:105 [5] (race) chmod: this accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead.
|
f2448) | xpinstall/wizard/libxpnet/src/nsFTPConn.cpp:111 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2449) | xpinstall/wizard/libxpnet/src/nsFTPConn.cpp:194 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2450) | xpinstall/wizard/libxpnet/src/nsFTPConn.cpp:198 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2451) | xpinstall/wizard/libxpnet/src/nsFTPConn.cpp:206 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2452) | xpinstall/wizard/libxpnet/src/nsFTPConn.cpp:211 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2453) | xpinstall/wizard/libxpnet/src/nsFTPConn.cpp:267 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2454) | xpinstall/wizard/libxpnet/src/nsFTPConn.cpp:316 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2455) | xpinstall/wizard/libxpnet/src/nsFTPConn.cpp:530 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2456) | xpinstall/wizard/libxpnet/src/nsFTPConn.cpp:557 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2457) | xpinstall/wizard/libxpnet/src/nsFTPConn.cpp:604 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2458) | xpinstall/wizard/libxpnet/src/nsHTTPConn.cpp:262 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2459) | xpinstall/wizard/libxpnet/src/nsHTTPConn.cpp:263 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2460) | xpinstall/wizard/libxpnet/src/nsHTTPConn.cpp:274 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2461) | xpinstall/wizard/libxpnet/src/nsHTTPConn.cpp:282 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2462) | xpinstall/wizard/libxpnet/src/nsHTTPConn.cpp:283 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2463) | xpinstall/wizard/libxpnet/src/nsHTTPConn.cpp:287 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2464) | xpinstall/wizard/libxpnet/src/nsHTTPConn.cpp:288 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2465) | xpinstall/wizard/libxpnet/src/nsHTTPConn.cpp:291 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2466) | xpinstall/wizard/libxpnet/src/nsHTTPConn.cpp:292 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2467) | xpinstall/wizard/libxpnet/src/nsHTTPConn.cpp:303 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2468) | xpinstall/wizard/libxpnet/src/nsHTTPConn.cpp:321 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2469) | xpinstall/wizard/libxpnet/src/nsHTTPConn.cpp:322 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2470) | xpinstall/wizard/libxpnet/src/nsHTTPConn.cpp:331 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2471) | xpinstall/wizard/libxpnet/src/nsHTTPConn.cpp:332 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2472) | xpinstall/wizard/libxpnet/src/nsHTTPConn.cpp:336 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2473) | xpinstall/wizard/libxpnet/src/nsHTTPConn.cpp:509 [1] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant character.
|
f2474) | xpinstall/wizard/libxpnet/src/nsHTTPConn.h:104 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2475) | xpinstall/wizard/libxpnet/src/nsSocket.cpp:465 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2476) | xpinstall/wizard/libxpnet/src/nsSocket.cpp:563 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2477) | xpinstall/wizard/libxpnet/src/nsSocket.h:113 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
|
f2478) | xpinstall/wizard/libxpnet/test/TestLibxpnet.cpp:120 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2479) | xpinstall/wizard/mac/src/Deflation.c:153 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2480) | xpinstall/wizard/mac/src/Deflation.c:162 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2481) | xpinstall/wizard/mac/src/Deflation.c:163 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2482) | xpinstall/wizard/mac/src/Deflation.c:172 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2483) | xpinstall/wizard/mac/src/Deflation.c:173 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2484) | xpinstall/wizard/mac/src/Deflation.c:224 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2485) | xpinstall/wizard/mac/src/Deflation.c:229 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2486) | xpinstall/wizard/mac/src/InstAction.c:180 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2487) | xpinstall/wizard/mac/src/InstAction.c:525 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2488) | xpinstall/wizard/mac/src/InstAction.c:544 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2489) | xpinstall/wizard/mac/src/InstAction.c:558 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2490) | xpinstall/wizard/mac/src/InstAction.c:579 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2491) | xpinstall/wizard/mac/src/InstAction.c:616 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2492) | xpinstall/wizard/mac/src/InstAction.c:654 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2493) | xpinstall/wizard/mac/src/InstAction.c:1005 [1] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant character.
|
f2494) | xpinstall/wizard/mac/src/InstAction.c:1055 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2495) | xpinstall/wizard/mac/src/InstAction.c:1062 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
|
f2496) | xpinstall/wizard/mac/src/InstAction.c:1178 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2497) | xpinstall/wizard/mac/src/InstAction.c:1179 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2498) | xpinstall/wizard/mac/src/InstAction.c:1181 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2499) | xpinstall/wizard/mac/src/InstAction.c:1183 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2500) | xpinstall/wizard/mac/src/InstAction.c:1269 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2501) | xpinstall/wizard/mac/src/InstAction.c:1280 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2502) | xpinstall/wizard/mac/src/InstAction.c:1298 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2503) | xpinstall/wizard/mac/src/InstAction.c:1302 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2504) | xpinstall/wizard/mac/src/InstAction.c:1841 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2505) | xpinstall/wizard/mac/src/InstAction.c:1843 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2506) | xpinstall/wizard/mac/src/InstAction.c:1846 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2507) | xpinstall/wizard/mac/src/InstAction.c:1965 [4] (format) sprintf: Potential format string problem. Make format string constant.
|
f2508) | xpinstall/wizard/mac/src/InstAction.c:1978 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2509) | xpinstall/wizard/mac/src/InstAction.c:2041 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2510) | xpinstall/wizard/mac/src/Parser.c:281 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2511) | xpinstall/wizard/mac/src/Parser.c:603 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2512) | xpinstall/wizard/mac/src/Parser.c:604 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2513) | xpinstall/wizard/mac/src/Parser.c:786 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2514) | xpinstall/wizard/mac/src/Parser.c:790 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2515) | xpinstall/wizard/mac/src/Parser.c:794 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2516) | xpinstall/wizard/mac/src/Parser.c:906 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2517) | xpinstall/wizard/mac/src/Parser.c:907 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2518) | xpinstall/wizard/mac/src/Parser.c:908 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
|
f2519) | xpinstall/wizard/mac/src/Parser.c:943 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2520) | xpinstall/wizard/mac/src/Parser.c:944 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2521) | xpinstall/wizard/mac/src/Parser.c:945 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
|
f2522) | xpinstall/wizard/mac/src/Parser.c:1024 [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation. use a more secure technique for acquiring random values.
|
f2523) | xpinstall/wizard/mac/src/Parser.c:1150 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2524) | xpinstall/wizard/mac/src/SetupTypeWin.c:372 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2525) | xpinstall/wizard/mac/src/SetupTypeWin.c:375 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2526) | xpinstall/wizard/mac/src/SetupTypeWin.c:526 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2527) | xpinstall/wizard/mac/src/SetupTypeWin.c:533 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2528) | xpinstall/wizard/mac/src/SetupTypeWin.c:569 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2529) | xpinstall/wizard/mac/src/SetupTypeWin.c:576 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2530) | xpinstall/wizard/mac/src/SetupTypeWin.c:715 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2531) | xpinstall/wizard/mac/src/SetupTypeWin.c:831 [1] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant character.
|
f2532) | xpinstall/wizard/mac/src/SetupTypeWin.c:832 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2533) | xpinstall/wizard/mac/src/SetupTypeWin.c:833 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
|
f2534) | xpinstall/wizard/mac/src/SetupTypeWin.c:834 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2535) | xpinstall/wizard/mac/src/SetupTypeWin.c:1038 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2536) | xpinstall/wizard/mac/src/SetupTypeWin.c:1039 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2537) | xpinstall/wizard/os2/ds32/ds32.cpp:99 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
|
f2538) | xpinstall/wizard/os2/ds32/ds32.cpp:106 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
|
f2539) | xpinstall/wizard/os2/ds32/ds32.cpp:134 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2540) | xpinstall/wizard/os2/ds32/ds32.cpp:140 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2541) | xpinstall/wizard/os2/ds32/ds32.cpp:149 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2542) | xpinstall/wizard/os2/ds32/ds32.cpp:156 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2543) | xpinstall/wizard/os2/ds32/ds32.cpp:222 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2544) | xpinstall/wizard/os2/ds32/ds32.cpp:236 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2545) | xpinstall/wizard/os2/ds32/ds32.cpp:492 [4] (race) access: this usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly.
|
f2550) | xpinstall/wizard/os2/nsztool/nsztool.c:55 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2551) | xpinstall/wizard/os2/nsztool/nsztool.c:56 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
|
f2552) | xpinstall/wizard/os2/nsztool/nsztool.c:57 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2553) | xpinstall/wizard/os2/nsztool/nsztool.c:58 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2554) | xpinstall/wizard/os2/nsztool/nsztool.c:77 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2555) | xpinstall/wizard/os2/nsztool/nsztool.c:80 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2556) | xpinstall/wizard/os2/ren8dot3/ren8dot3.c:45 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2557) | xpinstall/wizard/os2/setup/dialogs.c:122 [4] (format) sprintf: Potential format string problem. Make format string constant.
|
f2558) | xpinstall/wizard/os2/setup/dialogs.c:193 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2559) | xpinstall/wizard/os2/setup/dialogs.c:195 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2560) | xpinstall/wizard/os2/setup/dialogs.c:344 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2561) | xpinstall/wizard/os2/setup/dialogs.c:349 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2562) | xpinstall/wizard/os2/setup/dialogs.c:357 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2563) | xpinstall/wizard/os2/setup/dialogs.c:386 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
|
f2564) | xpinstall/wizard/os2/setup/dialogs.c:387 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2565) | xpinstall/wizard/os2/setup/dialogs.c:389 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2566) | xpinstall/wizard/os2/setup/dialogs.c:390 [4] (format) sprintf: Potential format string problem. Make format string constant.
|
f2567) | xpinstall/wizard/os2/setup/dialogs.c:401 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
|
f2568) | xpinstall/wizard/os2/setup/dialogs.c:402 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2569) | xpinstall/wizard/os2/setup/dialogs.c:404 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2570) | xpinstall/wizard/os2/setup/dialogs.c:407 [4] (format) sprintf: Potential format string problem. Make format string constant.
|
f2571) | xpinstall/wizard/os2/setup/dialogs.c:418 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2572) | xpinstall/wizard/os2/setup/dialogs.c:420 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2573) | xpinstall/wizard/os2/setup/dialogs.c:432 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2574) | xpinstall/wizard/os2/setup/dialogs.c:462 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2575) | xpinstall/wizard/os2/setup/dialogs.c:470 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2576) | xpinstall/wizard/os2/setup/dialogs.c:475 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
|
f2577) | xpinstall/wizard/os2/setup/dialogs.c:545 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2578) | xpinstall/wizard/os2/setup/dialogs.c:780 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2579) | xpinstall/wizard/os2/setup/dialogs.c:784 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2580) | xpinstall/wizard/os2/setup/dialogs.c:796 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
|
f2581) | xpinstall/wizard/os2/setup/dialogs.c:797 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2582) | xpinstall/wizard/os2/setup/dialogs.c:799 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2583) | xpinstall/wizard/os2/setup/dialogs.c:800 [4] (format) sprintf: Potential format string problem. Make format string constant.
|
f2584) | xpinstall/wizard/os2/setup/dialogs.c:811 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
|
f2585) | xpinstall/wizard/os2/setup/dialogs.c:812 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2586) | xpinstall/wizard/os2/setup/dialogs.c:814 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2587) | xpinstall/wizard/os2/setup/dialogs.c:817 [4] (format) sprintf: Potential format string problem. Make format string constant.
|
f2588) | xpinstall/wizard/os2/setup/dialogs.c:829 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2589) | xpinstall/wizard/os2/setup/dialogs.c:831 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2590) | xpinstall/wizard/os2/setup/dialogs.c:886 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2591) | xpinstall/wizard/os2/setup/dialogs.c:892 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2592) | xpinstall/wizard/os2/setup/dialogs.c:1121 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2593) | xpinstall/wizard/os2/setup/dialogs.c:1122 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2594) | xpinstall/wizard/os2/setup/dialogs.c:1123 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2595) | xpinstall/wizard/os2/setup/dialogs.c:1218 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2596) | xpinstall/wizard/os2/setup/dialogs.c:1219 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2597) | xpinstall/wizard/os2/setup/dialogs.c:1322 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2598) | xpinstall/wizard/os2/setup/dialogs.c:1323 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2599) | xpinstall/wizard/os2/setup/dialogs.c:1324 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2600) | xpinstall/wizard/os2/setup/dialogs.c:1420 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2601) | xpinstall/wizard/os2/setup/dialogs.c:1421 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2602) | xpinstall/wizard/os2/setup/dialogs.c:1634 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2603) | xpinstall/wizard/os2/setup/dialogs.c:1635 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2604) | xpinstall/wizard/os2/setup/dialogs.c:1694 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2605) | xpinstall/wizard/os2/setup/dialogs.c:2150 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2606) | xpinstall/wizard/os2/setup/dialogs.c:2151 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2607) | xpinstall/wizard/os2/setup/dialogs.c:2153 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2608) | xpinstall/wizard/os2/setup/dialogs.c:2173 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2609) | xpinstall/wizard/os2/setup/dialogs.c:2178 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2610) | xpinstall/wizard/os2/setup/dialogs.c:2179 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2611) | xpinstall/wizard/os2/setup/dialogs.c:2188 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2612) | xpinstall/wizard/os2/setup/dialogs.c:2189 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2613) | xpinstall/wizard/os2/setup/dialogs.c:2197 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
|
f2614) | xpinstall/wizard/os2/setup/dialogs.c:2198 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2615) | xpinstall/wizard/os2/setup/dialogs.c:2203 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2616) | xpinstall/wizard/os2/setup/dialogs.c:2208 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2617) | xpinstall/wizard/os2/setup/dialogs.c:2213 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2618) | xpinstall/wizard/os2/setup/dialogs.c:2214 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2619) | xpinstall/wizard/os2/setup/dialogs.c:2216 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2620) | xpinstall/wizard/os2/setup/dialogs.c:2217 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2621) | xpinstall/wizard/os2/setup/dialogs.c:2218 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2622) | xpinstall/wizard/os2/setup/dialogs.c:2223 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2623) | xpinstall/wizard/os2/setup/dialogs.c:2224 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2624) | xpinstall/wizard/os2/setup/dialogs.c:2226 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2625) | xpinstall/wizard/os2/setup/dialogs.c:2227 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2626) | xpinstall/wizard/os2/setup/dialogs.c:2228 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2627) | xpinstall/wizard/os2/setup/dialogs.c:2232 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2628) | xpinstall/wizard/os2/setup/dialogs.c:2237 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2629) | xpinstall/wizard/os2/setup/dialogs.c:2238 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2630) | xpinstall/wizard/os2/setup/dialogs.c:2241 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2631) | xpinstall/wizard/os2/setup/dialogs.c:2242 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2632) | xpinstall/wizard/os2/setup/dialogs.c:2243 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2633) | xpinstall/wizard/os2/setup/dialogs.c:2247 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2634) | xpinstall/wizard/os2/setup/dialogs.c:2252 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2635) | xpinstall/wizard/os2/setup/dialogs.c:2253 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2636) | xpinstall/wizard/os2/setup/dialogs.c:2257 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2637) | xpinstall/wizard/os2/setup/dialogs.c:2258 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2638) | xpinstall/wizard/os2/setup/dialogs.c:2259 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2639) | xpinstall/wizard/os2/setup/dialogs.c:2479 [4] (format) sprintf: Potential format string problem. Make format string constant.
|
f2640) | xpinstall/wizard/os2/setup/dialogs.c:2481 [4] (format) sprintf: Potential format string problem. Make format string constant.
|
f2641) | xpinstall/wizard/os2/setup/dialogs.c:2484 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2642) | xpinstall/wizard/os2/setup/dialogs.c:2598 [4] (format) sprintf: Potential format string problem. Make format string constant.
|
f2643) | xpinstall/wizard/os2/setup/dialogs.c:2783 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2644) | xpinstall/wizard/os2/setup/dialogs.c:2787 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2645) | xpinstall/wizard/os2/setup/dialogs.c:2803 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2646) | xpinstall/wizard/os2/setup/dialogs.c:2805 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2647) | xpinstall/wizard/os2/setup/dialogs.c:2813 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2648) | xpinstall/wizard/os2/setup/dialogs.c:2815 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2649) | xpinstall/wizard/os2/setup/dialogs.c:2860 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2650) | xpinstall/wizard/os2/setup/extra.c:140 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2651) | xpinstall/wizard/os2/setup/extra.c:143 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2652) | xpinstall/wizard/os2/setup/extra.c:213 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2653) | xpinstall/wizard/os2/setup/extra.c:215 [4] (format) sprintf: Potential format string problem. Make format string constant.
|
f2654) | xpinstall/wizard/os2/setup/extra.c:230 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2655) | xpinstall/wizard/os2/setup/extra.c:232 [4] (format) sprintf: Potential format string problem. Make format string constant.
|
f2656) | xpinstall/wizard/os2/setup/extra.c:254 [4] (format) sprintf: Potential format string problem. Make format string constant.
|
f2657) | xpinstall/wizard/os2/setup/extra.c:288 [4] (format) sprintf: Potential format string problem. Make format string constant.
|
f2658) | xpinstall/wizard/os2/setup/extra.c:301 [4] (format) sprintf: Potential format string problem. Make format string constant.
|
f2659) | xpinstall/wizard/os2/setup/extra.c:306 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
|
f2660) | xpinstall/wizard/os2/setup/extra.c:322 [4] (format) sprintf: Potential format string problem. Make format string constant.
|
f2661) | xpinstall/wizard/os2/setup/extra.c:339 [4] (format) sprintf: Potential format string problem. Make format string constant.
|
f2662) | xpinstall/wizard/os2/setup/extra.c:353 [4] (format) sprintf: Potential format string problem. Make format string constant.
|
f2663) | xpinstall/wizard/os2/setup/extra.c:383 [4] (format) sprintf: Potential format string problem. Make format string constant.
|
f2664) | xpinstall/wizard/os2/setup/extra.c:414 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2665) | xpinstall/wizard/os2/setup/extra.c:425 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2666) | xpinstall/wizard/os2/setup/extra.c:468 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2667) | xpinstall/wizard/os2/setup/extra.c:547 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2668) | xpinstall/wizard/os2/setup/extra.c:548 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2669) | xpinstall/wizard/os2/setup/extra.c:586 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2670) | xpinstall/wizard/os2/setup/extra.c:590 [4] (format) sprintf: Potential format string problem. Make format string constant.
|
f2671) | xpinstall/wizard/os2/setup/extra.c:640 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2672) | xpinstall/wizard/os2/setup/extra.c:642 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2673) | xpinstall/wizard/os2/setup/extra.c:644 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2674) | xpinstall/wizard/os2/setup/extra.c:657 [4] (format) sprintf: Potential format string problem. Make format string constant.
|
f2675) | xpinstall/wizard/os2/setup/extra.c:1196 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2676) | xpinstall/wizard/os2/setup/extra.c:1207 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2677) | xpinstall/wizard/os2/setup/extra.c:1212 [4] (format) sprintf: Potential format string problem. Make format string constant.
|
f2678) | xpinstall/wizard/os2/setup/extra.c:1250 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2679) | xpinstall/wizard/os2/setup/extra.c:1252 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2680) | xpinstall/wizard/os2/setup/extra.c:1269 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2681) | xpinstall/wizard/os2/setup/extra.c:1270 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2682) | xpinstall/wizard/os2/setup/extra.c:1283 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2683) | xpinstall/wizard/os2/setup/extra.c:1299 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2684) | xpinstall/wizard/os2/setup/extra.c:1312 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2685) | xpinstall/wizard/os2/setup/extra.c:1327 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2686) | xpinstall/wizard/os2/setup/extra.c:1385 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2687) | xpinstall/wizard/os2/setup/extra.c:1387 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2688) | xpinstall/wizard/os2/setup/extra.c:1403 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2689) | xpinstall/wizard/os2/setup/extra.c:1413 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2690) | xpinstall/wizard/os2/setup/extra.c:1415 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2691) | xpinstall/wizard/os2/setup/extra.c:1421 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2692) | xpinstall/wizard/os2/setup/extra.c:1430 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2693) | xpinstall/wizard/os2/setup/extra.c:1431 [4] (format) sprintf: Potential format string problem. Make format string constant.
|
f2694) | xpinstall/wizard/os2/setup/extra.c:1499 [4] (format) sprintf: Potential format string problem. Make format string constant.
|
f2695) | xpinstall/wizard/os2/setup/extra.c:1507 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2696) | xpinstall/wizard/os2/setup/extra.c:1511 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2697) | xpinstall/wizard/os2/setup/extra.c:1527 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2698) | xpinstall/wizard/os2/setup/extra.c:1540 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2699) | xpinstall/wizard/os2/setup/extra.c:1541 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2700) | xpinstall/wizard/os2/setup/extra.c:1542 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
|
f2701) | xpinstall/wizard/os2/setup/extra.c:1582 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2702) | xpinstall/wizard/os2/setup/extra.c:1584 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2703) | xpinstall/wizard/os2/setup/extra.c:1609 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2704) | xpinstall/wizard/os2/setup/extra.c:1723 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2705) | xpinstall/wizard/os2/setup/extra.c:1763 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
|
f2706) | xpinstall/wizard/os2/setup/extra.c:1770 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
|
f2707) | xpinstall/wizard/os2/setup/extra.c:1808 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
|
f2708) | xpinstall/wizard/os2/setup/extra.c:1815 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
|
f2709) | xpinstall/wizard/os2/setup/extra.c:1855 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2710) | xpinstall/wizard/os2/setup/extra.c:1862 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2711) | xpinstall/wizard/os2/setup/extra.c:1869 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2712) | xpinstall/wizard/os2/setup/extra.c:1905 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2713) | xpinstall/wizard/os2/setup/extra.c:1914 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2714) | xpinstall/wizard/os2/setup/extra.c:1976 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2715) | xpinstall/wizard/os2/setup/extra.c:1978 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2716) | xpinstall/wizard/os2/setup/extra.c:1981 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2717) | xpinstall/wizard/os2/setup/extra.c:1983 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2718) | xpinstall/wizard/os2/setup/extra.c:1986 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2719) | xpinstall/wizard/os2/setup/extra.c:1988 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2720) | xpinstall/wizard/os2/setup/extra.c:2001 [4] (format) sprintf: Potential format string problem. Make format string constant.
|
f2721) | xpinstall/wizard/os2/setup/extra.c:2022 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
|
f2722) | xpinstall/wizard/os2/setup/extra.c:2024 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
|
f2723) | xpinstall/wizard/os2/setup/extra.c:2026 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
|
f2724) | xpinstall/wizard/os2/setup/extra.c:2028 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
|
f2725) | xpinstall/wizard/os2/setup/extra.c:2030 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
|
f2726) | xpinstall/wizard/os2/setup/extra.c:2032 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
|
f2727) | xpinstall/wizard/os2/setup/extra.c:2120 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2728) | xpinstall/wizard/os2/setup/extra.c:2528 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2729) | xpinstall/wizard/os2/setup/extra.c:2902 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
|
f2730) | xpinstall/wizard/os2/setup/extra.c:2904 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2731) | xpinstall/wizard/os2/setup/extra.c:2925 [1] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant character.
|
f2732) | xpinstall/wizard/os2/setup/extra.c:2926 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2733) | xpinstall/wizard/os2/setup/extra.c:2960 [1] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant character.
|
f2734) | xpinstall/wizard/os2/setup/extra.c:2961 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2735) | xpinstall/wizard/os2/setup/extra.c:3461 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2736) | xpinstall/wizard/os2/setup/extra.c:3467 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2737) | xpinstall/wizard/os2/setup/extra.c:3513 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
|
f2738) | xpinstall/wizard/os2/setup/extra.c:3514 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2739) | xpinstall/wizard/os2/setup/extra.c:3515 [4] (format) sprintf: Potential format string problem. Make format string constant.
|
f2740) | xpinstall/wizard/os2/setup/extra.c:3574 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2741) | xpinstall/wizard/os2/setup/extra.c:3580 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2742) | xpinstall/wizard/os2/setup/extra.c:3581 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2743) | xpinstall/wizard/os2/setup/extra.c:3582 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2744) | xpinstall/wizard/os2/setup/extra.c:3583 [4] (format) sprintf: Potential format string problem. Make format string constant.
|
f2745) | xpinstall/wizard/os2/setup/extra.c:3613 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2746) | xpinstall/wizard/os2/setup/extra.c:3619 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2747) | xpinstall/wizard/os2/setup/extra.c:3627 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2748) | xpinstall/wizard/os2/setup/extra.c:3652 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2749) | xpinstall/wizard/os2/setup/extra.c:3661 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2750) | xpinstall/wizard/os2/setup/extra.c:3673 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2751) | xpinstall/wizard/os2/setup/extra.c:3675 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2752) | xpinstall/wizard/os2/setup/extra.c:3687 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2753) | xpinstall/wizard/os2/setup/extra.c:3689 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2754) | xpinstall/wizard/os2/setup/extra.c:3697 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2755) | xpinstall/wizard/os2/setup/extra.c:3698 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2756) | xpinstall/wizard/os2/setup/extra.c:3715 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2757) | xpinstall/wizard/os2/setup/extra.c:3716 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2758) | xpinstall/wizard/os2/setup/extra.c:3756 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2759) | xpinstall/wizard/os2/setup/extra.c:3758 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2760) | xpinstall/wizard/os2/setup/extra.c:3817 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2761) | xpinstall/wizard/os2/setup/extra.c:3855 [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation. use a more secure technique for acquiring random values.
|
f2762) | xpinstall/wizard/os2/setup/extra.c:3960 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
|
f2763) | xpinstall/wizard/os2/setup/extra.c:3962 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2764) | xpinstall/wizard/os2/setup/extra.c:3967 [1] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant character.
|
f2765) | xpinstall/wizard/os2/setup/extra.c:3968 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2766) | xpinstall/wizard/os2/setup/extra.c:3979 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2767) | xpinstall/wizard/os2/setup/extra.c:3983 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2768) | xpinstall/wizard/os2/setup/extra.c:3987 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2769) | xpinstall/wizard/os2/setup/extra.c:3993 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2770) | xpinstall/wizard/os2/setup/extra.c:4033 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
|
f2771) | xpinstall/wizard/os2/setup/extra.c:4034 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2772) | xpinstall/wizard/os2/setup/extra.c:4042 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2773) | xpinstall/wizard/os2/setup/extra.c:4050 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
|
f2774) | xpinstall/wizard/os2/setup/extra.c:4051 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2775) | xpinstall/wizard/os2/setup/extra.c:4058 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
|
f2776) | xpinstall/wizard/os2/setup/extra.c:4059 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2777) | xpinstall/wizard/os2/setup/extra.c:4067 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2778) | xpinstall/wizard/os2/setup/extra.c:4075 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
|
f2779) | xpinstall/wizard/os2/setup/extra.c:4076 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2780) | xpinstall/wizard/os2/setup/extra.c:4081 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2781) | xpinstall/wizard/os2/setup/extra.c:4082 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2782) | xpinstall/wizard/os2/setup/extra.c:4093 [1] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant character.
|
f2783) | xpinstall/wizard/os2/setup/extra.c:4094 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2784) | xpinstall/wizard/os2/setup/extra.c:4115 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
|
f2785) | xpinstall/wizard/os2/setup/extra.c:4116 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2786) | xpinstall/wizard/os2/setup/extra.c:4137 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2787) | xpinstall/wizard/os2/setup/extra.c:4139 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2788) | xpinstall/wizard/os2/setup/extra.c:4147 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
|
f2789) | xpinstall/wizard/os2/setup/extra.c:4148 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
|
f2790) | xpinstall/wizard/os2/setup/extra.c:4149 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2791) | xpinstall/wizard/os2/setup/extra.c:4150 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2792) | xpinstall/wizard/os2/setup/extra.c:4163 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2793) | xpinstall/wizard/os2/setup/extra.c:4184 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
|
f2794) | xpinstall/wizard/os2/setup/extra.c:4185 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
|
f2795) | xpinstall/wizard/os2/setup/extra.c:4186 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2796) | xpinstall/wizard/os2/setup/extra.c:4187 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2797) | xpinstall/wizard/os2/setup/extra.c:4213 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
|
f2798) | xpinstall/wizard/os2/setup/extra.c:4214 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
|
f2799) | xpinstall/wizard/os2/setup/extra.c:4215 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
|
f2800) | xpinstall/wizard/os2/setup/extra.c:4216 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2801) | xpinstall/wizard/os2/setup/extra.c:4217 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2802) | xpinstall/wizard/os2/setup/extra.c:4218 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2803) | xpinstall/wizard/os2/setup/extra.c:4231 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2804) | xpinstall/wizard/os2/setup/extra.c:4232 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2805) | xpinstall/wizard/os2/setup/extra.c:4233 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2806) | xpinstall/wizard/os2/setup/extra.c:4242 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
|
f2807) | xpinstall/wizard/os2/setup/extra.c:4243 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
|
f2808) | xpinstall/wizard/os2/setup/extra.c:4244 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
|
f2809) | xpinstall/wizard/os2/setup/extra.c:4245 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2810) | xpinstall/wizard/os2/setup/extra.c:4246 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2811) | xpinstall/wizard/os2/setup/extra.c:4247 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2812) | xpinstall/wizard/os2/setup/extra.c:4318 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2813) | xpinstall/wizard/os2/setup/extra.c:4319 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2814) | xpinstall/wizard/os2/setup/extra.c:4323 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2815) | xpinstall/wizard/os2/setup/extra.c:4324 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2816) | xpinstall/wizard/os2/setup/extra.c:4325 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2817) | xpinstall/wizard/os2/setup/extra.c:4328 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2818) | xpinstall/wizard/os2/setup/extra.c:4330 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2819) | xpinstall/wizard/os2/setup/extra.c:4332 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
|
f2820) | xpinstall/wizard/os2/setup/extra.c:4333 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
|
f2821) | xpinstall/wizard/os2/setup/extra.c:4340 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2822) | xpinstall/wizard/os2/setup/extra.c:4359 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2823) | xpinstall/wizard/os2/setup/extra.c:4360 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2824) | xpinstall/wizard/os2/setup/extra.c:4364 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2825) | xpinstall/wizard/os2/setup/extra.c:4365 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2826) | xpinstall/wizard/os2/setup/extra.c:4366 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2827) | xpinstall/wizard/os2/setup/extra.c:4369 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2828) | xpinstall/wizard/os2/setup/extra.c:4371 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2829) | xpinstall/wizard/os2/setup/extra.c:4373 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
|
f2830) | xpinstall/wizard/os2/setup/extra.c:4374 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
|
f2831) | xpinstall/wizard/os2/setup/extra.c:4381 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2832) | xpinstall/wizard/os2/setup/extra.c:4396 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
|
f2833) | xpinstall/wizard/os2/setup/extra.c:4403 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2834) | xpinstall/wizard/os2/setup/extra.c:4404 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2835) | xpinstall/wizard/os2/setup/extra.c:4405 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2836) | xpinstall/wizard/os2/setup/extra.c:4406 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2837) | xpinstall/wizard/os2/setup/extra.c:4407 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2838) | xpinstall/wizard/os2/setup/extra.c:4418 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
|
f2839) | xpinstall/wizard/os2/setup/extra.c:4425 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2840) | xpinstall/wizard/os2/setup/extra.c:4426 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2841) | xpinstall/wizard/os2/setup/extra.c:4427 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2842) | xpinstall/wizard/os2/setup/extra.c:4428 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2843) | xpinstall/wizard/os2/setup/extra.c:4429 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2844) | xpinstall/wizard/os2/setup/extra.c:4720 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2845) | xpinstall/wizard/os2/setup/extra.c:4728 [4] (format) sprintf: Potential format string problem. Make format string constant.
|
f2846) | xpinstall/wizard/os2/setup/extra.c:4748 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
|
f2847) | xpinstall/wizard/os2/setup/extra.c:4765 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2848) | xpinstall/wizard/os2/setup/extra.c:4771 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2849) | xpinstall/wizard/os2/setup/extra.c:4786 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2850) | xpinstall/wizard/os2/setup/extra.c:4787 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2851) | xpinstall/wizard/os2/setup/extra.c:4788 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2852) | xpinstall/wizard/os2/setup/extra.c:4789 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2853) | xpinstall/wizard/os2/setup/extra.c:4790 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
|
f2854) | xpinstall/wizard/os2/setup/extra.c:4809 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2855) | xpinstall/wizard/os2/setup/extra.c:4829 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2856) | xpinstall/wizard/os2/setup/extra.c:4915 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
|
f2857) | xpinstall/wizard/os2/setup/extra.c:4916 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2858) | xpinstall/wizard/os2/setup/extra.c:5159 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2859) | xpinstall/wizard/os2/setup/extra.c:5163 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2860) | xpinstall/wizard/os2/setup/extra.c:5179 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2861) | xpinstall/wizard/os2/setup/extra.c:5180 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2862) | xpinstall/wizard/os2/setup/extra.c:5181 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
|
f2863) | xpinstall/wizard/os2/setup/extra.c:5223 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
|
f2864) | xpinstall/wizard/os2/setup/extra.c:5225 [4] (format) sprintf: Potential format string problem. Make format string constant.
|
f2865) | xpinstall/wizard/os2/setup/extra.c:5230 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
|
f2866) | xpinstall/wizard/os2/setup/extra.c:5231 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2867) | xpinstall/wizard/os2/setup/extra.c:5232 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
|
f2868) | xpinstall/wizard/os2/setup/extra.c:5233 [4] (format) sprintf: Potential format string problem. Make format string constant.
|
f2869) | xpinstall/wizard/os2/setup/extra.c:5345 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
|
f2870) | xpinstall/wizard/os2/setup/extra.c:5347 [4] (format) sprintf: Potential format string problem. Make format string constant.
|
f2871) | xpinstall/wizard/os2/setup/extra.c:5400 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2872) | xpinstall/wizard/os2/setup/extra.c:5402 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2873) | xpinstall/wizard/os2/setup/extra.c:5404 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2874) | xpinstall/wizard/os2/setup/extra.c:5411 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2875) | xpinstall/wizard/os2/setup/extra.c:5421 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2876) | xpinstall/wizard/os2/setup/extra.c:5423 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2877) | xpinstall/wizard/os2/setup/extra.c:5429 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2878) | xpinstall/wizard/os2/setup/extra.c:5441 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2879) | xpinstall/wizard/os2/setup/extra.c:5447 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2880) | xpinstall/wizard/os2/setup/extra.c:5761 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string.
|
f2881) | xpinstall/wizard/os2/setup/extra.c:5763 [4] (format) sprintf: Potential format string problem. Make format string constant.
|
f2882) | xpinstall/wizard/os2/setup/extra.c:5848 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2883) | xpinstall/wizard/os2/setup/extra.c:5849 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2884) | xpinstall/wizard/os2/setup/extra.c:5897 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2885) | xpinstall/wizard/os2/setup/extra.c:5980 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2886) | xpinstall/wizard/os2/setup/extra.c:5993 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2887) | xpinstall/wizard/os2/setup/extra.c:6005 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2888) | xpinstall/wizard/os2/setup/extra.c:6017 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2889) | xpinstall/wizard/os2/setup/extra.c:6260 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2890) | xpinstall/wizard/os2/setup/extra.c:6265 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2891) | xpinstall/wizard/os2/setup/extra.c:6270 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2892) | xpinstall/wizard/os2/setup/extra.c:6271 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
|
f2893) | xpinstall/wizard/os2/setup/extra.c:6272 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2894) | xpinstall/wizard/os2/setup/extra.c:6277 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2895) | xpinstall/wizard/os2/setup/extra.c:6282 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2896) | xpinstall/wizard/os2/setup/extra.c:6289 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2897) | xpinstall/wizard/os2/setup/extra.c:6352 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2898) | xpinstall/wizard/os2/setup/extra.c:6364 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2899) | xpinstall/wizard/os2/setup/extra.c:6368 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2900) | xpinstall/wizard/os2/setup/extra.c:6373 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2901) | xpinstall/wizard/os2/setup/extra.c:6377 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2902) | xpinstall/wizard/os2/setup/extra.c:6382 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2903) | xpinstall/wizard/os2/setup/extra.c:6386 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2904) | xpinstall/wizard/os2/setup/extra.c:6388 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2905) | xpinstall/wizard/os2/setup/extra.c:6394 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2906) | xpinstall/wizard/os2/setup/extra.c:6401 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2907) | xpinstall/wizard/os2/setup/extra.c:6435 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2908) | xpinstall/wizard/os2/setup/extra.c:6467 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2909) | xpinstall/wizard/os2/setup/extra.c:6474 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2910) | xpinstall/wizard/os2/setup/extra.c:6476 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2911) | xpinstall/wizard/os2/setup/extra.c:6477 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2912) | xpinstall/wizard/os2/setup/extra.c:6478 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2913) | xpinstall/wizard/os2/setup/extra.c:6482 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2914) | xpinstall/wizard/os2/setup/extra.c:6486 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2915) | xpinstall/wizard/os2/setup/extra.c:6488 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2916) | xpinstall/wizard/os2/setup/extra.c:6489 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2917) | xpinstall/wizard/os2/setup/extra.c:6490 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2918) | xpinstall/wizard/os2/setup/extra.c:6493 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2919) | xpinstall/wizard/os2/setup/extra.c:6495 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2920) | xpinstall/wizard/os2/setup/extra.c:6511 [1] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant character.
|
f2921) | xpinstall/wizard/os2/setup/extra.c:6512 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2922) | xpinstall/wizard/os2/setup/extra.c:6513 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
|
f2923) | xpinstall/wizard/os2/setup/extra.c:6514 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2924) | xpinstall/wizard/os2/setup/extra.c:6517 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2925) | xpinstall/wizard/os2/setup/extra.c:6518 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2926) | xpinstall/wizard/os2/setup/extra.c:6519 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2927) | xpinstall/wizard/os2/setup/extra.c:6524 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2928) | xpinstall/wizard/os2/setup/extra.c:6528 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2929) | xpinstall/wizard/os2/setup/extra.c:6607 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2930) | xpinstall/wizard/os2/setup/extra.c:6609 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2931) | xpinstall/wizard/os2/setup/extra.c:6625 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2932) | xpinstall/wizard/os2/setup/extra.c:6627 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2933) | xpinstall/wizard/os2/setup/extra.c:6641 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2934) | xpinstall/wizard/os2/setup/extra.c:6643 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2935) | xpinstall/wizard/os2/setup/extra.c:6661 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2936) | xpinstall/wizard/os2/setup/extra.c:6663 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2937) | xpinstall/wizard/os2/setup/extra.c:6679 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2938) | xpinstall/wizard/os2/setup/extra.c:6681 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2939) | xpinstall/wizard/os2/setup/extra.c:6697 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2940) | xpinstall/wizard/os2/setup/extra.c:6699 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2941) | xpinstall/wizard/os2/setup/extra.c:6715 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2942) | xpinstall/wizard/os2/setup/extra.c:6717 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2943) | xpinstall/wizard/os2/setup/extra.c:6733 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2944) | xpinstall/wizard/os2/setup/extra.c:6735 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2945) | xpinstall/wizard/os2/setup/extra.c:6758 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2946) | xpinstall/wizard/os2/setup/extra.c:6760 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2947) | xpinstall/wizard/os2/setup/extra.c:6828 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2948) | xpinstall/wizard/os2/setup/extra.c:6830 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2949) | xpinstall/wizard/os2/setup/extra.c:6837 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2950) | xpinstall/wizard/os2/setup/extra.c:6842 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2951) | xpinstall/wizard/os2/setup/extra.c:6853 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2952) | xpinstall/wizard/os2/setup/extra.c:6856 [4] (format) sprintf: Potential format string problem. Make format string constant.
|
f2953) | xpinstall/wizard/os2/setup/extra.c:6895 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2954) | xpinstall/wizard/os2/setup/extra.c:6950 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2955) | xpinstall/wizard/os2/setup/extra.c:6954 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2956) | xpinstall/wizard/os2/setup/extra.c:6955 [1] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant character.
|
f2957) | xpinstall/wizard/os2/setup/extra.c:6962 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2958) | xpinstall/wizard/os2/setup/extra.c:6965 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2959) | xpinstall/wizard/os2/setup/extra.c:6990 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2960) | xpinstall/wizard/os2/setup/extra.c:6992 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2961) | xpinstall/wizard/os2/setup/extra.c:6994 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2962) | xpinstall/wizard/os2/setup/extra.c:6996 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2963) | xpinstall/wizard/os2/setup/extra.c:7007 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2964) | xpinstall/wizard/os2/setup/extra.c:7009 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2965) | xpinstall/wizard/os2/setup/extra.c:7019 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2966) | xpinstall/wizard/os2/setup/extra.c:7021 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2967) | xpinstall/wizard/os2/setup/extra.c:7035 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2968) | xpinstall/wizard/os2/setup/extra.c:7037 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2969) | xpinstall/wizard/os2/setup/extra.c:7173 [4] (format) sprintf: Potential format string problem. Make format string constant.
|
f2970) | xpinstall/wizard/os2/setup/extra.c:7202 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2971) | xpinstall/wizard/os2/setup/ifuncns.c:110 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2972) | xpinstall/wizard/os2/setup/ifuncns.c:112 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2973) | xpinstall/wizard/os2/setup/ifuncns.c:129 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2974) | xpinstall/wizard/os2/setup/ifuncns.c:173 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2975) | xpinstall/wizard/os2/setup/ifuncns.c:175 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2976) | xpinstall/wizard/os2/setup/ifuncns.c:204 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2977) | xpinstall/wizard/os2/setup/ifuncns.c:208 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2978) | xpinstall/wizard/os2/setup/ifuncns.c:215 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2979) | xpinstall/wizard/os2/setup/ifuncns.c:220 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2980) | xpinstall/wizard/os2/setup/ifuncns.c:230 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2981) | xpinstall/wizard/os2/setup/ifuncns.c:237 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2982) | xpinstall/wizard/os2/setup/ifuncns.c:317 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2983) | xpinstall/wizard/os2/setup/ifuncns.c:321 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2984) | xpinstall/wizard/os2/setup/ifuncns.c:358 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2985) | xpinstall/wizard/os2/setup/ifuncns.c:403 [4] (format) sprintf: Potential format string problem. Make format string constant.
|
f2986) | xpinstall/wizard/os2/setup/ifuncns.c:412 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2987) | xpinstall/wizard/os2/setup/ifuncns.c:414 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2988) | xpinstall/wizard/os2/setup/ifuncns.c:416 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2989) | xpinstall/wizard/os2/setup/ifuncns.c:418 [2] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat. Risk is low because the source is a constant string.
|
f2990) | xpinstall/wizard/os2/setup/ifuncns.c:476 [4] (format) sprintf: Potential format string problem. Make format string constant.
|
f2991) | xpinstall/wizard/os2/setup/ifuncns.c:514 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2992) | xpinstall/wizard/os2/setup/ifuncns.c:525 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2993) | xpinstall/wizard/os2/setup/ifuncns.c:528 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2994) | xpinstall/wizard/os2/setup/ifuncns.c:532 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|
f2995) | xpinstall/wizard/os2/setup/ifuncns.c:551 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2996) | xpinstall/wizard/os2/setup/ifuncns.c:553 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2997) | xpinstall/wizard/os2/setup/ifuncns.c:556 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy.
|
f2998) | xpinstall/wizard/os2/setup/ifuncns.c:558 [4] (buffer) strcat: does not check for buffer overflows. Consider using strncat or strlcat.
|
f2999) | xpinstall/wizard/os2/setup/ifuncns.c:563 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf.
|