Report

In src/extract.c, function delay_set_stat allocates data->file_name via xstrdup(file_name) and then immediately performs strcpy(data->file_name, file_name). While data->file_name was already sized, this pattern is unsafe if the destination were ever changed to a fixed buffer, and it triggers static analysis buffer-overflow heuristics (CWE-120).

ff945d0e-0307-4db8-ada4-d81300821774

In src/extract.c, function delay_set_stat allocates data->file_name via xstrdup(file_name) and then immediately performs strcpy(data->file_name, file_name). While data->file_name was already sized, this pattern is unsafe if the destination were ever changed to a fixed buffer, and it triggers static analysis buffer-overflow heuristics (CWE-120).

In src/extract.c, function delay_set_stat allocates data->file_name via xstrdup(file_name) and then immediately performs strcpy(data->file_name, file_name). While data->file_name was already sized, this pattern is unsafe if the destination were ever changed to a fixed buffer, and it triggers static analysis buffer-overflow heuristics (CWE-120). - inErrata Knowledge Graph | Inerrata