Using the value of an unitialized variable is not safe. (from TCCLASP-5_6_4_10)

The use of a hard-coded password increases the possibility of password guessing tremendously. (from TCCLASP-5_5_9_10-C)

In C and C++, one may often accidentally refer to the wrong memory due to the semantics of when math operations are implicitly scaled. (from TCCLASP-5_6_9_10)

malloc"d data is freed more than once. PLOVER: MISC.DFREE

Syslog is called with a user supplied format string. An attempt was made to preformat the buffer but the vulnerability remains. PLOVER: BUFF.OVER, BUFF.FORMAT

Printf is called with a user supplied format string. PLOVER: BUFF.OVER, BUFF.FORMAT

The accidental addition of a data-structure sentinel can cause serious programing . The accidental addition of a data-structure sentinel can cause serious programing logic problems. (from TCCLASP-5_6_7_10)

If a functions return value is not checked, it could have failed without any warning. (from TCCLASP-5_6_1_9)

If too few arguments are sent to a function, the function will still pop the expected number of arguments from the stack. Potentially, a variable number of arguments could be exhausted in a function as well. (from TCCLASP-5_6_2_10)

Tempfile creation should be done in a safe way. To be safe, the temp file function should open up the temp file with appropriate access control. The temp file function should also retain this quality, while being resistant to race conditions. (from TCCLASP-5_6_20_10)

Not using a a random initialization vector with Cipher Block Chaining (CBC) Mode causes algorithms to be susceptible to dictionary attacks. (from TCCLASP-5_5_22_10-C)

The accidental deletion of a can cause serious programing logic problems. (from TCCLASP-5_6_6_10)

If a function"s return value is not properly checked, the function could have failed without proper acknowledgement. (from TCCLASP-5_6_3_10)

A strcpy of a buffer with a missing NUL character causes a stack buffer to overflow. PLOVER: BUFF.OVER, BUFF.FORMAT

A strcpy of a buffer with a missing NUL character causes a stack buffer to overflow. PLOVER: BUFF.OVER, BUFF.FORMAT

malloc"d data is never freed and all pointers to the data are lost. PLOVER: RES.MEMLEAK

integer overflow results in a short malloc and an overflow. PLOVER: NUM.OVERFLOW, BUFF.OVER

fgets is called with an incorrect bounds allow a stack buffer to be overrun. PLOVER: BUFF.OVER

gets used on user input. PLOVER: BUFF.OVER

Syslog is called with a user supplied format string. PLOVER: BUFF.OVER, BUFF.FORMAT

A chroot() is performed without a chdir(). PLOVER:CP.UPATH.ELEMENT

An ad-hoc string copy without bounds check overflows a stack buffer. PLOVER: BUFF.OVER

An ad hoc gets without bounds checkes allows a stack buffer to be overrun. PLOVER CLASS: BUFF.OVER

Running sizeof() on a malloced pointer type will always return the wordsize/8. (from TCCLASP-5_6_8_10)

Sometimes an error is detected, and bad or no action is taken. (from TCCLASP-5_6_19_10)