void COFSNcDlg2::LoadColor(IXMLDOMNode *pRoot, LPCTSTR szName, COLORREF &cr)
{
CComBSTR bs, bsSelect;
cr = CLR_NONE;
bs.Empty();
bsSelect = L"Color[@Name='";
bsSelect += szName;
bsSelect += L"']";
SelectChildNode(pRoot, bsSelect, NULL, &bs);
if(bs.m_str != NULL)
{
long ncr;
int n = swscanf(bs.m_str, L"0x%06x", &ncr);
if(n == 1)
cr = ncr;
}
}
bool CraftingManager::HandleSelectDraftSchematic(Object* object,Object* target,Message* message,ObjectControllerCmdProperties* cmdProperties)
{
PlayerObject* playerObject = dynamic_cast<PlayerObject*>(object);
CraftingSession* session = playerObject->getCraftingSession();
//DraftSchematic* schematic = NULL;
BString dataStr;
uint32 schematicIndex = 0;
message->getStringUnicode16(dataStr);
if(session)
{
if(swscanf(dataStr.getUnicode16(),L"%u",&schematicIndex) != 1 || !session->selectDraftSchematic(schematicIndex))
{
gCraftingSessionFactory->destroySession(session);
}
}
return true;
}
bool string2Region(const wchar_t* _str , xuiRegion& region)
{
static std::wstring str;
str=L"";
static std::wstring typeStr;
typeStr = L"";
int i = 0;
for(i = 0 ; i < (int)wcslen(_str) ; i ++)
{
if(_str[i] == '[')
{
break;
}
if( _str[i] != ' ' && _str[i] != '\t')
{
typeStr.push_back(_str[i]);
}
}
for(; i < (int)wcslen(_str) ; i ++)
{
if(_str[i] != ' ' && _str[i] != '\t')
{
str.push_back(_str[i]);
}
}
if(typeStr == L"rect" || typeStr == L"RECT" || typeStr == L"Rect")
{
stringToRect(str.c_str() , region.Rect2D() );
region._type = xuiRegion::eRT_Rect;
}
else if(typeStr == L"DELTA" || typeStr == L"delta" || typeStr == L"Delta")
{
float x , y , w , h;
swscanf(str.c_str(),L"[%f,%f,%f,%f]",&x,&y,&w,&h);
region.Rect2D().x += x;
region.Rect2D().y += y;
region.Rect2D().w += (w - x) ;
region.Rect2D().h += (h - y) ;
}
return true;
}
void Skein::Node::OverwriteBanner(CStringW& inStr)
{
// Does this text contain an Inform 7 banner?
int i = inStr.Find(L"\nRelease ");
if (i >= 0)
{
int release, serial, build;
if (swscanf((LPCWSTR)inStr+i,L"\nRelease %d / Serial number %d / Inform 7 build %d",&release,&serial,&build) == 3)
{
// Replace the banner line with asterisks
for (int j = i+1; j < inStr.GetLength(); j++)
{
if (inStr.GetAt(j) == '\n')
break;
inStr.SetAt(j,'*');
}
}
}
}
static bool getUL(const VARIANT& v, unsigned long& val)
{
switch (v.vt) {
case VT_BSTR: {
unsigned long ul;
char c;
if (swscanf(_bstr_t(v.bstrVal), L" %lu %c", &ul, &c) != 1)
return false;
val = ul;
} break;
default:
{
val = _variant_t(v).operator unsigned long();
break;
}
}
return true;
}
CMssqlField::operator unsigned()
{
switch(ctype)
{
case SQL_C_WCHAR:
{
unsigned ret=0;
swscanf((const wchar_t *)data,L"%u",&ret);
return ret;
}
case SQL_C_LONG:
return (unsigned)*(long*)data;
case SQL_C_DOUBLE:
return (unsigned)*(double*)data;
default:
CServerIo::trace(1,"Bogus value return for field %s",name.c_str());
return 0;
}
}
static PyObject* extfunc_getNum(PyObject *self, PyObject *args) {
wchar_t *ret = go_internal(args, 1);
if (!ret)
return NULL;
float ret2;
if (swscanf(ret, L"%g", &ret2)) {
free(ret);
PyObject *ret3 = PyFloat_FromDouble(ret2);
return ret3;
} else {
char buf[256];
char *cret = wc2c(ret, 1);
sprintf(buf, "No numeric value found in Info window output: %s", cret);
free(cret);
PyErr_SetString(g_PrPyExc, buf);
return NULL;
}
}
Tsubtitle* TsubtitleParserSubrip09::parse(Tstream &fd, int flags, REFERENCE_TIME start, REFERENCE_TIME stop)
{
wchar_t line[this->LINE_LEN + 1];
int a1, a2, a3;
const wchar_t * next = NULL;
int i;
while (1) {
// try to locate next subtitle
if (!fd.fgets(line, this->LINE_LEN)) {
return NULL;
}
if (!(swscanf(line, L"[%d:%d:%d]", &a1, &a2, &a3) < 3)) {
break;
}
}
TsubtitleText current(this->format);
current.start = this->hmsToTime(a1, a2, a3);
if (previous != NULL) {
previous->stop = current.start - 1;
}
if (!fd.fgets(line, this->LINE_LEN)) {
return NULL;
}
next = line;
i = 0;
//(*current)[0]=""; // just to be sure that string is clear
while ((next = sub_readtext(next, current)) != NULL) {
i++;
}
if (current.size() == 0 || (current.at(0)[0] == '\0') && (i == 0)) {
// void subtitle -> end of previous marked and exit
previous = NULL;
return NULL;
}
return previous = store(current);
}
Tsubtitle* TsubtitleParserSubrip::parse(Tstream &fd, int flags, REFERENCE_TIME start, REFERENCE_TIME stop)
{
wchar_t line[this->LINE_LEN + 1];
int a1, a2, a3, a4, b1, b2, b3, b4;
wchar_t *p = NULL, *q = NULL;
int len;
TsubtitleText current(this->format);
while (1) {
if (!fd.fgets(line, this->LINE_LEN)) {
return NULL;
}
if (flags & this->PARSETIME) {
if (swscanf(line, L"%d:%d:%d.%d,%d:%d:%d.%d", &a1, &a2, &a3, &a4, &b1, &b2, &b3, &b4) < 8) {
continue;
}
current.start = this->hmsToTime(a1, a2, a3, a4);
current.stop = this->hmsToTime(b1, b2, b3, b4);
if (!fd.fgets(line, this->LINE_LEN)) {
return NULL;
}
}
p = q = line;
for (;;) {
for (q = p, len = 0; *p && *p != '\r' && *p != '\n' && *p != '|' && strncmp(p, L"[br]", 4); p++, len++) {
;
}
current.add(q, len);
if (!*p || *p == '\r' || *p == '\n') {
break;
}
if (*p == '|') {
p++;
} else while (*p++ != ']') {
;
}
}
break;
}
return store(current);
}
BOOL CColumnChooserLC::OnDrop(CWnd* /* pWnd */, COleDataObject* pDataObject,
DROPEFFECT /* dropEffect */, CPoint /* point */)
{
// On Drop of column from Header onto Column Chooser Dialog
if (!pDataObject->IsDataAvailable(m_ccddCPFID, NULL))
return FALSE;
HGLOBAL hGlobal;
hGlobal = pDataObject->GetGlobalData(m_ccddCPFID);
LPCWSTR pData = (LPCWSTR)GlobalLock(hGlobal);
ASSERT(pData != NULL);
DWORD procID;
int iDDType, dw_type, iLen;
#if (_MSC_VER >= 1400)
swscanf_s(pData, L"%08x%02x%02x%04x", &procID, &iDDType, &dw_type, &iLen);
#else
swscanf(pData, L"08x%02x%02x%04x", &procID, &iDDType, &dw_type, &iLen);
#endif
// Check if it is ours?
// - we don't accept drop from other instances of PWS
// Check if it is from List View HeaderCtrl?
// - we don't accept drop from anything else
if ((procID != GetCurrentProcessId()) || (iDDType != FROMHDR)) {
GlobalUnlock(hGlobal);
return FALSE;
}
// Now add it
const CString cs_header(pData + 16, iLen);
int iItem = InsertItem(0, cs_header);
SetItemData(iItem, dw_type);
SortItems(CCLCCompareProc, (LPARAM)this);
GlobalUnlock(hGlobal);
GetParent()->SetFocus();
return TRUE;
}
void CWE606_Unchecked_Loop_Condition__wchar_t_listen_socket_22_badSink(wchar_t * data)
{
if(CWE606_Unchecked_Loop_Condition__wchar_t_listen_socket_22_badGlobal)
{
{
int i, n, intVariable;
if (swscanf(data, L"%d", &n) == 1)
{
/* POTENTIAL FLAW: user-supplied value 'n' could lead to very large loop iteration */
intVariable = 0;
for (i = 0; i < n; i++)
{
/* INCIDENTAL: CWE 561: Dead Code - non-avoidable if n <= 0 */
intVariable++; /* avoid a dead/empty code block issue */
}
printIntLine(intVariable);
}
}
}
}
int CNumEdit::IsValidSymble()const
{
CString str;
GetWindowText(str);
int res = VALID;
float f;
char lp[10];
if ((str.GetLength() == 1) && ((str[0] == '+') || (str[0] == '-')))
res = MINUS_PLUS;
else
#ifdef UNICODE
if (swscanf(str, _T("%f%s"), &f, lp) != 1)
res = INVALID_CHAR;
#else
if (sscanf(str, _T("%f%s"), &f, lp) != 1)
res = INVALID_CHAR;
#endif
return res;
}
COLORREF CRichEditCtrlExtn::ConvertColourToColorRef(CString &csValue)
{
// Value is either a colour name or "#RRGGBB"
// Note COLORREF = 0x00bbggrr but HTML = 0x00rrggbb
// Values for named colours here are in COLORREF format
long retval(0L);
if (csValue.Left(1) == L"#") {
// Convert HTML to COLORREF
ASSERT(csValue.GetLength() == 7);
int icolour;
#if (_MSC_VER >= 1400)
swscanf_s(csValue.Mid(1), L"%06x", &icolour);
#else
swscanf(csValue.Mid(1), L"%06x", &icolour);
#endif
int ired = (icolour & 0xff0000) >> 16;
int igreen = (icolour & 0xff00);
int iblue = (icolour & 0xff) << 16;
return (COLORREF)(iblue + igreen + ired);
}
void CWE252_Unchecked_Return_Value__wchar_t_sscanf_15_bad()
{
switch(6)
{
case 6:
{
/* By initializing dataBuffer, we ensure this will not be the
* CWE 690 (Unchecked Return Value To NULL Pointer) flaw for fgetws() and other variants */
wchar_t dataBuffer[100] = L"";
wchar_t * data = dataBuffer;
/* FLAW: Do not check the return value */
swscanf(SRC, L"%99s\0", data);
}
break;
default:
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
printLine("Benign, fixed string");
break;
}
}
static void badSink(wchar_t * data)
{
if(badStatic)
{
{
int i, n, intVariable;
if (swscanf(data, L"%d", &n) == 1)
{
/* POTENTIAL FLAW: user-supplied value 'n' could lead to very large loop iteration */
intVariable = 0;
for (i = 0; i < n; i++)
{
/* INCIDENTAL: CWE 561: Dead Code - non-avoidable if n <= 0 */
intVariable++; /* avoid a dead/empty code block issue */
}
printIntLine(intVariable);
}
}
}
}
void CWE606_Unchecked_Loop_Condition__wchar_t_file_82_goodB2G::action(wchar_t * data)
{
{
int i, n, intVariable;
if (swscanf(data, L"%d", &n) == 1)
{
/* FIX: limit loop iteration counts */
if (n < MAX_LOOP)
{
intVariable = 0;
for (i = 0; i < n; i++)
{
/* INCIDENTAL: CWE 561: Dead Code - non-avoidable if n <= 0 */
intVariable++; /* avoid a dead/empty code block issue */
}
printIntLine(intVariable);
}
}
}
}
//Function: GetGUID
//Purpose: Conversts a string containing the GUID into a GUID datatype.
//Input: string cotaining the GUID
//Output: GUID type
//Return: Returns -1 in case of an error, otherwise returns zero.
int RhoBluetoothManager::GetGUID(WCHAR *psz, GUID *pGUID)
{
int data1, data2, data3;
int data4[8];
if (11 == swscanf(psz, L"%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x\n",
&data1, &data2, &data3,
&data4[0], &data4[1], &data4[2], &data4[3],
&data4[4], &data4[5], &data4[6], &data4[7])) {
pGUID->Data1 = data1;
pGUID->Data2 = data2 & 0xffff;
pGUID->Data3 = data3 & 0xffff;
for (int i = 0 ; i < 8 ; ++i)
pGUID->Data4[i] = data4[i] & 0xff;
return 0;
}
return -1;
}
Tsubtitle* TsubtitleParserDunnowhat::parse(Tstream &fd, int flags, REFERENCE_TIME, REFERENCE_TIME)
{
wchar_t line[this->LINE_LEN + 1];
wchar_t text[this->LINE_LEN + 1];
if (!fd.fgets(line, this->LINE_LEN)) {
return NULL;
}
long start, stop;
if (swscanf(line, L"%ld,%ld,\"%[^\"]", &start,
&stop, text) < 3) {
return NULL;
}
TsubtitleText current(this->format);
current.start = this->frameToTime(start);
current.stop = this->frameToTime(stop);
current.add(text);
return store(current);
}
bool StatsSet::getInt64( const char *name, long long int *val )
{
std::wstring value;
std::string sname( name );
std::map<std::string, std::wstring>::const_iterator iter = m_map.find( sname );
if( iter == m_map.end() )
{
throw Exception( "StatsSet: trying to get non-existent Int64 var [%s] with no default value!", name );
//return false; // warning C4702: unreachable code
}
value = iter->second;
long long int i64 = 0;
int r = swscanf( value.c_str(), L"%I64d", &i64 );
if( r == 1 )
{
(*val) = i64;
return true;
}
throw Exception( "StatsSet.getInt: failed to scanf %%I64d from [%s]=[%S]", name, value.c_str() );
}
PLUGIN_EXPORT void ExecuteBang(void* data, LPCWSTR args)
{
MeasureData* measure = (MeasureData*)data;
const WCHAR* pos = wcschr(args, L' ');
if (pos)
{
size_t len = pos - args;
if (_wcsnicmp(args, L"SendMessage", len) == 0)
{
++pos;
// Parse parameters
DWORD uMsg, wParam, lParam;
if (3 == swscanf(pos, L"%u %u %u", &uMsg, &wParam, &lParam))
{
HWND hwnd = FindWindow(
measure->windowClass.empty() ? nullptr : measure->windowClass.c_str(),
measure->windowName.empty() ? nullptr : measure->windowName.c_str());
if (hwnd)
{
PostMessage(hwnd, uMsg, wParam, lParam);
}
else
{
RmLog(LOG_ERROR, L"WindowMessagePlugin.dll: Unable to find window");
}
}
else
{
RmLog(LOG_WARNING, L"WindowMessagePlugin.dll: Incorrect number of arguments for bang");
}
return;
}
}
RmLog(LOG_WARNING, L"WindowMessagePlugin.dll: Unknown bang");
}
void Parser::Expon(int &p) {
char *name;
if (la->kind == 2) {
Get();
swscanf(t->val, L"%d",&p);
} else if (la->kind == 1) {
Get();
map<string, int>::iterator it = tab->find(coco_string_create_char(t->val));
if(it != tab->end()){
p = it->second;
}else{
p = 0;
printf("Unknowen var\n");
}
} else if (la->kind == 15) {
Get();
Expr(p);
Expect(16);
} else SynErr(18);
}
/////////////////////////////////////
// Name: WorldTargetAddEnt
// Purpose: add a target based on given
// entity parse
// Output: new target added
// Return: none
/////////////////////////////////////
void WorldTargetAddEnt(const EntityParse & entityDat)
{
const tCHAR * pName = entityDat.GetVal(L"targetname");
wstring theName = pName ? pName : L"NULL";
Vec3D theLoc(0,0,0);
//bad target
if(theName.c_str()[0] == 0)
return;
//get location
if(entityDat.GetVal(L"origin"))
{
swscanf(entityDat.GetVal(L"origin"), L"%f %f %f", &theLoc.x, &theLoc.z, &theLoc.y);
theLoc.z *= -1;
}
//add to list
WorldTargetSet(theName.c_str(), theLoc);
}
static void goodG2B()
{
wchar_t * data;
wchar_t dataBuffer[100] = L"";
data = dataBuffer;
data = CWE606_Unchecked_Loop_Condition__wchar_t_connect_socket_61b_goodG2BSource(data);
{
int i, n, intVariable;
if (swscanf(data, L"%d", &n) == 1)
{
/* POTENTIAL FLAW: user-supplied value 'n' could lead to very large loop iteration */
intVariable = 0;
for (i = 0; i < n; i++)
{
/* INCIDENTAL: CWE 561: Dead Code - non-avoidable if n <= 0 */
intVariable++; /* avoid a dead/empty code block issue */
}
printIntLine(intVariable);
}
}
}
/* goodB2G() uses the BadSource with the GoodSink */
static void goodB2GSink()
{
wchar_t * data = CWE606_Unchecked_Loop_Condition__wchar_t_connect_socket_45_goodB2GData;
{
int i, n, intVariable;
if (swscanf(data, L"%d", &n) == 1)
{
/* FIX: limit loop iteration counts */
if (n < MAX_LOOP)
{
intVariable = 0;
for (i = 0; i < n; i++)
{
/* INCIDENTAL: CWE 561: Dead Code - non-avoidable if n <= 0 */
intVariable++; /* avoid a dead/empty code block issue */
}
printIntLine(intVariable);
}
}
}
}
bool CraftingManager::HandleCreatePrototype(Object* object, Object* target,Message* message, ObjectControllerCmdProperties* cmdProperties)
{
PlayerObject* player = dynamic_cast<PlayerObject*>(object);
CraftingSession* session = player->getCraftingSession();
BString dataStr;
uint32 mode,counter;
if(!session)
return false;
message->getStringUnicode16(dataStr);
if(swscanf(dataStr.getUnicode16(),L"%u %u",&counter,&mode) != 2)
{
gCraftingSessionFactory->destroySession(player->getCraftingSession());
return false;
}
session->createPrototype(mode,counter);
return true;
}
Tsubtitle* TsubtitleParserSubviewer2::parse(Tstream &fd, int flags, REFERENCE_TIME start, REFERENCE_TIME stop)
{
wchar_t line[this->LINE_LEN + 1];
int a1, a2, a3, a4;
wchar_t *p = NULL;
int len;
TsubtitleText current(this->format);
while (!current.size()) {
if (!fd.fgets(line, this->LINE_LEN)) {
return NULL;
}
if (line[0] != '{') {
continue;
}
if ((len = swscanf(line, L"{T %d:%d:%d:%d", &a1, &a2, &a3, &a4)) < 4) {
continue;
}
current.start = this->hmsToTime(a1, a2, a3, a4);
for (/*i=0*/;;) {
if (!fd.fgets(line, this->LINE_LEN)) {
goto end; //break;
}
if (line[0] == '}') {
break;
}
len = 0;
for (p = line; *p != '\n' && *p != '\r' && *p; ++p, ++len) {
;
}
if (len) {
current.add(line, len);
} else {
break;
}
}
//current->lines=i;
}
end:
return current.empty() ? NULL : store(current);
}
/* goodB2G2() - use badsource and goodsink by reversing the blocks in the second if */
static void goodB2G2()
{
wchar_t * data;
wchar_t dataBuffer[100] = L"";
data = dataBuffer;
if(staticReturnsTrue())
{
{
/* Append input from an environment variable to data */
size_t dataLen = wcslen(data);
wchar_t * environment = GETENV(ENV_VARIABLE);
/* If there is data in the environment variable */
if (environment != NULL)
{
/* POTENTIAL FLAW: Read data from an environment variable */
wcsncat(data+dataLen, environment, 100-dataLen-1);
}
}
}
if(staticReturnsTrue())
{
{
int i, n, intVariable;
if (swscanf(data, L"%d", &n) == 1)
{
/* FIX: limit loop iteration counts */
if (n < MAX_LOOP)
{
intVariable = 0;
for (i = 0; i < n; i++)
{
/* INCIDENTAL: CWE 561: Dead Code - non-avoidable if n <= 0 */
intVariable++; /* avoid a dead/empty code block issue */
}
printIntLine(intVariable);
}
}
}
}
}
/* goodG2B2() - use goodsource and badsink by reversing the blocks in the first switch */
static void goodG2B2()
{
wchar_t * data;
wchar_t dataBuffer[100] = L"";
data = dataBuffer;
switch(6)
{
case 6:
/* FIX: Set data to a number less than MAX_LOOP */
wcscpy(data, L"15");
break;
default:
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
printLine("Benign, fixed string");
break;
}
switch(7)
{
case 7:
{
int i, n, intVariable;
if (swscanf(data, L"%d", &n) == 1)
{
/* POTENTIAL FLAW: user-supplied value 'n' could lead to very large loop iteration */
intVariable = 0;
for (i = 0; i < n; i++)
{
/* INCIDENTAL: CWE 561: Dead Code - non-avoidable if n <= 0 */
intVariable++; /* avoid a dead/empty code block issue */
}
printIntLine(intVariable);
}
}
break;
default:
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
printLine("Benign, fixed string");
break;
}
}
//---------------------------------------------------------------------------------------------
// Name:
// Desc:
//---------------------------------------------------------------------------------------------
HRESULT CManipulator::InitPredefinedPositions(wchar_t* file)
{
int i,j;
cprimitive* primitive;
wchar_t *outdata = new wchar_t[512];
// setup predefined positions
numPredefinedPos = _wtoi( IniRead(file, L"predefined_positions", L"quantity") );
//1st - straight stick
for(i=0; i < numPredefinedPos; i++)
{
wchar_t string[512];
wsprintf(string, L"predefined_%d", (i));
//name
outdata = new wchar_t[512];
wsprintf(outdata, L"%s", IniRead(file, string, L"name"));
predefinedPositionNames.push_back( new LPWSTR(outdata) );
//angles
D3DXVECTOR2* angles;
angles = new D3DXVECTOR2[numOfChains];
for(j=0; j < numOfChains; j++)
{
D3DXVECTOR2 vec2;
wchar_t index[256];
_itow(j,index,10);
swscanf( IniRead(file, string, index), L"%f %f", &(vec2.x), &(vec2.y));
angles[j] = vec2;
}
predefinedPositions.push_back(angles);
}
return S_OK;
}
/* good1() uses if(GLOBAL_CONST_FIVE!=5) instead of if(GLOBAL_CONST_FIVE==5) */
static void good1()
{
if(GLOBAL_CONST_FIVE!=5)
{
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
printLine("Benign, fixed string");
}
else
{
{
/* By initializing dataBuffer, we ensure this will not be the
* CWE 690 (Unchecked Return Value To NULL Pointer) flaw for fgetws() and other variants */
wchar_t dataBuffer[100] = L"";
wchar_t * data = dataBuffer;
/* FIX: check for the correct return value */
if (swscanf(SRC_STRING, L"%99s\0", data) == EOF)
{
printLine("swscanf failed!");
}
}
}
}