xlcdump.c:63: High: fprintf
xldump.c:64: High: fprintf
Check to be sure that the non-constant format string passed as argument 2 to
this function call does not come from an untrusted source that could have added
formatting characters that the code is not prepared to handle.

xlcdump.c:102: High: fixed size local buffer
xldump.c:103: High: fixed size local buffer
xlhtml.c:404: High: fixed size local buffer
xlhtml.c:799: High: fixed size local buffer
xlhtml.c:824: High: fixed size local buffer
xlhtml.c:925: High: fixed size local buffer
xlhtml.c:1461: High: fixed size local buffer
xlhtml.c:1539: High: fixed size local buffer
xlhtml.c:1763: High: fixed size local buffer
xlhtml.c:3046: High: fixed size local buffer
xlhtml.c:3075: High: fixed size local buffer
xlhtml.c:3873: High: fixed size local buffer
Extra care should be taken to ensure that character arrays that are allocated
on the stack are used safely.  They are prime targets for buffer overflow
attacks.

xlhtml.c:813: High: strcpy
xlhtml.c:1595: High: strcpy
xlhtml.c:1605: High: strcpy
xlhtml.c:3877: High: strcpy
xlhtml.c:3884: High: strcpy
Check to be sure that argument 2 passed to this function call will not copy
more data than can be handled, resulting in a buffer overflow.

xlhtml.c:2514: High: printf
xlhtml.c:2527: High: printf
xlhtml.c:2531: High: printf
xlhtml.c:2549: High: printf
xlhtml.c:2553: High: printf
xlhtml.c:2555: High: printf
xlhtml.c:2564: High: printf
xlhtml.c:2570: High: printf
xlhtml.c:2575: High: printf
xlhtml.c:2580: High: printf
xlhtml.c:2585: High: printf
xlhtml.c:2590: High: printf
xlhtml.c:2596: High: printf
xlhtml.c:2599: High: printf
xlhtml.c:2605: High: printf
xlhtml.c:2612: High: printf
xlhtml.c:2715: High: printf
xlhtml.c:2724: High: printf
xlhtml.c:2904: High: printf
xlhtml.c:3128: High: printf
xlhtml.c:3543: High: printf
xlhtml.c:3623: High: printf
Check to be sure that the non-constant format string passed as argument 1 to
this function call does not come from an untrusted source that could have added
formatting characters that the code is not prepared to handle.

xlhtml.c:3048: High: sprintf
Check to be sure that the non-constant format string passed as argument 2 to
this function call does not come from an untrusted source that could have added
formatting characters that the code is not prepared to handle.

xlhtml.c:3048: High: sprintf
Check to be sure that the format string passed as argument 2 to this function
call does not come from an untrusted source that could have added formatting
characters that the code is not prepared to handle.  Additionally, the format
string could contain `%s' without precision that could result in a buffer
overflow.

xlhtml.c:1836: Medium: realloc
xlhtml.c:2201: Medium: realloc
xlhtml.c:2269: Medium: realloc
xlhtml.c:2270: Medium: realloc
xlhtml.c:2375: Medium: realloc
Don't use on memory intended to be secure, because the old structure will not be zeroed out.

