Untrusted loop bound
An attacker could control the number of times the loop iterates. An unscrutinized value from an untrusted source used as a loop bound
/test/format/config.c:1271: TAINTED_SCALAR 121099 Calling function "fgets" taints argument "*buf".
/test/format/config.c:1272: TAINTED_SCALAR 121099 Assigning: "p" = "t = buf". Both are now tainted.
/test/format/config.c:1284: TAINTED_SCALAR 121099 Assigning: "t" = "p--". Both are now tainted.