I: There are likely swapped arguments in a memset
   Check that the function arguments match: memset(ptr,BYTEVALUE,LENGTH)
W: icu memset-with-zero-length decnumstr.cpp:73:58

I: Statement might be overflowing a buffer in strncat. Common mistake:
   BAD: strncat(buffer,charptr,sizeof(buffer)) is wrong, it takes the left over size as 3rd argument
   GOOD: strncat(buffer,charptr,sizeof(buffer)-strlen(buffer)-1)
E: icu bufferoverflowstrncat pkgdata.cpp:299:87

---
 source/i18n/decnumstr.cpp        |    2 +-
 source/tools/pkgdata/pkgdata.cpp |    6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

Index: icu/source/i18n/decnumstr.cpp
===================================================================
--- icu.orig/source/i18n/decnumstr.cpp
+++ icu/source/i18n/decnumstr.cpp
@@ -70,7 +70,7 @@ void DecimalNumberString::setLength(int3
         return;
     }
     if (length > fLength) {
-        uprv_memset(&fText[fLength], length - fLength, 0);
+        uprv_memset(&fText[fLength], 0, length - fLength);
     }
     fLength = length;
     fText[fLength] = 0;
Index: icu/source/tools/pkgdata/pkgdata.cpp
===================================================================
--- icu.orig/source/tools/pkgdata/pkgdata.cpp
+++ icu/source/tools/pkgdata/pkgdata.cpp
@@ -1645,10 +1645,10 @@ static void loadLists(UPKGOptions *o, UE
     const char cmd[] = "icu-config --incpkgdatafile";
 
     /* #1 try the same path where pkgdata was called from. */
-    findDirname(progname, cmdBuf, 1024, &status);
+    findDirname(progname, cmdBuf, sizeof(cmdBuf), &status);
     if(U_SUCCESS(status)) {
-      uprv_strncat(cmdBuf, U_FILE_SEP_STRING, 1024);
-      uprv_strncat(cmdBuf, cmd, 1024);
+      uprv_strncat(cmdBuf, U_FILE_SEP_STRING, sizeof(cmdBuf)-1-strlen(cmdBuf));
+      uprv_strncat(cmdBuf, cmd, sizeof(cmdBuf)-1-strlen(cmdBuf));
       
       if(verbose) {
         fprintf(stdout, "# Calling icu-config: %s\n", cmdBuf);