Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/acedb-4.9.39+dfsg.02/w1/acein.c
Examining data/acedb-4.9.39+dfsg.02/w1/aceout.c
Examining data/acedb-4.9.39+dfsg.02/w1/acethread.c
Examining data/acedb-4.9.39+dfsg.02/w1/arraysub.c
Examining data/acedb-4.9.39+dfsg.02/w1/bump.c
Examining data/acedb-4.9.39+dfsg.02/w1/call.c
Examining data/acedb-4.9.39+dfsg.02/w1/chronoexe.c
Examining data/acedb-4.9.39+dfsg.02/w1/dict.c
Examining data/acedb-4.9.39+dfsg.02/w1/filsubs.c
Examining data/acedb-4.9.39+dfsg.02/w1/freeout.c
Examining data/acedb-4.9.39+dfsg.02/w1/freesubs.c
Examining data/acedb-4.9.39+dfsg.02/w1/getopt.c
Examining data/acedb-4.9.39+dfsg.02/w1/getopt1.c
Examining data/acedb-4.9.39+dfsg.02/w1/heap.c
Examining data/acedb-4.9.39+dfsg.02/w1/liste.c
Examining data/acedb-4.9.39+dfsg.02/w1/memsubs.c
Examining data/acedb-4.9.39+dfsg.02/w1/menu.c
Examining data/acedb-4.9.39+dfsg.02/w1/messubs.c
Examining data/acedb-4.9.39+dfsg.02/w1/msort.c
Examining data/acedb-4.9.39+dfsg.02/w1/randsubs.c
Examining data/acedb-4.9.39+dfsg.02/w1/strsubs.c
Examining data/acedb-4.9.39+dfsg.02/w1/texthelp.c
Examining data/acedb-4.9.39+dfsg.02/w1/timesubs.c
Examining data/acedb-4.9.39+dfsg.02/w1/utils.c
Examining data/acedb-4.9.39+dfsg.02/w1/vtxt.c
Examining data/acedb-4.9.39+dfsg.02/w1/helpsubs.c
Examining data/acedb-4.9.39+dfsg.02/w2/chronodisp.c
Examining data/acedb-4.9.39+dfsg.02/w2/colcontrol.c
Examining data/acedb-4.9.39+dfsg.02/w2/filquery.c
Examining data/acedb-4.9.39+dfsg.02/w2/gex.c
Examining data/acedb-4.9.39+dfsg.02/w2/gexhelp.c
Examining data/acedb-4.9.39+dfsg.02/w2/gexramptool.c
Examining data/acedb-4.9.39+dfsg.02/w2/graphAcedbInterface.c
Examining data/acedb-4.9.39+dfsg.02/w2/graph_.h
Examining data/acedb-4.9.39+dfsg.02/w2/graphcolour.c
Examining data/acedb-4.9.39+dfsg.02/w2/graphcolour.h
Examining data/acedb-4.9.39+dfsg.02/w2/graphcon.c
Examining data/acedb-4.9.39+dfsg.02/w2/graphdev.h
Examining data/acedb-4.9.39+dfsg.02/w2/graphgdi.c
Examining data/acedb-4.9.39+dfsg.02/w2/graphgdk.c
Examining data/acedb-4.9.39+dfsg.02/w2/graphgdkremote.c
Examining data/acedb-4.9.39+dfsg.02/w2/graphgif.c
Examining data/acedb-4.9.39+dfsg.02/w2/graphgtk.c
Examining data/acedb-4.9.39+dfsg.02/w2/graphgtk_.h
Examining data/acedb-4.9.39+dfsg.02/w2/graphimage.c
Examining data/acedb-4.9.39+dfsg.02/w2/graphmesglist.c
Examining data/acedb-4.9.39+dfsg.02/w2/graphprint.c
Examining data/acedb-4.9.39+dfsg.02/w2/graphps.c
Examining data/acedb-4.9.39+dfsg.02/w2/graphremote.c
Examining data/acedb-4.9.39+dfsg.02/w2/graphselect.c
Examining data/acedb-4.9.39+dfsg.02/w2/graphsub.c
Examining data/acedb-4.9.39+dfsg.02/w2/graphtest.c
Examining data/acedb-4.9.39+dfsg.02/w2/viewedit.c
Examining data/acedb-4.9.39+dfsg.02/w2/vroot.h
Examining data/acedb-4.9.39+dfsg.02/w2/xremotemain.c
Examining data/acedb-4.9.39+dfsg.02/w2/graphascii.c
Examining data/acedb-4.9.39+dfsg.02/w3/apputils.c
Examining data/acedb-4.9.39+dfsg.02/w3/gifacemain.c
Examining data/acedb-4.9.39+dfsg.02/w3/tacemain.c
Examining data/acedb-4.9.39+dfsg.02/w3/taqlmain.c
Examining data/acedb-4.9.39+dfsg.02/w3/xacemain.c
Examining data/acedb-4.9.39+dfsg.02/w3/xclientmain.c
Examining data/acedb-4.9.39+dfsg.02/w4/aceutils.c
Examining data/acedb-4.9.39+dfsg.02/w4/alignment.c
Examining data/acedb-4.9.39+dfsg.02/w4/banner.c
Examining data/acedb-4.9.39+dfsg.02/w4/command.c
Examining data/acedb-4.9.39+dfsg.02/w4/command_.h
Examining data/acedb-4.9.39+dfsg.02/w4/commandmenu.c
Examining data/acedb-4.9.39+dfsg.02/w4/dbpath.c
Examining data/acedb-4.9.39+dfsg.02/w4/dump.c
Examining data/acedb-4.9.39+dfsg.02/w4/gifcommand.c
Examining data/acedb-4.9.39+dfsg.02/w4/logsubs.c
Examining data/acedb-4.9.39+dfsg.02/w4/longtext.c
Examining data/acedb-4.9.39+dfsg.02/w4/mainpick.c
Examining data/acedb-4.9.39+dfsg.02/w4/metadata.c
Examining data/acedb-4.9.39+dfsg.02/w4/model.c
Examining data/acedb-4.9.39+dfsg.02/w4/newkey.c
Examining data/acedb-4.9.39+dfsg.02/w4/parse.c
Examining data/acedb-4.9.39+dfsg.02/w4/parse_.h
Examining data/acedb-4.9.39+dfsg.02/w4/picksubs.c
Examining data/acedb-4.9.39+dfsg.02/w4/prefsubs.c
Examining data/acedb-4.9.39+dfsg.02/w4/queryexe.c
Examining data/acedb-4.9.39+dfsg.02/w4/session.c
Examining data/acedb-4.9.39+dfsg.02/w4/sigsubs.c
Examining data/acedb-4.9.39+dfsg.02/w4/status.c
Examining data/acedb-4.9.39+dfsg.02/w4/tabledefio.c
Examining data/acedb-4.9.39+dfsg.02/w4/tabledefsubs.c
Examining data/acedb-4.9.39+dfsg.02/w4/update.c
Examining data/acedb-4.9.39+dfsg.02/w5/acache.c
Examining data/acedb-4.9.39+dfsg.02/w5/adisk.c
Examining data/acedb-4.9.39+dfsg.02/w5/blocksub.c
Examining data/acedb-4.9.39+dfsg.02/w5/bs2block.c
Examining data/acedb-4.9.39+dfsg.02/w5/disknew.c
Examining data/acedb-4.9.39+dfsg.02/w5/idacedb.c
Examining data/acedb-4.9.39+dfsg.02/w5/idacedb.h
Examining data/acedb-4.9.39+dfsg.02/w5/idcurate.c
Examining data/acedb-4.9.39+dfsg.02/w5/keysetdump.c
Examining data/acedb-4.9.39+dfsg.02/w5/lexalpha.c
Examining data/acedb-4.9.39+dfsg.02/w5/lexsubs4.c
Examining data/acedb-4.9.39+dfsg.02/w5/objcache.c
Examining data/acedb-4.9.39+dfsg.02/w6/acdbtest.c
Examining data/acedb-4.9.39+dfsg.02/w6/acedbgraph.c
Examining data/acedb-4.9.39+dfsg.02/w6/action.c
Examining data/acedb-4.9.39+dfsg.02/w6/aqldisp.c
Examining data/acedb-4.9.39+dfsg.02/w6/asubs.c
Examining data/acedb-4.9.39+dfsg.02/w6/basepad.c
Examining data/acedb-4.9.39+dfsg.02/w6/bsdumps.c
Examining data/acedb-4.9.39+dfsg.02/w6/bssubs.c
Examining data/acedb-4.9.39+dfsg.02/w6/bstools.c
Examining data/acedb-4.9.39+dfsg.02/w6/bstree.c
Examining data/acedb-4.9.39+dfsg.02/w6/bsubs.c
Examining data/acedb-4.9.39+dfsg.02/w6/check.c
Examining data/acedb-4.9.39+dfsg.02/w6/display.c
Examining data/acedb-4.9.39+dfsg.02/w6/dnacode.c
Examining data/acedb-4.9.39+dfsg.02/w6/dnasubs.c
Examining data/acedb-4.9.39+dfsg.02/w6/forest.c
Examining data/acedb-4.9.39+dfsg.02/w6/keyset.c
Examining data/acedb-4.9.39+dfsg.02/w6/ksetdisp.c
Examining data/acedb-4.9.39+dfsg.02/w6/layoutdisp.c
Examining data/acedb-4.9.39+dfsg.02/w6/longtextdisp.c
Examining data/acedb-4.9.39+dfsg.02/w6/matchtable.c
Examining data/acedb-4.9.39+dfsg.02/w6/multimapdisp.c
Examining data/acedb-4.9.39+dfsg.02/w6/nicedump.c
Examining data/acedb-4.9.39+dfsg.02/w6/objcachedisp.c
Examining data/acedb-4.9.39+dfsg.02/w6/peptide.c
Examining data/acedb-4.9.39+dfsg.02/w6/plot.c
Examining data/acedb-4.9.39+dfsg.02/w6/plot2d.c
Examining data/acedb-4.9.39+dfsg.02/w6/prefdisp.c
Examining data/acedb-4.9.39+dfsg.02/w6/qbedisp.c
Examining data/acedb-4.9.39+dfsg.02/w6/querybuild.c
Examining data/acedb-4.9.39+dfsg.02/w6/querydisp.c
Examining data/acedb-4.9.39+dfsg.02/w6/sessiondisp.c
Examining data/acedb-4.9.39+dfsg.02/w6/smap.c
Examining data/acedb-4.9.39+dfsg.02/w6/smap_.h
Examining data/acedb-4.9.39+dfsg.02/w6/statusdisp.c
Examining data/acedb-4.9.39+dfsg.02/w6/tabledisp.c
Examining data/acedb-4.9.39+dfsg.02/w6/tablemakerdisp.c
Examining data/acedb-4.9.39+dfsg.02/w6/treedisp.c
Examining data/acedb-4.9.39+dfsg.02/w7/alignmentdisp.c
Examining data/acedb-4.9.39+dfsg.02/w7/biblio.c
Examining data/acedb-4.9.39+dfsg.02/w7/cmapdisp.c
Examining data/acedb-4.9.39+dfsg.02/w7/coltest.c
Examining data/acedb-4.9.39+dfsg.02/w7/das.c
Examining data/acedb-4.9.39+dfsg.02/w7/dnacpt.c
Examining data/acedb-4.9.39+dfsg.02/w7/drawdisp.c
Examining data/acedb-4.9.39+dfsg.02/w7/fmap_.h
Examining data/acedb-4.9.39+dfsg.02/w7/fmapblast.c
Examining data/acedb-4.9.39+dfsg.02/w7/fmapcdna.c
Examining data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c
Examining data/acedb-4.9.39+dfsg.02/w7/fmapcurate.c
Examining data/acedb-4.9.39+dfsg.02/w7/fmapfeatures.c
Examining data/acedb-4.9.39+dfsg.02/w7/fmapgene.c
Examining data/acedb-4.9.39+dfsg.02/w7/fmapmenes.c
Examining data/acedb-4.9.39+dfsg.02/w7/fmaposp.c
Examining data/acedb-4.9.39+dfsg.02/w7/fmapsequence.c
Examining data/acedb-4.9.39+dfsg.02/w7/fmapstatus.c
Examining data/acedb-4.9.39+dfsg.02/w7/fpdisp.c
Examining data/acedb-4.9.39+dfsg.02/w7/geldisp.c
Examining data/acedb-4.9.39+dfsg.02/w7/genecurate.c
Examining data/acedb-4.9.39+dfsg.02/w7/gff.c
Examining data/acedb-4.9.39+dfsg.02/w7/gmapconvert.c
Examining data/acedb-4.9.39+dfsg.02/w7/gmapdisp.c
Examining data/acedb-4.9.39+dfsg.02/w7/gmapintervalcol.c
Examining data/acedb-4.9.39+dfsg.02/w7/gmaplocuscol.c
Examining data/acedb-4.9.39+dfsg.02/w7/gmapmarkercol.c
Examining data/acedb-4.9.39+dfsg.02/w7/gmapposnegcol.c
Examining data/acedb-4.9.39+dfsg.02/w7/gmapremarkcol.c
Examining data/acedb-4.9.39+dfsg.02/w7/gmapsubmapcol.c
Examining data/acedb-4.9.39+dfsg.02/w7/grid_.h
Examining data/acedb-4.9.39+dfsg.02/w7/griddisp.c
Examining data/acedb-4.9.39+dfsg.02/w7/mapcontrol.c
Examining data/acedb-4.9.39+dfsg.02/w7/metab.c
Examining data/acedb-4.9.39+dfsg.02/w7/method.c
Examining data/acedb-4.9.39+dfsg.02/w7/methodcache.c
Examining data/acedb-4.9.39+dfsg.02/w7/pepactivezonecol.c
Examining data/acedb-4.9.39+dfsg.02/w7/pepdisp.c
Examining data/acedb-4.9.39+dfsg.02/w7/pepfeaturecol.c
Examining data/acedb-4.9.39+dfsg.02/w7/pepgifcommand.c
Examining data/acedb-4.9.39+dfsg.02/w7/pepgraphcol.c
Examining data/acedb-4.9.39+dfsg.02/w7/pephomolcol.c
Examining data/acedb-4.9.39+dfsg.02/w7/pepseqcol.c
Examining data/acedb-4.9.39+dfsg.02/w7/pmapconvert.c
Examining data/acedb-4.9.39+dfsg.02/w7/pmapdisp.c
Examining data/acedb-4.9.39+dfsg.02/w7/smapconvert.c
Examining data/acedb-4.9.39+dfsg.02/w7/vmap_.h
Examining data/acedb-4.9.39+dfsg.02/w7/vmapdisp.c
Examining data/acedb-4.9.39+dfsg.02/w7/vmapdrag.c
Examining data/acedb-4.9.39+dfsg.02/w7/dendrogram.c
Examining data/acedb-4.9.39+dfsg.02/w8/aligntools.c
Examining data/acedb-4.9.39+dfsg.02/w8/basecallstat.c
Examining data/acedb-4.9.39+dfsg.02/w8/chronoorder.c
Examining data/acedb-4.9.39+dfsg.02/w8/defcpt.c
Examining data/acedb-4.9.39+dfsg.02/w8/dnaalign.c
Examining data/acedb-4.9.39+dfsg.02/w8/intrinsictree.c
Examining data/acedb-4.9.39+dfsg.02/w8/topology.c
Examining data/acedb-4.9.39+dfsg.02/w9/align.c
Examining data/acedb-4.9.39+dfsg.02/w9/asn.c
Examining data/acedb-4.9.39+dfsg.02/w9/blixem_.h
Examining data/acedb-4.9.39+dfsg.02/w9/blxmain.c
Examining data/acedb-4.9.39+dfsg.02/w9/blxparser.c
Examining data/acedb-4.9.39+dfsg.02/w9/blxselect.c
Examining data/acedb-4.9.39+dfsg.02/w9/dbidx.c
Examining data/acedb-4.9.39+dfsg.02/w9/diskdump.c
Examining data/acedb-4.9.39+dfsg.02/w9/diskfix.c
Examining data/acedb-4.9.39+dfsg.02/w9/dotter.c
Examining data/acedb-4.9.39+dfsg.02/w9/dotterKarlin.c
Examining data/acedb-4.9.39+dfsg.02/w9/embl.c
Examining data/acedb-4.9.39+dfsg.02/w9/fetch.c
Examining data/acedb-4.9.39+dfsg.02/w9/gfcode.c
Examining data/acedb-4.9.39+dfsg.02/w9/gmapdata.c
Examining data/acedb-4.9.39+dfsg.02/w9/gmapdatacol.c
Examining data/acedb-4.9.39+dfsg.02/w9/gmapphys.c
Examining data/acedb-4.9.39+dfsg.02/w9/hexcode.c
Examining data/acedb-4.9.39+dfsg.02/w9/readseq.c
Examining data/acedb-4.9.39+dfsg.02/w9/translate.c
Examining data/acedb-4.9.39+dfsg.02/w9/vmapdata2.c
Examining data/acedb-4.9.39+dfsg.02/w9/vmapphys.c
Examining data/acedb-4.9.39+dfsg.02/w9/blxview.c
Examining data/acedb-4.9.39+dfsg.02/w9/belvu.c
Examining data/acedb-4.9.39+dfsg.02/w9/dotterMain.c
Examining data/acedb-4.9.39+dfsg.02/w9/efetch.c
Examining data/acedb-4.9.39+dfsg.02/wabi/abifix.c
Examining data/acedb-4.9.39+dfsg.02/wabi/acemblyhook.c
Examining data/acedb-4.9.39+dfsg.02/wabi/annot.c
Examining data/acedb-4.9.39+dfsg.02/wabi/basecall.c
Examining data/acedb-4.9.39+dfsg.02/wabi/blyctrl.c
Examining data/acedb-4.9.39+dfsg.02/wabi/cdnaalign.c
Examining data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c
Examining data/acedb-4.9.39+dfsg.02/wabi/geneannot.c
Examining data/acedb-4.9.39+dfsg.02/wabi/intron2.c
Examining data/acedb-4.9.39+dfsg.02/wabi/myNetwork.c
Examining data/acedb-4.9.39+dfsg.02/wabi/nnbasecall.c
Examining data/acedb-4.9.39+dfsg.02/wabi/saucisse.c
Examining data/acedb-4.9.39+dfsg.02/wabi/trace.c
Examining data/acedb-4.9.39+dfsg.02/wac/ac.h
Examining data/acedb-4.9.39+dfsg.02/wac/ac_.h
Examining data/acedb-4.9.39+dfsg.02/wac/acclient.c
Examining data/acedb-4.9.39+dfsg.02/wac/acclient_.h
Examining data/acedb-4.9.39+dfsg.02/wac/acclient_acetcp.c
Examining data/acedb-4.9.39+dfsg.02/wac/acclient_rpc.c
Examining data/acedb-4.9.39+dfsg.02/wac/acclient_socket.c
Examining data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c
Examining data/acedb-4.9.39+dfsg.02/wac/accmd.c
Examining data/acedb-4.9.39+dfsg.02/wac/acctest.c
Examining data/acedb-4.9.39+dfsg.02/wac/acinside.c
Examining data/acedb-4.9.39+dfsg.02/wac/acinside_.h
Examining data/acedb-4.9.39+dfsg.02/wac/actable.c
Examining data/acedb-4.9.39+dfsg.02/wace/acediff.c
Examining data/acedb-4.9.39+dfsg.02/wace/acediffsorted.c
Examining data/acedb-4.9.39+dfsg.02/wace/acesubs.c
Examining data/acedb-4.9.39+dfsg.02/wace/makeUserPasswd.c
Examining data/acedb-4.9.39+dfsg.02/wace/pmapace.c
Examining data/acedb-4.9.39+dfsg.02/wace/pmapace2.c
Examining data/acedb-4.9.39+dfsg.02/wace/removeContinuations.c
Examining data/acedb-4.9.39+dfsg.02/wace/stockace.c
Examining data/acedb-4.9.39+dfsg.02/wace/homonym.c
Examining data/acedb-4.9.39+dfsg.02/wacext/kscount.c
Examining data/acedb-4.9.39+dfsg.02/waql/aql.c
Examining data/acedb-4.9.39+dfsg.02/waql/aql_.h
Examining data/acedb-4.9.39+dfsg.02/waql/aqlcheck.c
Examining data/acedb-4.9.39+dfsg.02/waql/aqldebug.c
Examining data/acedb-4.9.39+dfsg.02/waql/aqlerror.c
Examining data/acedb-4.9.39+dfsg.02/waql/aqlrun.c
Examining data/acedb-4.9.39+dfsg.02/wdce/acedbclientlib.cpp
Examining data/acedb-4.9.39+dfsg.02/wdce/acedbserverlib.cpp
Examining data/acedb-4.9.39+dfsg.02/wdce/aceserverconfigpp.cpp
Examining data/acedb-4.9.39+dfsg.02/wdce/aceserverconfigpp.h
Examining data/acedb-4.9.39+dfsg.02/wdce/aceservercontrolpanel.cpp
Examining data/acedb-4.9.39+dfsg.02/wdce/aceservercontrolpanel.h
Examining data/acedb-4.9.39+dfsg.02/wdce/asinstall.cpp
Examining data/acedb-4.9.39+dfsg.02/wdce/asinstall.h
Examining data/acedb-4.9.39+dfsg.02/wdce/asinstalldlg.cpp
Examining data/acedb-4.9.39+dfsg.02/wdce/asinstalldlg.h
Examining data/acedb-4.9.39+dfsg.02/wdce/asstdafx.cpp
Examining data/acedb-4.9.39+dfsg.02/wdce/asstdafx.h
Examining data/acedb-4.9.39+dfsg.02/wdce/client.c
Examining data/acedb-4.9.39+dfsg.02/wdce/client2service.cpp
Examining data/acedb-4.9.39+dfsg.02/wdce/client2service.h
Examining data/acedb-4.9.39+dfsg.02/wdce/introductionpp.cpp
Examining data/acedb-4.9.39+dfsg.02/wdce/completionpp.cpp
Examining data/acedb-4.9.39+dfsg.02/wdce/configps.cpp
Examining data/acedb-4.9.39+dfsg.02/wdce/configps.h
Examining data/acedb-4.9.39+dfsg.02/wdce/connectionspp.cpp
Examining data/acedb-4.9.39+dfsg.02/wdce/connectionspp.h
Examining data/acedb-4.9.39+dfsg.02/wdce/databasepp.cpp
Examining data/acedb-4.9.39+dfsg.02/wdce/databasepp.h
Examining data/acedb-4.9.39+dfsg.02/wdce/dceclientlib.c
Examining data/acedb-4.9.39+dfsg.02/wdce/dceprot.c
Examining data/acedb-4.9.39+dfsg.02/wdce/dceserver.c
Examining data/acedb-4.9.39+dfsg.02/wdce/dceserverlib.c
Examining data/acedb-4.9.39+dfsg.02/wdce/dceserverlib.cpp
Examining data/acedb-4.9.39+dfsg.02/wdce/dceservertimer.cpp
Examining data/acedb-4.9.39+dfsg.02/wdce/dceservertimer.h
Examining data/acedb-4.9.39+dfsg.02/wdce/installationhostpp.cpp
Examining data/acedb-4.9.39+dfsg.02/wdce/installationhostpp.h
Examining data/acedb-4.9.39+dfsg.02/wdce/introductionpp.h
Examining data/acedb-4.9.39+dfsg.02/wdce/my_dce.h
Examining data/acedb-4.9.39+dfsg.02/wdce/resource.h
Examining data/acedb-4.9.39+dfsg.02/wdce/rpcace.h
Examining data/acedb-4.9.39+dfsg.02/wdce/rpcace_c.c
Examining data/acedb-4.9.39+dfsg.02/wdce/rpcace_s.c
Examining data/acedb-4.9.39+dfsg.02/wdce/serviceregistrypp.cpp
Examining data/acedb-4.9.39+dfsg.02/wdce/serviceregistrypp.h
Examining data/acedb-4.9.39+dfsg.02/wdce/servicestatuspp.cpp
Examining data/acedb-4.9.39+dfsg.02/wdce/servicestatuspp.h
Examining data/acedb-4.9.39+dfsg.02/wdce/win32dcelib.cpp
Examining data/acedb-4.9.39+dfsg.02/wdce/win32service.c
Examining data/acedb-4.9.39+dfsg.02/wgd/gd.h
Examining data/acedb-4.9.39+dfsg.02/wgd/gd2gif.c
Examining data/acedb-4.9.39+dfsg.02/wgd/gdfont6x9.c
Examining data/acedb-4.9.39+dfsg.02/wgd/gdfont8x13.c
Examining data/acedb-4.9.39+dfsg.02/wgd/gdfont8x13bold.c
Examining data/acedb-4.9.39+dfsg.02/wgd/io.h
Examining data/acedb-4.9.39+dfsg.02/wgd/libgd.c
Examining data/acedb-4.9.39+dfsg.02/wgd/mtables.c
Examining data/acedb-4.9.39+dfsg.02/wgd/mtables.h
Examining data/acedb-4.9.39+dfsg.02/wgnbk/gnbkclientlib.c
Examining data/acedb-4.9.39+dfsg.02/wgnbk/gnbkserver.c
Examining data/acedb-4.9.39+dfsg.02/wgnbk/rpcgnbk_sp.c
Examining data/acedb-4.9.39+dfsg.02/wgnbk/gnbk.c
Examining data/acedb-4.9.39+dfsg.02/wgnbk/gnbkclient.c
Examining data/acedb-4.9.39+dfsg.02/wh/a.h
Examining data/acedb-4.9.39+dfsg.02/wh/a_.h
Examining data/acedb-4.9.39+dfsg.02/wh/acache.h
Examining data/acedb-4.9.39+dfsg.02/wh/ace.h
Examining data/acedb-4.9.39+dfsg.02/wh/aceclient.h
Examining data/acedb-4.9.39+dfsg.02/wh/acedb.h
Examining data/acedb-4.9.39+dfsg.02/wh/acedbgraph.h
Examining data/acedb-4.9.39+dfsg.02/wh/aceio.h
Examining data/acedb-4.9.39+dfsg.02/wh/aceiotypes.h
Examining data/acedb-4.9.39+dfsg.02/wh/acelib.h
Examining data/acedb-4.9.39+dfsg.02/wh/acelib_.h
Examining data/acedb-4.9.39+dfsg.02/wh/acembly.h
Examining data/acedb-4.9.39+dfsg.02/wh/acethread.h
Examining data/acedb-4.9.39+dfsg.02/wh/acetypes.h
Examining data/acedb-4.9.39+dfsg.02/wh/aceversion.h
Examining data/acedb-4.9.39+dfsg.02/wh/action.h
Examining data/acedb-4.9.39+dfsg.02/wh/adisk.h
Examining data/acedb-4.9.39+dfsg.02/wh/alignment.h
Examining data/acedb-4.9.39+dfsg.02/wh/alignment_.h
Examining data/acedb-4.9.39+dfsg.02/wh/aligntools.h
Examining data/acedb-4.9.39+dfsg.02/wh/annot.h
Examining data/acedb-4.9.39+dfsg.02/wh/apputils.h
Examining data/acedb-4.9.39+dfsg.02/wh/aql.h
Examining data/acedb-4.9.39+dfsg.02/wh/array.h
Examining data/acedb-4.9.39+dfsg.02/wh/b_.h
Examining data/acedb-4.9.39+dfsg.02/wh/banner.h
Examining data/acedb-4.9.39+dfsg.02/wh/basecall.h
Examining data/acedb-4.9.39+dfsg.02/wh/basepad.h
Examining data/acedb-4.9.39+dfsg.02/wh/biblio.h
Examining data/acedb-4.9.39+dfsg.02/wh/bindex.h
Examining data/acedb-4.9.39+dfsg.02/wh/bitset.h
Examining data/acedb-4.9.39+dfsg.02/wh/block.h
Examining data/acedb-4.9.39+dfsg.02/wh/blxview.h
Examining data/acedb-4.9.39+dfsg.02/wh/bs.h
Examining data/acedb-4.9.39+dfsg.02/wh/bs_.h
Examining data/acedb-4.9.39+dfsg.02/wh/bstree.h
Examining data/acedb-4.9.39+dfsg.02/wh/bu.h
Examining data/acedb-4.9.39+dfsg.02/wh/bump.h
Examining data/acedb-4.9.39+dfsg.02/wh/bump_.h
Examining data/acedb-4.9.39+dfsg.02/wh/byteswap.h
Examining data/acedb-4.9.39+dfsg.02/wh/cache.h
Examining data/acedb-4.9.39+dfsg.02/wh/cache_.h
Examining data/acedb-4.9.39+dfsg.02/wh/cachedisp.h
Examining data/acedb-4.9.39+dfsg.02/wh/call.h
Examining data/acedb-4.9.39+dfsg.02/wh/cdna.h
Examining data/acedb-4.9.39+dfsg.02/wh/cdnainit.h
Examining data/acedb-4.9.39+dfsg.02/wh/check.h
Examining data/acedb-4.9.39+dfsg.02/wh/chrono.h
Examining data/acedb-4.9.39+dfsg.02/wh/chrono_.h
Examining data/acedb-4.9.39+dfsg.02/wh/client.h
Examining data/acedb-4.9.39+dfsg.02/wh/getopt.h
Examining data/acedb-4.9.39+dfsg.02/wh/colcontrol.h
Examining data/acedb-4.9.39+dfsg.02/wh/colcontrol_.h
Examining data/acedb-4.9.39+dfsg.02/wh/colours.h
Examining data/acedb-4.9.39+dfsg.02/wh/command.h
Examining data/acedb-4.9.39+dfsg.02/wh/ctf.h
Examining data/acedb-4.9.39+dfsg.02/wh/das.h
Examining data/acedb-4.9.39+dfsg.02/wh/dbidx.h
Examining data/acedb-4.9.39+dfsg.02/wh/dbpath.h
Examining data/acedb-4.9.39+dfsg.02/wh/dendrogram.h
Examining data/acedb-4.9.39+dfsg.02/wh/dict.h
Examining data/acedb-4.9.39+dfsg.02/wh/disk.h
Examining data/acedb-4.9.39+dfsg.02/wh/diskPart.h
Examining data/acedb-4.9.39+dfsg.02/wh/disk_.h
Examining data/acedb-4.9.39+dfsg.02/wh/disk__.h
Examining data/acedb-4.9.39+dfsg.02/wh/display.h
Examining data/acedb-4.9.39+dfsg.02/wh/dna.h
Examining data/acedb-4.9.39+dfsg.02/wh/dnaalign.h
Examining data/acedb-4.9.39+dfsg.02/wh/dotter.h
Examining data/acedb-4.9.39+dfsg.02/wh/dotter_.h
Examining data/acedb-4.9.39+dfsg.02/wh/dump.h
Examining data/acedb-4.9.39+dfsg.02/wh/embl.h
Examining data/acedb-4.9.39+dfsg.02/wh/fingerp.h
Examining data/acedb-4.9.39+dfsg.02/wh/flag.h
Examining data/acedb-4.9.39+dfsg.02/wh/fmap.h
Examining data/acedb-4.9.39+dfsg.02/wh/forest.h
Examining data/acedb-4.9.39+dfsg.02/wh/freeout.h
Examining data/acedb-4.9.39+dfsg.02/wh/gelmap.h
Examining data/acedb-4.9.39+dfsg.02/wh/genecurate.h
Examining data/acedb-4.9.39+dfsg.02/wh/gex.h
Examining data/acedb-4.9.39+dfsg.02/wh/gff.h
Examining data/acedb-4.9.39+dfsg.02/wh/gmap.h
Examining data/acedb-4.9.39+dfsg.02/wh/gnbk.h
Examining data/acedb-4.9.39+dfsg.02/wh/graph.h
Examining data/acedb-4.9.39+dfsg.02/wh/graphAcedbInterface.h
Examining data/acedb-4.9.39+dfsg.02/wh/graphimage.h
Examining data/acedb-4.9.39+dfsg.02/wh/grid.h
Examining data/acedb-4.9.39+dfsg.02/wh/heap.h
Examining data/acedb-4.9.39+dfsg.02/wh/help.h
Examining data/acedb-4.9.39+dfsg.02/wh/help_.h
Examining data/acedb-4.9.39+dfsg.02/wh/html.h
Examining data/acedb-4.9.39+dfsg.02/wh/idcurate.h
Examining data/acedb-4.9.39+dfsg.02/wh/igdevent.h
Examining data/acedb-4.9.39+dfsg.02/wh/interval.h
Examining data/acedb-4.9.39+dfsg.02/wh/iupac.h
Examining data/acedb-4.9.39+dfsg.02/wh/java.h
Examining data/acedb-4.9.39+dfsg.02/wh/key.h
Examining data/acedb-4.9.39+dfsg.02/wh/keyset.h
Examining data/acedb-4.9.39+dfsg.02/wh/keysetdisp.h
Examining data/acedb-4.9.39+dfsg.02/wh/layoutdisp.h
Examining data/acedb-4.9.39+dfsg.02/wh/lex.h
Examining data/acedb-4.9.39+dfsg.02/wh/lex_bl_.h
Examining data/acedb-4.9.39+dfsg.02/wh/lex_sess_.h
Examining data/acedb-4.9.39+dfsg.02/wh/liste.h
Examining data/acedb-4.9.39+dfsg.02/wh/log.h
Examining data/acedb-4.9.39+dfsg.02/wh/longtext.h
Examining data/acedb-4.9.39+dfsg.02/wh/main.h
Examining data/acedb-4.9.39+dfsg.02/wh/map.h
Examining data/acedb-4.9.39+dfsg.02/wh/matchtable.h
Examining data/acedb-4.9.39+dfsg.02/wh/menu.h
Examining data/acedb-4.9.39+dfsg.02/wh/menu_.h
Examining data/acedb-4.9.39+dfsg.02/wh/method.h
Examining data/acedb-4.9.39+dfsg.02/wh/methodcache.h
Examining data/acedb-4.9.39+dfsg.02/wh/model.h
Examining data/acedb-4.9.39+dfsg.02/wh/myNetwork.h
Examining data/acedb-4.9.39+dfsg.02/wh/mydirent.h
Examining data/acedb-4.9.39+dfsg.02/wh/mystdlib.h
Examining data/acedb-4.9.39+dfsg.02/wh/mytime.h
Examining data/acedb-4.9.39+dfsg.02/wh/nace.h
Examining data/acedb-4.9.39+dfsg.02/wh/nace_com.h
Examining data/acedb-4.9.39+dfsg.02/wh/nqc.h
Examining data/acedb-4.9.39+dfsg.02/wh/opp.h
Examining data/acedb-4.9.39+dfsg.02/wh/oxgrid.h
Examining data/acedb-4.9.39+dfsg.02/wh/parse.h
Examining data/acedb-4.9.39+dfsg.02/wh/pepdisp.h
Examining data/acedb-4.9.39+dfsg.02/wh/pepgifcommand.h
Examining data/acedb-4.9.39+dfsg.02/wh/peptide.h
Examining data/acedb-4.9.39+dfsg.02/wh/pick.h
Examining data/acedb-4.9.39+dfsg.02/wh/plot.h
Examining data/acedb-4.9.39+dfsg.02/wh/pmap.h
Examining data/acedb-4.9.39+dfsg.02/wh/pmap_.h
Examining data/acedb-4.9.39+dfsg.02/wh/pref.h
Examining data/acedb-4.9.39+dfsg.02/wh/pref_.h
Examining data/acedb-4.9.39+dfsg.02/wh/qbe.h
Examining data/acedb-4.9.39+dfsg.02/wh/query.h
Examining data/acedb-4.9.39+dfsg.02/wh/query_.h
Examining data/acedb-4.9.39+dfsg.02/wh/querydisp.h
Examining data/acedb-4.9.39+dfsg.02/wh/readseq.h
Examining data/acedb-4.9.39+dfsg.02/wh/regular.h
Examining data/acedb-4.9.39+dfsg.02/wh/restriction.h
Examining data/acedb-4.9.39+dfsg.02/wh/saucisse.h
Examining data/acedb-4.9.39+dfsg.02/wh/session.h
Examining data/acedb-4.9.39+dfsg.02/wh/session_.h
Examining data/acedb-4.9.39+dfsg.02/wh/sessiondisp.h
Examining data/acedb-4.9.39+dfsg.02/wh/sigsubs.h
Examining data/acedb-4.9.39+dfsg.02/wh/smap.h
Examining data/acedb-4.9.39+dfsg.02/wh/smapconvert.h
Examining data/acedb-4.9.39+dfsg.02/wh/spread.h
Examining data/acedb-4.9.39+dfsg.02/wh/spread_.h
Examining data/acedb-4.9.39+dfsg.02/wh/status.h
Examining data/acedb-4.9.39+dfsg.02/wh/statusdisp.h
Examining data/acedb-4.9.39+dfsg.02/wh/strsubs.h
Examining data/acedb-4.9.39+dfsg.02/wh/table.h
Examining data/acedb-4.9.39+dfsg.02/wh/tabledisp.h
Examining data/acedb-4.9.39+dfsg.02/wh/topology.h
Examining data/acedb-4.9.39+dfsg.02/wh/tq_.h
Examining data/acedb-4.9.39+dfsg.02/wh/tree.h
Examining data/acedb-4.9.39+dfsg.02/wh/update.h
Examining data/acedb-4.9.39+dfsg.02/wh/utils.h
Examining data/acedb-4.9.39+dfsg.02/wh/version.h
Examining data/acedb-4.9.39+dfsg.02/wh/vmap.h
Examining data/acedb-4.9.39+dfsg.02/wh/vtxt.h
Examining data/acedb-4.9.39+dfsg.02/wh/xclient.h
Examining data/acedb-4.9.39+dfsg.02/whooks/class.c
Examining data/acedb-4.9.39+dfsg.02/whooks/classes.h
Examining data/acedb-4.9.39+dfsg.02/whooks/quovadis.c
Examining data/acedb-4.9.39+dfsg.02/whooks/sysclass.c
Examining data/acedb-4.9.39+dfsg.02/whooks/sysclass.h
Examining data/acedb-4.9.39+dfsg.02/whooks/systags.h
Examining data/acedb-4.9.39+dfsg.02/whooks/tags.c
Examining data/acedb-4.9.39+dfsg.02/whooks/tags.h
Examining data/acedb-4.9.39+dfsg.02/win32/startace.c
Examining data/acedb-4.9.39+dfsg.02/win32/winaceshell.c
Examining data/acedb-4.9.39+dfsg.02/wjo/o2m.c
Examining data/acedb-4.9.39+dfsg.02/wjo/oxgriddisp.c
Examining data/acedb-4.9.39+dfsg.02/wjo/oxhomlist.c
Examining data/acedb-4.9.39+dfsg.02/wjo/pairmapdisp.c
Examining data/acedb-4.9.39+dfsg.02/wjo/specg.c
Examining data/acedb-4.9.39+dfsg.02/wmd5/digcalc.c
Examining data/acedb-4.9.39+dfsg.02/wmd5/digcalc.h
Examining data/acedb-4.9.39+dfsg.02/wmd5/digtest.c
Examining data/acedb-4.9.39+dfsg.02/wmd5/global.h
Examining data/acedb-4.9.39+dfsg.02/wmd5/md5.h
Examining data/acedb-4.9.39+dfsg.02/wmd5/md5c.c
Examining data/acedb-4.9.39+dfsg.02/wmd5/mddriver.c
Examining data/acedb-4.9.39+dfsg.02/wnq/acelib.c
Examining data/acedb-4.9.39+dfsg.02/wnq/acelibtest.c
Examining data/acedb-4.9.39+dfsg.02/wnq/aceversion.c
Examining data/acedb-4.9.39+dfsg.02/wnq/bindex.c
Examining data/acedb-4.9.39+dfsg.02/wnq/flag.c
Examining data/acedb-4.9.39+dfsg.02/wnq/table.c
Examining data/acedb-4.9.39+dfsg.02/wnq/tagcount.c
Examining data/acedb-4.9.39+dfsg.02/wrpc/aceclient.c
Examining data/acedb-4.9.39+dfsg.02/wrpc/aceclientlib.c
Examining data/acedb-4.9.39+dfsg.02/wrpc/aceserver.c
Examining data/acedb-4.9.39+dfsg.02/wrpc/acesyb.c
Examining data/acedb-4.9.39+dfsg.02/wrpc/acesybase.c
Examining data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c
Examining data/acedb-4.9.39+dfsg.02/wrpc/jade2sybase.c
Examining data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c
Examining data/acedb-4.9.39+dfsg.02/wrpc/rpcace_sp.c
Examining data/acedb-4.9.39+dfsg.02/wrpc/test.client.c
Examining data/acedb-4.9.39+dfsg.02/wrpc/test.server.c
Examining data/acedb-4.9.39+dfsg.02/wrpc/xclient.c
Examining data/acedb-4.9.39+dfsg.02/wsocket/acesocket.c
Examining data/acedb-4.9.39+dfsg.02/wsocket/acesocket_.h
Examining data/acedb-4.9.39+dfsg.02/wsocket/acesocketlib.c
Examining data/acedb-4.9.39+dfsg.02/wsocket/saceclient.c
Examining data/acedb-4.9.39+dfsg.02/wsocket/saceclient_.h
Examining data/acedb-4.9.39+dfsg.02/wsocket/sclient.c
Examining data/acedb-4.9.39+dfsg.02/wsocket/sclientlib.c
Examining data/acedb-4.9.39+dfsg.02/wsocket/sclientlib.h
Examining data/acedb-4.9.39+dfsg.02/wsocket/serverace.c
Examining data/acedb-4.9.39+dfsg.02/wsocket/serverace_.h
Examining data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c
Examining data/acedb-4.9.39+dfsg.02/wsocket/serverclientutils.c
Examining data/acedb-4.9.39+dfsg.02/wsocket/serverclientutils.h
Examining data/acedb-4.9.39+dfsg.02/wsocket/servertransport.h
Examining data/acedb-4.9.39+dfsg.02/wsocket/sxclient.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/Read.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/Read.h
Examining data/acedb-4.9.39+dfsg.02/wstaden/abi.h
Examining data/acedb-4.9.39+dfsg.02/wstaden/alf.h
Examining data/acedb-4.9.39+dfsg.02/wstaden/ctf2scf.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/dnaacecode.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/dummy.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/dummy.h
Examining data/acedb-4.9.39+dfsg.02/wstaden/error.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/error.h
Examining data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.h
Examining data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/filecompress.h
Examining data/acedb-4.9.39+dfsg.02/wstaden/files.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/find.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/fpoint.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/fpoint.h
Examining data/acedb-4.9.39+dfsg.02/wstaden/mach-io.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/mach-io.h
Examining data/acedb-4.9.39+dfsg.02/wstaden/makeSCF.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/misc.h
Examining data/acedb-4.9.39+dfsg.02/wstaden/misc_scf.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/os.h
Examining data/acedb-4.9.39+dfsg.02/wstaden/plain.h
Examining data/acedb-4.9.39+dfsg.02/wstaden/read_alloc.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/read_scf.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/scf.h
Examining data/acedb-4.9.39+dfsg.02/wstaden/scf2ctf.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.h
Examining data/acedb-4.9.39+dfsg.02/wstaden/seqIOALF.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/seqIOCTF.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/seqIOCTF.h
Examining data/acedb-4.9.39+dfsg.02/wstaden/seqIOPlain.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/stadenarray.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/stadenarray.h
Examining data/acedb-4.9.39+dfsg.02/wstaden/stadentranslate.h
Examining data/acedb-4.9.39+dfsg.02/wstaden/traceType.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/traceType.h
Examining data/acedb-4.9.39+dfsg.02/wstaden/write_scf.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/xalloc.c
Examining data/acedb-4.9.39+dfsg.02/wstaden/xalloc.h
Examining data/acedb-4.9.39+dfsg.02/wtools/split.c
Examining data/acedb-4.9.39+dfsg.02/wzmap/seqregion.c
Examining data/acedb-4.9.39+dfsg.02/wzmap/seqregion.h
Examining data/acedb-4.9.39+dfsg.02/wzmap/stringbucket.c
Examining data/acedb-4.9.39+dfsg.02/wzmap/stringbucket.h
Examining data/acedb-4.9.39+dfsg.02/wzmap/zmap.h
Examining data/acedb-4.9.39+dfsg.02/wzmap/zmapWindow.c
Examining data/acedb-4.9.39+dfsg.02/wzmap/zmapWindowButtons.c
Examining data/acedb-4.9.39+dfsg.02/wzmap/zmapWindowFrame.c
Examining data/acedb-4.9.39+dfsg.02/wzmap/zmapWindow_P.h
Examining data/acedb-4.9.39+dfsg.02/wzmap/zmapWindowmenubar.c
Examining data/acedb-4.9.39+dfsg.02/wzmap/zmapbccol.c
Examining data/acedb-4.9.39+dfsg.02/wzmap/zmapcalls.c
Examining data/acedb-4.9.39+dfsg.02/wzmap/zmapcalls.h
Examining data/acedb-4.9.39+dfsg.02/wzmap/zmapcols.c
Examining data/acedb-4.9.39+dfsg.02/wzmap/zmapcommon.h
Examining data/acedb-4.9.39+dfsg.02/wzmap/zmapcontrol.c
Examining data/acedb-4.9.39+dfsg.02/wzmap/zmapcontrol.h
Examining data/acedb-4.9.39+dfsg.02/wzmap/zmapmain.c
Examining data/acedb-4.9.39+dfsg.02/wzmap/zmapsequence.c
Examining data/acedb-4.9.39+dfsg.02/wzmap/zmapsplit.c
Examining data/acedb-4.9.39+dfsg.02/wzmap/zmapsplit.h

FINAL RESULTS:

data/acedb-4.9.39+dfsg.02/w4/logsubs.c:264:17:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
	      else if (chmod (dbPathMakeFilName("database", "oldlogs", 0, handle), 0755) == -1)
data/acedb-4.9.39+dfsg.02/w4/session.c:3600:7:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
  if (chmod (readlock_dir, 0777) == -1)
data/acedb-4.9.39+dfsg.02/w4/session.c:3681:7:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
  if (chmod (readlock_filename, 0666) == -1)
data/acedb-4.9.39+dfsg.02/w1/acein.c:269:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf (path, "%s%s%s", directory, SUBDIR_DELIMITER_STR, filename);
data/acedb-4.9.39+dfsg.02/w1/acein.c:298:9:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  fil = popen((const char*)command, spec); /* will be closed in 
data/acedb-4.9.39+dfsg.02/w1/acein.c:511:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(fi->stream[fi->streamlevel].prompt, options[0].text);
data/acedb-4.9.39+dfsg.02/w1/acein.c:633:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy (fi->stream[fi->streamlevel].special, text) ;
data/acedb-4.9.39+dfsg.02/w1/acein.c:829:7:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
      system ((char*)fi->pos) ;
data/acedb-4.9.39+dfsg.02/w1/acein.c:1614:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy (arrp(a, 0, char), text) ;
data/acedb-4.9.39+dfsg.02/w1/acein.c:1899:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (fi->stream[fi->streamlevel].special, fi->stream[fi->streamlevel-1].special) ;
data/acedb-4.9.39+dfsg.02/w1/acein.c:2160:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf (args, " -p %s", filename);
data/acedb-4.9.39+dfsg.02/w1/acein.c:2167:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf (args, " -dc %s", filename);
data/acedb-4.9.39+dfsg.02/w1/acein.c:2171:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	  sprintf (args, " -c %s", filename);
data/acedb-4.9.39+dfsg.02/w1/acein.c:2177:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf (args, " -dc %s", filename);
data/acedb-4.9.39+dfsg.02/w1/acein.c:2181:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	  sprintf (args, " -c %s", filename);
data/acedb-4.9.39+dfsg.02/w1/acein.c:2186:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	  sprintf (args, " %s", filename);
data/acedb-4.9.39+dfsg.02/w1/aceout.c:187:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf (fo->filename, "mailto:%s", address);
data/acedb-4.9.39+dfsg.02/w1/aceout.c:202:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy (fo->filename, directory);
data/acedb-4.9.39+dfsg.02/w1/aceout.c:203:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
  strcat (fo->filename, SUBDIR_DELIMITER_STR);
data/acedb-4.9.39+dfsg.02/w1/aceout.c:204:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
  strcat (fo->filename, filename);
data/acedb-4.9.39+dfsg.02/w1/aceout.c:208:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat (fo->filename, extension);
data/acedb-4.9.39+dfsg.02/w1/aceout.c:229:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(fo->filename, "mailto:%s", address);
data/acedb-4.9.39+dfsg.02/w1/call.c:159:8:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  nn = system (buildCommand (s, dir, script, args)) ;
data/acedb-4.9.39+dfsg.02/w1/call.c:181:10:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  pipe = popen (command, "r" ) ;
data/acedb-4.9.39+dfsg.02/w1/dict.c:325:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy (dVoc->base + dVoc->curr, s) ;
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:248:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy (path_copy, path);
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:279:11:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
      if (access (name, F_OK) == 0)
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:292:11:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
      if (access (name, R_OK) == 0)
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:305:11:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
      if (access (name, W_OK) == 0) /* requires file exists */
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:327:11:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	return !(access (".", W_OK)) ;
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:330:15:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	  result = !(access (name, W_OK)) ;
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:335:15:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
      return (access (name, X_OK) == 0) ;
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:353:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(posix, name);
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:604:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(realname, nam);
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:606:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(realname, suffix);
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:827:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy (entryPathName, dirName) ;
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:839:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (leaf, dName) ;
data/acedb-4.9.39+dfsg.02/w1/freeout.c:219:9:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
  len = vsprintf (message, format, ap) ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:156:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy (stream[streamlevel].special, text) ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:187:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf (!currfil ? "From text >" : "From file >") ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:313:7:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
      system ((char*)pos) ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:433:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy (stream[streamlevel].special, stream[streamlevel-1].special) ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1388:8:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	      strcat (cq, array(translations, i, ARRAYTYPE).protect) ;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:205:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(filename, "%s/%s.html", 
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:213:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(filename, "%s/%s.shtml", 
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:237:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		  sprintf(filename, "%s%s%s.%s", 
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:261:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		  sprintf(filename, "%s%s%s.%s", 
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:291:8:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	      sprintf(filename, "%s%s%s", 
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:370:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (link_path, link);
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:377:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (link_path, helpGetDir());
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:378:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat (link_path, SUBDIR_DELIMITER_STR);
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:379:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat (link_path, link);
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:388:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	      strcpy (link_path, helpGetDir());
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:389:8:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	      strcat (link_path, SUBDIR_DELIMITER_STR);
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:390:8:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	      strcat (link_path, filDirEntry(dirs, i++));
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:391:8:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	      strcat (link_path, SUBDIR_DELIMITER_STR);
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:392:8:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	      strcat (link_path, link);
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:531:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat (cp, s+2) ;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:567:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf (text,
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:621:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf (cp, "<LI><A HREF=%s.%s>%s</A>\n",
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:685:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	  strcat (s+1, s+5) ;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:690:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	  strcat (s+1, s+5) ;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:695:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	  strcat (s+1, s+5) ;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:700:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	  strcat (s+1, s+5) ;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:705:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	  strcat (s+1, s+6) ;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:710:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	  strcat (s+1, s+5) ;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:715:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	  strcat (s+1, s+4) ;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:720:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	  strcat (s+1, s+4) ;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:725:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	  strcat (s+1, s+6) ;
data/acedb-4.9.39+dfsg.02/w1/memsubs.c:186:12:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	      if (sprintf(&(buffer[0]),
data/acedb-4.9.39+dfsg.02/w1/memsubs.c:255:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(result, old);
data/acedb-4.9.39+dfsg.02/w1/messubs.c:500:8:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
  rc = sprintf(prefix, CRASH_PREFIX, getErrorPrefix(), getErrorFile(), getErrorLine()) ;
data/acedb-4.9.39+dfsg.02/w1/timesubs.c:750:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat (buf, messprintf ("%d", ddiff)) ;
data/acedb-4.9.39+dfsg.02/w1/timesubs.c:753:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat (buf, messprintf ("%d_", ddiff)) ;
data/acedb-4.9.39+dfsg.02/w1/timesubs.c:754:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	  strcat (buf, messprintf ("%02d:%02d", hdiff, mindiff)) ;
data/acedb-4.9.39+dfsg.02/w1/timesubs.c:756:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat (buf, messprintf (":%02d", sdiff)) ;
data/acedb-4.9.39+dfsg.02/w1/timesubs.c:763:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat (buf, messprintf ("%d-%02d-0", ydiff, mdiff)) ;
data/acedb-4.9.39+dfsg.02/w1/timesubs.c:765:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat (buf, messprintf ("%d-0", mdiff)) ;
data/acedb-4.9.39+dfsg.02/w1/utils.c:151:6:  [4] (misc) getlogin:
  It's often easy to fool getlogin. Sometimes it does not work at all,
  because some program messed up the utmp file. Often, it gives only the
  first 8 characters of the login name. The user currently logged in on the
  controlling tty of our program need not be the user who started it. Avoid
  getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid())
  and extract the desired information instead.
	if (getlogin())
data/acedb-4.9.39+dfsg.02/w1/utils.c:152:19:  [4] (misc) getlogin:
  It's often easy to fool getlogin. Sometimes it does not work at all,
  because some program messed up the utmp file. Often, it gives only the
  first 8 characters of the login name. The user currently logged in on the
  controlling tty of our program need not be the user who started it. Avoid
  getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid())
  and extract the desired information instead.
	  rname = strnew(getlogin(), 0) ;
data/acedb-4.9.39+dfsg.02/w1/vtxt.c:308:9:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
  len = vsprintf(cp, format, ap) ;
data/acedb-4.9.39+dfsg.02/w2/colcontrol.c:595:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(instance->name, name);
data/acedb-4.9.39+dfsg.02/w2/colcontrol.c:1676:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy (map->cursor.text, messprintf ("%.*f", map->cursor.resolution, z)) ;
data/acedb-4.9.39+dfsg.02/w2/colcontrol.c:1801:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy (map->cursor.text, 
data/acedb-4.9.39+dfsg.02/w2/filquery.c:175:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (dirName, cp);
data/acedb-4.9.39+dfsg.02/w2/filquery.c:235:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (cp, cq) ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:277:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	  strcat(fileName, endName) ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:304:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(fileName, filDirEntry(dirList, 0)) ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:325:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (cp, cq) ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:352:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (tempName, arr(boxes, k, char*)) ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:356:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	{ strcpy (fileName, tempName) ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:375:8:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	      strcat(dirName, tempName) ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:389:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy (tempName, arr(boxes,k,char*)) ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:392:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    { strcpy (fileName, tempName);
data/acedb-4.9.39+dfsg.02/w2/filquery.c:469:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (dirName, getenv("PWD")) ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:471:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (dirName, path) ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:515:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    { strcpy (path, dirName) ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:525:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat (path, fileName) ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:528:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	  strcat (path, endName) ;
data/acedb-4.9.39+dfsg.02/w2/gex.c:725:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(selectedPath, fileName);
data/acedb-4.9.39+dfsg.02/w2/gex.c:731:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	  sprintf(types_buff, "%s Files (*.%s)\01*.%s\01"
data/acedb-4.9.39+dfsg.02/w2/gex.c:773:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(fileName, selectedPath+ofn.nFileOffset);
data/acedb-4.9.39+dfsg.02/w2/gex.c:775:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(path, "%s%s%s", 
data/acedb-4.9.39+dfsg.02/w2/gex.c:804:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(fileName, &fname[i]);
data/acedb-4.9.39+dfsg.02/w2/gex.c:944:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(path, "%s%s%s", 
data/acedb-4.9.39+dfsg.02/w2/gex.c:2259:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(file_name, "%s.%d.%s", 
data/acedb-4.9.39+dfsg.02/w2/gex.c:2355:7:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
      system(messprintf("lpr -P%s %s", printer, tmpFileName));
data/acedb-4.9.39+dfsg.02/w2/gex.c:2363:4:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	  system(messprintf("cat %s | Mail -s \"%s\" %s", 
data/acedb-4.9.39+dfsg.02/w2/gex.c:2374:7:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
      system(messprintf("cp %s %s", tmpFileName, target));
data/acedb-4.9.39+dfsg.02/w2/gexhelp.c:410:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy (dname, helpGetDir());
data/acedb-4.9.39+dfsg.02/w2/gexhelp.c:420:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(helpFilename, "%s%s%s",
data/acedb-4.9.39+dfsg.02/w2/graphascii.c:309:11:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
      if (system (stackText(pc, 0)))
data/acedb-4.9.39+dfsg.02/w2/graphascii.c:317:9:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    if (system (messprintf ("Mail -s \"%s\" %s < %s", 
data/acedb-4.9.39+dfsg.02/w2/graphcon.c:1874:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(text2,label);
data/acedb-4.9.39+dfsg.02/w2/graphgdkremote.c:285:17:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
      result = (system(messprintf("open %s &", orig_link)) == 0) ;
data/acedb-4.9.39+dfsg.02/w2/graphgdkremote.c:345:10:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	return (system(messprintf("netscape %s &", link)) == 0);
data/acedb-4.9.39+dfsg.02/w2/graphgdkremote.c:362:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(rec->command, "openFILE(%s)", link);
data/acedb-4.9.39+dfsg.02/w2/graphgdkremote.c:364:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(rec->command, "openURL(%s)", link);
data/acedb-4.9.39+dfsg.02/w2/graphgdkremote.c:485:3:  [4] (shell) ShellExecute:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  ShellExecute(0, "open", winname, 0, 0, 0);
data/acedb-4.9.39+dfsg.02/w2/graphgtk.c:1399:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(ptr, selection_string);
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:199:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (pd->printerBuffer, arr(pd->printers, 0, char*)) ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:202:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	  sprintf (pd->printerBuffer, "lpr -P%s",
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:245:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat (pd->scaleText, messprintf ("%5.3f", pd->scale)) ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:305:12:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	      if (system(stackText(s, 0)))
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:493:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf (pd->copyBuffer, "%s/%s.%s", pd->dirBuffer, pd->filBuffer, ending) ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:533:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy (pd->dirBuffer, input) ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:538:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy (pd->filBuffer, ++cp) ;	/* save the name */
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:551:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat (c2, c1) ;		/* put both together */
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:559:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat (c1, c2) ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:563:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (pd->dirBuffer, c1) ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:571:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat (c1, c2) ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:606:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf (pd->copyBuffer, "%s%s.%s", 
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:609:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf (pd->copyBuffer, "%s/%s.%s", 
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:647:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (arr(pl, n, char*), cp) ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:961:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf (pd->copyBuffer, "%s/%s.%s", 
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:973:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf (pd->copyBuffer, "%s/%s.%s", 
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1052:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
  strcat (pd->scaleText, messprintf ("%5.3f", pd->scale)) ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1121:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy (result->mailerBuffer, getLogin(TRUE));
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1148:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy (result->printerBuffer, arr(result->printers, 0, char*)) ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1150:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf (result->printerBuffer, "lpr -P%s",
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1159:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (result->dirBuffer, cp = filGetName ("PS", "", "wd", 0)) ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1163:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy (result->dirBuffer, getenv("PWD")) ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1194:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy (fb, (cp = graphHelp(0)) ? cp : "acedb" ) ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1259:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
  strcat (fb, messprintf(".%d", nn++)) ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1260:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy (lastPd->filBuffer, fb) ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1276:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf (lastPd->copyBuffer, "%s/%s.%s", lastPd->dirBuffer, lastPd->filBuffer, ending) ;
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:2535:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(o[i].text, options[i].text);
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:2617:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(o[i].text, options[i].text);
data/acedb-4.9.39+dfsg.02/w2/graphtest.c:153:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (prompt,freeword()) ;
data/acedb-4.9.39+dfsg.02/w2/viewedit.c:145:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(buf, namein);
data/acedb-4.9.39+dfsg.02/w2/viewedit.c:414:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	      strcpy(view->buffer, instance->name);
data/acedb-4.9.39+dfsg.02/w2/xremotemain.c:191:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (display_str, getenv("DISPLAY"));
data/acedb-4.9.39+dfsg.02/w2/xremotemain.c:199:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (display_str, argv[i+1]);
data/acedb-4.9.39+dfsg.02/w2/xremotemain.c:286:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (commands[remoteArgNum-1], argv[i]);
data/acedb-4.9.39+dfsg.02/w4/command.c:1228:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	      strcpy (dumpDir, cp = filGetName(dumpDir, "", "rd", 0));
data/acedb-4.9.39+dfsg.02/w4/command.c:1248:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		      strcpy (dumpDir, cp); 
data/acedb-4.9.39+dfsg.02/w4/command.c:1272:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat (dumpDir, SUBDIR_DELIMITER_STR);
data/acedb-4.9.39+dfsg.02/w4/commandmenu.c:527:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(&(prev_word[0]), word) ;
data/acedb-4.9.39+dfsg.02/w4/dump.c:476:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (date, timeShow (timeParse ("today"))) ;
data/acedb-4.9.39+dfsg.02/w4/dump.c:479:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf (name, DUMPNAME_CLASS, dumpDir, date, letter, classname, nn) ;
data/acedb-4.9.39+dfsg.02/w4/dump.c:481:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf (name, DUMPNAME, dumpDir, date, letter, nn) ;
data/acedb-4.9.39+dfsg.02/w4/dump.c:486:6:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	    sprintf (name, DUMPNAME_CLASS, dumpDir, date, letter, classname, nn) ;
data/acedb-4.9.39+dfsg.02/w4/dump.c:488:6:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	    sprintf (name, DUMPNAME, dumpDir, date, letter, nn) ;
data/acedb-4.9.39+dfsg.02/w4/dump.c:493:7:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
      sprintf (name, DUMPNAME_CLASS, dumpDir, date, letter, classname, nn) ;
data/acedb-4.9.39+dfsg.02/w4/dump.c:495:7:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
      sprintf (name, DUMPNAME, dumpDir, date, letter, nn);
data/acedb-4.9.39+dfsg.02/w4/dump.c:535:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (directory, dumpDir);
data/acedb-4.9.39+dfsg.02/w4/dump.c:622:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  if (!strcpy(dirSelection, dirname))
data/acedb-4.9.39+dfsg.02/w4/dump.c:632:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(fileSelection, DUMPALLNAME_REGEXP) ;
data/acedb-4.9.39+dfsg.02/w4/dump.c:873:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy (dumpDir, dir) ;
data/acedb-4.9.39+dfsg.02/w4/dump.c:1007:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf (dumpDir,"%s/", directory);
data/acedb-4.9.39+dfsg.02/w4/gifcommand.c:374:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		  strcpy (fileName, fp);
data/acedb-4.9.39+dfsg.02/w4/gifcommand.c:427:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		  strcpy (fileName, fp);
data/acedb-4.9.39+dfsg.02/w4/logsubs.c:291:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(logFileBackupName, "%s-%s", old_logname, timeShow(timeNow()));
data/acedb-4.9.39+dfsg.02/w4/logsubs.c:293:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(logFileBackupName, "%s", old_logname) ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:1457:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(mainPick->template, pickFirstTemplate);
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:1579:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (mainPick->grepText, mainPick->template) ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:1583:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (mainPick->grepText, mainPick->template) ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:1589:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (mainPick->grepText, mainPick->template) ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:1729:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(mainPick->template, pickFirstTemplate);
data/acedb-4.9.39+dfsg.02/w4/model.c:430:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	  sprintf(buf, "?%s",className(bs->key)) ;
data/acedb-4.9.39+dfsg.02/w4/model.c:434:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	  sprintf(buf, "#%s",className(bs->key)) ;
data/acedb-4.9.39+dfsg.02/w4/model.c:453:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	{ sprintf(buf, "?%s",cp + 1) ;
data/acedb-4.9.39+dfsg.02/w4/model.c:494:8:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    {  sprintf(buf, "?%s",className(one->key)) ;
data/acedb-4.9.39+dfsg.02/w4/parse.c:446:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (pdisp->dirSelection, getenv("ACEDB_DATA")) ;
data/acedb-4.9.39+dfsg.02/w4/parse.c:448:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (pdisp->dirSelection,
data/acedb-4.9.39+dfsg.02/w4/parse.c:451:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (pdisp->dirSelection, dbPathMakeFilName("", "", "", handle));
data/acedb-4.9.39+dfsg.02/w4/parse.c:1996:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy (pdisp->itemText,
data/acedb-4.9.39+dfsg.02/w4/parse.c:2062:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(pdisp->nparsedText, messprintf("%d", pf->nob)) ;
data/acedb-4.9.39+dfsg.02/w4/parse.c:2063:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(pdisp->nokText, messprintf("%d", pf->nok)) ;
data/acedb-4.9.39+dfsg.02/w4/parse.c:2064:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(pdisp->nerrorText, messprintf("%d", pf->nerr)) ;
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:294:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	       strcpy(namebuff+1, item->name);
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:295:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	       strcpy(valbuff, item->value.bval ? "T" : "F");
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:300:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	       strcpy(namebuff+1, item->name);
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:306:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	       strcpy(namebuff+1, item->name);
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:312:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	       strcpy(namebuff+1, item->name);
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:347:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(filename,getenv("HOME"));
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:382:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(filename,getenv("HOME"));
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:465:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(item.name, SPLASH_SCREEN) ;
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:525:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(item.name, BLIXEM_SCOPE);
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:534:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(item.name, BLIXEM_HOMOL_MAX);
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:544:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(item.name, BLIXEM_EXTERNAL);
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:555:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(item.name, BLIXEM_SCRIPT);
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:566:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(item.name, BLIXEM_TEMPFILES);
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:577:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(item.name, BLIXEM_PFETCH) ;
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:587:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(item.name, BLIXEM_NETID);
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:598:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(item.name, BLIXEM_PORT_NUMBER);
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:609:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(item.name, USE_MSG_LIST);
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:618:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(item.name, MAX_MSG_LIST_LENGTH) ;
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:627:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(item.name, DNA_HIGHLIGHT_IN_FMAP_DISPLAY);
data/acedb-4.9.39+dfsg.02/w4/queryexe.c:2097:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  printf(isLeft ? "< " : "> ") ;
data/acedb-4.9.39+dfsg.02/w4/session.c:465:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy (text_copy, mesg_buf);	
data/acedb-4.9.39+dfsg.02/w4/session.c:1843:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	      strcpy (dbname, word) ;
data/acedb-4.9.39+dfsg.02/w4/session.c:1939:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (fullFileName, directoryPath);
data/acedb-4.9.39+dfsg.02/w4/session.c:1940:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat (fullFileName, SUBDIR_DELIMITER_STR);
data/acedb-4.9.39+dfsg.02/w4/session.c:1941:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat (fullFileName, filDirEntry(dirList, n));
data/acedb-4.9.39+dfsg.02/w4/session.c:2146:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy (theSuperBlock.dbName, getConfiguredDatabaseName());
data/acedb-4.9.39+dfsg.02/w4/session.c:2881:11:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
      if (access(block_name, F_OK) == 0)		    /* No equivalent in filsubs.c ? */
data/acedb-4.9.39+dfsg.02/w4/session.c:2903:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
			  access, block_name) ;
data/acedb-4.9.39+dfsg.02/w4/session.c:2906:5:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
			 access, block_name) ;
data/acedb-4.9.39+dfsg.02/w4/session.c:3642:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(readlock_filename, "%s/%d.%s.%d", 
data/acedb-4.9.39+dfsg.02/w4/session.c:3731:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(new_filename, "%s/%d.%s.%d", 
data/acedb-4.9.39+dfsg.02/w4/session.c:3748:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy (readlock_filename, new_filename);
data/acedb-4.9.39+dfsg.02/w4/session.c:3842:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(lockfile_name, "%s/%s", 
data/acedb-4.9.39+dfsg.02/w4/session.c:3871:11:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
      if (sscanf (cp2, "%s", file_host_name) != 1) continue;
data/acedb-4.9.39+dfsg.02/w4/update.c:170:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy (fileName, getenv("ACEDB_DATA")) ;
data/acedb-4.9.39+dfsg.02/w4/update.c:178:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy (fileName, rawdir) ;
data/acedb-4.9.39+dfsg.02/w4/update.c:210:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (fn, messprintf ("/update.%s.%d-%d",
data/acedb-4.9.39+dfsg.02/w4/update.c:215:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (fn, messprintf ("/update.%d-%d",
data/acedb-4.9.39+dfsg.02/w5/adisk.c:339:3:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  system(messprintf("\\rm -f %s/*.ace5", dbDir)) ;
data/acedb-4.9.39+dfsg.02/w5/adisk.c:359:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (p->name, cp) ;
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1532:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  ! (strcpy (pp->hostname, cp), aceInWord (dbdef_in)) ||
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1533:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  ! (strcpy (pp->fileSystem, cp), aceInWord (dbdef_in)) ||
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1534:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  ! (strcpy (pp->fileName, cp)) ||
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1625:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(fileSystem, pp->fileSystem) ;
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1626:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(fileName, pp->fileName);
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1629:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf( mapString, "%d %s %s %s %d %d %d\n",
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1680:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(fileSystem, pp->fileSystem);
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1681:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(fileName, pp->fileName);
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1810:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	      (strcpy(pp->hostname, cp), !(cp = aceInWord(dbmap_in))) ||
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1811:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	      (strcpy(pp->fileSystem, cp), !(cp = aceInWord(dbmap_in))) ||
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1812:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	      (strcpy(pp->fileName, cp), !aceInInt (dbmap_in, &pp->maxBlocks)) ||
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1872:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(error_text, "Check that the database %s is %s by %s\n", 
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1890:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(error_text, "The attempt to %s partition file was "
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1907:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(error_text, "The database disk is full "
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1920:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(error_text, "The database files are located on a read-only file-system.%s\n", hint);
data/acedb-4.9.39+dfsg.02/w5/lexsubs4.c:1359:3:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
  sprintf(buf, format, classNam, nam) ;
data/acedb-4.9.39+dfsg.02/w5/lexsubs4.c:1627:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy (oldName, newName) ;
data/acedb-4.9.39+dfsg.02/w6/acedbgraph.c:861:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(viewnam, s);
data/acedb-4.9.39+dfsg.02/w6/bssubs.c:1491:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
          strcpy (bs->bt->cp, (char*)xp) ;
data/acedb-4.9.39+dfsg.02/w6/bstree.c:356:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
     strcat(cq,u);
data/acedb-4.9.39+dfsg.02/w6/bstree.c:361:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
     strcat(cq,v);
data/acedb-4.9.39+dfsg.02/w6/display.c:645:34:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        if (arr(a, i, BSunit).s) strcpy(new, arr(a, i, BSunit).s);
data/acedb-4.9.39+dfsg.02/w6/display.c:646:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(new, url);
data/acedb-4.9.39+dfsg.02/w6/display.c:647:36:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        if (arr(a, i+1, BSunit).s) strcat(new, arr(a, i+1, BSunit).s);
data/acedb-4.9.39+dfsg.02/w6/forest.c:275:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (buf, forest->mot) ;
data/acedb-4.9.39+dfsg.02/w6/ksetdisp.c:1996:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat (buf, messprintf ("%s %d items\n",
data/acedb-4.9.39+dfsg.02/w6/longtextdisp.c:413:3:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  system(messprintf("acedb_editor /tmp/acedb.editor.%d &", n)) ;
data/acedb-4.9.39+dfsg.02/w6/plot.c:330:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(look->title, "%s", look->fileName) ;
data/acedb-4.9.39+dfsg.02/w6/plot.c:1032:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(look->title, "%s", title) ;
data/acedb-4.9.39+dfsg.02/w6/plot.c:1034:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf (look->title , "%s", "Histogram");
data/acedb-4.9.39+dfsg.02/w6/plot.c:1035:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(look->subtitle, "%s", subtitle) ;
data/acedb-4.9.39+dfsg.02/w6/plot.c:1217:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(look->title, "%s", look->fileName) ;
data/acedb-4.9.39+dfsg.02/w6/plot.c:1252:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(look->fileName, look->title) ;
data/acedb-4.9.39+dfsg.02/w6/plot2d.c:717:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(p2d->title, "%s", title) ;
data/acedb-4.9.39+dfsg.02/w6/plot2d.c:718:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(p2d->subtitleX, "%s", subtitleX) ;
data/acedb-4.9.39+dfsg.02/w6/plot2d.c:719:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(p2d->subtitleY, "%s", subtitleY) ;
data/acedb-4.9.39+dfsg.02/w6/prefdisp.c:144:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	      strcpy(prefDispValue[i].sval, item->value.sval) ;
data/acedb-4.9.39+dfsg.02/w6/qbedisp.c:303:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(ARR2STRING(classlist, n), className(k));
data/acedb-4.9.39+dfsg.02/w6/qbedisp.c:341:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy((classesMenu + i)->text, CLASSLIST_NAME(i - 1));
data/acedb-4.9.39+dfsg.02/w6/qbedisp.c:357:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(qbe_class_buffer, (classesMenu+k)->text);
data/acedb-4.9.39+dfsg.02/w6/qbedisp.c:384:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(text, pickClass2Word(qbe_class));
data/acedb-4.9.39+dfsg.02/w6/qbedisp.c:397:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(text, pickClass2Word(qbe_class));
data/acedb-4.9.39+dfsg.02/w6/qbedisp.c:534:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(buffer, messprintf("Find %s",pickClass2Word(qbe_class)));
data/acedb-4.9.39+dfsg.02/w6/qbedisp.c:537:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(buffer, messprintf(" %s", item_buffer));
data/acedb-4.9.39+dfsg.02/w6/qbedisp.c:552:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	  strcat(buffer,
data/acedb-4.9.39+dfsg.02/w6/qbedisp.c:561:8:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	      strcat(buffer, messprintf(" %c NEXT", conjunction_op));
data/acedb-4.9.39+dfsg.02/w6/qbedisp.c:569:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		  strcat(buffer, ((tagnotvalue) ? messprintf(" %s", tagval->name) :
data/acedb-4.9.39+dfsg.02/w6/qbedisp.c:574:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		  strcat(buffer, ((tagnotvalue) ? 
data/acedb-4.9.39+dfsg.02/w6/qbedisp.c:587:8:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	      strcat(buffer, messprintf(" %c NEXT", conjunction_op));
data/acedb-4.9.39+dfsg.02/w6/qbedisp.c:836:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	      strcpy(tagval->name, text);
data/acedb-4.9.39+dfsg.02/w6/qbedisp.c:996:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(qbe_class_buffer, currentClassName());
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:176:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(ARR2STRING(classlist, n), className(k));
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:268:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(result, qbuild->preclass_syntax);
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:269:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
  strcat(result, qbuild->classtag_syntax);
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:314:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(result, ARR2STRING(qbuild->syntax, i));
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:428:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	  strcat(qbuild->preclass_syntax, qbuild->preclass_entry);
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:490:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(qbuild->classtag_syntax, qbuild->classtag_entry); 
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:506:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(qbuild->classtag_syntax, qbuild->classtag_entry);
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:620:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(syntax_a, entry_a);
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:640:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(syntax_a, entry_a);
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:702:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(syntax_c, entry_c);
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:814:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(syntax_v, entry_v);
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:927:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(syntax_j, entry_j);
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1192:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(m_entry, stackText(resstack, 0));
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1201:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(m_entry, (attrMenu + k)->text);
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1206:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(m_entry, (condMenu + k)->text);
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1210:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(m_entry, (valueMenu + k)->text);
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1214:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(m_entry, (conjMenu + k)->text);
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1249:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(qbuild->classtag_entry, stackText(resstack, 0));
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1258:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(qbuild->classtag_entry, (classtagMenu + k)->text);
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1267:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(qbuild->preclass_entry, (preclassMenu + k)->text);
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1297:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy((preclassMenu + i)->text, ARR2STRING(classlist, i - 3));
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1333:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy((newMenu + i)->text, KEYLIST_NAME(i - 2, classtagkeyset));
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1356:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy((newMenu + i)->text, ARR2STRING(classlist, i - 3));
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1440:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy((newMenu + i)->text, KEYLIST_NAME(i - 3, attrkeyset));
data/acedb-4.9.39+dfsg.02/w6/querydisp.c:142:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy (auto_filename, autosaveCreateName()) ;
data/acedb-4.9.39+dfsg.02/w6/querydisp.c:699:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (quer->dirName, cp) ;
data/acedb-4.9.39+dfsg.02/w6/tablemakerdisp.c:252:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (tmdisp->dirSelection, cp);
data/acedb-4.9.39+dfsg.02/w6/tablemakerdisp.c:258:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (tmdisp->dirSelection, cp);
data/acedb-4.9.39+dfsg.02/w6/treedisp.c:2608:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (bs->bt->cp, text) ;
data/acedb-4.9.39+dfsg.02/w6/treedisp.c:3056:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(look->tagWarp, pattern);
data/acedb-4.9.39+dfsg.02/w7/alignmentdisp.c:191:18:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  pipe = (FILE *)popen(messprintf("%s %s", script, name(key)), "w");
data/acedb-4.9.39+dfsg.02/w7/alignmentdisp.c:206:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    { sprintf (domain, "%s/%d-%d", name(c->key), c->start, c->end) ;
data/acedb-4.9.39+dfsg.02/w7/cmapdisp.c:1510:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy (col->name, name) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3276:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (dirName, getenv("ACEDB_DATA")) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3281:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (dirName, cp) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3923:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(currentParent->name,listname) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:4050:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy (dirName, getenv("ACEDB_DATA")) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:4055:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy (dirName, cp) ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:1221:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(dnacpt->restriction2,dnacpt->restriction) ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:1405:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(dnacpt->restriction2,dnacpt->restriction) ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:2012:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(name, codonFullName[i]) ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:2187:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	  strcat(buffer, codonFullName[codon]) ; /* 5, 6, 7 */
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:2189:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	  strcat(buffer, messprintf("%5.1f%%", arr(usage,codon,int)/ 10.0)) ;
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4013:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat (look->segTextBuf, 
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4018:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat (look->segTextBuf, 
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4052:8:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	      strcat(look->segTextBuf, messprintf("  %s %s", confirm->confirm_str,
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4062:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat (look->segTextBuf, 
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4067:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat (look->segTextBuf, 
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4118:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat (look->segTextBuf, 
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4136:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat (look->segTextBuf, 
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4167:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat (look->segTextBuf, 
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4185:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat (look->segTextBuf, 
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4234:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat (look->segTextBuf, messprintf ("%.0f%% ", seg->data.f)) ;
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4236:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat (look->segTextBuf, messprintf ("%.3g ", seg->data.f)) ;
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4263:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat (look->segTextBuf, messprintf (" Tm: %3.1f ", (float)(i/10.0))) ;
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4266:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat (look->segTextBuf, messprintf (" Score: %d ", i)) ;
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4273:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat (look->segTextBuf, messprintf (" (%s) ", nameWithClassDecorate(seg->data.k))) ; 
data/acedb-4.9.39+dfsg.02/w7/fmapcurate.c:431:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf (at->newValue, "[%s %s] ", 
data/acedb-4.9.39+dfsg.02/w7/fmapfeatures.c:2237:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy (msp->sname, name(seg->key)) ;
data/acedb-4.9.39+dfsg.02/w7/fmapfeatures.c:2240:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (msp->qframe, messprintf ("(-%d)", 1 + ((max-min+1) - msp->qstart) % 3)) ;
data/acedb-4.9.39+dfsg.02/w7/fmapfeatures.c:2242:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (msp->qframe, messprintf ("(+%d)", 1 + (msp->qstart-1) % 3)) ;
data/acedb-4.9.39+dfsg.02/w7/fmapfeatures.c:2268:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	  sprintf (msp->sname, "%sx", name(seg->parent)) ;  /* x for exon */
data/acedb-4.9.39+dfsg.02/w7/fmapfeatures.c:2289:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(msp->sname, "%si", name(seg->parent)) ;   /* i for intron */
data/acedb-4.9.39+dfsg.02/w7/fmapfeatures.c:4812:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(cmd, "pfetch -F '%s' &", name(key));
data/acedb-4.9.39+dfsg.02/w7/fmapfeatures.c:4813:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(title, "pfetch: %s", name(key));
data/acedb-4.9.39+dfsg.02/w7/fmapgene.c:817:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy (parmsName, name(key)) ;
data/acedb-4.9.39+dfsg.02/w7/fmaposp.c:1432:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(oligoName, look->oligoNameBuffer) ;
data/acedb-4.9.39+dfsg.02/w7/fmaposp.c:1441:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat (oligoName, messprintf("%d",pos)) ;
data/acedb-4.9.39+dfsg.02/w7/fmaposp.c:1443:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (oligoNameBegin, oligoName) ;
data/acedb-4.9.39+dfsg.02/w7/fmaposp.c:1447:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy (oligoName, oligoNameBegin) ;
data/acedb-4.9.39+dfsg.02/w7/fmaposp.c:1449:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat (oligoName, messprintf("%d", suffix)) ;
data/acedb-4.9.39+dfsg.02/w7/fmaposp.c:1463:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (oligoName, aceInPos(name_in)) ;
data/acedb-4.9.39+dfsg.02/w7/fmaposp.c:1533:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy (look->oligoNameBuffer, oligoName) ;
data/acedb-4.9.39+dfsg.02/w7/fmapstatus.c:462:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy (look->segTextBuf, 
data/acedb-4.9.39+dfsg.02/w7/gmapconvert.c:70:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(buf, name(map));
data/acedb-4.9.39+dfsg.02/w7/gmapconvert.c:72:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
  strcat(buf, suffix);
data/acedb-4.9.39+dfsg.02/w7/gmapconvert.c:82:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(buf, name(map));
data/acedb-4.9.39+dfsg.02/w7/gmapconvert.c:84:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
  strcat(buf, suffix);
data/acedb-4.9.39+dfsg.02/w7/gmapconvert.c:95:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
  strcat(buf, name(map));
data/acedb-4.9.39+dfsg.02/w7/gmapintervalcol.c:326:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(look->messageText, messprintf(" %.2f", seg->x - seg->dx));
data/acedb-4.9.39+dfsg.02/w7/gmapintervalcol.c:327:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(look->messageText, messprintf(" %.2f", seg->x + seg->dx));
data/acedb-4.9.39+dfsg.02/w7/gmapintervalcol.c:850:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(cf->query,private->query);
data/acedb-4.9.39+dfsg.02/w7/gmapintervalcol.c:853:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(cf->tag,"%s",name(private->symbolTag));
data/acedb-4.9.39+dfsg.02/w7/gmapintervalcol.c:858:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(cf->temp[i],arrp(private->colours, i, TAGCOLOUR)->text);
data/acedb-4.9.39+dfsg.02/w7/gmapintervalcol.c:934:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(private->query, cf->query);
data/acedb-4.9.39+dfsg.02/w7/gmapintervalcol.c:960:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(s, cf->temp[i]);
data/acedb-4.9.39+dfsg.02/w7/gmapintervalcol.c:1076:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(private->query, s1);
data/acedb-4.9.39+dfsg.02/w7/gmapintervalcol.c:1092:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	      strcpy(new, s1);
data/acedb-4.9.39+dfsg.02/w7/gmaplocuscol.c:216:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(look->messageText, messprintf(" %.2f", seg->x));
data/acedb-4.9.39+dfsg.02/w7/gmaplocuscol.c:217:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(look->messageText, messprintf(" [%.2f]", seg->dx));
data/acedb-4.9.39+dfsg.02/w7/gmaplocuscol.c:604:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(cf->query,private->query);
data/acedb-4.9.39+dfsg.02/w7/gmaplocuscol.c:611:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf (t->query, "%s", q->query);
data/acedb-4.9.39+dfsg.02/w7/gmaplocuscol.c:622:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(q->text,"%s",t->text);
data/acedb-4.9.39+dfsg.02/w7/gmaplocuscol.c:704:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(private->query, cf->query);
data/acedb-4.9.39+dfsg.02/w7/gmapposnegcol.c:480:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(cf->query,private->query);
data/acedb-4.9.39+dfsg.02/w7/gmapposnegcol.c:520:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(private->query, cf->query);
data/acedb-4.9.39+dfsg.02/w7/gmapposnegcol.c:560:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(private->query, s1);
data/acedb-4.9.39+dfsg.02/w7/gmapremarkcol.c:417:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(cf->query,private->query);
data/acedb-4.9.39+dfsg.02/w7/gmapremarkcol.c:421:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(cf->temp[i],name(arr(private->tags, i, KEY))); 
data/acedb-4.9.39+dfsg.02/w7/gmapsubmapcol.c:953:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(cf->lociQuery, private->lociQuery);
data/acedb-4.9.39+dfsg.02/w7/gmapsubmapcol.c:955:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(cf->intQuery, private->intQuery);
data/acedb-4.9.39+dfsg.02/w7/gmapsubmapcol.c:1005:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
          strcpy(private->intQuery, cf->intQuery);
data/acedb-4.9.39+dfsg.02/w7/gmapsubmapcol.c:1022:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
          strcpy(private->lociQuery, cf->lociQuery);
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:451:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(temp,"%s%s%s",prefix,colchar,rowchar);
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:458:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(seg->name,temp);
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:1780:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(look->genXLabel, text) ;
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:1793:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(look->genYLabel, text) ;
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:2933:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat (look->reportBuffer, GRID_REPORT_BOX_OVERFLOW) ;
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:2938:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat (look->reportBuffer, name(tab->tag)) ;
data/acedb-4.9.39+dfsg.02/w7/mapcontrol.c:215:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  if (strcpy(r.name, name) == NULL)
data/acedb-4.9.39+dfsg.02/w7/mapcontrol.c:1098:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy (map->cursor.text, messprintf ("%.2f",z)) ;
data/acedb-4.9.39+dfsg.02/w7/mapcontrol.c:1100:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy (map->cursor.text, messprintf ("%.0f",z)) ;
data/acedb-4.9.39+dfsg.02/w7/mapcontrol.c:1128:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy (map->cursor.text, messprintf ("%.2f",z)) ;
data/acedb-4.9.39+dfsg.02/w7/mapcontrol.c:1130:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy (map->cursor.text, messprintf ("%.0f",z)) ;
data/acedb-4.9.39+dfsg.02/w7/metab.c:1339:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
       strcpy(buf,text);
data/acedb-4.9.39+dfsg.02/w7/metab.c:1442:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(dname,"%s Diagram Info",name(pwkey));
data/acedb-4.9.39+dfsg.02/w7/metab.c:1712:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		   sprintf(buf,"No reactants/products listed for %s;\n\
data/acedb-4.9.39+dfsg.02/w7/pepdisp.c:452:11:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
          strcat(buff, messprintf("%s ", name(mk)));
data/acedb-4.9.39+dfsg.02/w7/pepfeaturecol.c:198:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(cf->query,"%s",private->query);
data/acedb-4.9.39+dfsg.02/w7/pepfeaturecol.c:276:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(look->messageText, messprintf(" %d  %d ",feature->x1,feature->x2));
data/acedb-4.9.39+dfsg.02/w7/pepfeaturecol.c:277:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(look->messageText,messprintf(" %4.2f ",feature->score));
data/acedb-4.9.39+dfsg.02/w7/pephomolcol.c:313:18:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  pipe = (FILE *)popen(script, "w");
data/acedb-4.9.39+dfsg.02/w7/pephomolcol.c:623:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(look->messageText, messprintf(" %d  %d ",homol->sstart,homol->send));
data/acedb-4.9.39+dfsg.02/w7/pephomolcol.c:624:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(look->messageText, name(homol->meth));
data/acedb-4.9.39+dfsg.02/w7/pephomolcol.c:625:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(look->messageText,messprintf(" %4.2f ",homol->score));
data/acedb-4.9.39+dfsg.02/w7/pephomolcol.c:626:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(look->messageText, messprintf(" (%d - %d) ",homol->qstart,homol->qend));
data/acedb-4.9.39+dfsg.02/w7/pepseqcol.c:159:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(look->messageText, messprintf(" [%d] ",index+1));
data/acedb-4.9.39+dfsg.02/w7/pepseqcol.c:548:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(str2,"%s",pepShortName[(int)array(arr(private->colMap,0,Array),i,char)]);
data/acedb-4.9.39+dfsg.02/w7/smapconvert.c:873:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(CLMethod, dictName(methods,i));
data/acedb-4.9.39+dfsg.02/w7/smapconvert.c:2685:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(string, type_text) ;
data/acedb-4.9.39+dfsg.02/w7/smapconvert.c:2688:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(string, text_text);
data/acedb-4.9.39+dfsg.02/w7/vmapdisp.c:2123:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	  strcat (look->messageText, messprintf(" %.2f", seg->x)) ;
data/acedb-4.9.39+dfsg.02/w7/vmapdisp.c:2125:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat (look->messageText, messprintf (" %.2f", 
data/acedb-4.9.39+dfsg.02/w7/vmapdisp.c:2132:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	  strcat (look->messageText, messprintf(" %.2f", seg->x)) ;
data/acedb-4.9.39+dfsg.02/w7/vmapdisp.c:2136:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat (look->messageText, messprintf (" interpolated")) ;
data/acedb-4.9.39+dfsg.02/w7/vmapdisp.c:2138:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat (look->messageText, messprintf (" [%.2f]", 
data/acedb-4.9.39+dfsg.02/w7/vmapdisp.c:2142:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat (look->messageText, messprintf (" %.2f", 
data/acedb-4.9.39+dfsg.02/w7/vmapdisp.c:2148:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	  strcat (look->messageText, messprintf(" %.2f  %.2f", seg->x, seg->dx)) ;
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:1219:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(buf, "How do you want to consider unknown datas ?\n%s\n%s\n%s\n%s\n%s",
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:2174:4:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	{ sprintf(buf, messprintf("Bad value (%d) ; please try again", i)) ;
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:3066:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf (cq,">? Sequence %s", cp) ;
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:3068:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf (cq,">? Clone IS %s ; >Read", cp) ;
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:3478:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(dirName, dbPathMakeFilName("", "", "", handle)) ;
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:3483:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  fprintf(ff, stackText(diffaction, 0)) ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:1524:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf (buf2, "%s.%d", buf, j) ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:1655:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf (buff, "%s.%d", cp, j) ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:1737:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf (buff, "%s.%d", buf, j) ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:2943:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf (buff, "%s_%d", name(contigKey), i) ;
data/acedb-4.9.39+dfsg.02/w9/asn.c:297:7:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
      sscanf(finisher,"%s %s",lastname,firstini);
data/acedb-4.9.39+dfsg.02/w9/asn.c:449:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(titlebuf,name(title));
data/acedb-4.9.39+dfsg.02/w9/asn.c:458:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(journbuf,name(journal));
data/acedb-4.9.39+dfsg.02/w9/asn.c:467:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(volumbuf,volume);
data/acedb-4.9.39+dfsg.02/w9/asn.c:517:2:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
	sscanf(author,"%s %s",lastname,firstini);
data/acedb-4.9.39+dfsg.02/w9/asn.c:627:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(rnaname,name(arr(a,1,BSunit).k));
data/acedb-4.9.39+dfsg.02/w9/asn.c:641:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(gBuf,arr(a,1,BSunit).s);
data/acedb-4.9.39+dfsg.02/w9/asn.c:644:11:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
      if (sscanf(gBuf,"%s %s %s",trna_codon,rnaname,trna_AA) != 3) {
data/acedb-4.9.39+dfsg.02/w9/asn.c:656:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(rnaname,arr(a,1,BSunit).s);
data/acedb-4.9.39+dfsg.02/w9/asn.c:660:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(rnaname, name(gpkey));
data/acedb-4.9.39+dfsg.02/w9/asn.c:717:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	gbp += sprintf(gbp, "coded for by C. elegans cDNA %s",
data/acedb-4.9.39+dfsg.02/w9/asn.c:722:14:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      gbp += sprintf(gbp, "coded for by human cDNA%s %s",
data/acedb-4.9.39+dfsg.02/w9/asn.c:730:11:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	  gbp += sprintf(gbp, ", %s", cp = name(arr(a,i,BSunit).k));
data/acedb-4.9.39+dfsg.02/w9/asn.c:735:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	gbp += sprintf(gbp, " and %s", cp = name(arr(a,i,BSunit).k));
data/acedb-4.9.39+dfsg.02/w9/asn.c:767:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(lcp, "%s", name(gpkey));
data/acedb-4.9.39+dfsg.02/w9/asn.c:771:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(gene, name(gpkey));       /*ss --where locus is set to gene*/
data/acedb-4.9.39+dfsg.02/w9/asn.c:781:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(gene, Institution);
data/acedb-4.9.39+dfsg.02/w9/asn.c:788:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(gene, name(key));
data/acedb-4.9.39+dfsg.02/w9/asn.c:982:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(cp, "%s", name(gpkey));
data/acedb-4.9.39+dfsg.02/w9/asn.c:985:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(cp, "Similar to %s", name(gpkey));
data/acedb-4.9.39+dfsg.02/w9/asn.c:1063:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(gBuf,u.s);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1108:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(qhere,qstr);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1177:27:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      if (hasEMBLfeature) strcpy(ftype,etype);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1188:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(ntxt, mtxt);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1193:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(ntxt, cp+1);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1286:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(ftype,etype);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1301:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	  strcat(qtxt,mtxt);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1416:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(gSequence,FixCloneName(name(seq)));
data/acedb-4.9.39+dfsg.02/w9/asn.c:1420:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(gRawClone, name(clone));
data/acedb-4.9.39+dfsg.02/w9/asn.c:1421:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(gClone, FixCloneName(gRawClone));
data/acedb-4.9.39+dfsg.02/w9/asn.c:1423:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(gClonePat, gClone);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1425:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(gRawClonePat, gRawClone);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1431:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(gCloneType,name(arr(a,0,BSunit).k));
data/acedb-4.9.39+dfsg.02/w9/asn.c:1440:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(gLibrary,name(arr(a,0,BSunit).k));
data/acedb-4.9.39+dfsg.02/w9/asn.c:1448:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(gMapPosition,name(arr(a,0,BSunit).k));
data/acedb-4.9.39+dfsg.02/w9/asn.c:1473:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(keyword[ii++],"%s",name(arr(a,i,BSunit).k));
data/acedb-4.9.39+dfsg.02/w9/asn.c:1482:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(gLocus, "YSCL%s", gSequence);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1488:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(gLocus, "CBR%s", gSequence);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1490:7:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
      sscanf(name(key),"Sequence-%s",gChromosome);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1500:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(gLocus, "CEL%s", gSequence);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1502:7:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
      sscanf(name(key),"Sequence-%s",gChromosome);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1513:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    	sprintf(gLocus, "HS%s", asnbr);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1516:7:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
      sscanf(name(key),"Sequence-%s",gChromosome);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1599:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(gBuf, "Saccharomyces cerevisiae chromosome XII cosmid %s", gSequence);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1602:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(gBuf,"The sequence of S. cerevisiae cosmid %s", gSequence);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1614:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(gBuf+strlen(gBuf), "~~%s",name(arr(a,i,BSunit).k));
data/acedb-4.9.39+dfsg.02/w9/asn.c:1645:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(gBuf, "Caenorhabditis briggsae cosmid %s", gSequence) ;
data/acedb-4.9.39+dfsg.02/w9/asn.c:1649:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(gBuf, "The sequence of C. briggsae cosmid %s", gSequence) ;
data/acedb-4.9.39+dfsg.02/w9/asn.c:1661:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(gBuf+strlen(gBuf), "~~%s",name(arr(a,i,BSunit).k));
data/acedb-4.9.39+dfsg.02/w9/asn.c:1697:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(gBuf, "Caenorhabditis elegans cosmid %s", gSequence) ;
data/acedb-4.9.39+dfsg.02/w9/asn.c:1701:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(gBuf, "The sequence of C. elegans cosmid %s", gSequence) ;
data/acedb-4.9.39+dfsg.02/w9/asn.c:1726:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(gBuf+strlen(gBuf), "~~%s",name(arr(a,i,BSunit).k));
data/acedb-4.9.39+dfsg.02/w9/asn.c:1778:12:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    gbp += sprintf(gBuf, "Human %s clone %s", gCloneType, gClone);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1787:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(gBuf, "The sequence of H. sapiens %s clone %s", gCloneType, gClone);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1913:11:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			gbp += sprintf(gbp, "~%s", name(arr(a,i,BSunit).k));
data/acedb-4.9.39+dfsg.02/w9/asn.c:2110:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(asnfile, "%s.asn", name(key));
data/acedb-4.9.39+dfsg.02/w9/asn.c:2131:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(asnfile, "%s/%s.asn", dname, fname);
data/acedb-4.9.39+dfsg.02/w9/asn.c:2250:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(buf, "getfa %s %s", fname, acc);
data/acedb-4.9.39+dfsg.02/w9/asn.c:2252:12:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	if ((pp = popen(buf, "r")) == NULL)
data/acedb-4.9.39+dfsg.02/w9/belvu.c:953:5:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vprintf(format, ap);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:1057:2:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	system(messprintf("%s http://www.sanger.ac.uk/cgi-bin/seq-query?%s&", 
data/acedb-4.9.39+dfsg.02/w9/belvu.c:1143:14:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    if (col) strcat(stats, messprintf("Column %d: ", col));
data/acedb-4.9.39+dfsg.02/w9/belvu.c:1145:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(stats, messprintf("%s/%d-%d", alnp->name, alnp->start, alnp->end));
data/acedb-4.9.39+dfsg.02/w9/belvu.c:1148:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(stats, messprintf("  %c = ", alnp->seq[col-1]));
data/acedb-4.9.39+dfsg.02/w9/belvu.c:1159:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(stats, messprintf("%d", col-1 + alnp->start - gaps));
data/acedb-4.9.39+dfsg.02/w9/belvu.c:1163:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(stats, messprintf(" (%d match", Highlight_matches));
data/acedb-4.9.39+dfsg.02/w9/belvu.c:1355:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(tmpname, alnp->name);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:1472:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(tmp, src);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:1474:9:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
    if (sscanf(tmp, "%s%d%d", alnp->name, &alnp->start, &alnp->end) != 3) {
data/acedb-4.9.39+dfsg.02/w9/belvu.c:1486:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(cp, "%s/%d-%d\n", alnp->name, alnp->start, alnp->end);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2096:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(alnp->fetch, "%s", alnp->name);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2403:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(name, messprintf("%s", namep));
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2406:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(name, messprintf("%s%c%d-%d", namep, saveSeparator, aln->start, aln->end));
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2526:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(saveFormat, MSFStr);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2530:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(saveFormat, MulStr);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2534:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(saveFormat, FastaAlnStr);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2538:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(saveFormat, FastaStr);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2543:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(treeMethodString, UPGMAstr);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2548:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(treeMethodString, NJstr);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2554:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(treeDistString, UNCORRstr);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2560:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(treeDistString, KIMURAstr);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2565:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(treeDistString, STORMSONNstr);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2971:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(suffix, cp+1);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:3739:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(node[i]->name, "%s", 
data/acedb-4.9.39+dfsg.02/w9/belvu.c:3743:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(node[i]->name, "%s/%d-%d", 
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4033:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(arrp(Aligntmp, i, ALN)->seq, arrp(Align, i, ALN)->seq);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4069:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(arrp(Align, i, ALN)->seq, arrp(Aligntmp, i, ALN)->seq);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4344:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(alnp->seq, seq);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4352:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(saveFormat, MSFStr);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4360:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(aln.seq, seq);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4419:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(seqp, cp);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4427:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(saveFormat, FastaAlnStr);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4464:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(cp, line);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4498:6:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
	    sscanf(cp + strlen(aln->name), 
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4502:6:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
	    sscanf(cp + strlen(aln->name), 
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4656:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(alnp->seq, cp+alnstart);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4675:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(name, cp+4);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4773:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(saveFormat, MulStr);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4794:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(linecp, line);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4885:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(v[*argc], s);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5007:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(usage, "%s%s, compiled %s\n", usageText, belvuVersion, cc_date);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5020:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(colorCodesFile, optarg);      break;
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5023:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(markupColorCodesFile, optarg);break;
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5026:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(readMatchFile, optarg); 
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5034:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(output_format, optarg);       break;
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5059:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(scoreFile, optarg);           break;
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5068:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(treeMethodString, NJstr);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5073:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(treeMethodString, UPGMAstr);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5080:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(treeDistString, KIMURAstr);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5083:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(treeDistString, STORMSONNstr);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5087:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(treeDistString, UNCORRstr);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5221:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(saveFormat, FastaAlnStr);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5225:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(saveFormat, FastaStr);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5619:6:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
	    sscanf(cp, "%s", setColor);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5639:6:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
	if (sscanf(line, "%c%s", &c, setColor) == 2) 
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5913:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(colors, colorNames[i]);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5945:12:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    pipe = popen (command, "r") ;
data/acedb-4.9.39+dfsg.02/w9/belvu.c:6013:15:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    if (!pos) strcpy(title, Title);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7016:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(linecopy, line);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7161:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(rawseq, line);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7262:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access(csh, X_OK)) {
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7267:26:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    if (!(pipe = (FILE *)popen(messprintf("%s -cf \"which %s\"", csh, command), "r"))) {
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7280:10:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (!access(retval, F_OK) && !access(retval, X_OK))
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7280:35:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (!access(retval, F_OK) && !access(retval, X_OK))
data/acedb-4.9.39+dfsg.02/w9/blxmain.c:162:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(usage, "%s %s\n", usageText, blixemVersion) ;
data/acedb-4.9.39+dfsg.02/w9/blxmain.c:173:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(FSfilename, optarg);
data/acedb-4.9.39+dfsg.02/w9/blxmain.c:239:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(xtra_filename, optarg);
data/acedb-4.9.39+dfsg.02/w9/blxmain.c:253:27:  [4] (buffer) scanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
    printf("Seq file: "); scanf("%s", seqfilename);
data/acedb-4.9.39+dfsg.02/w9/blxmain.c:254:26:  [4] (buffer) scanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
    printf("FS file: "); scanf("%s", FSfilename);
data/acedb-4.9.39+dfsg.02/w9/blxmain.c:266:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(seqfilename, argv[optind]);
data/acedb-4.9.39+dfsg.02/w9/blxmain.c:267:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(FSfilename, argv[optind+1]);
data/acedb-4.9.39+dfsg.02/w9/blxmain.c:288:6:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
	    sscanf(line, "%s", qname);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:112:2:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
	sscanf(line, "%s", qname);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:195:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(s2, s);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:228:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(msp->desc, cp);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:238:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(msp->sseq, seq);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:249:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(msp->sseq + msp->sstart - 1, seq);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:271:11:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
      if (sscanf(line, "%d%s%d%d%d%d%s", 
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:284:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(msp->sname, sname); 
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:302:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(src, msp->sname);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:312:8:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	      strcat(msp->sname, p);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:324:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	      strcpy(msp->sname, db);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:326:8:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	      strcat(msp->sname, last);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:404:8:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
	  if (sscanf(seq_pos, "%s", msp->sseq) != 1)
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:498:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(fs.name, series);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:672:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	      strcpy(tmp, *readseq);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:676:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(*readseq+readseqcount, line);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:684:8:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
	  if (sscanf(line+14, "%s%s", qname, series) != 2) 
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:693:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	      strcpy(seq1name, series);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:698:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	      strcpy(seq2name, series);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:738:8:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
	  if (sscanf(line, "%d%s%s%d%d%s%s%d%d%s", 
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:749:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(msp->qname, qname);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:751:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(msp->sname, sname);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:771:8:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
	  if (sscanf(line, "%d%s%s%d%d%s",
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:782:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(msp->qname, qname);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:785:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(msp->sname, series);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:802:8:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
	  if (sscanf(line, "%s%s%s%d%d%s%s%s",
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:820:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(msp->qname, qname);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:823:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(msp->sname, series);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:826:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(msp->desc, series);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:839:8:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
	  if (sscanf(line+13, "%s%s%s", 
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:876:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(msp->qname, qname);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:879:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(msp->sname, series);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:918:12:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    pipe = popen (command, "r") ;
data/acedb-4.9.39+dfsg.02/w9/blxselect.c:119:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(seqfilename, SEQEXT);
data/acedb-4.9.39+dfsg.02/w9/blxselect.c:122:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(HSPfilename, EXT);
data/acedb-4.9.39+dfsg.02/w9/blxselect.c:206:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(realname, filename);
data/acedb-4.9.39+dfsg.02/w9/blxselect.c:207:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(realname, EXT);
data/acedb-4.9.39+dfsg.02/w9/blxselect.c:245:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(array(names, items, char*), text); 
data/acedb-4.9.39+dfsg.02/w9/blxselect.c:338:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(usage, "%s%s, compiled %s\n", usageText, blixelectVersion, cc_date);
data/acedb-4.9.39+dfsg.02/w9/blxselect.c:342:12:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	case 'q': strcpy(EXT, optarg);          break;
data/acedb-4.9.39+dfsg.02/w9/blxselect.c:343:12:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	case 's': strcpy(SEQEXT, optarg);       break;
data/acedb-4.9.39+dfsg.02/w9/blxselect.c:351:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(list, argv[argc-1]);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:926:3:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
		system(messprintf("%s %s%s&", browser, URL, msp->sname));
data/acedb-4.9.39+dfsg.02/w9/blxview.c:977:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(HighlightSeq, msp->sname);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:985:32:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  if (bpmsp && *bpmsp->sname) strcpy(HighlightSeq, bpmsp->sname);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1031:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(dest->qframe, src->qframe);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1036:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(dest->sframe, src->sframe);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1854:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(HighlightSeq, MSPlist->sname);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1968:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(bpmsp->sname, msp->sname);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:2742:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			  strcat(text, messprintf(" %9d", (compN ? msp->send : msp->sstart)));
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3209:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(query, auxseq);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3330:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(result, seq_buf) ;
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3390:23:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  if (!(pipe = (FILE*)popen(fetchstr, "r")))
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3414:27:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
      if (!(pipe = (FILE*)popen(fetchstr, "r")))
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3720:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(message, "%s: %d   No subject picked", queryname, qpos + qoffset);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3771:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(message, "%s: %d   ", queryname, qpos + qoffset);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3778:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(message, messprintf("%s: %d", pickedMSP->sname, spos));
data/acedb-4.9.39+dfsg.02/w9/blxview.c:4166:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(dottersseq, msp->sseq);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:4297:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(dottersseq, queryseq);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:4959:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(tmp, text) ;
data/acedb-4.9.39+dfsg.02/w9/blxview.c:5012:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(cmd, "pfetch --client=acedb_%s_%s -F '%s' &",
data/acedb-4.9.39+dfsg.02/w9/blxview.c:5014:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(title, "pfetch: %s", msp->sname);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:5069:16:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      result = strcpy(result, text) ;
data/acedb-4.9.39+dfsg.02/w9/blxview.c:5085:16:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      result = strcat(result, abbrev) ;
data/acedb-4.9.39+dfsg.02/w9/blxview.c:5087:16:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      result = strcat(result, tail_ptr) ;
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:71:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr, format, ap);
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:320:4:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
	  sscanf(buff, "%s%s", junk, ACnr);
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:328:34:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  if ( !strncmp(buff, "//", 2) ) strcpy( ACnr, rec->entry_name );
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:348:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy( &TITLEline[strlen(TITLEline) - 1], &buff[16] );
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:392:7:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
		    sscanf(buff, "%s%s", junk, ACnr);
data/acedb-4.9.39+dfsg.02/w9/diskdump.c:63:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(filename,"%s/database/block1.wrm", getenv("ACEDB")) ;
data/acedb-4.9.39+dfsg.02/w9/diskfix.c:67:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf (filename, "%s/database/blocks.wrm", getenv("ACEDB")) ;
data/acedb-4.9.39+dfsg.02/w9/dotter.c:511:5:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vprintf(format, ap);
data/acedb-4.9.39+dfsg.02/w9/dotter.c:2418:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(CrosshairPosText, "%s, %s", qpos, spos);
data/acedb-4.9.39+dfsg.02/w9/dotter.c:2543:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(path, getenv("PATH"));
data/acedb-4.9.39+dfsg.02/w9/dotter.c:2546:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(file, path);
data/acedb-4.9.39+dfsg.02/w9/dotter.c:2548:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(file, command);
data/acedb-4.9.39+dfsg.02/w9/dotter.c:2549:7:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (!access(file, F_OK) && !access(file, X_OK)) {
data/acedb-4.9.39+dfsg.02/w9/dotter.c:2549:30:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (!access(file, F_OK) && !access(file, X_OK)) {
data/acedb-4.9.39+dfsg.02/w9/dotter.c:2558:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(retstr, file);
data/acedb-4.9.39+dfsg.02/w9/dotter.c:2620:20:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    pipe = (FILE *)popen(messprintf("/bin/csh -cf \"%s -z %d -q %d -s %d -S '%s' %d '%s' %d %s %s\"", 
data/acedb-4.9.39+dfsg.02/w9/dotter.c:2906:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(CrosshairPosText, "%s, %s", qpos, spos);
data/acedb-4.9.39+dfsg.02/w9/dotter.c:3049:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(banner, "%s (horizontal) vs. %s (vertical)", qname, sname);
data/acedb-4.9.39+dfsg.02/w9/dotter.c:3199:45:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    qname = messalloc(strlen(queryname)+1); strcpy(qname, queryname);
data/acedb-4.9.39+dfsg.02/w9/dotter.c:3203:47:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    sname = messalloc(strlen(subjectname)+1); strcpy(sname, subjectname);
data/acedb-4.9.39+dfsg.02/w9/dotter.c:3420:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(v[*argc], s);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:48:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(dest, src);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:113:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy(msp->qname, name);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:116:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy(msp->desc, desc);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:231:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(usage, "%s%s, compiled %s\n", usageText, dotterVersion, cc_date);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:249:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(savefile, optarg);         break;
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:254:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(FSfilename, optarg);       break;
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:258:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(FSfilename, optarg);       break;
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:263:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(loadfile, optarg);         break;
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:266:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(mtxfile, optarg);          break;
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:280:49:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    qname = messalloc(strlen(argv[optind])+1); strcpy(qname, argv[optind]);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:282:51:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    sname = messalloc(strlen(argv[optind+2])+1); strcpy(sname, argv[optind+2]);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:285:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(dotterBinary, argv[optind+4]);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:289:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(winsize, optarg);          break;
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:312:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(Xoptions, argv[i]);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:422:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(firstdesc, cq);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:434:44:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			qname = messalloc(strlen(qfilename)+1); strcpy(qname, qfilename);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:463:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(firstdesc, cq);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:475:44:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			sname = messalloc(strlen(sfilename)+1); strcpy(sname, sfilename);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:47:32:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    if (env = getenv("SWDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:48:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    else strcpy(dbdir, DEFAULT_SWDIR);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:53:33:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    if (env = getenv("PIRDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:54:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    else strcpy(dbdir, DEFAULT_PIRDIR);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:59:34:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    if (env = getenv("WORMDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:60:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    else strcpy(dbdir, DEFAULT_WORMDIR);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:66:34:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    if (env = getenv("EMBLDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:67:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    else strcpy(dbdir, DEFAULT_EMBLDIR);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:72:32:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    if (env = getenv("GBDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:73:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    else strcpy(dbdir, DEFAULT_GBDIR);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:78:36:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    if (env = getenv("PRODOMDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:79:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    else strcpy(dbdir, DEFAULT_PRODOMDIR);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:84:37:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    if (env = getenv("PROSITEDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:85:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    else strcpy(dbdir, DEFAULT_PROSITEDIR);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:197:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(help, helpText);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:210:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(dbsource, optarg); break;
data/acedb-4.9.39+dfsg.02/w9/efetch.c:251:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(help, helpText);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:299:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(usage, usageText);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:310:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  else strcpy(query, argv[argc - 1]);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:339:34:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      if (env = getenv("DBDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:344:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(dbprefix, query);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:361:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(query, tmpstr+1);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:382:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:406:14:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    if (env) strcpy(idxfile, env);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:407:12:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      else sprintf(idxfile, "%s%s", dbdir, DEFAULT_IDXFILE);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:419:22:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    if (env != NULL) strcpy(divfile, env);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:420:12:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      else sprintf(divfile, "%s%s", dbdir, DEFAULT_DIVFILE);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:436:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(actrgfile, "%s%s", dbdir, DEFAULT_ACTRGFILE);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:450:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(achitfile, "%s%s", dbdir, DEFAULT_ACHITFILE);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:533:22:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    if (env != NULL) strcpy(dbfile, env);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:537:25:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      if (file != NULL) sprintf(dbfile, "%s%s", dbdir, file);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:540:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(dbfile, "%s%s", dbdir, DEFAULT_DBFILE);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:581:8:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	      strcat(fetchstr, cp);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:583:8:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	      system(fetchstr);
data/acedb-4.9.39+dfsg.02/w9/embl.c:259:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	      fprintf (dumpFile, cp) ;
data/acedb-4.9.39+dfsg.02/w9/embl.c:1308:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf (dumpFile, cp, name(seq)) ;
data/acedb-4.9.39+dfsg.02/w9/embl.c:1310:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf (dumpFile, name(seq)) ;
data/acedb-4.9.39+dfsg.02/w9/embl.c:1407:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	      fprintf (dumpFile, cp) ;
data/acedb-4.9.39+dfsg.02/w9/embl.c:1422:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	      fprintf (dumpFile, cp) ;
data/acedb-4.9.39+dfsg.02/w9/fetch.c:43:32:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    if (env = getenv("SWDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:44:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    else strcpy(dbdir, DEFAULT_SWDIR);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:49:33:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    if (env = getenv("PIRDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:50:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    else strcpy(dbdir, DEFAULT_PIRDIR);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:55:34:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    if (env = getenv("WORMDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:56:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    else strcpy(dbdir, DEFAULT_WORMDIR);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:63:34:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    if (env = getenv("EMBLDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:64:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    else strcpy(dbdir, DEFAULT_EMBLDIR);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:69:32:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    if (env = getenv("GBDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:70:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    else strcpy(dbdir, DEFAULT_GBDIR);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:75:36:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    if (env = getenv("PRODOMDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:76:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    else strcpy(dbdir, DEFAULT_PRODOMDIR);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:83:37:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    if (env = getenv("PROSITEDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:84:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    else strcpy(dbdir, DEFAULT_PROSITEDIR);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:152:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(dbsource, optarg); break;
data/acedb-4.9.39+dfsg.02/w9/fetch.c:162:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(idxfile, optarg); break;
data/acedb-4.9.39+dfsg.02/w9/fetch.c:167:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(dbdir, optarg); break;
data/acedb-4.9.39+dfsg.02/w9/fetch.c:169:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(dbfile, optarg); break;
data/acedb-4.9.39+dfsg.02/w9/fetch.c:190:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(divfile, optarg); break;
data/acedb-4.9.39+dfsg.02/w9/fetch.c:207:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(customName, optarg); break;
data/acedb-4.9.39+dfsg.02/w9/fetch.c:216:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  else strcpy(query, argv[argc - 1]);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:240:34:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      if (env = getenv("DBDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:245:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(dbprefix, query);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:262:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(query, tmpstr+1);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:283:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:307:14:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    if (env) strcpy(idxfile, env);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:308:12:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      else sprintf(idxfile, "%s%s", dbdir, DEFAULT_IDXFILE);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:320:22:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    if (env != NULL) strcpy(divfile, env);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:321:12:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      else sprintf(divfile, "%s%s", dbdir, DEFAULT_DIVFILE);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:337:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(actrgfile, "%s%s", dbdir, DEFAULT_ACTRGFILE);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:351:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(achitfile, "%s%s", dbdir, DEFAULT_ACHITFILE);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:434:22:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    if (env != NULL) strcpy(dbfile, env);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:438:25:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      if (file != NULL) sprintf(dbfile, "%s%s", dbdir, file);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:441:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(dbfile, "%s%s", dbdir, DEFAULT_DBFILE);
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:462:17:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
  while (EOF != fscanf(fp,"%s",string)) { 
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:466:42:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
    else if(!strcmp(string,"siteType:")) fscanf(fp,"%s",table->siteType); 
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:467:41:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
    else if(!strcmp(string,"refSeqs:")) fscanf(fp,"%s",table->refSeqs); 
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:468:42:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
    else if(!strcmp(string,"freqType:")) fscanf(fp,"%s",table->freqType); 
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:469:42:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
    else if(!strcmp(string,"classDef:")) fscanf(fp,"%s",table->classDef); 
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:484:2:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
	fscanf(fp,"%s",string2);
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:486:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(string,string2);
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:842:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy (seq->name, name) ;
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:1031:10:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
  while (fscanf(fp,"%s ",fileName) != EOF) 
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:1086:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy( lastFileName, fileName );
data/acedb-4.9.39+dfsg.02/w9/gmapdata.c:708:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	  strcat (buf, messprintf ("%s moved %f to %f\n", 
data/acedb-4.9.39+dfsg.02/w9/gmapdatacol.c:157:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat (look->messageText, name(gene_key)) ;
data/acedb-4.9.39+dfsg.02/w9/gmapdatacol.c:160:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat (look->messageText, name(gene_key)) ;
data/acedb-4.9.39+dfsg.02/w9/gmapdatacol.c:165:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	  strcat (look->messageText, 
data/acedb-4.9.39+dfsg.02/w9/gmapdatacol.c:465:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	  strcat (buf, messprintf (" %d", *p)) ;
data/acedb-4.9.39+dfsg.02/w9/gmapdatacol.c:467:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat (buf, messprintf (" %.2f %.2f",
data/acedb-4.9.39+dfsg.02/w9/gmapdatacol.c:472:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat (buf, messprintf (": %.2f", (y1>y2) ? (y1-y2) : (y2-y1))) ;
data/acedb-4.9.39+dfsg.02/w9/gmapphys.c:249:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(look->messageText, messprintf(" %.2f", seg->x));
data/acedb-4.9.39+dfsg.02/w9/gmapphys.c:250:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(look->messageText, messprintf(" interpolated"));
data/acedb-4.9.39+dfsg.02/w9/gmapphys.c:466:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(look->messageText, 
data/acedb-4.9.39+dfsg.02/w9/gmapphys.c:469:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(look->messageText, 
data/acedb-4.9.39+dfsg.02/w9/hexcode.c:57:24:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define messerror(x,y) fprintf(stderr,x,y)
data/acedb-4.9.39+dfsg.02/w9/readseq.c:215:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy (matdirname, getenv ("BLASTMAT")) ;
data/acedb-4.9.39+dfsg.02/w9/readseq.c:218:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy (fullname, matdirname) ;
data/acedb-4.9.39+dfsg.02/w9/readseq.c:219:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
  strcat (fullname, name) ;
data/acedb-4.9.39+dfsg.02/w9/translate.c:95:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(aaptr, code[codon]);
data/acedb-4.9.39+dfsg.02/w9/vmapdata2.c:1389:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
  strcat (look->messageText, name(dataKey)) ;
data/acedb-4.9.39+dfsg.02/w9/vmapdata2.c:1391:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
  strcat (look->messageText, name(arr(loci,0,KEY))) ;
data/acedb-4.9.39+dfsg.02/w9/vmapdata2.c:1393:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat (look->messageText, messprintf (" %d %s",
data/acedb-4.9.39+dfsg.02/w9/vmapdata2.c:1845:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat (buf, messprintf (" %d", arr(counts, i, int))) ;
data/acedb-4.9.39+dfsg.02/w9/vmapdata2.c:1847:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat (buf, messprintf (" %.2f %.2f",
data/acedb-4.9.39+dfsg.02/w9/vmapdata2.c:1851:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat (buf, messprintf (": %.2f", (y1>y2) ? (y1-y2) : (y2-y1))) ;
data/acedb-4.9.39+dfsg.02/wabi/basecall.c:3706:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    { strcpy (buf, name(*kp)) ;
data/acedb-4.9.39+dfsg.02/wabi/basecall.c:3715:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    { strcpy (buf1, name(*kp1)) ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3388:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf (com, "%s%s%s%s%s%s",
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3396:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf (com, "%s%s%s%s%s%s",
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3438:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf (buf, 
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3450:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf (buf, 
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3605:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf (buf, "Save_as %s\n", nm) ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3721:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf (buf, "load -active\nget 30\nsort\nassemble 12\nsave %s\n", nm) ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3805:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf (buf, "Get 20\nSort 100\nAssemble %d\nFix\nSave %s\n", taux, nm) ;
data/acedb-4.9.39+dfsg.02/wabi/geneannot.c:625:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (seg->buf, name(cosmid)) ;
data/acedb-4.9.39+dfsg.02/wabi/geneannot.c:626:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (seg->buf2, messprintf("%d", a1)) ;
data/acedb-4.9.39+dfsg.02/wabi/geneannot.c:630:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (seg2->buf, name(cosmid)) ;
data/acedb-4.9.39+dfsg.02/wabi/geneannot.c:631:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (seg2->buf2, messprintf("%d", a2)) ;
data/acedb-4.9.39+dfsg.02/wabi/geneannot.c:717:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	  strcpy (seg->buf, cr) ;
data/acedb-4.9.39+dfsg.02/wabi/geneannot.c:724:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy (seg->buf2, cr) ;
data/acedb-4.9.39+dfsg.02/wabi/geneannot.c:791:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy (seg->buf2, messprintf("%d bp", len)) ;
data/acedb-4.9.39+dfsg.02/wabi/geneannot.c:836:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	      strcpy (seg->buf, cq) ;
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:2194:9:  [4] (buffer) scanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
        scanf("%s",rep);
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:2363:7:  [4] (buffer) scanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
      scanf("%s",rep);
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1167:10:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  if (0) sprintf (command, "query find %s IS %s\nlist -C", new_class, new_name ) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1168:8:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  else sprintf (command, "query find %s IS %s", new_class, new_name ) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1603:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf (command, "aql -C %s", query) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1658:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	  sprintf (command, "table %s -C -n  %s %s", fa, query, params) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1661:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	  sprintf (command, "table %s -C -f  %s %s", fa, query, params) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1667:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	  sprintf (command, "table %s -C =%s %s", fa, query, params) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1838:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf (buff, "%s" , query) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1840:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf (buff, "query %s" , query) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2515:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf (command, "keyset-read %s" , name) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2554:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf (command, "list -a -f %s", name) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2805:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
  strcat (s, text) ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket.c:126:10:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
					n = sscanf(b,"%s%s%s",f_host, f_port, f_user);
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:324:1:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
strcpy(connection->last_errmsg, msg1);
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:326:1:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
strcat(connection->last_errmsg, msg1);
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:376:79:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
static AceConnStatus accessSocket(AceConnection connection, AceConnSockAccess access) ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:398:79:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
static AceConnStatus selectSocket(AceConnection connection, AceConnSockAccess access) ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:521:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  	  sprintf(request, "%s %s", connection->userid, hash_nonce) ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:643:79:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
static AceConnStatus accessSocket(AceConnection connection, AceConnSockAccess access)
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:652:46:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
      if ((status = selectSocket(connection, access)) != ACECONN_OK)
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:1173:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  if (strcpy(buffer, msgType) == NULL)
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:1176:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(buffer, msgType) ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:1207:79:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
static AceConnStatus selectSocket(AceConnection connection, AceConnSockAccess access)
data/acedb-4.9.39+dfsg.02/wac/accmd.c:63:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(prompt,"acedb@%s>",dbname);
data/acedb-4.9.39+dfsg.02/wac/acctest.c:61:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	  sprintf(b,"-%s-", ac_table_printable(t,x,y,""));
data/acedb-4.9.39+dfsg.02/wac/acinside.c:698:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf (buf, "Find %s IS \"%s\"", class, nam) ;
data/acedb-4.9.39+dfsg.02/wac/acinside.c:704:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf (cp, "Find %s IS \"%s\"", class, nam) ;
data/acedb-4.9.39+dfsg.02/wac/acinside.c:1345:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	   sprintf(cq, "%s\n", cp) ; /* \n replaces one or more zero, so we do not go over size */
data/acedb-4.9.39+dfsg.02/wace/acediff.c:469:3:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  system ("sort -u -T . +1 tempA1 -o tempA2") ;
data/acedb-4.9.39+dfsg.02/wace/acediff.c:477:3:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  system ("sort -u -T . +1 tempB1 -o tempB2") ;
data/acedb-4.9.39+dfsg.02/wace/acediff.c:499:7:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  if (system ("sort -T . +1 -3 +0 -1 tempC1 -o tempC2") != 0)
data/acedb-4.9.39+dfsg.02/wace/acesubs.c:51:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy (ww[nfield],cp) ;
data/acedb-4.9.39+dfsg.02/wace/acesubs.c:222:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
 strcpy(newlexname, name);
data/acedb-4.9.39+dfsg.02/wace/pmapace.c:95:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (cloneName[kclone++],&buffer[3]) ;
data/acedb-4.9.39+dfsg.02/wace/pmapace2.c:81:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (cloneName[kclone++],&buffer[3]) ;
data/acedb-4.9.39+dfsg.02/waql/aqlcheck.c:175:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (cws, cp);
data/acedb-4.9.39+dfsg.02/waql/aqlerror.c:80:3:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
  vsprintf (aql->errorMessage, format, args) ;
data/acedb-4.9.39+dfsg.02/waql/aqlerror.c:98:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf (aql->errorReport,
data/acedb-4.9.39+dfsg.02/waql/aqlerror.c:125:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
  strcat (aql->errorReport, startLine);
data/acedb-4.9.39+dfsg.02/waql/aqlrun.c:729:25:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
                        strcat(sortSpecString, 
data/acedb-4.9.39+dfsg.02/waql/aqlrun.c:736:29:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
                            strcat(sortSpecString, 
data/acedb-4.9.39+dfsg.02/waql/aqlrun.c:740:29:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
                            strcat(sortSpecString, 
data/acedb-4.9.39+dfsg.02/wdce/client.c:61:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy( outbuf, lpszString );
data/acedb-4.9.39+dfsg.02/wdce/dceclientlib.c:130:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(lpSvr->lpszServerStringBinding,szServerStringBinding) ;
data/acedb-4.9.39+dfsg.02/wdce/dceclientlib.c:190:4:  [4] (buffer) _mbscpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer.
			_mbscpy( *pAnswer, *pReponse ) ;
data/acedb-4.9.39+dfsg.02/wdce/dceclientlib.c:835:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(answer,loop);
data/acedb-4.9.39+dfsg.02/wdce/dceclientlib.c:841:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	{ strcat(answer,loop);
data/acedb-4.9.39+dfsg.02/wdce/dceserverlib.c:207:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(cp, "%s%d%s\n%s\n",
data/acedb-4.9.39+dfsg.02/wdce/dceserverlib.cpp:408:21:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                    sprintf(cp, "%s%d%s\n%s\n",
data/acedb-4.9.39+dfsg.02/wdce/serviceregistrypp.cpp:256:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(ppathnameBuf, m_AceServer_Pathname) ;
data/acedb-4.9.39+dfsg.02/wgd/gd2gif.c:17:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy (buf, argv[1]) ;
data/acedb-4.9.39+dfsg.02/wgd/gd2gif.c:28:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy (buf, argv[1]) ;
data/acedb-4.9.39+dfsg.02/wgnbk/gnbk.c:545:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		printf(stackText (hp,0)) ; 
data/acedb-4.9.39+dfsg.02/wgnbk/gnbkserver.c:120:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy (buf, masterFile) ;
data/acedb-4.9.39+dfsg.02/wgnbk/gnbkserver.c:208:7:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
      sscanf(argv[n++],"%s",dummy) == 1 &&
data/acedb-4.9.39+dfsg.02/wgnbk/gnbkserver.c:218:7:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
      sscanf(argv[n++],"%s",dummy) == 1 &&
data/acedb-4.9.39+dfsg.02/wgnbk/rpcgnbk_sp.c:107:8:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
       sprintf(cp, "%s%d%s\n%s\n",
data/acedb-4.9.39+dfsg.02/wh/dbidx.h:79:16:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
               fprintf(),
data/acedb-4.9.39+dfsg.02/wh/dbidx.h:81:16:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
               printf(),
data/acedb-4.9.39+dfsg.02/wh/dbidx.h:82:16:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
               sscanf(),
data/acedb-4.9.39+dfsg.02/wh/dbidx.h:88:16:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  extern char *strcpy(char*, char*),
data/acedb-4.9.39+dfsg.02/wh/igdevent.h:225:14:  [4] (shell) execvp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
extern int   execvp PROTO(( char *path, char *argv[]));
data/acedb-4.9.39+dfsg.02/wh/igdevent.h:233:14:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
extern void  printf VPROTO((char  *fmt, ...));
data/acedb-4.9.39+dfsg.02/wh/igdevent.h:235:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
char    * strcpy   (char *dest, const char *src);
data/acedb-4.9.39+dfsg.02/wh/mystdlib.h:261:9:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
#define popen _popen
data/acedb-4.9.39+dfsg.02/wh/mystdlib.h:366:10:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
int      system    (const char *command);
data/acedb-4.9.39+dfsg.02/wh/mystdlib.h:415:6:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
 int vfprintf (FILE *stream, const char *format, va_list arglist);
data/acedb-4.9.39+dfsg.02/wh/mystdlib.h:416:6:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
 int vprintf  (const char *format, va_list arglist);
data/acedb-4.9.39+dfsg.02/wh/mystdlib.h:420:8:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
 char *vsprintf (char *buffer, const char *format, va_list arglist);
data/acedb-4.9.39+dfsg.02/wh/mystdlib.h:423:6:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
 int vsprintf (char *buffer, const char *format, va_list arglist);
data/acedb-4.9.39+dfsg.02/wh/mystdlib.h:435:11:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
int       fprintf  (FILE *stream, const char *format, ...);
data/acedb-4.9.39+dfsg.02/wh/mystdlib.h:436:11:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
int       fscanf   (FILE *stream, const char *format, ...);
data/acedb-4.9.39+dfsg.02/wh/mystdlib.h:437:11:  [4] (buffer) scanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
int       scanf    (const char *format, ...);
data/acedb-4.9.39+dfsg.02/wh/mystdlib.h:438:11:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
int       printf   (const char *format, ...);
data/acedb-4.9.39+dfsg.02/wh/mystdlib.h:439:11:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
int       sscanf   (const char *buffer, const char *format, ...);
data/acedb-4.9.39+dfsg.02/wh/mystdlib.h:452:12:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
FILE      *popen   (const char *command, const char *type);
data/acedb-4.9.39+dfsg.02/whooks/class.c:161:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(cp1, cp);
data/acedb-4.9.39+dfsg.02/whooks/sysclass.c:587:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (buf, cp) ;
data/acedb-4.9.39+dfsg.02/win32/startace.c:171:7:  [4] (shell) execv:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
      execv(ace,  &bareargv);
data/acedb-4.9.39+dfsg.02/win32/startace.c:184:7:  [4] (shell) execv:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
      execv(rxvt, &rxvtargv);
data/acedb-4.9.39+dfsg.02/win32/winaceshell.c:39:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(args, argv[i]);
data/acedb-4.9.39+dfsg.02/win32/winaceshell.c:50:3:  [4] (shell) ShellExecute:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  ShellExecute(0, "open", path, args, cwd, 0);
data/acedb-4.9.39+dfsg.02/wjo/o2m.c:1131:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat (ox->message2Text, messprintf ("%s ", name (hit))) ;
data/acedb-4.9.39+dfsg.02/wjo/o2m.c:1132:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat (ox->message2Text, 
data/acedb-4.9.39+dfsg.02/wjo/pairmapdisp.c:1100:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat (ox->messageText, messprintf ("%s ", name (hit))) ;
data/acedb-4.9.39+dfsg.02/wjo/pairmapdisp.c:1101:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat (ox->messageText, messprintf ("between %s and %s", name (key1), name (key2))) ;
data/acedb-4.9.39+dfsg.02/wjo/specg.c:264:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
     strcat (ox->message3Text, messprintf ("%s ", name (hit))) ;
data/acedb-4.9.39+dfsg.02/wjo/specg.c:265:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
     strcat (ox->message3Text, messprintf ("between %s and %s", name (key1), name (key2))) ;
data/acedb-4.9.39+dfsg.02/wnq/acelibtest.c:64:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf (stderr, aceErrorMessage(0)) ;
data/acedb-4.9.39+dfsg.02/wnq/table.c:457:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy (stackText(t->s, 0), t->type) ;
data/acedb-4.9.39+dfsg.02/wrpc/aceclientlib.c:535:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(answer,loop);
data/acedb-4.9.39+dfsg.02/wrpc/aceclientlib.c:541:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	{ strcat(answer,loop);
data/acedb-4.9.39+dfsg.02/wrpc/aceserver.c:484:18:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      if (debug) fprintf(stderr, stackText(s,0)) ;
data/acedb-4.9.39+dfsg.02/wrpc/aceserver.c:707:9:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    f = popen(messprintf("cd %s ; tar chf - %s %s | uuencode server.wspec.tar",
data/acedb-4.9.39+dfsg.02/wrpc/aceserver.c:711:9:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    f = popen(messprintf("cd %s ; tar chf - %s %s",
data/acedb-4.9.39+dfsg.02/wrpc/aceserver.c:849:7:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    { fprintf (out, usage) ;
data/acedb-4.9.39+dfsg.02/wrpc/aceserver.c:850:7:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      fprintf (stderr, usage) ;
data/acedb-4.9.39+dfsg.02/wrpc/acesyb.c:407:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(to->data.textData, from->data.textData);
data/acedb-4.9.39+dfsg.02/wrpc/acesybase.c:142:19:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                  strcpy(np->data.textData, bs->bt->cp);
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:316:16:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
      if (2 == sscanf((char*)answer,"// %s is a sub class of %[a-zA-Z_0-9]",subclass,superclass)) {
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:317:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(message,"%s is the superclass for %s",superclass,subclass);
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:373:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(message,"Error getting temp file name: %s", messSysErrorText()) ;
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:381:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(message,"Error creating temp table file \"%s\": %s", tempName, messSysErrorText()) ;
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:399:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(message,"table -j %s",tempName);
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:426:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(message,"%s is currently unimplemented",command);
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:502:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(message,data);
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:103:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
{ printf(text) ;
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:360:16:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
      if (2 == sscanf((char*)answer,"// %s is a sub class of %[a-zA-Z_0-9]",subclass,superclass)) {
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:361:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(message,"%s is the superclass for %s",superclass,subclass);
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:400:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(message,"Error getting temp file name: %s", 
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:409:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(message,"Error creating temp table file \"%s\":%s", 
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:428:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(message,"table -j %s",tempName);
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:455:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(message,"%s is currently unimplemented",command);
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:524:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(message,data);
data/acedb-4.9.39+dfsg.02/wrpc/rpcace_sp.c:134:8:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
       sprintf(cp, "%s%d%s\n%s\n",
data/acedb-4.9.39+dfsg.02/wrpc/xclient.c:596:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  fprintf(stderr, stackText(sr,0)) ;
data/acedb-4.9.39+dfsg.02/wrpc/xclient.c:687:4:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	  system(messprintf("touch %s.done ; cat %s >> %s.done",
data/acedb-4.9.39+dfsg.02/wsocket/saceclient.c:899:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  printf(start) ;
data/acedb-4.9.39+dfsg.02/wsocket/sclient.c:269:12:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      if (!strcpy(tmp, *cp))
data/acedb-4.9.39+dfsg.02/wsocket/sclient.c:273:30:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	  if (!strcat(tmp, " ") || !strcat(tmp, answers[i]))
data/acedb-4.9.39+dfsg.02/wsocket/sclient.c:279:30:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	  if (!strcat(tmp, " ") || !strcat(tmp, passwd_str))
data/acedb-4.9.39+dfsg.02/wsocket/sclient.c:366:12:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      if (!strcpy(tmp, *cp))
data/acedb-4.9.39+dfsg.02/wsocket/sclient.c:370:30:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	  if (!strcat(tmp, " ") || !strcat(tmp, answers[i]))
data/acedb-4.9.39+dfsg.02/wsocket/sclientlib.c:372:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(phrase, words[0]) ;
data/acedb-4.9.39+dfsg.02/wsocket/sclientlib.c:376:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(phrase, words[i]) ;
data/acedb-4.9.39+dfsg.02/wsocket/serverace.c:1100:9:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    f = popen(messprintf("cd %s ; tar chf - %s %s | uuencode server.wspec.tar",
data/acedb-4.9.39+dfsg.02/wsocket/serverace.c:1104:9:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    f = popen(messprintf("cd %s ; tar chf - %s %s",
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:184:12:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	      if (strcpy(array(contents, i, char*), perm_type) == NULL
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:186:8:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		  || strcat(array(contents, i, char*), perm_level) == NULL)
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:1102:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  if (strcpy(backup_name, file_path) == NULL
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:1103:10:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      || strcat(backup_name, backup_ext) == NULL)
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:1149:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      if (strcpy(array(passwd_entries, i, char*), userid) == NULL
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:1151:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	  || strcat(array(passwd_entries, i, char*), hash) == NULL)
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:1186:12:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	      if (strcpy(array(passwd_entries, i, char*), userid) == NULL
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:1188:8:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		  || strcat(array(passwd_entries, i, char*), hash) == NULL)
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:1304:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		  if (strcpy(array(passwd_entries, i, char*), array(words, j, char*)) == NULL)
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:1312:13:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			      || strcat(array(passwd_entries, i, char*), array(words, j, char*)) == NULL)
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:1386:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		  if (strcpy(array(passwd_entries, i, char*), tmp) == NULL
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:1388:12:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		      || strcat(array(passwd_entries, i, char*), userid) == NULL)
data/acedb-4.9.39+dfsg.02/wsocket/serverclientutils.c:123:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  if (strcpy(buffer, msgType) == NULL)
data/acedb-4.9.39+dfsg.02/wsocket/sxclient.c:624:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  fprintf(stderr, stackText(sr,0)) ;
data/acedb-4.9.39+dfsg.02/wsocket/sxclient.c:715:4:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	  system(messprintf("touch %s.done ; cat %s >> %s.done",
data/acedb-4.9.39+dfsg.02/wstaden/Read.c:182:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(read->trace_name, fn);
data/acedb-4.9.39+dfsg.02/wstaden/error.c:28:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr, fmt, args);
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:325:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(seq,line);
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:589:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(&en[l1+1], &line[10]);
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:1155:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(s, str);
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:89:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(buf, "%s %s 1>/dev/null 2>/dev/null",
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:91:16:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    if ((ret = system(buf)) != 0) {
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:101:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(buf, "%s%s", file, magics[compression_used-1].extension);
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:203:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(fext, "%s%s", file, magics[i].extension);
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:216:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(buf, "%s %s 1>%s 2>/dev/null",
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:218:17:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	    if ((ret = system(buf)) == 0) {
data/acedb-4.9.39+dfsg.02/wstaden/files.c:56:14:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
    if (1 == sscanf(line, "%s", name))
data/acedb-4.9.39+dfsg.02/wstaden/find.c:15:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(wholePath,file);
data/acedb-4.9.39+dfsg.02/wstaden/find.c:21:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(paths,searchpath);
data/acedb-4.9.39+dfsg.02/wstaden/find.c:26:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    (void) strcpy(wholePath,path);
data/acedb-4.9.39+dfsg.02/wstaden/find.c:28:13:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    (void) strcat(wholePath,file);
data/acedb-4.9.39+dfsg.02/wstaden/makeSCF.c:55:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(cc, r->info);
data/acedb-4.9.39+dfsg.02/wstaden/makeSCF.c:97:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(buf, "CONV=makeSCF V3.00\nMACH=%s\nDATF=%s\nDATN=%s\n",
data/acedb-4.9.39+dfsg.02/wstaden/makeSCF.c:100:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(cp, buf);
data/acedb-4.9.39+dfsg.02/wstaden/os.h:135:9:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
#define popen _popen
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:424:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		    sprintf(line, "COMM=%s\n", commstrp);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:425:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		    strcat(comment, line);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:451:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(comment, line);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:460:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(comment, line);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:471:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(comment, line);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:487:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(comment, line);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:501:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(comment, line);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:527:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(comment, line);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:534:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(s,comment);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:615:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(read->trace_name, fn);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOALF.c:374:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(read->trace_name, fn);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOCTF.c:60:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(read->trace_name, fn);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOPlain.c:129:12:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
		if (5 == sscanf(line, "%6d%6d%6d%4c%s",
data/acedb-4.9.39+dfsg.02/wstaden/seqIOPlain.c:139:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(read->trace_name, name);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOPlain.c:214:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(read->trace_name, fn);
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:245:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(exp_get_entry(e, EFLT_EN), "%s", EN);
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:247:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(exp_get_entry(e, EFLT_ID), "%s", EN);
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:257:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(exp_get_entry(e, EFLT_LN), cp);
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:262:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(exp_get_entry(e, EFLT_LT), t);
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:322:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy (path,s);
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:325:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy (path,trace);
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:399:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(r->base, str);
data/acedb-4.9.39+dfsg.02/wzmap/stringbucket.c:74:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy((char *)(c+1), string);
data/acedb-4.9.39+dfsg.02/wzmap/zmapcalls.c:71:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(keyspec, "%s:%s", className(key), name(key));
data/acedb-4.9.39+dfsg.02/wzmap/zmapcalls.c:72:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(fromspec, "%s:%s", className(from), name(from));
data/acedb-4.9.39+dfsg.02/w1/aceout.c:624:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  char *tmpfile = getenv("TEMP");  /* allow user to override location of temp files */
data/acedb-4.9.39+dfsg.02/w1/aceout.c:661:19:  [3] (tmpfile) tempnam:
  Temporary file race condition (CWE-377).
  if (!(nameptr = tempnam(dirname, "ACEDB")))
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:568:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  char *tmpenv = getenv("TEMP");
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:584:15:  [3] (tmpfile) tempnam:
  Temporary file race condition (CWE-377).
  if (!(nam = tempnam ("/var/tmp", "ACEDB")))
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:586:15:  [3] (tmpfile) tempnam:
  Temporary file race condition (CWE-377).
  if (!(nam = tempnam(tmppath, "ACEDB")))
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:588:15:  [3] (tmpfile) tempnam:
  Temporary file race condition (CWE-377).
  if (!(nam = tempnam ("/tmp", "ACEDB")))
data/acedb-4.9.39+dfsg.02/w1/getopt.c:246:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
#ifndef getenv
data/acedb-4.9.39+dfsg.02/w1/getopt.c:247:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
extern char *getenv ();
data/acedb-4.9.39+dfsg.02/w1/getopt.c:432:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  posixly_correct = getenv ("POSIXLY_CORRECT");
data/acedb-4.9.39+dfsg.02/w1/getopt.c:1007:1:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
getopt (argc, argv, optstring)
data/acedb-4.9.39+dfsg.02/w1/getopt.c:1037:11:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
      c = getopt (argc, argv, "abc:d:0123456789");
data/acedb-4.9.39+dfsg.02/w1/getopt1.c:102:1:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
getopt_long (argc, argv, options, long_options, opt_index)
data/acedb-4.9.39+dfsg.02/w1/getopt1.c:158:11:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
      c = getopt_long (argc, argv, "abc:d:0123456789",
data/acedb-4.9.39+dfsg.02/w1/randsubs.c:34:5:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
int random(void);		/* in libc.a */
data/acedb-4.9.39+dfsg.02/w1/randsubs.c:67:10:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
  return random() ;
data/acedb-4.9.39+dfsg.02/w1/utils.c:125:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((name = getenv("USERNAME")) != NULL )
data/acedb-4.9.39+dfsg.02/w2/filquery.c:468:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    { if (getenv ("PWD"))
data/acedb-4.9.39+dfsg.02/w2/filquery.c:469:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	strcpy (dirName, getenv("PWD")) ;
data/acedb-4.9.39+dfsg.02/w2/graphascii.c:264:28:  [3] (tmpfile) tempnam:
  Temporary file race condition (CWE-377).
    { if (!(localfilname = tempnam ("/var/tmp", "AcePr")))
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:644:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((cp = getenv ("ACEDB_LPR")))
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1135:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((cp = getenv ("ACEDB_LPR")))
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1162:12:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  else if (getenv("PWD"))
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1163:32:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    strcpy (result->dirBuffer, getenv("PWD")) ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1164:13:  [3] (buffer) getwd:
  This does not protect against buffer overflows by itself, so use with
  caution (CWE-120, CWE-20). Use getcwd instead.
  else if (!getwd (result->dirBuffer))
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1222:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	  len = strlen (getenv ("ACEDB_LPR") && n == 0 ?
data/acedb-4.9.39+dfsg.02/w2/xremotemain.c:188:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (getenv("DISPLAY"))
data/acedb-4.9.39+dfsg.02/w2/xremotemain.c:190:43:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      display_str = (char*)malloc (strlen(getenv("DISPLAY")) + 1);
data/acedb-4.9.39+dfsg.02/w2/xremotemain.c:191:28:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      strcpy (display_str, getenv("DISPLAY"));
data/acedb-4.9.39+dfsg.02/w3/taqlmain.c:245:29:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
              if (!(dbDir = getenv("ACEDB")))
data/acedb-4.9.39+dfsg.02/w3/xacemain.c:279:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (!getenv("ACEDB_NO_BANNER"))
data/acedb-4.9.39+dfsg.02/w3/xclientmain.c:229:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (!getenv("ACEDB_NO_BANNER"))
data/acedb-4.9.39+dfsg.02/w4/banner.c:212:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (!getenv("ACEDB_NO_BANNER"))
data/acedb-4.9.39+dfsg.02/w4/command.c:137:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (!getenv("ACEDB_SUBSHELLS"))
data/acedb-4.9.39+dfsg.02/w4/command.c:143:34:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (aceInIsInteractive(fi) && !getenv("ACEDB_NO_BANNER"))
data/acedb-4.9.39+dfsg.02/w4/command.c:3629:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		char *ad_string = getenv("AQL_DEBUG_LEVEL");
data/acedb-4.9.39+dfsg.02/w4/dbpath.c:48:32:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    dbpath_from_command_line = getenv("ACEDB");
data/acedb-4.9.39+dfsg.02/w4/dbpath.c:69:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (getenv("ACEDB_COMMON"))
data/acedb-4.9.39+dfsg.02/w4/dbpath.c:70:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    commondir = getenv("ACEDB_COMMON");
data/acedb-4.9.39+dfsg.02/w4/dbpath.c:129:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (!getenv ("ACEDB_NO_BANNER"))
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:1323:12:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      if (!getenv("ACEDB_NO_BANNER"))
data/acedb-4.9.39+dfsg.02/w4/parse.c:445:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      if (getenv ("ACEDB_DATA"))
data/acedb-4.9.39+dfsg.02/w4/parse.c:446:31:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	strcpy (pdisp->dirSelection, getenv("ACEDB_DATA")) ;
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:345:6:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if(getenv("HOME"))
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:347:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      strcat(filename,getenv("HOME"));
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:380:6:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if(getenv("HOME"))
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:382:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      strcpy(filename,getenv("HOME"));
data/acedb-4.9.39+dfsg.02/w4/session.c:802:24:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (euid != ruid && !getenv("ACEDB_NO_BANNER"))
data/acedb-4.9.39+dfsg.02/w4/session.c:987:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      (getenv("ACEDB_NO_BANNER") ? FALSE : TRUE);
data/acedb-4.9.39+dfsg.02/w4/session.c:1972:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	  if (!getenv("ACEDB_NO_BANNER"))
data/acedb-4.9.39+dfsg.02/w4/session.c:2006:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	  if (getenv ("ACEDB_CHANGE_MAIN_RELEASE")) /* override */
data/acedb-4.9.39+dfsg.02/w4/session.c:3263:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (getenv ("ACEDB_NO_AUTOSAVE")) return 0 ;
data/acedb-4.9.39+dfsg.02/w4/update.c:169:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (getenv ("ACEDB_DATA"))
data/acedb-4.9.39+dfsg.02/w4/update.c:170:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    strcpy (fileName, getenv("ACEDB_DATA")) ;
data/acedb-4.9.39+dfsg.02/w5/disknew.c:798:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (getenv ("ACEDB_DEBUG"))
data/acedb-4.9.39+dfsg.02/w6/bsdumps.c:254:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      if ((s = getenv ("ACEDB_BREAK")))
data/acedb-4.9.39+dfsg.02/w6/bsdumps.c:259:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      if (getenv ("ACEDB_DUMP_ATTACH"))
data/acedb-4.9.39+dfsg.02/w6/nicedump.c:236:12:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      qm = getenv("ACEQM"); /* quote mark for perl output */
data/acedb-4.9.39+dfsg.02/w6/querydisp.c:684:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (getenv("ACEDB_AUTOSAVE")) {
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3274:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	    if (getenv ("ACEDB_DATA")) 
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3276:20:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		strcpy (dirName, getenv("ACEDB_DATA")) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:4048:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      if (getenv ("ACEDB_DATA")) 
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:4050:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	  strcpy (dirName, getenv("ACEDB_DATA")) ;
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:3288:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (!getenv("ACEDB_PROJECT") && (look->zoneMax - look->zoneMin < 1000))
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:5803:12:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      if (!getenv("ACEDB_PROJECT") && (look->zoneMax - look->zoneMin < 1000))
data/acedb-4.9.39+dfsg.02/w7/pmapdisp.c:267:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      if (getenv ("ACEDB_CONTIG9"))
data/acedb-4.9.39+dfsg.02/w9/asn.c:1466:58:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (bsFindTag(Seq, _Database) && bsFlatten(Seq,3,a) && getenv("ASNACCESSION") == NULL) {
data/acedb-4.9.39+dfsg.02/w9/asn.c:2072:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	gAsnDebug = (getenv("ASNDEBUG") != NULL);
data/acedb-4.9.39+dfsg.02/w9/asn.c:2075:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	asnauto = (getenv("ASNAUTO") != NULL);
data/acedb-4.9.39+dfsg.02/w9/asn.c:2078:24:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	asncase = (asnauto && getenv("ASNCASE") != NULL);
data/acedb-4.9.39+dfsg.02/w9/asn.c:2081:26:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	asnprompt = (asnauto && getenv("ASNPROMPT") != NULL);
data/acedb-4.9.39+dfsg.02/w9/asn.c:2084:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	ptype = getenv("ACEDB_PROJECT");
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4036:5:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    srand(time(0));
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4047:18:  [3] (random) drand48:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	    src = (int)(drand48()*maxLen);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5009:20:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((optc = getopt(argc, argv, optstring)) != -1)
data/acedb-4.9.39+dfsg.02/w9/blxmain.c:164:18:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
  while ((optc = getopt(argc, argv, optstring)) != EOF )
data/acedb-4.9.39+dfsg.02/w9/blxselect.c:340:20:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((optc = getopt(argc, argv, optstring)) != -1)
data/acedb-4.9.39+dfsg.02/w9/blxview.c:909:31:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		if (!browser && !(browser = getenv("BLIXEM_WWW_BROWSER")))
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1634:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (pfetch || (getenv("BLIXEM_FETCH_PFETCH")))
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1639:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  else if ((URL = getenv("BLIXEM_FETCH_WWW")))
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1641:12:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  else if (getenv("BLIXEM_FETCH_EFETCH"))
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1682:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	  else if ((net_id = getenv("BLIXEM_PFETCH")))
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1687:24:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	      if ((port_str = getenv("BLIXEM_PORT")))
data/acedb-4.9.39+dfsg.02/w9/diskdump.c:63:50:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      sprintf(filename,"%s/database/block1.wrm", getenv("ACEDB")) ;
data/acedb-4.9.39+dfsg.02/w9/diskdump.c:106:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	   d, getenv ("ACEDB")) ;
data/acedb-4.9.39+dfsg.02/w9/diskfix.c:65:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (!getenv ("ACEDB"))
data/acedb-4.9.39+dfsg.02/w9/diskfix.c:67:48:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  sprintf (filename, "%s/database/blocks.wrm", getenv("ACEDB")) ;
data/acedb-4.9.39+dfsg.02/w9/dotter.c:2539:29:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    path = messalloc(strlen(getenv("PATH"))+1);
data/acedb-4.9.39+dfsg.02/w9/dotter.c:2543:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    strcpy(path, getenv("PATH"));
data/acedb-4.9.39+dfsg.02/w9/dotter.c:2611:35:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		    "($PATH=%s)", dotterBinary, getenv("PATH"));
data/acedb-4.9.39+dfsg.02/w9/dotter.c:3099:37:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      if (!alignmentInitialized && !getenv("ACEDB_PROJECT"))
data/acedb-4.9.39+dfsg.02/w9/dotter.c:3352:36:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	!(fil = fopen(messprintf("%s/%s", getenv("BLASTMAT"), mtxfile), "r")))
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:244:20:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((optc = getopt(argc, argv, optstring)) != EOF)
data/acedb-4.9.39+dfsg.02/w9/efetch.c:47:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (env = getenv("SWDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:53:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (env = getenv("PIRDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:59:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (env = getenv("WORMDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:66:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (env = getenv("EMBLDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:72:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (env = getenv("GBDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:78:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (env = getenv("PRODOMDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:84:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (env = getenv("PROSITEDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:206:18:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
  while ((optc = getopt(argc, argv, optstring)) != -1)
data/acedb-4.9.39+dfsg.02/w9/efetch.c:339:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      if (env = getenv("DBDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:381:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      if (env = getenv("DBDIR")) {
data/acedb-4.9.39+dfsg.02/w9/efetch.c:405:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    env = getenv("SEQDBIDX");
data/acedb-4.9.39+dfsg.02/w9/efetch.c:418:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    env = getenv("DIVTABL");
data/acedb-4.9.39+dfsg.02/w9/efetch.c:532:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    env = getenv("SEQDB");
data/acedb-4.9.39+dfsg.02/w9/fetch.c:43:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (env = getenv("SWDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:49:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (env = getenv("PIRDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:55:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (env = getenv("WORMDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:63:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (env = getenv("EMBLDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:69:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (env = getenv("GBDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:75:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (env = getenv("PRODOMDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:83:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (env = getenv("PROSITEDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:146:18:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
  while ((optc = getopt(argc, argv, optstring)) != -1)
data/acedb-4.9.39+dfsg.02/w9/fetch.c:240:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      if (env = getenv("DBDIR")) strcpy(dbdir, env);
data/acedb-4.9.39+dfsg.02/w9/fetch.c:282:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      if (env = getenv("DBDIR")) {
data/acedb-4.9.39+dfsg.02/w9/fetch.c:306:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    env = getenv("SEQDBIDX");
data/acedb-4.9.39+dfsg.02/w9/fetch.c:319:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    env = getenv("DIVTABL");
data/acedb-4.9.39+dfsg.02/w9/fetch.c:433:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    env = getenv("SEQDB");
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:954:70:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      { messout("I can't scan line %d of the GF_TABLES file: %s", i, getenv("GF_TABLES")) ;
data/acedb-4.9.39+dfsg.02/w9/readseq.c:214:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (getenv ("BLASTMAT")) 
data/acedb-4.9.39+dfsg.02/w9/readseq.c:215:25:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    strcpy (matdirname, getenv ("BLASTMAT")) ;
data/acedb-4.9.39+dfsg.02/wabi/basecall.c:594:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((cp = getenv ("SCF_DATA")))
data/acedb-4.9.39+dfsg.02/wabi/basecall.c:620:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((cp = getenv ("CTF_DATA")))
data/acedb-4.9.39+dfsg.02/wac/acclient_socket.c:106:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	fname = getenv("ACEDB_USERNAME");
data/acedb-4.9.39+dfsg.02/wace/pmapace.c:116:22:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (!(acedb_data = getenv ("ACEDB_DATA")))
data/acedb-4.9.39+dfsg.02/wace/stockace.c:566:22:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (!(acedb_data = getenv ("ACEDB_DATA")))
data/acedb-4.9.39+dfsg.02/wdce/aceservercontrolpanel.cpp:74:24:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            if( strcmp(getenv("OS"),"Windows_NT") )
data/acedb-4.9.39+dfsg.02/wdce/asinstall.cpp:60:22:  [3] (misc) LoadLibrary:
  Ensure that the full path to the library is specified, or current directory
  may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
  find library path, if you aren't already.
    if( (hModule = ::LoadLibrary("ASConfig.cpl")) != NULL )
data/acedb-4.9.39+dfsg.02/wh/dbidx.h:78:16:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
               getopt(),
data/acedb-4.9.39+dfsg.02/wh/getopt.h:180:12:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
extern int getopt (int __argc, char *const *__argv, const char *__shortopts);
data/acedb-4.9.39+dfsg.02/wh/getopt.h:182:12:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
extern int getopt ();
data/acedb-4.9.39+dfsg.02/wh/getopt.h:186:12:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
extern int getopt_long (int __argc, char *const *__argv, const char *__shortopts,
data/acedb-4.9.39+dfsg.02/wh/getopt.h:199:12:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
extern int getopt ();
data/acedb-4.9.39+dfsg.02/wh/getopt.h:201:12:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
extern int getopt_long ();
data/acedb-4.9.39+dfsg.02/wh/mydirent.h:73:9:  [3] (buffer) getwd:
  This does not protect against buffer overflows by itself, so use with
  caution (CWE-120, CWE-20). Use getcwd instead.
#define getwd(buf) getcwd(buf,MAXPATHLEN - 2) 
data/acedb-4.9.39+dfsg.02/wh/mydirent.h:75:14:  [3] (buffer) getwd:
  This does not protect against buffer overflows by itself, so use with
  caution (CWE-120, CWE-20). Use getcwd instead.
extern char *getwd(char *pathname) ;
data/acedb-4.9.39+dfsg.02/wh/mystdlib.h:370:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
char   * getenv    (const char *name);
data/acedb-4.9.39+dfsg.02/wh/mystdlib.h:458:11:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
char      getopt   (int c, char **s1, char *s2);
data/acedb-4.9.39+dfsg.02/win32/winaceshell.c:45:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (getenv ("ACEDB"))
data/acedb-4.9.39+dfsg.02/win32/winaceshell.c:46:36:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    cygwin_conv_to_full_win32_path(getenv("ACEDB"), cwd);
data/acedb-4.9.39+dfsg.02/wnq/bindex.c:1045:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (getenv("ACEDB_NO_INDEX"))  /* if true, indices wont be used, even if available */
data/acedb-4.9.39+dfsg.02/wnq/bindex.c:1054:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (getenv("ACEDB_INDEX")) 
data/acedb-4.9.39+dfsg.02/wrpc/aceserver.c:874:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  cp = getenv ("HOST") ; if (!cp) cp = "(unknown)" ;
data/acedb-4.9.39+dfsg.02/wrpc/acesyb.c:601:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (getenv("AY_TRACE")) {
data/acedb-4.9.39+dfsg.02/wrpc/acesyb.c:602:12:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    sscanf(getenv("AY_TRACE"),"%d",&ayTrace);
data/acedb-4.9.39+dfsg.02/wrpc/acesyb.c:607:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (getenv("AY_CACHE")) {
data/acedb-4.9.39+dfsg.02/wrpc/acesyb.c:608:12:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    sscanf(getenv("AY_CACHE"),"%d",&ayMaxSize);
data/acedb-4.9.39+dfsg.02/wrpc/acesyb.c:625:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (!(AY_USER=getenv("AY_USER")))
data/acedb-4.9.39+dfsg.02/wrpc/acesyb.c:627:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (!(AY_PW=getenv("AY_PW")))
data/acedb-4.9.39+dfsg.02/wrpc/acesybase.c:243:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
   if (getenv("ACESYBASE_TRACE")) {
data/acedb-4.9.39+dfsg.02/wrpc/acesybase.c:244:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
     sscanf(getenv("ACESYBASE_TRACE"),"%d",&acesybaseTrace);
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:372:20:  [3] (tmpfile) tempnam:
  Temporary file race condition (CWE-377).
  if (!(tempName = tempnam("/var/tmp", ".acenetcl"))) {
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:399:20:  [3] (tmpfile) tempnam:
  Temporary file race condition (CWE-377).
  if (!(tempName = tempnam("/var/tmp", ".acenetcl"))) {
data/acedb-4.9.39+dfsg.02/wsocket/serverace.c:1332:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  cp = getenv("HOST") ;
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:451:7:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
  int random ;
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:455:35:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
  char random_str[MAKE_INT_STRING(random)] ;
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:477:36:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
      || sprintf(random_str, "%d", random) < 1
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:131:17:  [3] (tmpfile) tmpnam:
  Temporary file race condition (CWE-377).
    if (NULL == tmpnam(fname))
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:181:26:  [3] (tmpfile) tmpnam:
  Temporary file race condition (CWE-377).
    if (NULL == (fname = tmpnam(NULL)))
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:290:5:  [3] (tmpfile) tmpnam:
  Temporary file race condition (CWE-377).
    tmpnam(fname);
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:318:27:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        rawData = (char *)getenv ("RAWDATA");
data/acedb-4.9.39+dfsg.02/w1/acein.c:70:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char special[MAXSPECIAL] ;
data/acedb-4.9.39+dfsg.02/w1/acein.c:88:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char special[256] ;
data/acedb-4.9.39+dfsg.02/w1/acein.c:253:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char path[MAXPATHLEN];
data/acedb-4.9.39+dfsg.02/w1/acein.c:512:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
  strcat(fi->stream[fi->streamlevel].prompt, "> ");
data/acedb-4.9.39+dfsg.02/w1/acein.c:1981:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (fi->card, oldCard, fi->maxcard/2) ;
data/acedb-4.9.39+dfsg.02/w1/acein.c:2147:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char args[MAXPATHLEN+10];
data/acedb-4.9.39+dfsg.02/w1/aceout.c:635:3:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	(tmpfile ? tmpfile : "/var/tmp") ;
data/acedb-4.9.39+dfsg.02/w1/aceout.c:635:13:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	(tmpfile ? tmpfile : "/var/tmp") ;
data/acedb-4.9.39+dfsg.02/w1/aceout.c:637:10:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
        (tmpfile ? tmpfile : "/cygdrive/c/Temp") ;
data/acedb-4.9.39+dfsg.02/w1/aceout.c:637:20:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
        (tmpfile ? tmpfile : "/cygdrive/c/Temp") ;
data/acedb-4.9.39+dfsg.02/w1/aceout.c:639:10:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
        (tmpfile ? tmpfile : "/tmp") ;
data/acedb-4.9.39+dfsg.02/w1/aceout.c:639:20:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
        (tmpfile ? tmpfile : "/tmp") ;
data/acedb-4.9.39+dfsg.02/w1/arraysub.c:244:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (new,a->base,a->size*a->max) ;
data/acedb-4.9.39+dfsg.02/w1/arraysub.c:305:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(new->base, old->base, old->dim * old->size);
data/acedb-4.9.39+dfsg.02/w1/arraysub.c:327:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  memcpy(b->base, a->base + x1, b->max * b->size);
data/acedb-4.9.39+dfsg.02/w1/arraysub.c:795:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(s->a->base, a->base, n) ;
data/acedb-4.9.39+dfsg.02/w1/arraysub.c:960:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(s->ptr,data,size);
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:347:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char posix[PATH_MAX];
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:542:24:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  else  if (!(result = fopen (stackText(s, 0), spec)))
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:569:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tmppath[PATH_MAX];
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:808:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	*dName, entryPathName[MAXPATHLEN], *leaf ;
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:912:21:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	  if ((curr_file = open(curr_name, O_RDONLY, 0)) == -1)
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:921:23:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      if ((new_file = open(new_name, O_WRONLY|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR)) == -1)
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:994:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char time_modified_str[25];
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:69:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char special[24] ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:137:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (card, oldCard, maxcard/2) ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:147:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char special[256] ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:244:28:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	      for (cp = (unsigned char *) stackText (parStack, 
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1304:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat (cq, "&lt;") ; cq += 4 ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1308:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat (cq, "&gt;") ; cq += 4 ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1312:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat (cq, "&quot;") ; cq += 6 ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1316:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat (cq, "&apos;") ; cq += 6 ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1320:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat (cq, "&amp;") ; cq += 5 ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1324:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat (cq, "&amp;") ; cq += 5 ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1413:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char ace_time[25] ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1421:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char ace_time[25] ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1430:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char buf[25] ;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:171:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char filename_array[MAXPATHLEN] = "";
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:365:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char link_path_array[MAXPATHLEN] = "";
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:612:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf (cp,
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:625:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf (cp, "</UL>\n") ;
data/acedb-4.9.39+dfsg.02/w1/memsubs.c:159:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buffer[512] ;				    /* Don't use dynamic buffer because of */
data/acedb-4.9.39+dfsg.02/w1/memsubs.c:178:12:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	      if (sprintf(&(buffer[0]),
data/acedb-4.9.39+dfsg.02/w1/messubs.c:155:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char messbuf[BUFSIZE] ;
data/acedb-4.9.39+dfsg.02/w1/messubs.c:495:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char prefix[2056] ;
data/acedb-4.9.39+dfsg.02/w1/messubs.c:828:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char errmess[ERRBUFSIZE] ;
data/acedb-4.9.39+dfsg.02/w1/msort.c:67:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (b0, b1, n1 * sizeof (int)) ;
data/acedb-4.9.39+dfsg.02/w1/msort.c:68:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (b, buf, (n - n2) * sizeof (int)) ;
data/acedb-4.9.39+dfsg.02/w1/msort.c:91:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  memcpy (b0, b1, s) ;
data/acedb-4.9.39+dfsg.02/w1/msort.c:96:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  memcpy (b0, b2, s) ;
data/acedb-4.9.39+dfsg.02/w1/msort.c:102:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (b0, b1, n1 * s) ;
data/acedb-4.9.39+dfsg.02/w1/msort.c:103:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (b, buf, (n - n2) * s) ;
data/acedb-4.9.39+dfsg.02/w1/msort.c:111:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char  sBuf [4*1024] ;
data/acedb-4.9.39+dfsg.02/w1/texthelp.c:76:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[10000] ;	/* text-buffer for wordwrapping */
data/acedb-4.9.39+dfsg.02/w1/utils.c:349:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	secs = atoi(secs_str) ;
data/acedb-4.9.39+dfsg.02/w1/vtxt.c:283:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (cp, txt, len) ;
data/acedb-4.9.39+dfsg.02/w2/colcontrol.c:782:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	      char tmp[2];
data/acedb-4.9.39+dfsg.02/w2/filquery.c:45:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char file_filter[32], file_spec[3];
data/acedb-4.9.39+dfsg.02/w2/filquery.c:61:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char address[128] ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:344:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tempName[DIR_BUFFER_SIZE] ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:422:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char defaultDir[DIR_BUFFER_SIZE], defaultFile[FIL_BUFFER_SIZE] ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:436:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char path[MAXPATHLEN] ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:459:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(file_filter, "*.*") ; /* selecting files */
data/acedb-4.9.39+dfsg.02/w2/gex.c:143:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char defaultDir[DIR_BUFFER_SIZE], defaultFile[FIL_BUFFER_SIZE];
data/acedb-4.9.39+dfsg.02/w2/gex.c:662:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char selectedPath[MAX_PATH];
data/acedb-4.9.39+dfsg.02/w2/gex.c:663:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char winPath[MAX_PATH];
data/acedb-4.9.39+dfsg.02/w2/gex.c:666:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char path[FIL_BUFFER_SIZE+DIR_BUFFER_SIZE];
data/acedb-4.9.39+dfsg.02/w2/gex.c:718:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char types_buff[400]; /* So sue me */
data/acedb-4.9.39+dfsg.02/w2/gex.c:917:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char path[FIL_BUFFER_SIZE+DIR_BUFFER_SIZE];
data/acedb-4.9.39+dfsg.02/w2/gex.c:2249:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char file_name[20+1];
data/acedb-4.9.39+dfsg.02/w2/gexhelp.c:121:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char      currHelpFilename[MAXPATHLEN];
data/acedb-4.9.39+dfsg.02/w2/gexhelp.c:406:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char fname[FIL_BUFFER_SIZE], dname[DIR_BUFFER_SIZE];
data/acedb-4.9.39+dfsg.02/w2/gexhelp.c:407:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char helpFilename[DIR_BUFFER_SIZE+FIL_BUFFER_SIZE];
data/acedb-4.9.39+dfsg.02/w2/gexhelp.c:596:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char buf[10000];	/* for word wrapping ops */
data/acedb-4.9.39+dfsg.02/w2/gexhelp.c:941:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    if (!(fil = fopen (filename, "rb")) ||
data/acedb-4.9.39+dfsg.02/w2/graphascii.c:101:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ char space[301] ;
data/acedb-4.9.39+dfsg.02/w2/graphascii.c:269:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if (!(fil = fopen (localfilname,"w")))
data/acedb-4.9.39+dfsg.02/w2/graphcon.c:1976:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf (text, "%d", *p) ;
data/acedb-4.9.39+dfsg.02/w2/graphcon.c:1986:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf (text, "%.4g", *p) ;
data/acedb-4.9.39+dfsg.02/w2/graphcon.c:2059:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	  sprintf(e->text, "%d", *(int*)e->p) ;
data/acedb-4.9.39+dfsg.02/w2/graphcon.c:2063:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	  sprintf(e->text, "%.4g", *(float*)e->p) ;
data/acedb-4.9.39+dfsg.02/w2/graphgdi.c:351:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		  memcpy(ip, lineaddr, line);
data/acedb-4.9.39+dfsg.02/w2/graphgdi.c:632:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char selectedPath[MAX_PATH];
data/acedb-4.9.39+dfsg.02/w2/graphgdk.c:97:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *fontNames[4][6] =
data/acedb-4.9.39+dfsg.02/w2/graphgdk.c:130:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *fontNames[4][6] =
data/acedb-4.9.39+dfsg.02/w2/graphgdk.c:613:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buf[2];
data/acedb-4.9.39+dfsg.02/w2/graphgdkremote.c:438:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	      memcpy(new, comma, comma_len) ;
data/acedb-4.9.39+dfsg.02/w2/graphgdkremote.c:477:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char winname[MAX_PATH];
data/acedb-4.9.39+dfsg.02/w2/graphgif.c:263:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	      char buf[2] ;
data/acedb-4.9.39+dfsg.02/w2/graphgtk.c:1125:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(copyCommand, commandText, nitems);
data/acedb-4.9.39+dfsg.02/w2/graphmesglist.c:516:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char fname[FIL_BUFFER_SIZE]="", dname[DIR_BUFFER_SIZE]="" ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:80:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char printerBuffer[80] ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:82:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char dirBuffer[MAXPATHLEN] ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:83:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char filBuffer[FIL_BUFFER_SIZE] ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:84:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char copyBuffer[MAXPATHLEN+FIL_BUFFER_SIZE+5] ; /* +5 for extension */
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:85:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char mailerBuffer[80] ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:86:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char titleBuffer[80] ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:93:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char scaleText[10] ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:97:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char pageText[5] ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:636:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[MAXC], *cp ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:760:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf (pd->pageText, "%d", pd->pages) ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1093:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf (pd->pageText, "%d", pd->pages) ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1153:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy (result->printerBuffer, "lpr") ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1174:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *cp, fb[FIL_BUFFER_SIZE] ;
data/acedb-4.9.39+dfsg.02/w2/graphps.c:287:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	  unsigned char hexVal[256]; 
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:152:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char map[256] ;
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:156:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(map, newMap, 256);
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:1138:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char directory[DIR_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:1139:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char filename[FIL_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w2/graphtest.c:112:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char prompt[128] = "Initial test prompt" ;
data/acedb-4.9.39+dfsg.02/w2/viewedit.c:140:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char buf[200];
data/acedb-4.9.39+dfsg.02/w3/xacemain.c:80:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char dirName[DIR_BUFFER_SIZE];
data/acedb-4.9.39+dfsg.02/w4/banner.c:183:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char params[256];
data/acedb-4.9.39+dfsg.02/w4/banner.c:185:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf (params, "%d %d %d", 
data/acedb-4.9.39+dfsg.02/w4/command.c:370:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    { FILE *f = fopen ("seqused.ace","w") ;
data/acedb-4.9.39+dfsg.02/w4/command.c:1222:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	  char dumpDir[DIR_BUFFER_SIZE] = "" ;
data/acedb-4.9.39+dfsg.02/w4/command.c:2247:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char buf0[2] = {0, '\n'} ;
data/acedb-4.9.39+dfsg.02/w4/command.c:2248:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char buf [3] ;
data/acedb-4.9.39+dfsg.02/w4/command.c:3632:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		    aql_debug_level = atoi (ad_string);
data/acedb-4.9.39+dfsg.02/w4/command.c:3683:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char buf0[2] = {0, '\n'} ;
data/acedb-4.9.39+dfsg.02/w4/command.c:3684:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char buft [2] ;
data/acedb-4.9.39+dfsg.02/w4/command.c:4061:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char time_last_modified[25] = "" ;
data/acedb-4.9.39+dfsg.02/w4/commandmenu.c:501:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	  char *word, prev_word[1000] ;
data/acedb-4.9.39+dfsg.02/w4/dbpath.c:101:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		      char buff[256];
data/acedb-4.9.39+dfsg.02/w4/dump.c:95:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char dumpDir[DIR_BUFFER_SIZE] = "";         /* use this to choose where to dump too */
data/acedb-4.9.39+dfsg.02/w4/dump.c:259:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
              char buf[2] ;
data/acedb-4.9.39+dfsg.02/w4/dump.c:369:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
              char buf[2] ;
data/acedb-4.9.39+dfsg.02/w4/dump.c:469:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char date[12] ;
data/acedb-4.9.39+dfsg.02/w4/dump.c:470:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[DIR_BUFFER_SIZE+FIL_BUFFER_SIZE] ;
data/acedb-4.9.39+dfsg.02/w4/dump.c:497:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
  strcat (name, ".ace");
data/acedb-4.9.39+dfsg.02/w4/dump.c:524:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char directory[DIR_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w4/dump.c:525:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char filename[FIL_BUFFER_SIZE] = "parse_log";
data/acedb-4.9.39+dfsg.02/w4/dump.c:602:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char dirSelection[DIR_BUFFER_SIZE] = "" ;
data/acedb-4.9.39+dfsg.02/w4/dump.c:603:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char fileSelection[FIL_BUFFER_SIZE] = "" ;
data/acedb-4.9.39+dfsg.02/w4/dump.c:697:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char dump_prefix[FIL_BUFFER_SIZE] = "" ;
data/acedb-4.9.39+dfsg.02/w4/dump.c:746:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  memcpy(dump_prefix, fileSelection, bytes) ;
data/acedb-4.9.39+dfsg.02/w4/dump.c:997:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char directory[DIR_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w4/dump.c:998:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char filename[FIL_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w4/gifcommand.c:366:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		  char fileName[MAXPATHLEN] ;
data/acedb-4.9.39+dfsg.02/w4/gifcommand.c:378:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		    strcat (fileName, ".ps");
data/acedb-4.9.39+dfsg.02/w4/gifcommand.c:423:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		  char fileName[MAXPATHLEN];
data/acedb-4.9.39+dfsg.02/w4/gifcommand.c:609:26:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		      else if (!(fil = fopen (word, "w")))
data/acedb-4.9.39+dfsg.02/w4/gifcommand.c:627:26:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		      else if (!(fil = fopen (word, "w")))
data/acedb-4.9.39+dfsg.02/w4/logsubs.c:67:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char   logfile_host[MAXHOSTNAMELEN + 1] = "" ;
data/acedb-4.9.39+dfsg.02/w4/logsubs.c:278:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char logFileBackupName[MAXPATHLEN];		    /* This is not actually going to do
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:91:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char   template[TEMPLATE_LENGTH] ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:96:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char   whatdoIdoText[ACTIVITY_LENGTH] ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:704:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char buffer[80] ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:1837:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(pick->whatdoIdoText, "Ready") ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:2087:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char localText[256] , lastText[256] ;
data/acedb-4.9.39+dfsg.02/w4/model.c:142:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *cp, *word, buf[2], inQuotes = 0;
data/acedb-4.9.39+dfsg.02/w4/model.c:175:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	  fil = fopen (aceTmpGetFileName(tmp_sysmodel), "r");
data/acedb-4.9.39+dfsg.02/w4/model.c:185:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	      fil = fopen (cp, "r");
data/acedb-4.9.39+dfsg.02/w4/model.c:426:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    { char buf[256] ;
data/acedb-4.9.39+dfsg.02/w4/model.c:448:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *cp, buf [256] ;
data/acedb-4.9.39+dfsg.02/w4/model.c:491:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char buf[256]; /* recursive routine, save memory */
data/acedb-4.9.39+dfsg.02/w4/newkey.c:63:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char nameText[128] ;
data/acedb-4.9.39+dfsg.02/w4/newkey.c:67:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char classNameBuf[32] = {'\0'} ;
data/acedb-4.9.39+dfsg.02/w4/parse.c:142:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *parse_err_typestrings[4] = {"update", "general", "array", "object"} ;
data/acedb-4.9.39+dfsg.02/w4/parse.c:259:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char itemText[64], lineText[64], nparsedText[64], nokText[64], nerrorText[64] ;
data/acedb-4.9.39+dfsg.02/w4/parse.c:260:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char dirSelection[DIR_BUFFER_SIZE];
data/acedb-4.9.39+dfsg.02/w4/parse.c:261:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char fileSelection[FIL_BUFFER_SIZE];
data/acedb-4.9.39+dfsg.02/w4/parse.c:1259:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    char buf[128] ;
data/acedb-4.9.39+dfsg.02/w4/parse.c:1263:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf (buf, "%1.7g", bigfloat) ; sscanf (buf, "%f", &fx) ;
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:116:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[256];
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:119:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char prefbuff[256];
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:280:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char namebuff[255];
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:281:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char valbuff[255];
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:301:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	       sprintf(valbuff, "%d", item->value.ival);
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:307:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	       sprintf(valbuff, "%d", item->value.ival); 
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:313:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	       sprintf(valbuff, "%f", item->value.fval); 
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:333:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char filename[MAXPATHLEN] = "";
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:350:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
  strcat(filename,".acedbrc");
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:375:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char filename[FIL_BUFFER_SIZE];
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:383:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
      strcat(filename,"/.acedbrc");
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:446:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(item.name,"OLD_STYLE_MAIN_WINDOW");
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:455:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(item.name,"AUTO_DISPLAY");
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:474:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(item.name,"HORIZONTAL_TREE");
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:483:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(item.name,"ACTION_MENU_IN_TREE_DISPLAY");
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:492:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(item.name,"NO_MESSAGE_WHEN_DISPLAY_BLOCK");
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:516:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(item.name,"TAG_COLOUR_IN_TREE_DISPLAY");
data/acedb-4.9.39+dfsg.02/w4/session.c:1332:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      lockFd = open(filename, O_RDONLY);
data/acedb-4.9.39+dfsg.02/w4/session.c:1349:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  lockFd = open (filename, O_RDWR | O_CREAT | O_SYNC, 0644) ;
data/acedb-4.9.39+dfsg.02/w4/session.c:1823:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char dbname[32] = "";
data/acedb-4.9.39+dfsg.02/w4/session.c:1927:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char fullFileName[MAXPATHLEN];
data/acedb-4.9.39+dfsg.02/w4/session.c:2121:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy (thisSession.name, "Empty_db") ;
data/acedb-4.9.39+dfsg.02/w4/session.c:2803:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  f = fopen (name, "a");
data/acedb-4.9.39+dfsg.02/w4/session.c:3524:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char readlock_filename[MAXPATHLEN] = "";
data/acedb-4.9.39+dfsg.02/w4/session.c:3628:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char host_name[100];
data/acedb-4.9.39+dfsg.02/w4/session.c:3649:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fd = open(readlock_filename, O_RDWR | O_CREAT | O_SYNC, 0666);
data/acedb-4.9.39+dfsg.02/w4/session.c:3703:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *f = fopen(readlock_filename, "a");
data/acedb-4.9.39+dfsg.02/w4/session.c:3718:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char host_name[100];
data/acedb-4.9.39+dfsg.02/w4/session.c:3720:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char new_filename[MAXPATHLEN] = "";
data/acedb-4.9.39+dfsg.02/w4/session.c:3801:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char lockfile_name[MAXPATHLEN];
data/acedb-4.9.39+dfsg.02/w4/session.c:3805:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char file_host_name[100];
data/acedb-4.9.39+dfsg.02/w4/status.c:451:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char ww[1000] ;
data/acedb-4.9.39+dfsg.02/w4/tabledefio.c:322:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[2] ;
data/acedb-4.9.39+dfsg.02/w4/tabledefio.c:554:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char parse_special[24];
data/acedb-4.9.39+dfsg.02/w4/tabledefio.c:582:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy (parse_special, "\n\t/@\\");	/* exclude % */
data/acedb-4.9.39+dfsg.02/w4/tabledefio.c:584:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy (parse_special, "\n\t/@%\\"); /* include % */
data/acedb-4.9.39+dfsg.02/w4/tabledefio.c:954:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char oneCharBuf[2];
data/acedb-4.9.39+dfsg.02/w4/tabledefsubs.c:565:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(c1, c, sizeof(COL)) ;
data/acedb-4.9.39+dfsg.02/w4/update.c:163:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char fileName[256] , * fn;
data/acedb-4.9.39+dfsg.02/w5/acache.c:110:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                 ACACHE up , next ; char format[32] ;
data/acedb-4.9.39+dfsg.02/w5/adisk.c:65:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dbName[32] ; /* added as of release 4.3 */
data/acedb-4.9.39+dfsg.02/w5/adisk.c:73:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[1024] ;     /* the actual file name */
data/acedb-4.9.39+dfsg.02/w5/adisk.c:684:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      f =  fopen(p->name, "wb") ;
data/acedb-4.9.39+dfsg.02/w5/adisk.c:692:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      f =  fopen(p->name, "ab") ;
data/acedb-4.9.39+dfsg.02/w5/adisk.c:730:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	p->r = open(p->name, O_RDONLY | O_BINARY | syncMode, 0); 
data/acedb-4.9.39+dfsg.02/w5/adisk.c:740:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	p->w = open(p->name, O_WRONLY | O_BINARY | syncMode, 0); 
data/acedb-4.9.39+dfsg.02/w5/disknew.c:167:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char hostname[LG_NAME];				    /* machine on which is the partition */
data/acedb-4.9.39+dfsg.02/w5/disknew.c:168:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char fileSystem[LG_NAME];				    /* partition file system or "ACEDN if
data/acedb-4.9.39+dfsg.02/w5/disknew.c:170:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char fileName[LG_NAME];				    /* file name or "NONE" if not a file
data/acedb-4.9.39+dfsg.02/w5/disknew.c:442:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      blockfile = fopen(pnam, "ab");
data/acedb-4.9.39+dfsg.02/w5/disknew.c:453:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      blockfile = fopen(pnam, "wb") ;
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1022:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      fd = open(partName, mode, 0);
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1050:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      { memcpy(&copyBlock, bp, sizeof(BLOCK));
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1141:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      fd = open(partName, O_RDONLY | O_BINARY ,0);
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1256:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fd = open (partitionName, O_RDONLY);
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1473:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(pp->hostname, "local");
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1474:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(pp->fileSystem, "ACEDB");
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1475:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(pp->fileName, "blocks.wrm");
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1608:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char fileSystem[256], fileName[256], mapString[256] ;
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1618:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( mapString, "%d %d\n", totalNbPartitions_L, lastPartition_L) ;
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1627:36:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      if (!strlen(pp->fileSystem)) strcpy(fileSystem, "ACEDB");
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1628:36:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      if (!strlen(pp->fileName))   strcpy(fileName, "NONE");
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1652:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char fileSystem[256], fileName[256];
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1659:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fil = fopen(mapName, "w");
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1684:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(fileSystem, "ACEDB");
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1687:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(fileName, "NONE");
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1730:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(pp->hostname, "local");
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1732:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(pp->fileName, "blocks.wrm");
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1864:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char error_text[5000] = "";
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1878:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(error_text, "The maximum file size has been exceeded. "
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1883:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(error_text, "The quota of disk-blocks or i-nodes defined for the user "
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1896:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(error_text, "You have reached the soft limit for open files for this process. "
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1901:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(error_text, "The system file table is full\n");
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1913:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(error_text, "The disk access request size was "
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1925:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(error_text, "It seems that the NFS server mounting the database disk has "
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1931:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(error_text, "The NFS server of the database "
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1936:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(error_text, "The network connection to the NFS "
data/acedb-4.9.39+dfsg.02/w5/lexalpha.c:82:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char ff[MAXCLASS] ; /* flags the class present in ks */
data/acedb-4.9.39+dfsg.02/w5/lexalpha.c:165:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char isMarked[MAXCLASS] ; /* class changed - rebuild needed */
data/acedb-4.9.39+dfsg.02/w5/lexalpha.c:166:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char isTouched[MAXCLASS] ; /* lexalpha changed - needs saving */
data/acedb-4.9.39+dfsg.02/w5/lexsubs4.c:440:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[24] ;
data/acedb-4.9.39+dfsg.02/w5/lexsubs4.c:441:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(buffer, "_voc%d", t) ;
data/acedb-4.9.39+dfsg.02/w6/acedbgraph.c:451:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[41];
data/acedb-4.9.39+dfsg.02/w6/acedbgraph.c:724:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[41];
data/acedb-4.9.39+dfsg.02/w6/aqldisp.c:52:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char query[1000];
data/acedb-4.9.39+dfsg.02/w6/asubs.c:279:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(a->base + i*a->size, bp->n, j*a->size) ;
data/acedb-4.9.39+dfsg.02/w6/asubs.c:356:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	 memcpy(bp->n, a->base + i*a->size, k*a->size) ;
data/acedb-4.9.39+dfsg.02/w6/asubs.c:512:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (cp, hh->base, hh->max * hh->size) ; cp +=  3 * hh->size ;
data/acedb-4.9.39+dfsg.02/w6/asubs.c:513:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (cp,  a->base,  na * as) ; cp +=  na * as ;
data/acedb-4.9.39+dfsg.02/w6/asubs.c:514:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (cp, s->a->base, ns) ; cp += ns ;
data/acedb-4.9.39+dfsg.02/w6/asubs.c:548:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (hh->base, cp, 3 * hh->size) ; cp += 3 * hh->size ;
data/acedb-4.9.39+dfsg.02/w6/asubs.c:562:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (a->base, cp, na * as) ; cp += na * as ;
data/acedb-4.9.39+dfsg.02/w6/asubs.c:573:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (s->a->base, cp, ns) ; cp += ns ;
data/acedb-4.9.39+dfsg.02/w6/bsdumps.c:255:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	{ BREAK = atoi(s) ;
data/acedb-4.9.39+dfsg.02/w6/bssubs.c:2658:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    char zbuf[128] ;
data/acedb-4.9.39+dfsg.02/w6/bssubs.c:2660:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf (zbuf, "%1.7g", zf) ; sscanf (zbuf, "%f", &zf) ;
data/acedb-4.9.39+dfsg.02/w6/bstree.c:66:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static  char BSbuffer[BLOC_SIZE];  /*to allow for the \t*/
data/acedb-4.9.39+dfsg.02/w6/display.c:119:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char title[42], help[32] ;
data/acedb-4.9.39+dfsg.02/w6/display.c:510:8:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    { sprintf(new, "%%%2.2X", c);
data/acedb-4.9.39+dfsg.02/w6/dnasubs.c:246:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[FASTA_CHARS + 2] ;			    /* FastA chars + \n + \0 */
data/acedb-4.9.39+dfsg.02/w6/dnasubs.c:275:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	      memcpy(&buffer[0], cp, FASTA_CHARS) ;
data/acedb-4.9.39+dfsg.02/w6/dnasubs.c:285:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  memcpy(&buffer[0], cp, chars_left) ;
data/acedb-4.9.39+dfsg.02/w6/dnasubs.c:459:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer [4010] ;
data/acedb-4.9.39+dfsg.02/w6/dnasubs.c:550:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char dbp[16] ;
data/acedb-4.9.39+dfsg.02/w6/dnasubs.c:632:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char undoublepack[4] ; /* {A_, T_, G_, C_} ; RD must be static to initialise on SGI */
data/acedb-4.9.39+dfsg.02/w6/dnasubs.c:633:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char newundoublepack[4] ; /* {A_, G_, C_, T_} ;  RD must be static to initialise on SGI */
data/acedb-4.9.39+dfsg.02/w6/dnasubs.c:1019:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char directory[DIR_BUFFER_SIZE]= "";
data/acedb-4.9.39+dfsg.02/w6/dnasubs.c:1020:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char filename[FIL_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w6/dnasubs.c:1446:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[2] ;
data/acedb-4.9.39+dfsg.02/w6/forest.c:110:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char mot[1024], *title, cq [20] ;
data/acedb-4.9.39+dfsg.02/w6/forest.c:270:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf [200] ;
data/acedb-4.9.39+dfsg.02/w6/forest.c:1161:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *cc, dd[8], ee[8] ;
data/acedb-4.9.39+dfsg.02/w6/ksetdisp.c:131:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char txtBuffer[60], queryBuffer[256] ;
data/acedb-4.9.39+dfsg.02/w6/ksetdisp.c:311:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(look->txtBuffer,"%d items %d selected", look->nitem, look->nselected);
data/acedb-4.9.39+dfsg.02/w6/ksetdisp.c:313:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(look->txtBuffer,"%d items %d selected (%d off screen)", 
data/acedb-4.9.39+dfsg.02/w6/ksetdisp.c:458:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char directory[DIR_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w6/ksetdisp.c:459:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char filename[FIL_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w6/ksetdisp.c:1744:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char directory[DIR_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w6/ksetdisp.c:1745:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char filename[FIL_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w6/ksetdisp.c:1993:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf (buf,"KeySet Class Information\n");
data/acedb-4.9.39+dfsg.02/w6/longtextdisp.c:193:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char directory[DIR_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w6/longtextdisp.c:194:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char filename[FIL_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w6/longtextdisp.c:527:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char dName[DIR_BUFFER_SIZE]="", filName[FIL_BUFFER_SIZE]="" ;
data/acedb-4.9.39+dfsg.02/w6/nicedump.c:113:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *cp, buf[8] ;
data/acedb-4.9.39+dfsg.02/w6/nicedump.c:305:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char buf[2] ;
data/acedb-4.9.39+dfsg.02/w6/peptide.c:271:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char C_atoms[26] =
data/acedb-4.9.39+dfsg.02/w6/peptide.c:273:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char H_atoms[26] =
data/acedb-4.9.39+dfsg.02/w6/peptide.c:275:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char N_atoms[26] =
data/acedb-4.9.39+dfsg.02/w6/peptide.c:277:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char O_atoms[26] =
data/acedb-4.9.39+dfsg.02/w6/peptide.c:279:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char S_atoms[26] =
data/acedb-4.9.39+dfsg.02/w6/peptide.c:281:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char Se_atoms[26] =
data/acedb-4.9.39+dfsg.02/w6/peptide.c:532:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char temp[3] ;
data/acedb-4.9.39+dfsg.02/w6/peptide.c:543:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char temp[3] ;
data/acedb-4.9.39+dfsg.02/w6/peptide.c:660:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer [4100] ;
data/acedb-4.9.39+dfsg.02/w6/peptide.c:1122:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char fname[FIL_BUFFER_SIZE]="", dname[DIR_BUFFER_SIZE]="" ;
data/acedb-4.9.39+dfsg.02/w6/peptide.c:1191:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char directory[DIR_BUFFER_SIZE]= "";
data/acedb-4.9.39+dfsg.02/w6/peptide.c:1192:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char filename[FIL_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w6/peptide.c:1207:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf [55] ;
data/acedb-4.9.39+dfsg.02/w6/peptide.c:1444:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	  char result[4*4*4+1] ;
data/acedb-4.9.39+dfsg.02/w6/peptide.c:1473:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		  char xl[3] ;
data/acedb-4.9.39+dfsg.02/w6/peptide.c:1535:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[2] ;
data/acedb-4.9.39+dfsg.02/w6/plot.c:45:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char title[48], subtitle[24] ;
data/acedb-4.9.39+dfsg.02/w6/plot.c:46:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fileName[FIL_BUFFER_SIZE] ;
data/acedb-4.9.39+dfsg.02/w6/plot.c:47:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dirName[DIR_BUFFER_SIZE] ;
data/acedb-4.9.39+dfsg.02/w6/plot.c:53:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sBuffer [8], zoneBuffer [24], xBuffer [16], yBuffer [16], stepBuffer [10] ;
data/acedb-4.9.39+dfsg.02/w6/plot.c:137:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf (look->xBuffer, "%g", x/look->xDiv) ; 
data/acedb-4.9.39+dfsg.02/w6/plot.c:138:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf (look->yBuffer, "%g", look->y) ;
data/acedb-4.9.39+dfsg.02/w6/plot.c:920:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(look->sBuffer, "%d", look->s) ;
data/acedb-4.9.39+dfsg.02/w6/plot.c:922:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(look->stepBuffer, "%d", look->step) ;
data/acedb-4.9.39+dfsg.02/w6/plot.c:926:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(look->zoneBuffer, "%d %d", zoneMin, zoneMax) ;
data/acedb-4.9.39+dfsg.02/w6/plot2d.c:46:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char title[48], subtitleX[24], subtitleY[24] ;
data/acedb-4.9.39+dfsg.02/w6/plot2d.c:58:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char xBuffer [16], yBuffer [16] ;
data/acedb-4.9.39+dfsg.02/w6/plot2d.c:246:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf (p2d->xBuffer, "%g", p2d->x) ;
data/acedb-4.9.39+dfsg.02/w6/plot2d.c:247:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf (p2d->yBuffer, "%g", p2d->y) ;
data/acedb-4.9.39+dfsg.02/w6/prefdisp.c:217:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	      if (strcmp((char *)prefvalue, prefDispValue[i].sval) != 0)
data/acedb-4.9.39+dfsg.02/w6/qbedisp.c:110:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[BUFFER_SIZE];  /* tag name or entry value */
data/acedb-4.9.39+dfsg.02/w6/qbedisp.c:143:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char item_buffer[BUFFER_SIZE] ;
data/acedb-4.9.39+dfsg.02/w6/qbedisp.c:153:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char qbe_class_buffer[BUFFER_SIZE];
data/acedb-4.9.39+dfsg.02/w6/qbedisp.c:336:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(classesMenu->text, "CLASSES");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:90:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char preclass_entry[BUFFER_SIZE]; /* is Find/>? or Follow/> or text srch */
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:91:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char preclass_syntax[BUFFER_SIZE];
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:93:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char classtag_entry[BUFFER_SIZE];
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:94:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char classtag_syntax[BUFFER_SIZE];
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:109:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char resbuffer[QBUFF_MULT*BUFFER_SIZE]; /* for forming query commands */
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:290:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	  strcat(result, " = ");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:302:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(result, " ! ") ;
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:308:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(result, " COUNT ") ;
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:379:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
   strcpy(ARR2STRING(qbuild->entries, i), "END"); 
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:403:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(qbuild->preclass_syntax, "Find ");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:416:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(qbuild->preclass_syntax, "Follow ");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:427:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	  strcpy(qbuild->preclass_syntax, "Find ");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:429:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	  strcat(qbuild->preclass_syntax, " ; Follow ");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:472:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(qbuild->classtag_syntax, "Text");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:525:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(qbuild->classtag_entry, "ANY CLASS");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:526:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(qbuild->classtag_syntax,"Text");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:527:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(ARR2STRING(qbuild->entries, ATTRIBUTE), "ANY TAG");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:528:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(ARR2STRING(qbuild->entries, CONDITION), "contains");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:529:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(ARR2STRING(qbuild->entries, CONJUNCTION), "END");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:716:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(syntax_c, "!=");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:722:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(syntax_c, ">=");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:728:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(syntax_c, "<=");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:894:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(entry_j, "END");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:908:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(entry_j, "and");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:973:8:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	      strcpy(ARR2STRING(qbuild->entries, i), "END");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:986:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(entry_j, "END");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1286:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(preclassMenu->text, "DATA TYPE");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1293:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy((preclassMenu + i)->text, "ALL DATA");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1295:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy((preclassMenu + i)->text, "KEYSET");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1324:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(newMenu->text, "TAGS IN CLASS");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1331:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy((newMenu + i)->text, "USE TREE TAG CHOOSER");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1345:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(newMenu->text, "CLASSES");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1352:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy((newMenu + i)->text, "ANY CLASS");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1354:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy((newMenu + i)->text, "KEYSET's");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1422:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(newMenu->text, "ATTRIBUTES"); 
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1428:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy((newMenu + 1)->text, "ANY TAG");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1436:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy((newMenu + i)->text, "USE TREE TAG CHOOSER");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1438:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy((newMenu + i)->text, "ITEM NAME");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1934:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(qbuild->preclass_entry, "ALL DATA");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1935:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(qbuild->preclass_syntax, "Find ");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1937:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(qbuild->classtag_entry, "ANY CLASS");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1938:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(qbuild->classtag_syntax, "Text");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1940:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(ARR2STRING(qbuild->entries, ATTRIBUTE), "ANY TAG");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1941:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(ARR2STRING(qbuild->entries, CONDITION), "contains");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:1942:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(ARR2STRING(qbuild->entries, CONJUNCTION), "END"); 
data/acedb-4.9.39+dfsg.02/w6/querydisp.c:68:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char dirName[DIR_BUFFER_SIZE] ;
data/acedb-4.9.39+dfsg.02/w6/querydisp.c:69:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char fileName[FIL_BUFFER_SIZE] ;
data/acedb-4.9.39+dfsg.02/w6/querydisp.c:117:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char auto_filename[FILENAME_SIZE];
data/acedb-4.9.39+dfsg.02/w6/sessiondisp.c:644:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (stnew, st, sizeof(ST));
data/acedb-4.9.39+dfsg.02/w6/sessiondisp.c:671:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	  char letter[2];
data/acedb-4.9.39+dfsg.02/w6/smap.c:2587:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer [8000] ;
data/acedb-4.9.39+dfsg.02/w6/smap.c:2632:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		cq += sprintf(cq, "%5d ", start);
data/acedb-4.9.39+dfsg.02/w6/tabledisp.c:573:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char line[1001];
data/acedb-4.9.39+dfsg.02/w6/tabledisp.c:586:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(&line[maxLength-3], "...");
data/acedb-4.9.39+dfsg.02/w6/tabledisp.c:877:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char directory[DIR_BUFFER_SIZE]="";
data/acedb-4.9.39+dfsg.02/w6/tabledisp.c:878:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char filename[FIL_BUFFER_SIZE]="";
data/acedb-4.9.39+dfsg.02/w6/tablemakerdisp.c:82:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char dirSelection[DIR_BUFFER_SIZE];
data/acedb-4.9.39+dfsg.02/w6/tablemakerdisp.c:83:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char fileSelection[FIL_BUFFER_SIZE];
data/acedb-4.9.39+dfsg.02/w6/treedisp.c:1126:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char directory[DIR_BUFFER_SIZE] = "" ;
data/acedb-4.9.39+dfsg.02/w6/treedisp.c:1127:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char filename[FIL_BUFFER_SIZE] = "object" ;
data/acedb-4.9.39+dfsg.02/w7/alignmentdisp.c:77:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char directory[DIR_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w7/alignmentdisp.c:78:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char filename[FIL_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w7/biblio.c:727:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char author [200] ;
data/acedb-4.9.39+dfsg.02/w7/biblio.c:926:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char author [200] ;
data/acedb-4.9.39+dfsg.02/w7/cmapdisp.c:64:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[32] ;
data/acedb-4.9.39+dfsg.02/w7/cmapdisp.c:1476:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char directory[DIR_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w7/cmapdisp.c:1477:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char filename[FIL_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:217:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char  title[BUF_WIDTH],
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:251:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char  messageText[BUF_WIDTH] ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:609:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(look->title,"Taxonomy ") ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:614:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(look->title,"DNA Sequence Phylogeny ") ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:619:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(look->title,"Protein Sequence Phylogeny ") ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:624:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(look->title,"Cell Lineage ") ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:629:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(look->title,"Dendrogram ") ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1514:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char ang[16], arc[16] ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:1698:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char nfacbuf[16] ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:2949:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char brMax[30], brNormal[30], numLeaves[16], scale[24]  ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3119:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char	dirName[DIR_BUFFER_SIZE] = "", 
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3439:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char	treeObjName[BUFSZ]  = "";
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3451:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[BUFSZ+1] ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3507:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[BUFSZ+1] ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3526:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char rankName[BUFSZ+1] ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3527:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char taxonName[BUFSZ+1] ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3626:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char nbuf[BUFSZ+1] ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3733:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char   *name, label[BUFSZ+1], 
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:3897:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char c, *label, listname[BUFSZ+1],
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:4092:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(treeObjName,"Dendrogram") ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:100:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char restriction [BOX_LENGTH + 1] ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:101:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char restriction2 [BOX_LENGTH + 1] ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:531:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char mycolor[5] , *cp = mycolor ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:585:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char matchString[256] ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:1294:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char directory[DIR_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:1295:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char filename[FIL_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:1404:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(dnacpt->restriction,"%d sites", n) ; 
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:1538:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char fname[FIL_BUFFER_SIZE]="", dname[DIR_BUFFER_SIZE]="" ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:1548:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char cq[12] ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:1716:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char fileName[FIL_BUFFER_SIZE]="",dirName[DIR_BUFFER_SIZE]="" ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:1718:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[256] ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:2004:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[5] ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:2077:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ int i, n = 0, nn = 0 ; char buf[4] ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:2128:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[40] ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:2387:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  codeFile = fopen ("coding.seq","w") ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:2388:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  exonFile = fopen ("exons.seq","w") ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:2855:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[256] ;
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:3026:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char directory[DIR_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w7/dnacpt.c:3027:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char filename[FIL_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w7/drawdisp.c:73:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char  imageFileName[256] ;
data/acedb-4.9.39+dfsg.02/w7/fmap_.h:408:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char  originBuf[24], zoneBuf[24], oligoNameBuffer [16] ;
data/acedb-4.9.39+dfsg.02/w7/fmap_.h:409:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char  segNameBuf[64], segTextBuf[512] ;
data/acedb-4.9.39+dfsg.02/w7/fmapblast.c:192:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[2] ;
data/acedb-4.9.39+dfsg.02/w7/fmapblast.c:240:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[2] ;
data/acedb-4.9.39+dfsg.02/w7/fmapcdna.c:1556:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		  memcpy (ss1, arrp(dnaEst, 0, char), arrayMax(dnaEst)) ;
data/acedb-4.9.39+dfsg.02/w7/fmapcdna.c:1558:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		  memcpy (ss2, arrp(dnaGene, 0, char), arrayMax(dnaGene)) ;
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:1387:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char directory[DIR_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:1388:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char filename[FIL_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:1515:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(look->segTextBuf, "%d", (int)GRAPH2MAP(fMapGetMap(look),y));
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:3070:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(look->mainMenu, fMapMenu, FMAPMENU_SIZE) ;
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:4045:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	  strcat(look->segTextBuf, "Confirmed") ;
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:5097:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char directory[DIR_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w7/fmapcontrol.c:5098:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char filename[FIL_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w7/fmapfeatures.c:889:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char fname[FIL_BUFFER_SIZE]="", dname[DIR_BUFFER_SIZE]="" ;
data/acedb-4.9.39+dfsg.02/w7/fmapfeatures.c:2271:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf (msp->qframe, "(+%d)", 
data/acedb-4.9.39+dfsg.02/w7/fmapfeatures.c:2274:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf (msp->qframe, "(-%d)", 
data/acedb-4.9.39+dfsg.02/w7/fmapfeatures.c:2293:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		  strcpy (msp->qframe, "(+1)") ;
data/acedb-4.9.39+dfsg.02/w7/fmapfeatures.c:2295:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		  strcpy (msp->qframe, "(-1)") ;
data/acedb-4.9.39+dfsg.02/w7/fmapfeatures.c:3734:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char dirName[DIR_BUFFER_SIZE] ="", fileName[FIL_BUFFER_SIZE]="";
data/acedb-4.9.39+dfsg.02/w7/fmapfeatures.c:4807:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char  cmd[50+1] = "pfetch";
data/acedb-4.9.39+dfsg.02/w7/fmapfeatures.c:4808:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char  title[50+1];
data/acedb-4.9.39+dfsg.02/w7/fmapgene.c:171:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char parmsName[64] = "" ;
data/acedb-4.9.39+dfsg.02/w7/fmapgene.c:1016:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char newMethodName[64] ;
data/acedb-4.9.39+dfsg.02/w7/fmapgene.c:2032:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char classtype[40],format[15];
data/acedb-4.9.39+dfsg.02/w7/fmapmenes.c:72:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char question [1024] ;
data/acedb-4.9.39+dfsg.02/w7/fmapmenes.c:95:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char c, color, mycolor[5] , *cp = mycolor, 
data/acedb-4.9.39+dfsg.02/w7/fmapmenes.c:104:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[2] ;
data/acedb-4.9.39+dfsg.02/w7/fmapmenes.c:547:19:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  if (!*question) strcpy (question, "[0,]n ") ;
data/acedb-4.9.39+dfsg.02/w7/fmaposp.c:1419:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char oligoName [35], oligoNameBegin [25] ;
data/acedb-4.9.39+dfsg.02/w7/fmaposp.c:1500:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char oligoName [16] ;
data/acedb-4.9.39+dfsg.02/w7/fmapsequence.c:193:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char letter[2] ;
data/acedb-4.9.39+dfsg.02/w7/fmapsequence.c:1178:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char fname[FIL_BUFFER_SIZE]="", dname[DIR_BUFFER_SIZE]="" ;
data/acedb-4.9.39+dfsg.02/w7/fmapstatus.c:72:59:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      { if (*x < CSM-0.3) {*x = CSM-0.3;tcolor = DARKRED; strcpy(buf,"sb");} }
data/acedb-4.9.39+dfsg.02/w7/fmapstatus.c:78:58:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      { if (*x < CSM-1.2) {*x = CSM-1.2;tcolor = YELLOW; strcpy(buf,"sc");} }
data/acedb-4.9.39+dfsg.02/w7/fmapstatus.c:308:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char text[25], buf[25] ;
data/acedb-4.9.39+dfsg.02/w7/fmapstatus.c:350:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	  sprintf (buf, "%d", click);
data/acedb-4.9.39+dfsg.02/w7/fmapstatus.c:352:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	  strcpy (buf, "none");
data/acedb-4.9.39+dfsg.02/w7/fmapstatus.c:355:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy (buf, "none");
data/acedb-4.9.39+dfsg.02/w7/fmapstatus.c:394:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char foo[2];
data/acedb-4.9.39+dfsg.02/w7/fpdisp.c:78:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char fpRoundingBuffer[5] ;
data/acedb-4.9.39+dfsg.02/w7/fpdisp.c:120:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char fileName[FIL_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w7/fpdisp.c:121:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char dirName[DIR_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w7/fpdisp.c:743:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(fpRoundingBuffer, "%g", rounding) ;
data/acedb-4.9.39+dfsg.02/w7/fpdisp.c:1122:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(fpRoundingBuffer, "%g", rounding) ;
data/acedb-4.9.39+dfsg.02/w7/geldisp.c:60:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char positionBuffer [10] ;
data/acedb-4.9.39+dfsg.02/w7/gmapconvert.c:59:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ char buf[100];
data/acedb-4.9.39+dfsg.02/w7/gmapconvert.c:80:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ char buf[100];
data/acedb-4.9.39+dfsg.02/w7/gmapconvert.c:90:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ char buf[100];
data/acedb-4.9.39+dfsg.02/w7/gmapconvert.c:94:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(buf, "FIND gMap ");
data/acedb-4.9.39+dfsg.02/w7/gmapconvert.c:96:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
  strcat(buf, ".*");
data/acedb-4.9.39+dfsg.02/w7/gmapdisp.c:201:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *cp , buffer[41] ;
data/acedb-4.9.39+dfsg.02/w7/gmapintervalcol.c:827:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char query[280],tag[30];
data/acedb-4.9.39+dfsg.02/w7/gmapintervalcol.c:831:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *temp[NLINES];
data/acedb-4.9.39+dfsg.02/w7/gmaplocuscol.c:314:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char text[180];
data/acedb-4.9.39+dfsg.02/w7/gmaplocuscol.c:382:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[280];
data/acedb-4.9.39+dfsg.02/w7/gmaplocuscol.c:571:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ char query[280];
data/acedb-4.9.39+dfsg.02/w7/gmaplocuscol.c:576:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ char text[280];
data/acedb-4.9.39+dfsg.02/w7/gmaplocuscol.c:580:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char query[280];
data/acedb-4.9.39+dfsg.02/w7/gmapposnegcol.c:330:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char a[2];
data/acedb-4.9.39+dfsg.02/w7/gmapposnegcol.c:466:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char query[280];
data/acedb-4.9.39+dfsg.02/w7/gmapremarkcol.c:353:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		  { char buff[1000];
data/acedb-4.9.39+dfsg.02/w7/gmapremarkcol.c:399:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char query[280];
data/acedb-4.9.39+dfsg.02/w7/gmapremarkcol.c:402:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *temp[5];
data/acedb-4.9.39+dfsg.02/w7/gmapsubmapcol.c:524:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char str1[200];
data/acedb-4.9.39+dfsg.02/w7/gmapsubmapcol.c:554:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	  sprintf(str1,"subs.marker.%d", i);
data/acedb-4.9.39+dfsg.02/w7/gmapsubmapcol.c:606:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    { sprintf(str1,"subs.marker.%d", i);
data/acedb-4.9.39+dfsg.02/w7/gmapsubmapcol.c:934:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ char lociQuery[280],intQuery[280];
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:109:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char  genXLabel[32], genYLabel[32] ;			    /* Martin Ferguson, for generic grid 
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:113:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char  selectName[64] ;
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:114:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char  probeName[64] ;
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:115:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char  probeClassName[64] ;
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:120:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char  reportBuffer[GRID_REPORT_BOX_LEN] ;
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:388:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char temp[15],colchar[2],rowchar[2];
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:414:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  xstart = atoi(&look->genXLabel[0]) ;
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:415:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  xend = atoi(&look->genXLabel[3]) ;
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:417:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  ystart = atoi(&look->genYLabel[0]) ;
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:418:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  yend = atoi(&look->genYLabel[3]) ;
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:441:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(colchar,"%c",row[k]);
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:443:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(colchar,"%d",k+1);
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:446:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(rowchar,"%c",row[i]);
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:448:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(rowchar,"%d",i+1);
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:2201:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  xstart = atoi(&look->genXLabel[0]) ;
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:2202:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  xend = atoi(&look->genXLabel[3]) ;
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:2204:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  ystart = atoi(&look->genYLabel[0]) ;
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:2205:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  yend = atoi(&look->genYLabel[3]) ;
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:3003:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char directory[DIR_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w7/griddisp.c:3004:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char filename[FIL_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w7/mapcontrol.c:72:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char   name[MAP_NAME_BUFLEN] ;			    /* String title of column */
data/acedb-4.9.39+dfsg.02/w7/metab.c:1711:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		 { char buf[300];
data/acedb-4.9.39+dfsg.02/w7/method.c:902:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buf[2];
data/acedb-4.9.39+dfsg.02/w7/pepdisp.c:446:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buff[1000]; /* for the name */
data/acedb-4.9.39+dfsg.02/w7/pepfeaturecol.c:186:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char query[280];
data/acedb-4.9.39+dfsg.02/w7/pepgraphcol.c:152:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char numBuff[10];
data/acedb-4.9.39+dfsg.02/w7/pepgraphcol.c:179:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  if (sprintf(numBuff, "%.1f", private->minval))
data/acedb-4.9.39+dfsg.02/w7/pepgraphcol.c:181:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  if (sprintf(numBuff, "%.1f", private->maxval))
data/acedb-4.9.39+dfsg.02/w7/pephomolcol.c:388:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(msp->qframe, "(+1)");
data/acedb-4.9.39+dfsg.02/w7/pepseqcol.c:544:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char str2[4];
data/acedb-4.9.39+dfsg.02/w7/pmapdisp.c:719:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buf[1000] ;
data/acedb-4.9.39+dfsg.02/w7/pmapdisp.c:1002:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char boxInfoBuf[256] ;
data/acedb-4.9.39+dfsg.02/w7/pmapdisp.c:1162:8:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	      strcat (boxInfoBuf, "Cosmid ") ;
data/acedb-4.9.39+dfsg.02/w7/pmapdisp.c:1164:8:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	      strcat (boxInfoBuf, "YAC ") ;
data/acedb-4.9.39+dfsg.02/w7/pmapdisp.c:1166:8:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	      strcat (boxInfoBuf, "cDNA ") ;
data/acedb-4.9.39+dfsg.02/w7/pmapdisp.c:1168:8:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	      strcat (boxInfoBuf, "Fosmid ") ;
data/acedb-4.9.39+dfsg.02/w7/pmapdisp.c:1171:10:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	      {	strcat (boxInfoBuf, "Fingerprinted ") ;
data/acedb-4.9.39+dfsg.02/w7/pmapdisp.c:1188:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		  { strcat (boxInfoBuf, "On_cosmid_grid ") ;
data/acedb-4.9.39+dfsg.02/w7/pmapdisp.c:1195:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		  { strcat (boxInfoBuf, "Sequenced") ;
data/acedb-4.9.39+dfsg.02/w7/pmapdisp.c:1204:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat (boxInfoBuf, "Probe") ;
data/acedb-4.9.39+dfsg.02/w7/pmapdisp.c:1221:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat (boxInfoBuf, "YAC") ;
data/acedb-4.9.39+dfsg.02/w7/smapconvert.c:839:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char CLMethod[255+1];		/* Command Line method */
data/acedb-4.9.39+dfsg.02/w7/smapconvert.c:2686:8:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	      strcat(string, ": ");
data/acedb-4.9.39+dfsg.02/w7/vmap_.h:57:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char  messageText[128] ;
data/acedb-4.9.39+dfsg.02/w8/aligntools.c:74:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char u[9] ;
data/acedb-4.9.39+dfsg.02/w8/aligntools.c:549:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[33] ;
data/acedb-4.9.39+dfsg.02/w8/aligntools.c:765:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ char *cp, *cq, *cp0, *cq0, *vp1, *vp2, *cr, mycolor[5] ;
data/acedb-4.9.39+dfsg.02/w8/basecallstat.c:629:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char u[9] ;
data/acedb-4.9.39+dfsg.02/w8/chronoorder.c:75:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char tBuffer[8] , t1Buffer[8] , t2Buffer[8] ;
data/acedb-4.9.39+dfsg.02/w8/chronoorder.c:385:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(tBuffer,"%d",(int)(100*t + .1)) ;
data/acedb-4.9.39+dfsg.02/w8/chronoorder.c:390:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(t1Buffer,"%d",(int)(100*t1 + .1)) ;
data/acedb-4.9.39+dfsg.02/w8/chronoorder.c:395:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(t2Buffer,"%d",(int)(100*t2 + .1)) ;
data/acedb-4.9.39+dfsg.02/w8/chronoorder.c:429:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char dirname[DIR_BUFFER_SIZE], filname[FIL_BUFFER_SIZE] ;
data/acedb-4.9.39+dfsg.02/w8/chronoorder.c:436:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(filname,"chrono") ;
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:1172:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	  sprintf(look->distance, "%f", lambda) ;
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:1214:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[140] ;
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:1544:55:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static void defCptDoExportOrder(DEFCPT look, FILE *f, char buf[81])
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:1605:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *cp, buf[81], filname[FIL_BUFFER_SIZE] ;
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:1610:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(filname, "best.tree") ;
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:1648:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *cp, buf[81], *buf2, *tmpName = 0 ;
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:1808:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf (look->nboligo, "%d", i) ;
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:2162:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[1000] ;
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:2166:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(buf, "How many oligos do you want") ;
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:2178:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(look->nboligo, "%d", i) ;
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:2244:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	  sprintf(look->choix, "%d", mu) ;
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:3064:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf (cq, "-active") ;
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:3443:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char directory[DIR_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:3444:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char filename[FIL_BUFFER_SIZE] = "";
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:3473:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char fileName[FIL_BUFFER_SIZE], dirName[DIR_BUFFER_SIZE] ;
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:3497:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(look->nboligo, "%d", (int)2) ;
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:3498:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(look->choix, "%d", (int)3) ;
data/acedb-4.9.39+dfsg.02/w8/defcpt.c:3836:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(look->distance, "%f", (float)1.) ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:70:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char u[9] ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:107:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char a[13] ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:109:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char b[16] ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:327:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *cdep, buf[60] ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:400:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	  sprintf(buf, "You are asking for too many oligos (%d), please confirm", nbolig) ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:414:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(look->nboligo, "%d", nbolig) ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:785:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char base[16] ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:985:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[20] ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:1026:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	{ sprintf(buff, "_segment_%d.%d.%d", look->id, look->tour, segstep++) ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:1339:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[64] ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:1353:8:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    { sprintf(buff, "_segment_%d.%d.%d", look->id, look->tour, jstep++) ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:1498:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[128], buf2[128] ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:1550:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *cq0, buf[256] ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:1629:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[255] ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:1700:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[255], buff[255] ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:1880:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *cp, *cq, buff[12] ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:1946:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(buff, "_paire%d", num++) ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:2421:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char nom[48] ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:2450:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(nom, "_segment_%d.%d", id, isTour) ;
data/acedb-4.9.39+dfsg.02/w8/dnaalign.c:2897:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[40], *cp, *cq ;
data/acedb-4.9.39+dfsg.02/w9/asn.c:86:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char   gChromosome[10];   /* Chromosome name                 */
data/acedb-4.9.39+dfsg.02/w9/asn.c:87:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char   gSequence[128];    /* Current sequence name           */
data/acedb-4.9.39+dfsg.02/w9/asn.c:88:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char   gRawClone[128];    /* Unadulterated clone name        */
data/acedb-4.9.39+dfsg.02/w9/asn.c:89:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char   gClone[128];       /* Current clone name              */
data/acedb-4.9.39+dfsg.02/w9/asn.c:90:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char   gClonePat[128];    /* Current clone+gene name pattern */
data/acedb-4.9.39+dfsg.02/w9/asn.c:91:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char   gRawClonePat[128];   /* Current clone+gene name pattern */
data/acedb-4.9.39+dfsg.02/w9/asn.c:92:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char   gCloneType[128];   /* Current clone type              */
data/acedb-4.9.39+dfsg.02/w9/asn.c:93:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char   gLibrary[128];     /* Library                         */
data/acedb-4.9.39+dfsg.02/w9/asn.c:94:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char   keyword[10][256];  /* keywords                        */
data/acedb-4.9.39+dfsg.02/w9/asn.c:95:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char   gMapPosition[128]; /* Map position, xq28              */
data/acedb-4.9.39+dfsg.02/w9/asn.c:96:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char   gLocus[256];       /* Current locus name              */
data/acedb-4.9.39+dfsg.02/w9/asn.c:98:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char   gBuf[32000];       /* All-purpose char buffer         */
data/acedb-4.9.39+dfsg.02/w9/asn.c:135:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	a[256];
data/acedb-4.9.39+dfsg.02/w9/asn.c:286:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char    lastname[80];
data/acedb-4.9.39+dfsg.02/w9/asn.c:287:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char    firstini[80];
data/acedb-4.9.39+dfsg.02/w9/asn.c:327:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(gBuf,"2.2 Mb of contiguous nucleotide sequence from chromosome III of C. elegans");
data/acedb-4.9.39+dfsg.02/w9/asn.c:401:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(gBuf,"The C. briggsae Genome Sequencing Project");
data/acedb-4.9.39+dfsg.02/w9/asn.c:428:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char    lastname[30];
data/acedb-4.9.39+dfsg.02/w9/asn.c:429:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char    firstini[30];
data/acedb-4.9.39+dfsg.02/w9/asn.c:430:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char    journbuf[128];
data/acedb-4.9.39+dfsg.02/w9/asn.c:431:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char    pagesbuf[128];
data/acedb-4.9.39+dfsg.02/w9/asn.c:432:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char    volumbuf[128];
data/acedb-4.9.39+dfsg.02/w9/asn.c:433:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char    titlebuf[512];
data/acedb-4.9.39+dfsg.02/w9/asn.c:556:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char  trna_codon[32];     /* trna codon (gca, etc.)               */
data/acedb-4.9.39+dfsg.02/w9/asn.c:557:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char  rnaname[32];        /* rna/trna name                        */
data/acedb-4.9.39+dfsg.02/w9/asn.c:558:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char  trna_AA[32];        /* trna amino acid (A, etc.)            */
data/acedb-4.9.39+dfsg.02/w9/asn.c:559:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char  gene[256];          /* name of gene (locus or subsequence)  */
data/acedb-4.9.39+dfsg.02/w9/asn.c:650:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(rnaname,"tRNA-Sup (putative)");
data/acedb-4.9.39+dfsg.02/w9/asn.c:726:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	gbp += sprintf(gbp, " (NID:g%lu)", nid);
data/acedb-4.9.39+dfsg.02/w9/asn.c:732:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    gbp += sprintf(gbp, " (NID:g%lu)", nid);
data/acedb-4.9.39+dfsg.02/w9/asn.c:737:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	  gbp += sprintf(gbp, " (NID:g%lu)", nid);
data/acedb-4.9.39+dfsg.02/w9/asn.c:758:12:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    gbp += sprintf(gbp,
data/acedb-4.9.39+dfsg.02/w9/asn.c:1161:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char ftype[128];
data/acedb-4.9.39+dfsg.02/w9/asn.c:1162:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char ntxt[256];
data/acedb-4.9.39+dfsg.02/w9/asn.c:1163:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	slashname[256];
data/acedb-4.9.39+dfsg.02/w9/asn.c:1191:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(slashname, mtxt+1, cp-mtxt-1);
data/acedb-4.9.39+dfsg.02/w9/asn.c:1214:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(slashname, "note");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1222:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
				strcpy(slashname, "rpt_family");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1270:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char qtxt[2176];
data/acedb-4.9.39+dfsg.02/w9/asn.c:1271:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char ftype[128];
data/acedb-4.9.39+dfsg.02/w9/asn.c:1297:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	  strcpy(qtxt, "CpG_island ");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1367:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	namebuf1[64];           /* Last name or first initial        */
data/acedb-4.9.39+dfsg.02/w9/asn.c:1368:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	namebuf2[64];           /* Last name or first initial        */
data/acedb-4.9.39+dfsg.02/w9/asn.c:1435:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(gCloneType,"clone");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1443:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(gLibrary,"library");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1452:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(gMapPosition,"map_position");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1483:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(gChromosome,"XII");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1495:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(gChromosome,"unknown");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1594:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(gBuf,"Eukaryota; Plantae; Thallobionta; Eumycota; ");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1595:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(gBuf,"Hemiascomycetes; Endomycetales; Saccharomycetaceae");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1605:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(gBuf,"            Submitted by: ~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1606:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(gBuf,"            Genome Sequencing Center ~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1607:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(gBuf,"            Department of Genetics, Washington University, ~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1608:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(gBuf,"            St. Louis, MO 63110, USA~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1609:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(gBuf,"            e-mail: mj@sequencer.wustl.edu~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1612:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
      strcat(gBuf, "~\n            NEIGHBORING COSMID INFORMATION:\n");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1618:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(gBuf+strlen(gBuf), "~\"TSL\" = trans-spliced leader.");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1642:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(gBuf,"Eukaryota; Animalia; Eumetazoa; Nematoda; Secernentea; ");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1643:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(gBuf,"Rhabditida; Rhabditina; Rhabditoidea; Rhabditidae.");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1652:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(gBuf,"Submitted by: ~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1653:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(gBuf,"         Genome Sequencing Center ~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1654:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(gBuf,"         Department of Genetics, Washington University, ~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1655:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(gBuf,"         St. Louis, MO 63110, USA ~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1656:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(gBuf,"         e-mail: mmarra@watson.wustl.edu ~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1659:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
      strcat(gBuf, "~~            NEIGHBORING COSMID INFORMATION:~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1667:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(gBuf+strlen(gBuf), " ~ ~NOTES:~~Coding sequences below are predicted from");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1668:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(gBuf+strlen(gBuf), " computer analysis, using the program Genefinder");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1669:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(gBuf+strlen(gBuf), "(P. Green and L. Hillier, ms in preparation).");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1673:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(gBuf+strlen(gBuf), "~\"TSL\" = trans-spliced leader.");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1694:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(gBuf,"Eukaryota; Animalia; Eumetazoa; Nematoda; Secernentea; ");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1695:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(gBuf,"Rhabditida; Rhabditina; Rhabditoidea; Rhabditidae.");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1704:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(gBuf,"Submitted by: ~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1705:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(gBuf,"         Genome Sequencing Center ~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1706:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(gBuf,"         Department of Genetics, Washington University, ~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1707:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(gBuf,"         St. Louis, MO 63110, USA, and ~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1708:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(gBuf,"         Sanger Centre, Hinxton Hall~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1709:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(gBuf,"         Cambridge CB10 IRQ, England ~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1710:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(gBuf,"         e-mail: rw@nematode.wustl.edu and jes@sanger.ac.uk~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1712:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(gBuf,"~~NOTICE:  This sequence may not be the entire insert of this clone.~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1713:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(gBuf,"It may be shorter because we only sequence overlapping sections~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1714:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(gBuf,"once, or longer because we provide a small overlap between ~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1715:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(gBuf,"neighboring submissions.~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1717:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(gBuf,"~This sequence was finished as follows unless otherwise noted:~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1718:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(gBuf,"all regions were double stranded or sequenced with an alternate ~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1719:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(gBuf,"chemistry; an attempt was made to resolve all sequencing problems,~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1720:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(gBuf,"such as compressions and repeats; all regions were covered by ~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1721:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(gBuf,"sequence from more than one subclone ~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1724:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
      strcat(gBuf, "~~            NEIGHBORING COSMID INFORMATION:~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1734:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(gBuf+strlen(gBuf), " ~ ~NOTES:~~Coding sequences below are predicted from");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1735:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(gBuf+strlen(gBuf), " computer analysis, using the program Genefinder");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1736:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(gBuf+strlen(gBuf), "(P. Green and L. Hillier, ms in preparation).");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1740:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(gBuf+strlen(gBuf), "~\"TSL\" = trans-spliced leader.");
data/acedb-4.9.39+dfsg.02/w9/asn.c:1790:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(gbp = gBuf,"Submitted by:~");
data/acedb-4.9.39+dfsg.02/w9/asn.c:2057:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	asnfile[1024];	/* Absolute full file name for ASN.1 output. */
data/acedb-4.9.39+dfsg.02/w9/asn.c:2058:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	dname[DIR_BUFFER_SIZE] = {0};	/* Path name of ASN.1 output.*/
data/acedb-4.9.39+dfsg.02/w9/asn.c:2059:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	fname[FIL_BUFFER_SIZE] = {0};	/* ASN.1 output file (no extension). */
data/acedb-4.9.39+dfsg.02/w9/asn.c:2247:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[4096];
data/acedb-4.9.39+dfsg.02/w9/belvu.c:381:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[MAXNAMESIZE+1];
data/acedb-4.9.39+dfsg.02/w9/belvu.c:387:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fetch[MAXNAMESIZE+11];
data/acedb-4.9.39+dfsg.02/w9/belvu.c:438:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *colorNames[NUM_TRUECOLORS] = {
data/acedb-4.9.39+dfsg.02/w9/belvu.c:1156:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(stats, "(unknown position due to insertion)");
data/acedb-4.9.39+dfsg.02/w9/belvu.c:1165:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(stats, "es");
data/acedb-4.9.39+dfsg.02/w9/belvu.c:1351:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmpname[MAXNAMESIZE+1], *cp;
data/acedb-4.9.39+dfsg.02/w9/belvu.c:1932:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char  
data/acedb-4.9.39+dfsg.02/w9/belvu.c:1979:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(ichar, "%d", i);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2206:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(widBylen, "(%dx%d)", nseq, maxLen);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2385:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char name[MAXNAMESIZE+50];
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2386:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *cp, *namep, GRname[MAXNAMESIZE*2+2], GRfeat[MAXNAMESIZE+1];
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2647:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2668:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(treeScalestr, "%.2f", treeScale);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:2673:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(linewidthstr, "%.2f", treeLinewidth);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4288:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    seq[1001], *cp, *cq;
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4462:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line2[MAXLENGTH+1], *cp=line2, *cq, GRfeat[MAXNAMESIZE+1];
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4779:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char  
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4788:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!(file = fopen(filename, "r")))
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4807:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (!(aln.start = atoi(cp)))
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4811:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (!(aln.end = atoi(cp)))
data/acedb-4.9.39+dfsg.02/w9/belvu.c:4902:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5013:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	case 'b': treebootstraps = atoi(optarg); break;
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5111:15:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	if (!*Title) strcpy(Title, "stdin");
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5114:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!(pipe = fopen(argv[optind], "r")))
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5151:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!(file = fopen(readMatchFile, "r"))) 
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5190:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!(file = fopen(colorCodesFile, "r"))) 
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5196:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!(file = fopen(markupColorCodesFile, "r"))) 
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5496:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(maxText, "%.2f", maxSimCutoff);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5498:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(midText, "%.2f", midSimCutoff);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5500:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(lowText, "%.2f", lowSimCutoff);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5513:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(maxText, "%.1f", maxIdCutoff);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5515:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(midText, "%.1f", midIdCutoff);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5517:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(lowText, "%.1f", lowIdCutoff);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5606:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *cp, c, line[MAXLINE+1], setColor[MAXLINE+1];
data/acedb-4.9.39+dfsg.02/w9/belvu.c:5890:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char 
data/acedb-4.9.39+dfsg.02/w9/belvu.c:6001:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char 
data/acedb-4.9.39+dfsg.02/w9/belvu.c:6094:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(collapseStr, "[%3d]", collapseRes);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7018:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (atoi(strtok(linecopy, " "))) n++;;
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7019:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    while ( (p = strtok(0, " ")) && atoi(p) ) n++;
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7032:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	seg->qstart = atoi(i ? strtok(0, " ") : strtok(line, " "));
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7033:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	seg->qend = atoi(strtok(0, " "));
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7034:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	seg->start = atoi(strtok(0, " "));
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7035:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	seg->end = atoi(strtok(0, " "));
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7136:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    aln.start = atoi(cp);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7141:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    aln.end = atoi(cp);
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7244:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char fileName[FIL_BUFFER_SIZE] ;
data/acedb-4.9.39+dfsg.02/w9/belvu.c:7259:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char retval[1025], *cp, csh[]="/bin/csh";
data/acedb-4.9.39+dfsg.02/w9/blxmain.c:123:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char seqfilename[1000] = {'\0'}, FSfilename[1000] = {'\0'} ;
data/acedb-4.9.39+dfsg.02/w9/blxmain.c:130:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char opts[32]=" MBr Z   ",	/* 0 L|N|P|T|X
data/acedb-4.9.39+dfsg.02/w9/blxmain.c:155:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char xtra_filename[1000] = {'\0'} ;
data/acedb-4.9.39+dfsg.02/w9/blxmain.c:216:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  pfetch->port = atoi(strtok(NULL, ":")) ;
data/acedb-4.9.39+dfsg.02/w9/blxmain.c:222:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  if (!(dispstart = atoi(optarg)))
data/acedb-4.9.39+dfsg.02/w9/blxmain.c:273:22:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	else if(!(seqfile = fopen(seqfilename, "r")))
data/acedb-4.9.39+dfsg.02/w9/blxmain.c:334:24:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    else if(!(FSfile = fopen(FSfilename, "r")))
data/acedb-4.9.39+dfsg.02/w9/blxmain.c:345:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if(!(xtra_file = fopen(xtra_filename, "r")))
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:59:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *colorNames[NUM_TRUECOLORS] = {
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:95:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char sname[MAXLINE+1], seq[MAXLINE+1];
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:101:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char  line[MAXLINE+1];
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:281:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msp->qframe, "(+1)");
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:310:8:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	      strcpy(msp->sname, "gi");
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:436:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		gap->s1 = atoi(next_gap);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:440:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		gap->s2 = atoi(next_gap);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:444:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		gap->r1 = atoi(next_gap);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:448:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		gap->r2 = atoi(next_gap);
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:525:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char    *cp, 
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:787:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	  strcpy(msp->qframe, "(+1)");
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:797:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	  char scorestring[256];
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:881:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	  strcpy(msp->qframe, "(+1)");
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:911:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char text[MAXLINE+1], *cp ;
data/acedb-4.9.39+dfsg.02/w9/blxparser.c:1035:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[BLX_BUF_SIZE] ;
data/acedb-4.9.39+dfsg.02/w9/blxselect.c:46:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char   qname[FULLNAMESIZE+1], 
data/acedb-4.9.39+dfsg.02/w9/blxselect.c:109:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *name, seqfilename[MAXLINE+1], HSPfilename[MAXLINE+1];
data/acedb-4.9.39+dfsg.02/w9/blxselect.c:126:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!(HSPfile = fopen(HSPfilename, "r"))) {
data/acedb-4.9.39+dfsg.02/w9/blxselect.c:130:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!(seqfile = fopen(seqfilename, "r"))) {
data/acedb-4.9.39+dfsg.02/w9/blxselect.c:204:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[MAXLENGTH+1], realname[MAXLINE+1];
data/acedb-4.9.39+dfsg.02/w9/blxselect.c:209:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!(HSPfile = fopen(realname, "r"))) {
data/acedb-4.9.39+dfsg.02/w9/blxselect.c:228:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char   text[MAXLINE+1], *c ;
data/acedb-4.9.39+dfsg.02/w9/blxselect.c:349:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!(file = fopen(argv[argc-1], "r")))
data/acedb-4.9.39+dfsg.02/w9/blxview.c:166:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char sname[FULLNAMESIZE+1];
data/acedb-4.9.39+dfsg.02/w9/blxview.c:303:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char  actframe[16]="(+1)";    /* Active frame */
data/acedb-4.9.39+dfsg.02/w9/blxview.c:320:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char  message[1024],
data/acedb-4.9.39+dfsg.02/w9/blxview.c:552:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(actframe, "(%+d)", plusmin);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:579:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char dfault[32] = "";
data/acedb-4.9.39+dfsg.02/w9/blxview.c:593:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(dfault, "%d", i);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1124:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(fetchMode, "pfetch");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1134:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(fetchMode, "efetch");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1142:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(fetchMode, "WWW-efetch");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1152:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(fetchMode, "acedb");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1161:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(fetchMode, "acedb text");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1174:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(sortModeStr, "Name");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1183:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(sortModeStr, "Score");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1192:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(sortModeStr, "Position");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1201:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(sortModeStr, "Identity");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1585:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(actframe, "(-1)");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1588:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(actframe, "(+1)");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1637:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(fetchMode, "pfetch");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1640:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(fetchMode, "WWW-efetch");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1642:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(fetchMode, "efetch");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1645:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(fetchMode, "acedb");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1647:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(fetchMode, "WWW-efetch");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1654:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(URL, "http://www.sanger.ac.uk/cgi-bin/seq-query?");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:1688:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		port = atoi(port_str) ;
data/acedb-4.9.39+dfsg.02/w9/blxview.c:2221:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char    text[MAXALIGNLEN+1] ;
data/acedb-4.9.39+dfsg.02/w9/blxview.c:2489:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(actframe, "(%+d)", frame);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:2567:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf (text, "%-9d", dispstart+plusmin*displen + qoffset -plusmin);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:2665:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			  sprintf(text, "%5d  %3d %9d",
data/acedb-4.9.39+dfsg.02/w9/blxview.c:2669:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			  sprintf(text, "%-6d", (compN? msp->sstart : msp->send));
data/acedb-4.9.39+dfsg.02/w9/blxview.c:2741:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			  sprintf(text, "%5d  %3d", msp->score, msp->id);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:2745:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			  sprintf(text, "%-6d", (compN ? msp->sstart : msp->send));
data/acedb-4.9.39+dfsg.02/w9/blxview.c:2891:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(actframe, "(%+d)", frame);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3370:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if (!(fp = fopen("myoutput","w")))
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3696:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char queryname[NAMESIZE+1] ;
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3701:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(queryname, "Query");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3722:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(message, "%d   No subject picked", qpos + qoffset) ;
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3773:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(message, "%d   ", qpos + qoffset) ;
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3776:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(message, "Gapped HSP - no coords");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:3915:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char dfault[64] = "";
data/acedb-4.9.39+dfsg.02/w9/blxview.c:4188:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(dotterqname, "Blixem-seq");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:4283:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	  strcpy(dotterqname, "Blixem-seq");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:4315:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	  strcpy(dotterqname, "Blixem-seq");
data/acedb-4.9.39+dfsg.02/w9/blxview.c:4424:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    stringentEntropywin = atoi(cp);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:4430:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    mediumEntropywin = atoi(cp);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:4436:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nonglobularEntropywin = atoi(cp);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:4536:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(stringentEntropytx, "%d", stringentEntropywin);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:4540:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(mediumEntropytx, "%d", mediumEntropywin);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:4544:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(nonglobularEntropytx, "%d", nonglobularEntropywin);
data/acedb-4.9.39+dfsg.02/w9/blxview.c:4653:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char buffer[RCVBUFSIZE] ;
data/acedb-4.9.39+dfsg.02/w9/blxview.c:4929:3:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  bcopy((char*)hp->h_addr, (char*) &(servAddr->sin_addr.s_addr), hp->h_length) ;
data/acedb-4.9.39+dfsg.02/w9/blxview.c:5007:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char  cmd[50+1] = "pfetch";
data/acedb-4.9.39+dfsg.02/w9/blxview.c:5008:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char  title[50+1];
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:49:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char dbsource[32]="";
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:95:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char copy[256];
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:98:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(copy, ptr, n);  /* Note: strcpy doesn't work - stops at \0 */
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:249:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char buff[MAXLINE+1];
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:306:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char buff[MAXLINE+1];
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:308:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char junk[32], ACnr[32], TITLEline[MAXLINE]; 
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:376:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buff[MAXLINE+1];
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:378:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char junk[32], ACnr[32], TITLEline[MAXLINE]; 
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:433:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char buff[MAXLINE+1];
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:435:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char TITLEline[MAXLINE];
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:505:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char buff[MAXLINE+1];
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:523:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char buff[MAXLINE+1], clean[MAXLINE], pads[10], ichar[10];
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:546:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		  sprintf(ichar, "%d", i);
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:572:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char name[16];
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:602:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char name[128];
data/acedb-4.9.39+dfsg.02/w9/dbidx.c:604:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((div = fopen(divfile, "r")) == NULL) return NULL;
data/acedb-4.9.39+dfsg.02/w9/diskdump.c:53:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char filename[128];
data/acedb-4.9.39+dfsg.02/w9/diskdump.c:61:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(filename,":database:blocks.wrm") ;      
data/acedb-4.9.39+dfsg.02/w9/diskdump.c:65:22:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      readblockfile= open(filename,spec);
data/acedb-4.9.39+dfsg.02/w9/diskfix.c:49:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char c[BLKMX] ;
data/acedb-4.9.39+dfsg.02/w9/diskfix.c:58:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char a, filename[1024] ;
data/acedb-4.9.39+dfsg.02/w9/diskfix.c:68:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((fd = open (filename, O_WRONLY | O_BINARY)) == -1)
data/acedb-4.9.39+dfsg.02/w9/diskfix.c:74:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  b.h.session = atoi(argv[1]) ;
data/acedb-4.9.39+dfsg.02/w9/diskfix.c:75:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  b.gAddress = atoi(argv[2]) ;
data/acedb-4.9.39+dfsg.02/w9/dotter.c:305:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char  *qseq, *sseq, *qname, *sname,
data/acedb-4.9.39+dfsg.02/w9/dotter.c:556:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char copy[256], *cp;
data/acedb-4.9.39+dfsg.02/w9/dotter.c:560:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(copy, ptr, n);  /* Note: strcpy doesn't work - stops at \0 */
data/acedb-4.9.39+dfsg.02/w9/dotter.c:570:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char 
data/acedb-4.9.39+dfsg.02/w9/dotter.c:644:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!(fil = fopen (loadfile, "rb")))
data/acedb-4.9.39+dfsg.02/w9/dotter.c:1780:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(qpos, "%d", qlen - x*resfac - 1 + qoffset);
data/acedb-4.9.39+dfsg.02/w9/dotter.c:1782:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(qpos, "%d", x*resfac + 1 + qoffset);
data/acedb-4.9.39+dfsg.02/w9/dotter.c:1784:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(spos, "%d", y+1 + soffset);
data/acedb-4.9.39+dfsg.02/w9/dotter.c:2157:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(fsPlotHeighttx, "%.1f", fsPlotHeight);
data/acedb-4.9.39+dfsg.02/w9/dotter.c:2511:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char retstr[1025] ;
data/acedb-4.9.39+dfsg.02/w9/dotter.c:2512:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *path, file[1025], retval;
data/acedb-4.9.39+dfsg.02/w9/dotter.c:2562:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(retstr, "Can't find executable 'dotter' in path");
data/acedb-4.9.39+dfsg.02/w9/dotter.c:2797:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (!atoi(winsize))
data/acedb-4.9.39+dfsg.02/w9/dotter.c:2799:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    win = atoi(winsize);
data/acedb-4.9.39+dfsg.02/w9/dotter.c:3241:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(MATRIX_NAME, "DNA+5/-4");
data/acedb-4.9.39+dfsg.02/w9/dotter.c:3245:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(MATRIX_NAME, "BLOSUM62");
data/acedb-4.9.39+dfsg.02/w9/dotter.c:3253:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!(saveFil = fopen (savefile, "wb")))
data/acedb-4.9.39+dfsg.02/w9/dotter.c:3349:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[1025] = "#", *p;
data/acedb-4.9.39+dfsg.02/w9/dotter.c:3351:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!(fil = fopen(mtxfile, "r")) &&
data/acedb-4.9.39+dfsg.02/w9/dotter.c:3352:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	!(fil = fopen(messprintf("%s/%s", getenv("BLASTMAT"), mtxfile), "r")))
data/acedb-4.9.39+dfsg.02/w9/dotter.c:3372:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    MATRIX[row][col] = atoi(p);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:268:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	case 'p': pixelFacset = atoi(optarg); break;
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:269:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	case 'q': qoffset = atoi(optarg);     break;
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:272:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	case 's': soffset = atoi(optarg);     break;
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:281:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    qlen = atoi(argv[optind+1]);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:283:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    slen = atoi(argv[optind+3]);
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:291:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	case 'z': dotterZoom = atoi(optarg);  break;
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:380:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	else if(!(qfile = fopen(argv[optind], "r"))) {
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:388:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	if ((cp = (char *)strrchr(argv[optind], '/')))
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:393:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!(sfile = fopen(argv[optind+1], "r"))) {
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:401:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	if ((cp = (char *)strrchr(argv[optind]+1, '/')))
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:491:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dummyopts[32];	/* opts have different meaning in blixem */
data/acedb-4.9.39+dfsg.02/w9/dotterMain.c:497:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	else if(!(file = fopen(FSfilename, "r")))
data/acedb-4.9.39+dfsg.02/w9/efetch.c:41:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char dbsource[32];
data/acedb-4.9.39+dfsg.02/w9/efetch.c:42:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char  *env, dbdir[MAXFILE]="", *seqName;
data/acedb-4.9.39+dfsg.02/w9/efetch.c:93:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char  idxfile[MAXFILE]="", dbfile[MAXFILE]="", divfile[MAXFILE]="", 
data/acedb-4.9.39+dfsg.02/w9/efetch.c:95:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char *file, customName[MAXFILE]="";
data/acedb-4.9.39+dfsg.02/w9/efetch.c:96:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char         query[32], *tmpstr, *cp, fetchstr[256]; 
data/acedb-4.9.39+dfsg.02/w9/efetch.c:267:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      Startseq = atoi(optarg);
data/acedb-4.9.39+dfsg.02/w9/efetch.c:271:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      Endseq = atoi(optarg); 
data/acedb-4.9.39+dfsg.02/w9/efetch.c:409:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((idx = fopen(idxfile, "r")) == NULL)
data/acedb-4.9.39+dfsg.02/w9/efetch.c:437:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((actrg = fopen(actrgfile, "r")) == NULL) 
data/acedb-4.9.39+dfsg.02/w9/efetch.c:451:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((achit = fopen(achitfile, "r")) == NULL) 
data/acedb-4.9.39+dfsg.02/w9/efetch.c:549:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((db = fopen(dbfile, "r")) == NULL) {
data/acedb-4.9.39+dfsg.02/w9/efetch.c:580:8:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	      strcpy(fetchstr, "efetch -a ");
data/acedb-4.9.39+dfsg.02/w9/embl.c:93:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char dname[DIR_BUFFER_SIZE], fname[FIL_BUFFER_SIZE] ;
data/acedb-4.9.39+dfsg.02/w9/embl.c:199:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char work[128] ;
data/acedb-4.9.39+dfsg.02/w9/embl.c:299:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char buf[1000] ;
data/acedb-4.9.39+dfsg.02/w9/embl.c:635:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char  *rnaText, featText[16] ;
data/acedb-4.9.39+dfsg.02/w9/fetch.c:39:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char  *env, dbsource[32]="", dbdir[128]="";
data/acedb-4.9.39+dfsg.02/w9/fetch.c:93:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char  idxfile[128]="", dbfile[128]="", divfile[128]="", 
data/acedb-4.9.39+dfsg.02/w9/fetch.c:95:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char *file, customName[128]="", *seqName;
data/acedb-4.9.39+dfsg.02/w9/fetch.c:96:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char         query[32], *tmpstr; 
data/acedb-4.9.39+dfsg.02/w9/fetch.c:193:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      Startseq = atoi(optarg); break;
data/acedb-4.9.39+dfsg.02/w9/fetch.c:196:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      Endseq = atoi(optarg); break;
data/acedb-4.9.39+dfsg.02/w9/fetch.c:310:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((idx = fopen(idxfile, "r")) == NULL)
data/acedb-4.9.39+dfsg.02/w9/fetch.c:338:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((actrg = fopen(actrgfile, "r")) == NULL) 
data/acedb-4.9.39+dfsg.02/w9/fetch.c:352:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((achit = fopen(achitfile, "r")) == NULL) 
data/acedb-4.9.39+dfsg.02/w9/fetch.c:450:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((db = fopen(dbfile, "r")) == NULL) {
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:96:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[MAXSTRLEN];
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:114:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char siteType[MAXSTRLEN]; /* type of site: e.g. atg, intron5, intron3, polya */
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:115:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char refSeqs[MAXSTRLEN]; /* reference sequences used to compute score table;
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:117:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char freqType[MAXSTRLEN]; /* "within" or "between"; specifies how
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:121:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char classDef[MAXSTRLEN]; 
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:429:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char string[MAXSTRLEN],string2[MAXSTRLEN];
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:453:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if (!(fp = fopen (tableFile, "r")))
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:541:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(table->refSeqs,"all"); /*default reference sequences*/
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:542:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(table->freqType,"within"); 
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:543:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(table->classDef,"unique"); /*default frequency calculations:
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:912:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *cp, fileName[MAXSTRLEN] ;
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:915:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if (!(fp = fopen (filename, "r")))
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:1017:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *cp, fileName[MAXSTRLEN], lastFileName[MAXSTRLEN] ;
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:1021:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if (!(fp = fopen (filename, "r")))
data/acedb-4.9.39+dfsg.02/w9/gfcode.c:1213:24:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  else if (!(seqFile = fopen (*argv, "r")))
data/acedb-4.9.39+dfsg.02/w9/gmapdata.c:700:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    { char buf[2000] ; 
data/acedb-4.9.39+dfsg.02/w9/gmapdata.c:702:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf (buf, "%d loci\n"
data/acedb-4.9.39+dfsg.02/w9/gmapdatacol.c:155:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy (look->messageText, "Multi_pt ") ;
data/acedb-4.9.39+dfsg.02/w9/gmapdatacol.c:158:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
      strcat (look->messageText, ": ") ;
data/acedb-4.9.39+dfsg.02/w9/gmapdatacol.c:889:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[7];
data/acedb-4.9.39+dfsg.02/w9/gmapdatacol.c:913:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	  strcat(buff, "..");
data/acedb-4.9.39+dfsg.02/w9/hexcode.c:100:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if (!(fil = fopen (filname, "r")))
data/acedb-4.9.39+dfsg.02/w9/hexcode.c:358:24:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  else if (!(seqFile = fopen (*argv, "r")))
data/acedb-4.9.39+dfsg.02/w9/readseq.c:48:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  memcpy (newbuf, *buf, n) ;
data/acedb-4.9.39+dfsg.02/w9/readseq.c:206:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char matdirname[256] ;
data/acedb-4.9.39+dfsg.02/w9/readseq.c:207:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char fullname[512] ;
data/acedb-4.9.39+dfsg.02/w9/readseq.c:209:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char line[1024] = "#", *p;
data/acedb-4.9.39+dfsg.02/w9/readseq.c:217:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy (matdirname, "/nfs/disk100/pubseq/blastdb/") ;
data/acedb-4.9.39+dfsg.02/w9/readseq.c:221:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if (!(fil = fopen (name, "r")) && !(fil = fopen (fullname, "r")))
data/acedb-4.9.39+dfsg.02/w9/readseq.c:221:45:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if (!(fil = fopen (name, "r")) && !(fil = fopen (fullname, "r")))
data/acedb-4.9.39+dfsg.02/w9/readseq.c:256:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    (*mat)[symb[i]][symb[j]] = atoi(p) ;
data/acedb-4.9.39+dfsg.02/w9/vmapdata2.c:1388:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy (look->messageText, "Multi_pt ") ;
data/acedb-4.9.39+dfsg.02/w9/vmapdata2.c:1390:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
  strcat (look->messageText, ": ") ;
data/acedb-4.9.39+dfsg.02/wabi/abifix.c:788:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[256], *cp, *cq ;
data/acedb-4.9.39+dfsg.02/wabi/abifix.c:837:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *cp , buf[300] ;
data/acedb-4.9.39+dfsg.02/wabi/annot.c:49:68:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef struct annotStruct { KEY key ; void *magic ; Graph graph ; char remark[1001] ; } *ANNOT ;
data/acedb-4.9.39+dfsg.02/wabi/basecall.c:207:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char  ba, buf[256] ;
data/acedb-4.9.39+dfsg.02/wabi/basecall.c:239:8:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	      sprintf (buf, "%6d %c %5d ", x, ba, q) ;
data/acedb-4.9.39+dfsg.02/wabi/basecall.c:242:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf (buf, "%6d %c", x, ba) ;
data/acedb-4.9.39+dfsg.02/wabi/basecall.c:245:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat (buf, " h") ;
data/acedb-4.9.39+dfsg.02/wabi/basecall.c:247:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat (buf, " a") ;
data/acedb-4.9.39+dfsg.02/wabi/basecall.c:558:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    ff = fopen (myname, "rb") ;
data/acedb-4.9.39+dfsg.02/wabi/basecall.c:3696:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *cp, buf[1000], buf1[1000] ;
data/acedb-4.9.39+dfsg.02/wabi/basecall.c:3749:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *cp, ctf [132], scf[132] ;
data/acedb-4.9.39+dfsg.02/wabi/blyctrl.c:73:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char vname[NN] ;
data/acedb-4.9.39+dfsg.02/wabi/blyctrl.c:74:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char leftSite[NN], rightSite[NN] ; int nn1 ;
data/acedb-4.9.39+dfsg.02/wabi/cdnaalign.c:4271:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *cp, feet[6] ;
data/acedb-4.9.39+dfsg.02/wabi/cdnaalign.c:5594:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *cp, *cq, buffer[60001] ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:1708:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char c, *buffer, buf[2] ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:1897:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[7] ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:1911:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf (buff, "cut") ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:1914:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf (buff, "unjoin") ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3258:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[256] ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3367:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char com[300] ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3368:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char nm [128] ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3421:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ char nm [128], buf [256] ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3426:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf (buf, "%d", taux) ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3444:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ char nm [128], buf [256] ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3600:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ char nm[128], buf[256] ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3626:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ char buf[256] ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3628:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf (buf, "Order_by_Size\n") ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3633:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ char buf[256] ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3635:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf (buf, "Order_by_Subclones\n") ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3665:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  memcpy(cp1, arrp(dna1,0,char), arrayMax(dna1));
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3666:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  memcpy(cp2, arrp(dna2,0,char), arrayMax(dna2));
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3704:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ char buf[256], nm[128] ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3779:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf [256], nm[128] ;
data/acedb-4.9.39+dfsg.02/wabi/fmaptrace.c:3785:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf (buf, "%d", taux) ;
data/acedb-4.9.39+dfsg.02/wabi/geneannot.c:66:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  BOOL open, fixedFont ; 
data/acedb-4.9.39+dfsg.02/wabi/geneannot.c:364:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if (seg->open)
data/acedb-4.9.39+dfsg.02/wabi/geneannot.c:406:26:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if (seg->right && seg->open)
data/acedb-4.9.39+dfsg.02/wabi/geneannot.c:485:24:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
     seg->open = !seg->open ;
data/acedb-4.9.39+dfsg.02/wabi/geneannot.c:487:29:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
       look->openAll = seg->open ? 2 : 1 ;
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:57:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char s[2];
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:152:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *fp,*fopen();
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:161:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fp=fopen("P7VAL","r"))==NULL) {
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:183:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fp=fopen("J8_7","r"))==NULL) {
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:205:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fp=fopen("P7c","r"))==NULL) {
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:230:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *fopen(),*fpl,*fpe;
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:232:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fpl=fopen("plancher","r"))==NULL) {
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:235:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fpe=fopen("penabonu","r"))==NULL) {
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:1853:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char s[20];
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:1888:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *pch,c[2];
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:1974:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *fopen(),*fseq,*fseq2;
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:1976:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char s[2];
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:1979:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fseq=fopen(nom,"r"))==NULL) {
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:1982:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fseq2=fopen("c:seqbis.dat","w"))==NULL) {
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:2055:32:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *gp4,*gp7,*fep,*fseq,*fopen();
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:2056:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cont[6],rep[3];
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:2064:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char nom_sol[28]="yol/";
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:2065:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char nomp7[28]="yol/";
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:2066:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char nomp4[28]="yol/";
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:2067:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char nomens[28]="yol/";
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:2069:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dir[DIR_BUFFER_SIZE], nom[FIL_BUFFER_SIZE] ;
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:2121:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (gp4=fopen(nomp4,"w")) 
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:2123:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (gp7=fopen(nomp7,"w"))
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:2130:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fep=fopen("c:seqbis.dat","r"))==NULL) {
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:2154:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (fseq=fopen("c:seq.dat","w"))
data/acedb-4.9.39+dfsg.02/wabi/intron2.c:2230:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fseq=fopen("c:seq.dat","r"))==NULL) {
data/acedb-4.9.39+dfsg.02/wabi/nnbasecall.c:229:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char fileName[FIL_BUFFER_SIZE] , dirName[DIR_BUFFER_SIZE] ;
data/acedb-4.9.39+dfsg.02/wabi/nnbasecall.c:457:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char fileName[FIL_BUFFER_SIZE] , dirName[DIR_BUFFER_SIZE] ;
data/acedb-4.9.39+dfsg.02/wabi/nnbasecall.c:654:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char fileName[FIL_BUFFER_SIZE] , dirName[DIR_BUFFER_SIZE] ;
data/acedb-4.9.39+dfsg.02/wabi/nnbasecall.c:656:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy (fileName,"quality") ;
data/acedb-4.9.39+dfsg.02/wabi/saucisse.c:348:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy (test->base, cp, i) ;
data/acedb-4.9.39+dfsg.02/wabi/trace.c:492:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf [2] ;
data/acedb-4.9.39+dfsg.02/wabi/trace.c:1842:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *cp, buf[2] ;
data/acedb-4.9.39+dfsg.02/wabi/trace.c:2107:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[2] ;
data/acedb-4.9.39+dfsg.02/wabi/trace.c:2410:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char c, cc, *cp, *cq, buf[2] ;
data/acedb-4.9.39+dfsg.02/wabi/trace.c:2682:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char c, buf[2] ;
data/acedb-4.9.39+dfsg.02/wabi/trace.c:3562:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	      char buf[2] ;
data/acedb-4.9.39+dfsg.02/wabi/trace.c:3791:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *cp, buf[2] ;
data/acedb-4.9.39+dfsg.02/wabi/trace.c:3825:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char c, buf[2] ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:100:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[100] ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:107:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf (buf, "kclear _aks%d",  ks->x->id) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:382:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (host && atoi (host))
data/acedb-4.9.39+dfsg.02/wac/acclient.c:395:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  port_number = atoi (port) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:473:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (s, response, response_len) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:524:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (response+y, t->data, t->len) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1351:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[30] ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1353:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf (buff, "kget _aks%d",  k->id) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1365:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *s, buff[50] ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1371:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (&swap_magic, cp, 4) ; cp+= 4 ; nn -= 4 ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1413:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf (buff, "_sys_%d", ncl) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1843:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf (buff, "kstore _aks%d" ,  ks->x->id) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1886:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[50] ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1891:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf (buff, "kstore _aks%d" ,  aks->x->id) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1909:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[50] ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1922:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf (buff, "kstore _aks%d" ,  aks1->x->id) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1981:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[50] ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:1993:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf (buff, "kstore _aks%d" ,  aks->x->id) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2006:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[50] ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2019:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf (buff, "kstore _aks%d" ,  aks->x->id) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2038:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[256] ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2042:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf (buff, "subset %d %d", x0, nx) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2045:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf (buff, "kstore _aks%d" ,  aks1->x->id) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2197:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *name, buff[80] ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2214:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf (buff, "show -C -b %d -c %d", it->next, AC_ITER_OBJECT_READAHEAD) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2292:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[80] ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2303:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf (buff, "list -C -b %d -c %d", it->next, AC_ITER_OBJECT_READAHEAD) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2529:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf (command, "kstore _aks%d" ,  aks->x->id) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2621:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[100] ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2629:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf (buff, "kstore _aks%d" ,  ks->x->id) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2649:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (buf, obj->x->a_data, len) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2681:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char command [256] ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2690:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf (command, "dna -x1 %d -x2 %d", x1, x2) ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2692:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf (command, "dna") ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2799:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[100] ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2804:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy (s, "serverparse\n") ;
data/acedb-4.9.39+dfsg.02/wac/acclient.c:2826:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf (buff, "kstore _aks%d" ,  ks->x->id) ;
data/acedb-4.9.39+dfsg.02/wac/acclient_acetcp.c:35:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(acetcp_response, s, n);
data/acedb-4.9.39+dfsg.02/wac/acclient_acetcp.c:170:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char dyn_error[200];
data/acedb-4.9.39+dfsg.02/wac/acclient_acetcp.c:178:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  timeout = atoi(protocol);
data/acedb-4.9.39+dfsg.02/wac/acclient_rpc.c:65:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  timeout = atoi(protocol);
data/acedb-4.9.39+dfsg.02/wac/acclient_socket.c:72:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  timeout = atoi(protocol);
data/acedb-4.9.39+dfsg.02/wac/acclient_socket.c:114:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			f = fopen(fname,"r");
data/acedb-4.9.39+dfsg.02/wac/acclient_socket.c:117:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char b[100], f_host[100], f_user[100], f_port[100];
data/acedb-4.9.39+dfsg.02/wac/acclient_socket.c:131:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					if ((f_port[0] != '*') && (port != atoi(f_port)))
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:114:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char msg_type[ACECONN_MSGTYPE_BUFLEN] ;		    /* See the msgs defined above. */
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:345:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char header_buf[ACECONN_HEADER_BYTES] ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:461:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy((void*)&sname.sin_addr, (void*)hp->h_addr, hp->h_length) ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:488:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *hash_strings[HASH_STRING_NUM] ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:1063:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(msg->encore_message.str, msg->message, msg->mBytesRequested) ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:1123:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&(hdr->byte_swap), buf, 4) ;      buf += 4 ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:1124:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&(hdr->length), buf, 4) ;         buf += 4 ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:1125:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&(hdr->server_version), buf, 4) ; buf += 4 ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:1126:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&(hdr->client_id), buf, 4) ;      buf += 4 ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:1127:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&(hdr->max_bytes), buf, 4) ;      buf += 4 ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:1128:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&(hdr->msg_type), buf, ACECONN_MSGTYPE_BUFLEN) ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:1135:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buf, &(hdr->byte_swap), 4) ;      buf += 4 ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:1136:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buf, &(hdr->length), 4) ;         buf += 4 ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:1137:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buf, &(hdr->server_version), 4) ; buf += 4 ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:1138:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buf, &(hdr->client_id), 4) ;      buf += 4 ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:1139:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buf, &(hdr->max_bytes), 4) ;      buf += 4 ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:1140:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buf, &(hdr->msg_type), ACECONN_MSGTYPE_BUFLEN) ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:1351:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *hash_strings[HASH_STRING_NUM] ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:1367:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char digest[MD5_HASHLEN] ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:1374:36:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      MD5Update(&Md5Ctx, (unsigned char *)strings[i], strlen(strings[i])) ;
data/acedb-4.9.39+dfsg.02/wac/acclient_socket_lib.c:1399:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(hex_ptr, "%02x", digest[i]) ;
data/acedb-4.9.39+dfsg.02/wac/accmd.c:50:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char b[2000];
data/acedb-4.9.39+dfsg.02/wac/accmd.c:85:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			timeout = atoi(argv[0]);
data/acedb-4.9.39+dfsg.02/wac/accmd.c:140:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char b[2000];
data/acedb-4.9.39+dfsg.02/wac/acctest.c:49:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char b[1000];
data/acedb-4.9.39+dfsg.02/wac/acinside.c:175:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  memcpy (&n, cp, 4) ;
data/acedb-4.9.39+dfsg.02/wac/acinside.c:180:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	      memcpy (result, cp, n) ; 
data/acedb-4.9.39+dfsg.02/wac/acinside.c:691:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[4096] ;
data/acedb-4.9.39+dfsg.02/wac/acinside.c:871:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char b[100];
data/acedb-4.9.39+dfsg.02/wac/acinside.c:887:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	  sprintf(b,"%d",i);
data/acedb-4.9.39+dfsg.02/wac/acinside.c:894:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	  sprintf(b,"%g",f);
data/acedb-4.9.39+dfsg.02/wac/actable.c:560:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char b[100];
data/acedb-4.9.39+dfsg.02/wac/actable.c:570:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(b,"%d", c->u.i);
data/acedb-4.9.39+dfsg.02/wac/actable.c:573:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(b,"%g", c->u.f);
data/acedb-4.9.39+dfsg.02/wace/acediff.c:455:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  inputA = fopen (argv[1],"r") ;
data/acedb-4.9.39+dfsg.02/wace/acediff.c:456:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  inputB = fopen (argv[2],"r") ;
data/acedb-4.9.39+dfsg.02/wace/acediff.c:457:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  tmpA = fopen ("tempA1","w") ;
data/acedb-4.9.39+dfsg.02/wace/acediff.c:458:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  tmpB = fopen ("tempB1","w") ;
data/acedb-4.9.39+dfsg.02/wace/acediff.c:482:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  tmpA = fopen ("tempA2","r") ;
data/acedb-4.9.39+dfsg.02/wace/acediff.c:483:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  tmpB = fopen ("tempB2","r") ;
data/acedb-4.9.39+dfsg.02/wace/acediff.c:484:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  tmpC = fopen ("tempC1","w") ;
data/acedb-4.9.39+dfsg.02/wace/acediff.c:504:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  tmpC = fopen ("tempC2","r") ;
data/acedb-4.9.39+dfsg.02/wace/acediffsorted.c:157:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tmp[2];
data/acedb-4.9.39+dfsg.02/wace/acediffsorted.c:503:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  inputA = fopen (argv[1],"r");
data/acedb-4.9.39+dfsg.02/wace/acediffsorted.c:504:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  inputB = fopen (argv[2],"r"); 
data/acedb-4.9.39+dfsg.02/wace/acediffsorted.c:519:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    temp = fopen (cp,"r");
data/acedb-4.9.39+dfsg.02/wace/acediffsorted.c:534:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    temp = fopen (cp,"r");
data/acedb-4.9.39+dfsg.02/wace/acediffsorted.c:550:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  tmpC = fopen ("tempC1","w");
data/acedb-4.9.39+dfsg.02/wace/acediffsorted.c:559:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  tmpC = fopen ("tempC2","r");
data/acedb-4.9.39+dfsg.02/wace/acesubs.c:43:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ww[50][1000] ;		/* hard limit of a history of 50 */
data/acedb-4.9.39+dfsg.02/wace/acesubs.c:206:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char newlexname[250] ;
data/acedb-4.9.39+dfsg.02/wace/acesubs.c:212:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char  number[250];
data/acedb-4.9.39+dfsg.02/wace/homonym.c:63:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
   FILE *new = fopen("newnames","w") ;
data/acedb-4.9.39+dfsg.02/wace/homonym.c:111:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *f = fopen(name,"r") ;
data/acedb-4.9.39+dfsg.02/wace/makeUserPasswd.c:47:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char digest[MD5_HASHLEN] ;
data/acedb-4.9.39+dfsg.02/wace/makeUserPasswd.c:61:36:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      MD5Update(&Md5Ctx, (unsigned char *)argv[1], strlen(argv[1])) ;
data/acedb-4.9.39+dfsg.02/wace/makeUserPasswd.c:158:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(hex_ptr, "%02x", digest[i]) ;
data/acedb-4.9.39+dfsg.02/wace/pmapace.c:57:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char  buffer[MAXBUF] ;
data/acedb-4.9.39+dfsg.02/wace/pmapace.c:112:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char  clone[9],gene[9],remark[41],*acedb_data,*cp ;
data/acedb-4.9.39+dfsg.02/wace/pmapace.c:122:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  in = fopen (messprintf ("%s/pmap/%s.asc",acedb_data,argv[1]),"r") ;
data/acedb-4.9.39+dfsg.02/wace/pmapace.c:123:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  out = fopen (messprintf ("%s/pmap/%s.ace",acedb_data),"w") ;
data/acedb-4.9.39+dfsg.02/wace/pmapace2.c:43:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char  buffer[MAXBUF] ;
data/acedb-4.9.39+dfsg.02/wace/pmapace2.c:98:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char  clone[9],gene[9],remark[41],*cp ;
data/acedb-4.9.39+dfsg.02/wace/pmapace2.c:106:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  in = fopen (messprintf ("%s.asc",argv[1]),"r") ;
data/acedb-4.9.39+dfsg.02/wace/pmapace2.c:107:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  out = fopen (messprintf ("%s.2.ace",argv[1]),"w") ;
data/acedb-4.9.39+dfsg.02/wace/stockace.c:46:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char tag[40][36] =
data/acedb-4.9.39+dfsg.02/waql/aqlcheck.c:1699:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char typeString[2];	/* a copy will be allocated by tableHandleCreate */
data/acedb-4.9.39+dfsg.02/waql/aqlerror.c:60:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[22] ;
data/acedb-4.9.39+dfsg.02/waql/aqlerror.c:104:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf (aql->errorReport,
data/acedb-4.9.39+dfsg.02/waql/aqlerror.c:115:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	  strcat  (aql->errorReport, "// ");
data/acedb-4.9.39+dfsg.02/waql/aqlerror.c:124:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
  strcat (aql->errorReport, "// ");
data/acedb-4.9.39+dfsg.02/waql/aqlrun.c:578:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char typeString[2];
data/acedb-4.9.39+dfsg.02/wdce/client.c:26:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    inbuf[80];
data/acedb-4.9.39+dfsg.02/wdce/client.c:27:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    outbuf[80];
data/acedb-4.9.39+dfsg.02/wdce/connectionspp.cpp:87:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    m_TCP_IP_Port           = (UINT)atoi((LPCTSTR)m_Default_TCP_IP.Endpoint()) ;
data/acedb-4.9.39+dfsg.02/wdce/connectionspp.cpp:89:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    m_NetBEUI_Port          = (short)atoi((LPCTSTR)m_Default_NetBEUI.Endpoint()) ;
data/acedb-4.9.39+dfsg.02/wdce/connectionspp.cpp:189:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char port[6] ;
data/acedb-4.9.39+dfsg.02/wdce/connectionspp.cpp:199:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char port[4] ;
data/acedb-4.9.39+dfsg.02/wdce/dceclientlib.c:66:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      f = fopen (cp, "r") ;
data/acedb-4.9.39+dfsg.02/wdce/dceclientlib.c:81:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      f = fopen (cp, "r") ;
data/acedb-4.9.39+dfsg.02/wdce/dceclientlib.c:217:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static unsigned char epStr[256]  ;
data/acedb-4.9.39+dfsg.02/wdce/dceclientlib.c:223:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(epStr, "\\pipe\\aceserver") ;
data/acedb-4.9.39+dfsg.02/wdce/dceclientlib.c:226:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(epStr, "\\pipe\\") ;
data/acedb-4.9.39+dfsg.02/wdce/dceclientlib.c:231:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(epStr, "32") ;
data/acedb-4.9.39+dfsg.02/wdce/dceclientlib.c:233:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(epStr, "11000") ;  /* a TCP/IP or other port #? */
data/acedb-4.9.39+dfsg.02/wdce/dceclientlib.c:249:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static unsigned char pStr[32] ;
data/acedb-4.9.39+dfsg.02/wdce/dceclientlib.c:255:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy((char *)pStr, "ncacn_np" ) ;
data/acedb-4.9.39+dfsg.02/wdce/dceclientlib.c:259:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy((char *)pStr, "ncacn_ip_tcp" ) ;
data/acedb-4.9.39+dfsg.02/wdce/dceclientlib.c:261:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy((char *)pStr, "ncacn_nb_nb" ) ;
data/acedb-4.9.39+dfsg.02/wdce/dceclientlib.c:276:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static unsigned char epStr[256]  ;
data/acedb-4.9.39+dfsg.02/wdce/dceserverlib.c:191:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy (cp, stackText(s,0), nn) ;
data/acedb-4.9.39+dfsg.02/wdce/dceserverlib.c:196:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
				strcpy(cp,"// Sorry, broken connection, possibly due to client time out") ;
data/acedb-4.9.39+dfsg.02/wdce/dceserverlib.c:199:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
				strcpy(cp,"// ") ;
data/acedb-4.9.39+dfsg.02/wdce/dceserverlib.cpp:395:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy (cp, stackText(s,0), nn) ;
data/acedb-4.9.39+dfsg.02/wdce/dceserverlib.cpp:399:25:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                        strcpy(cp,"// Sorry, broken connection, possibly due to client time out") ;
data/acedb-4.9.39+dfsg.02/wdce/rpcace_c.c:27:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char  Format[ TYPE_FORMAT_STRING_SIZE ];
data/acedb-4.9.39+dfsg.02/wdce/rpcace_c.c:33:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char  Format[ PROC_FORMAT_STRING_SIZE ];
data/acedb-4.9.39+dfsg.02/wdce/rpcace_s.c:22:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char  Format[ TYPE_FORMAT_STRING_SIZE ];
data/acedb-4.9.39+dfsg.02/wdce/rpcace_s.c:28:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char  Format[ PROC_FORMAT_STRING_SIZE ];
data/acedb-4.9.39+dfsg.02/wdce/serviceregistrypp.cpp:251:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pathnameBuf[256], *ppathnameBuf = pathnameBuf ;
data/acedb-4.9.39+dfsg.02/wgd/gd.h:36:6:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	int open[gdMaxColors];
data/acedb-4.9.39+dfsg.02/wgd/gd2gif.c:10:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[256] ;
data/acedb-4.9.39+dfsg.02/wgd/gd2gif.c:18:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
  strcat (buf, ".gd") ;
data/acedb-4.9.39+dfsg.02/wgd/gd2gif.c:19:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if (!(in = fopen (buf, "r")))
data/acedb-4.9.39+dfsg.02/wgd/gd2gif.c:29:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
  strcat (buf, ".gif") ;
data/acedb-4.9.39+dfsg.02/wgd/gd2gif.c:30:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if (!(out = fopen (buf, "w")))
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:73:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if (im->open[i]) {
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:92:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if (im->open[i]) {
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:109:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if (im->open[i]) {
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:124:6:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	im->open[ct] = 0;
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:131:6:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	im->open[color] = 1;
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:1502:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char accum[ 256 ];
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:1609:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
       unsigned char   ColorMap[3][MAXCOLORMAPSIZE];
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:1624:57:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static int ReadColorMap (FILE *fd, int number, unsigned char (*buffer)[256]);
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:1629:79:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static void ReadImage (gdImagePtr im, FILE *fd, int len, int height, unsigned char (*cmap)[256], int interlace, int ignore);
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:1642:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
       unsigned char   buf[16];
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:1644:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
       unsigned char   ColorMap[3][MAXCOLORMAPSIZE];
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:1645:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
       unsigned char   localColorMap[3][MAXCOLORMAPSIZE];
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:1650:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
       char            version[4];
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:1697:40:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                               if (im->open[i]) {
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:1754:45:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
ReadColorMap(FILE *fd, int number, unsigned char (*buffer)[256])
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:1757:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
       unsigned char   rgb[3];
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:1776:24:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
       static unsigned char     buf[256];
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:1820:24:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
       static unsigned char    buf[280];
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:1923:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                       unsigned char   buf[260];
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:1972:66:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
ReadImage(gdImagePtr im, FILE *fd, int len, int height, unsigned char (*cmap)[256], int interlace, int ignore)
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:1983:20:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
               im->open[i] = 1;
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:2008:24:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
               if (im->open[v]) {
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:2009:28:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                       im->open[v] = 0;
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:2388:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char s[161];
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:2405:6:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	w = atoi(sp + 1);
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:2425:6:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	h = atoi(sp + 1);
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:2440:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char h[3];
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:2613:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(im->style, style, sizeof(int) * noOfPixels);
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:2715:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((void*)(tmp+dp->logicalSize),src,size);
data/acedb-4.9.39+dfsg.02/wgd/libgd.c:2741:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(newPtr,dp->data,dp->logicalSize);
data/acedb-4.9.39+dfsg.02/wgnbk/gnbk.c:92:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open(messprintf("%s.1",filName), O_RDONLY, 0);
data/acedb-4.9.39+dfsg.02/wgnbk/gnbk.c:195:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *filName, *cp, buf[50][255] ;
data/acedb-4.9.39+dfsg.02/wgnbk/gnbk.c:413:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[50][ 256] ;
data/acedb-4.9.39+dfsg.02/wgnbk/gnbkclient.c:118:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      port = atoi(*argv);
data/acedb-4.9.39+dfsg.02/wgnbk/gnbkserver.c:119:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
{ char buf [12*1024] ;
data/acedb-4.9.39+dfsg.02/wgnbk/gnbkserver.c:121:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
  strcat (buf, ".log") ;
data/acedb-4.9.39+dfsg.02/wgnbk/gnbkserver.c:169:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char dummy[15] ;
data/acedb-4.9.39+dfsg.02/wgnbk/rpcgnbk_sp.c:99:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy (cp, stackText(s,0), nn) ;
data/acedb-4.9.39+dfsg.02/wgnbk/rpcgnbk_sp.c:101:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(cp,"// Sorry, broken connection, possibly due to client time out") ;
data/acedb-4.9.39+dfsg.02/wgnbk/rpcgnbk_sp.c:103:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(cp,"// ") ;
data/acedb-4.9.39+dfsg.02/wh/a_.h:57:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char  n[AMAX];
data/acedb-4.9.39+dfsg.02/wh/array.h:217:12:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			      ( memcpy((stk)->ptr,(stk)->ptr - ((pos+1) * STACK_ALIGNMENT),STACK_ALIGNMENT), \
data/acedb-4.9.39+dfsg.02/wh/b_.h:57:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                 char c[NODEX] ;
data/acedb-4.9.39+dfsg.02/wh/blxview.h:62:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char     qframe[8];		
data/acedb-4.9.39+dfsg.02/wh/blxview.h:67:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char     sframe[8];
data/acedb-4.9.39+dfsg.02/wh/cdna.h:54:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern  char B2[255] ;
data/acedb-4.9.39+dfsg.02/wh/cdnainit.h:36:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char B2[255] ;
data/acedb-4.9.39+dfsg.02/wh/colcontrol.h:117:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char text[32] ;
data/acedb-4.9.39+dfsg.02/wh/colcontrol_.h:82:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[EDITLEN+1];
data/acedb-4.9.39+dfsg.02/wh/dbidx.h:71:16:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              *memcpy(),
data/acedb-4.9.39+dfsg.02/wh/dbidx.h:121:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
           char  db_name[21];
data/acedb-4.9.39+dfsg.02/wh/dbidx.h:122:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
           char  db_relnum[11];
data/acedb-4.9.39+dfsg.02/wh/dbidx.h:132:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char entry_name[32];  /* The actual size is calculated from the header of 
data/acedb-4.9.39+dfsg.02/wh/dbidx.h:147:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char acnum[32];  /* The actual size is calculated from the header of 
data/acedb-4.9.39+dfsg.02/wh/dbidx.h:167:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char file_name[128]; /* This may vary. EMBL uses 12 */
data/acedb-4.9.39+dfsg.02/wh/diskPart.h:50:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char hostname[LG_NAME]; /* machine on which is the partition            */
data/acedb-4.9.39+dfsg.02/wh/diskPart.h:51:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fileSystem[LG_NAME];/* partition file system or "ACEDN if relative */
data/acedb-4.9.39+dfsg.02/wh/diskPart.h:52:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fileName[LG_NAME];  /* file name or "NONE" if not a file system    */
data/acedb-4.9.39+dfsg.02/wh/disk__.h:49:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char c[BLKMX];
data/acedb-4.9.39+dfsg.02/wh/gmap.h:81:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char  messageText[MAXMESSAGETEXT] ;
data/acedb-4.9.39+dfsg.02/wh/interval.h:99:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			     char nboligo[16], distance[16], choix[16], param[30] ;
data/acedb-4.9.39+dfsg.02/wh/iupac.h:149:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *stdcode1[65] = {
data/acedb-4.9.39+dfsg.02/wh/iupac.h:220:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *stdcode3[65] = {
data/acedb-4.9.39+dfsg.02/wh/map.h:91:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char text[32] ;
data/acedb-4.9.39+dfsg.02/wh/mystdlib.h:442:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
FILE    * fopen    (const char *path, const char *mode);
data/acedb-4.9.39+dfsg.02/wh/mystdlib.h:465:24:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define memmove(d,s,l) bcopy(s,d,l)
data/acedb-4.9.39+dfsg.02/wh/mystdlib.h:466:7:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
void  bcopy(char *b1, char *b2, int length);
data/acedb-4.9.39+dfsg.02/wh/opp.h:42:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char opp[256]; /* complement of any given base */
data/acedb-4.9.39+dfsg.02/wh/oxgrid.h:30:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char  findhom[20], findloc[20] ;
data/acedb-4.9.39+dfsg.02/wh/oxgrid.h:40:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char  pairhom[20], pairloc[20], messageText[80] ;      
data/acedb-4.9.39+dfsg.02/wh/oxgrid.h:48:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char  o2mhom[20], o2mloc[20], message2Text[80] ;
data/acedb-4.9.39+dfsg.02/wh/oxgrid.h:55:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char  spechom[20], specloc[20], message3Text[80] ; 
data/acedb-4.9.39+dfsg.02/wh/pepdisp.h:71:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char messageText[MAXMESSAGETEXT];
data/acedb-4.9.39+dfsg.02/wh/pepdisp.h:73:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char activeText[MAXACTIVETEXT];
data/acedb-4.9.39+dfsg.02/wh/pref_.h:47:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char name[32];
data/acedb-4.9.39+dfsg.02/wh/query_.h:55:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char resbuffer[QBUFF_MULT*BUFFER_SIZE]; /* for forming query commands */
data/acedb-4.9.39+dfsg.02/wh/session.h:73:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                 char name[80], title[255] ;
data/acedb-4.9.39+dfsg.02/wh/session_.h:43:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dbName[32] ; /* added as of release 4.3 */
data/acedb-4.9.39+dfsg.02/wh/session_.h:58:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dbName[32] ; /* added as of release 4.3 */
data/acedb-4.9.39+dfsg.02/wh/session_.h:59:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char c[BLKMX] ;
data/acedb-4.9.39+dfsg.02/wh/spread_.h:55:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char titleBuffer[60] ;
data/acedb-4.9.39+dfsg.02/wh/spread_.h:56:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char paramBuffer[180] ;	/* default parameters stored 
data/acedb-4.9.39+dfsg.02/wh/spread_.h:131:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char headerBuffer[60] ;
data/acedb-4.9.39+dfsg.02/wh/spread_.h:132:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char conditionBuffer[360] ; /* additional restriction on the new object */
data/acedb-4.9.39+dfsg.02/wh/spread_.h:133:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tagTextBuffer[360] ; /* To edit by hand the tag filed */
data/acedb-4.9.39+dfsg.02/wh/table.h:104:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cStylePrefix [1] ;
data/acedb-4.9.39+dfsg.02/whooks/class.c:138:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *cp, *cq , buffer[32] ;
data/acedb-4.9.39+dfsg.02/whooks/class.c:182:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(buffer,"__filters%d", nn) ;
data/acedb-4.9.39+dfsg.02/whooks/class.c:250:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[32] ;
data/acedb-4.9.39+dfsg.02/whooks/class.c:261:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(buffer,"__filters%d", i) ;
data/acedb-4.9.39+dfsg.02/whooks/sysclass.c:559:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char
data/acedb-4.9.39+dfsg.02/win32/startace.c:19:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char rxvt[MAX_PATH];
data/acedb-4.9.39+dfsg.02/win32/startace.c:20:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char ace[MAX_PATH];
data/acedb-4.9.39+dfsg.02/win32/startace.c:21:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char db[MAX_PATH];
data/acedb-4.9.39+dfsg.02/win32/startace.c:22:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char dbdir_posix[MAX_PATH];
data/acedb-4.9.39+dfsg.02/win32/startace.c:23:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char install_dir[MAX_PATH];
data/acedb-4.9.39+dfsg.02/win32/startace.c:72:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		  char buff[256];
data/acedb-4.9.39+dfsg.02/win32/startace.c:106:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
  strcat (install_dir, "/bin/sh");
data/acedb-4.9.39+dfsg.02/win32/startace.c:120:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(dbdir_posix, "-promptdb");
data/acedb-4.9.39+dfsg.02/win32/startace.c:126:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      f = fopen(db, "r");
data/acedb-4.9.39+dfsg.02/wjo/oxgriddisp.c:1703:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char a[2] ;
data/acedb-4.9.39+dfsg.02/wmd5/digcalc.h:3:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef char HASH[HASHLEN];
data/acedb-4.9.39+dfsg.02/wmd5/digcalc.h:5:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef char HASHHEX[HASHHEXLEN+1];
data/acedb-4.9.39+dfsg.02/wmd5/digtest.c:13:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char szNonceCount[9] = "00000001";
data/acedb-4.9.39+dfsg.02/wmd5/md5.h:31:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buffer[64];                         /* input buffer */
data/acedb-4.9.39+dfsg.02/wmd5/md5c.c:56:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char PADDING[64] = {
data/acedb-4.9.39+dfsg.02/wmd5/md5c.c:155:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
     unsigned char digest[16];                         /* message digest */
data/acedb-4.9.39+dfsg.02/wmd5/md5c.c:158:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char bits[8];
data/acedb-4.9.39+dfsg.02/wmd5/md5c.c:185:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
     unsigned char block[64];
data/acedb-4.9.39+dfsg.02/wmd5/md5c.c:331:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    ((char *)output)[i] = (char)value;
data/acedb-4.9.39+dfsg.02/wmd5/mddriver.c:106:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char digest[16];
data/acedb-4.9.39+dfsg.02/wmd5/mddriver.c:125:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char block[TEST_BLOCK_LEN], digest[16];
data/acedb-4.9.39+dfsg.02/wmd5/mddriver.c:182:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buffer[1024], digest[16];
data/acedb-4.9.39+dfsg.02/wmd5/mddriver.c:184:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((file = fopen (filename, "rb")) == NULL)
data/acedb-4.9.39+dfsg.02/wmd5/mddriver.c:207:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buffer[16], digest[16];
data/acedb-4.9.39+dfsg.02/wmd5/mddriver.c:221:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
     unsigned char digest[16];
data/acedb-4.9.39+dfsg.02/wnq/acelib.c:1541:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (new->base, a->base, i*a->size) ;
data/acedb-4.9.39+dfsg.02/wnq/table.c:1262:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sepString[2] ;
data/acedb-4.9.39+dfsg.02/wnq/table.c:1267:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char bufvoid[1] = {'v'} ;
data/acedb-4.9.39+dfsg.02/wnq/table.c:1268:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char bufinteger[1] = {'i'} ;
data/acedb-4.9.39+dfsg.02/wnq/table.c:1269:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffloat[1] = {'f'} ;
data/acedb-4.9.39+dfsg.02/wnq/table.c:1270:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char bufdate[1] = {'d'} ;
data/acedb-4.9.39+dfsg.02/wnq/table.c:1271:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buftext[1] = {'t'} ;
data/acedb-4.9.39+dfsg.02/wnq/table.c:1272:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char bufk[2] = {'k', 0} ;
data/acedb-4.9.39+dfsg.02/wnq/table.c:1273:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char bufK[2] = {'K', 0} ;
data/acedb-4.9.39+dfsg.02/wnq/table.c:1274:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buftag[1] = {'g'} ;
data/acedb-4.9.39+dfsg.02/wnq/table.c:1684:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	  char bfret[3];
data/acedb-4.9.39+dfsg.02/wnq/table.c:2156:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (arrp(aa, 0, TABLETYPE), t->name, t->ncol*sizeof(TABLETYPE)) ;
data/acedb-4.9.39+dfsg.02/wnq/table.c:2162:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy (uu, vv, tabMax(t,i) * sizeof(TABLETYPE)) ;
data/acedb-4.9.39+dfsg.02/wnq/table.c:2215:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (t->name, arrp(aa, 0, TABLETYPE), ncol*sizeof(TABLETYPE)) ;
data/acedb-4.9.39+dfsg.02/wnq/table.c:2224:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy (vv, uu, max*sizeof(TABLETYPE)) ;
data/acedb-4.9.39+dfsg.02/wnq/table.c:2231:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy (vv, uu, maxBitArray*sizeof(TABLETYPE)) ;
data/acedb-4.9.39+dfsg.02/wnq/table.c:2315:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 static char type[1000] ;
data/acedb-4.9.39+dfsg.02/wrpc/aceclient.c:429:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(stackText(s,0), answer, length) ;
data/acedb-4.9.39+dfsg.02/wrpc/aceclientlib.c:68:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  f = fopen (name, "r") ;
data/acedb-4.9.39+dfsg.02/wrpc/aceclientlib.c:86:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!(f = fopen(dirName, "r")))
data/acedb-4.9.39+dfsg.02/wrpc/aceclientlib.c:106:6:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	f = fopen (name, "r") ;
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:132:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(newbuffer,*buffer,bytes_to_copy);
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:188:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char command[COMMAND_MAX]; /* command can't be longer than 512 characters */
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:296:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char message[MAX_MESSAGE];
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:297:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char subclass[MAX_CLASSNAME],superclass[MAX_CLASSNAME];
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:306:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(message,"ACE: error code %d",retval);
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:340:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(message,"%d objects",active);
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:368:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char message[FILENAME_MAX + COMMAND_MAX + 1];
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:378:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  temp = fopen(tempName,"w");
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:425:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char message[MAX_MESSAGE];
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:453:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(message,"find ");
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:455:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(message,"follow ");
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:457:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(message,"is ");
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:459:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(message,"query ");
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:461:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(message,"undo ");
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:465:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(message,"show -j ");
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:470:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(message,"table -j -n ");
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:474:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(message,"aql -j ");
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:478:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(message,"model ");
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:482:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(message,"gif ");
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:486:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(message,"list -j ");
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:531:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      port = atoi(*argv);
data/acedb-4.9.39+dfsg.02/wrpc/jade2ace.c:535:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      timeOut = atoi(*argv);
data/acedb-4.9.39+dfsg.02/wrpc/jade2sybase.c:385:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  f = fopen(args[1],"r") ;
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:176:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(newbuffer,*buffer,bytes_to_copy);
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:227:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char command[COMMAND_MAX]; /* command can't be longer than 512 characters */
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:335:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char message[MAX_MESSAGE];
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:336:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char subclass[MAX_CLASSNAME],superclass[MAX_CLASSNAME];
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:377:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(message,"%d objects",active);
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:395:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char message[FILENAME_MAX + COMMAND_MAX + 1];
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:406:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  temp = fopen(tempName,"w");
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:454:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char message[MAX_MESSAGE];
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:483:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(message,"find ");
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:485:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(message,"follow ");
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:487:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(message,"is ");
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:489:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(message,"query ");
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:491:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(message,"undo ");
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:495:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(message,"show -j ");
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:500:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(message,"table -j -n ");
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:504:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(message,"model ");
data/acedb-4.9.39+dfsg.02/wrpc/jadeserver.c:508:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(message,"list -j ");
data/acedb-4.9.39+dfsg.02/wrpc/rpcace_sp.c:124:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy (cp, stackText(s,0), nn) ;
data/acedb-4.9.39+dfsg.02/wrpc/rpcace_sp.c:128:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(cp,"// Sorry, broken connection, possibly due to client time out") ;
data/acedb-4.9.39+dfsg.02/wrpc/xclient.c:71:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char server[255] ; 
data/acedb-4.9.39+dfsg.02/wsocket/acesocket_.h:44:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char hBuffer [ACE_HEADER_BYTES] ;
data/acedb-4.9.39+dfsg.02/wsocket/acesocketlib.c:179:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&(hh->swapMagic), buf, 4) ; buf += 4 ;
data/acedb-4.9.39+dfsg.02/wsocket/acesocketlib.c:180:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&(hh->length), buf, 4) ;  buf += 4 ;
data/acedb-4.9.39+dfsg.02/wsocket/acesocketlib.c:181:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&(hh->serverVersion), buf, 4) ; buf += 4 ;
data/acedb-4.9.39+dfsg.02/wsocket/acesocketlib.c:182:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&(hh->clientId), buf, 4) ; buf += 4 ;
data/acedb-4.9.39+dfsg.02/wsocket/acesocketlib.c:183:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&(hh->maxBytes), buf, 4) ; buf += 4 ;
data/acedb-4.9.39+dfsg.02/wsocket/acesocketlib.c:184:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&(hh->msgType), buf, ACESERV_MSGTYPE_BUFLEN) ;
data/acedb-4.9.39+dfsg.02/wsocket/acesocketlib.c:191:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buf, &(hh->swapMagic), 4) ; buf += 4 ;
data/acedb-4.9.39+dfsg.02/wsocket/acesocketlib.c:192:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buf, &(hh->length), 4) ;    buf += 4 ;
data/acedb-4.9.39+dfsg.02/wsocket/acesocketlib.c:193:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buf, &(hh->serverVersion), 4) ; buf += 4 ;
data/acedb-4.9.39+dfsg.02/wsocket/acesocketlib.c:194:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buf, &(hh->clientId), 4) ; buf += 4 ;
data/acedb-4.9.39+dfsg.02/wsocket/acesocketlib.c:195:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buf, &(hh->maxBytes), 4) ; buf += 4 ;
data/acedb-4.9.39+dfsg.02/wsocket/acesocketlib.c:196:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buf, &(hh->msgType), ACESERV_MSGTYPE_BUFLEN) ;
data/acedb-4.9.39+dfsg.02/wsocket/saceclient.c:214:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	  fil = fopen(optarg, "r") ;
data/acedb-4.9.39+dfsg.02/wsocket/saceclient.c:395:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		  char *words[MAX_REQUEST_WORDS] ;	    /* for construction of requests. */
data/acedb-4.9.39+dfsg.02/wsocket/saceclient.c:668:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	      memcpy(stackText(s,0), answer, length) ;
data/acedb-4.9.39+dfsg.02/wsocket/saceclient.c:1022:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *hash_strings[HASH_STRING_NUM] ;
data/acedb-4.9.39+dfsg.02/wsocket/sclient.c:110:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *prompts[PROMPT_NUM] = {"Please enter current passwd: ",
data/acedb-4.9.39+dfsg.02/wsocket/sclient.c:113:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *answers[PROMPT_NUM] ;
data/acedb-4.9.39+dfsg.02/wsocket/sclient.c:116:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *hash_strings[HASH_STRING_NUM] ;
data/acedb-4.9.39+dfsg.02/wsocket/sclient.c:160:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *prompts[MAX_PROMPTS] = {"Please enter userid to be updated: "} ;
data/acedb-4.9.39+dfsg.02/wsocket/sclient.c:165:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *answers[MAX_PROMPTS] ;
data/acedb-4.9.39+dfsg.02/wsocket/sclient.c:168:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *hash_strings[HASH_STRING_NUM] ;
data/acedb-4.9.39+dfsg.02/wsocket/sclient.c:296:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *prompts[MAX_PROMPTS] = {"Please enter domain to be updated: "} ;
data/acedb-4.9.39+dfsg.02/wsocket/sclient.c:299:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *answers[MAX_PROMPTS] ;
data/acedb-4.9.39+dfsg.02/wsocket/sclient.c:497:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  memcpy (answer,  msg->readBuffer, msg->ah.length) ;
data/acedb-4.9.39+dfsg.02/wsocket/sclientlib.c:99:3:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  bcopy ((char*)hp->h_addr, (char*) &sname.sin_addr, hp->h_length) ;
data/acedb-4.9.39+dfsg.02/wsocket/sclientlib.c:230:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (answer,  msg->readBuffer, msg->ah.length) ;
data/acedb-4.9.39+dfsg.02/wsocket/sclientlib.c:266:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *hash_strings[HASH_STRING_NUM] ;
data/acedb-4.9.39+dfsg.02/wsocket/sclientlib.c:269:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *words[2] ;
data/acedb-4.9.39+dfsg.02/wsocket/serverace.c:1993:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  if ((server->logmsgs_per_timestamp = atoi(frequency_str)) < 0)
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:454:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char addr_str[MAKE_INT_STRING(addr)] ;
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:455:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char random_str[MAKE_INT_STRING(random)] ;
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:456:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char time_str[MAKE_INT_STRING(time)] ;
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:457:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *hash_strings[NONCE_ITEMS] ;
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:476:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  if (sprintf(addr_str, "%lu", addr) < 1
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:477:10:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      || sprintf(random_str, "%d", random) < 1
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:478:10:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      || sprintf(time_str, "%u", time) < 1)
data/acedb-4.9.39+dfsg.02/wsocket/serveracepasswd.c:806:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *hash_strings[HASH_ITEMS]  ;
data/acedb-4.9.39+dfsg.02/wsocket/serverclientutils.c:54:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char digest[MD5_HASHLEN] ;
data/acedb-4.9.39+dfsg.02/wsocket/serverclientutils.c:61:36:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      MD5Update(&Md5Ctx, (unsigned char *)strings[i], strlen(strings[i])) ;
data/acedb-4.9.39+dfsg.02/wsocket/serverclientutils.c:86:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(hex_ptr, "%02x", digest[i]) ;
data/acedb-4.9.39+dfsg.02/wsocket/servertransport.h:99:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char msgType[ACESERV_MSGTYPE_BUFLEN] ;		    /* See the msgs defined above. */
data/acedb-4.9.39+dfsg.02/wsocket/sxclient.c:74:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char server[255] ; 
data/acedb-4.9.39+dfsg.02/wstaden/Read.c:116:24:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    if (NULL == (fp = fopen(fn, "w"))) {
data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c:928:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy (cp, arrp(a2, 0, unsigned char), (mysize_t) dataMax) ;
data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c:984:20:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  if (safe > n) { memcpy (cp, read->prob_A, n) ; cp += n ;} 
data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c:986:20:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  if (safe > n) { memcpy (cp, read->prob_C, n) ; cp += n ; }
data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c:988:20:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  if (safe > n) { memcpy (cp, read->prob_G, n) ; cp += n ; }
data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c:990:20:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  if (safe > n) { memcpy (cp, read->prob_T, n) ; cp += n ; }
data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c:1004:20:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  if (safe > n) { memcpy (cp, mixProb, n) ; cp += n ; safe -= n ; }
data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c:1151:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  memcpy (read->prob_A, cp, n) ; cp += n ; nn -= n ;
data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c:1152:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  memcpy (read->prob_C, cp, n) ; cp += n ; nn -= n ;
data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c:1153:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  memcpy (read->prob_G, cp, n) ; cp += n ; nn -= n ;
data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c:1154:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  memcpy (read->prob_T, cp, n) ; cp += n ; nn -= n ; 
data/acedb-4.9.39+dfsg.02/wstaden/ctfCompress.c:1161:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  memcpy (mixProb, ucp, n) ; cp += n ; nn -= n ; 
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:78:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char eflt_feature_ids[MAXIMUM_EFLTS][MAXIMUM_EFLT_LENGTH+1] = {
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:242:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(str, "%d..%d", start, end);
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:306:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[EXP_FILE_LINE_LENGTH+1];
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:358:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(buf, "%d..%d ", opos[st], opos[i-1]);
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:360:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(buf, "%d ", opos[st]);
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:367:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(buf, "%d ", f);
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:381:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(buf, "%d..%d", opos[st], opos[i-1]);
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:383:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(buf, "%d", opos[st]);
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:466:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(buf, "%d ", conf[i]);
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:506:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fp = fopen(file,"r"))==NULL) {
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:520:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    e->fp = fopen(file,"a");
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:533:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[EXP_FILE_LINE_LENGTH+1];
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:661:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    *val = atoi(exp_get_entry(e,id));
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:728:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[EXP_FILE_LINE_LENGTH];
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:730:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf,"%d",*val);
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:743:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[EXP_FILE_LINE_LENGTH];
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:861:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cfn[1025];
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:984:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[EXP_FILE_LINE_LENGTH];
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.c:1003:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[EXP_FILE_LINE_LENGTH];
data/acedb-4.9.39+dfsg.02/wstaden/expFileIO.h:69:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char eflt_feature_ids[MAXIMUM_EFLTS][MAXIMUM_EFLT_LENGTH+1];
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:26:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char magic[2];
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:81:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[2048];
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:117:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[BS];
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:118:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fname[L_tmpnam];
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:133:26:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (NULL == (newfp = fopen(fname, "wb+")))
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:149:26:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (NULL == (newfp = fopen(fname, "rb")))
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:177:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[2048], fext[1024], mg[3];
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:191:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open(file, O_RDONLY);
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:205:22:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    if (-1 == (fd = open(fext, O_RDONLY)))
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:249:23:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (NULL == (fp = fopen(fname, "r+b")))
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:250:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (NULL == (fp = fopen(fname, "rb")))
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:254:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    *ofp = fopen(try ? fext : file, "r+b");
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:273:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fname[L_tmpnam];
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:274:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[BS], mg[3];
data/acedb-4.9.39+dfsg.02/wstaden/filecompress.c:293:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    newfp = fopen(fname, "wb+");
data/acedb-4.9.39+dfsg.02/wstaden/files.c:48:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  return fopen(files, "r");
data/acedb-4.9.39+dfsg.02/wstaden/files.c:52:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char line[256];
data/acedb-4.9.39+dfsg.02/wstaden/files.c:53:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char name[256];
data/acedb-4.9.39+dfsg.02/wstaden/find.c:8:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char wholePath[1024];
data/acedb-4.9.39+dfsg.02/wstaden/makeSCF.c:41:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[1024];
data/acedb-4.9.39+dfsg.02/wstaden/makeSCF.c:412:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	ofp = fopen(outf, "wb+");
data/acedb-4.9.39+dfsg.02/wstaden/misc.h:39:24:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define memmove(d,s,l) bcopy(s,d,l)
data/acedb-4.9.39+dfsg.02/wstaden/misc_scf.c:35:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char v[5];
data/acedb-4.9.39+dfsg.02/wstaden/misc_scf.c:43:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char v[5];
data/acedb-4.9.39+dfsg.02/wstaden/misc_scf.c:45:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(v, "%1.2f", f);
data/acedb-4.9.39+dfsg.02/wstaden/misc_scf.c:139:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ( (fp=fopen(fn,"rb")) == NULL) {
data/acedb-4.9.39+dfsg.02/wstaden/read_scf.c:339:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&scf->header, &h, sizeof(Header));
data/acedb-4.9.39+dfsg.02/wstaden/scf.h:82:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char   version[4];	       /* "version.revision" */
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:388:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char comment[8192];
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:389:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char line[128], *p;
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:401:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char commstr[256], *commstrp;
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:419:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    char line[300];
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:449:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(line, "SIGN=A=%d,C=%d,G=%d,T=%d\n",
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:459:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(line, "SPAC=%-6.2f\n", fspacing);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:470:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(line, "PRIM=%d\n", (ppos>>16));
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:478:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buffer[257];
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:486:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(line, "MACH=%.*s\n", l, buffer);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:495:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buffer[256];
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:500:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(line, "DYEP=%.*s\n", l, buffer);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:521:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buffer[256];
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:526:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(line, "NAME=%.*s\n", l, buffer);
data/acedb-4.9.39+dfsg.02/wstaden/seqIOABI.c:608:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fp = fopen(fn, "rb")) == NULL)
data/acedb-4.9.39+dfsg.02/wstaden/seqIOALF.c:257:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char line[200];
data/acedb-4.9.39+dfsg.02/wstaden/seqIOALF.c:367:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fp = fopen(fn, "rb")) == NULL)
data/acedb-4.9.39+dfsg.02/wstaden/seqIOCTF.c:53:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fp = fopen(fn, "rb")) == NULL)
data/acedb-4.9.39+dfsg.02/wstaden/seqIOCTF.c:82:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((fp = fopen(fn, "wb")) == NULL)
data/acedb-4.9.39+dfsg.02/wstaden/seqIOPlain.c:124:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char type[5], name[17], line[1024];
data/acedb-4.9.39+dfsg.02/wstaden/seqIOPlain.c:206:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fp = fopen(fn, "r")) == NULL)
data/acedb-4.9.39+dfsg.02/wstaden/seqIOPlain.c:243:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fp = fopen(fn,"w")) == NULL) 
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:104:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(read->info, scf->comments, scf->header.comments_size);
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:179:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(scf->comments, read->info, scf->header.comments_size - 1);
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:189:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(scf->header.version, scf_version_float2str(SCF_VERSION), 4);
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:271:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(exp_get_entry(e, EFLT_QL), "%d", read->leftCutoff);
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:276:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(exp_get_entry(e, EFLT_QR), "%d", read->rightCutoff);
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:342:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path[1024];
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:365:6:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	q = atoi(exp_get_entry(e, EFLT_QL));
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:369:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    s = atoi(exp_get_entry(e, EFLT_SL));
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:380:6:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	q = atoi(exp_get_entry(e, EFLT_QR));
data/acedb-4.9.39+dfsg.02/wstaden/st_translate.c:384:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    s = atoi(exp_get_entry(e, EFLT_SR));
data/acedb-4.9.39+dfsg.02/wstaden/traceType.c:64:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *trace_types[6] = {
data/acedb-4.9.39+dfsg.02/wstaden/traceType.c:90:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[512];
data/acedb-4.9.39+dfsg.02/wstaden/write_scf.c:380:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(scf->header.version, scf_version_float2str(SCF_VERSION), 4);
data/acedb-4.9.39+dfsg.02/wstaden/write_scf.c:382:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(scf->header.version, scf_version_float2str(SCF_VERSION_OLD), 4);
data/acedb-4.9.39+dfsg.02/wstaden/write_scf.c:442:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fp = fopen(fn,"wb")) == NULL) 
data/acedb-4.9.39+dfsg.02/wtools/split.c:22:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[10000], name[120], *cp ;
data/acedb-4.9.39+dfsg.02/wtools/split.c:32:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(cp, ".%d", ++nf) ;
data/acedb-4.9.39+dfsg.02/wtools/split.c:33:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  out = fopen (name, "w") ;
data/acedb-4.9.39+dfsg.02/wtools/split.c:48:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	  sprintf(cp, ".%d", ++nf) ;
data/acedb-4.9.39+dfsg.02/wtools/split.c:49:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	  out = fopen (name, "w") ;
data/acedb-4.9.39+dfsg.02/wzmap/zmapcontrol.c:753:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char text[25];
data/acedb-4.9.39+dfsg.02/wzmap/zmapcontrol.c:754:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(text,"%d", x*10);
data/acedb-4.9.39+dfsg.02/wzmap/zmapmain.c:17:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  key  = atoi(argv[2]);
data/acedb-4.9.39+dfsg.02/wzmap/zmapmain.c:18:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  from = atoi(argv[3]);
data/acedb-4.9.39+dfsg.02/wzmap/zmapmain.c:19:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  isOldGraph = atoi(argv[4]);
data/acedb-4.9.39+dfsg.02/wzmap/zmapsequence.c:57:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char *dnap, buff[10];
data/acedb-4.9.39+dfsg.02/wzmap/zmapsequence.c:60:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(buff, "%7d", zmVisibleCoord(window->root, i));
data/acedb-4.9.39+dfsg.02/w1/acein.c:128:15:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      int c = getc(fi->curr_fil);                       \
data/acedb-4.9.39+dfsg.02/w1/acein.c:509:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  fi->stream[fi->streamlevel].prompt = halloc(strlen(options[0].text)+3,
data/acedb-4.9.39+dfsg.02/w1/acein.c:629:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(text) > 23)
data/acedb-4.9.39+dfsg.02/w1/acein.c:877:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      *length = (long int)strlen(fi->stream[fi->streamlevel].text);
data/acedb-4.9.39+dfsg.02/w1/acein.c:1023:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	  strncpy (fi->word, cp, fi->maxcard);
data/acedb-4.9.39+dfsg.02/w1/acein.c:1126:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      || (endptr != fi->word + strlen((const char*)fi->word)) /* some other character wrong */
data/acedb-4.9.39+dfsg.02/w1/acein.c:1187:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      || (endptr != fi->word + strlen((const char*)fi->word)) /* some other character wrong */
data/acedb-4.9.39+dfsg.02/w1/acein.c:1250:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      || endptr != fi->word + strlen((const char*)fi->word) /* some other character wrong */
data/acedb-4.9.39+dfsg.02/w1/acein.c:1603:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  int n = 2*(1+strlen(text)) ;
data/acedb-4.9.39+dfsg.02/w1/acein.c:1624:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  cq = cp + strlen(cp) - 1 ;
data/acedb-4.9.39+dfsg.02/w1/acein.c:1665:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  int n = 2*(1+strlen(text)) ;
data/acedb-4.9.39+dfsg.02/w1/acein.c:1698:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  int n = 2*(1+strlen(text)) ;
data/acedb-4.9.39+dfsg.02/w1/acein.c:1904:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (parms && strlen(parms) > 0)
data/acedb-4.9.39+dfsg.02/w1/acein.c:2002:15:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      int c = getc(fi->curr_fil);
data/acedb-4.9.39+dfsg.02/w1/acein.c:2151:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  n = strlen(filename);
data/acedb-4.9.39+dfsg.02/w1/aceout.c:123:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(url) > 8 
data/acedb-4.9.39+dfsg.02/w1/aceout.c:185:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	fo->filename = halloc(strlen("mailto:") +
data/acedb-4.9.39+dfsg.02/w1/aceout.c:186:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			      strlen(address) + 1, fo->handle);
data/acedb-4.9.39+dfsg.02/w1/aceout.c:198:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  fo->filename = halloc (strlen(directory) +
data/acedb-4.9.39+dfsg.02/w1/aceout.c:199:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			 strlen(SUBDIR_DELIMITER_STR) +
data/acedb-4.9.39+dfsg.02/w1/aceout.c:200:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			 strlen(filename) +
data/acedb-4.9.39+dfsg.02/w1/aceout.c:201:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			 strlen(extension) + 2, fo->handle);
data/acedb-4.9.39+dfsg.02/w1/aceout.c:205:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (extension != NULL && strlen(extension) > 0)
data/acedb-4.9.39+dfsg.02/w1/aceout.c:207:7:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
      strcat (fo->filename, ".");
data/acedb-4.9.39+dfsg.02/w1/aceout.c:227:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      fo->filename = halloc (strlen("mailto:") +
data/acedb-4.9.39+dfsg.02/w1/aceout.c:228:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			     strlen(address) + 1, fo->handle);
data/acedb-4.9.39+dfsg.02/w1/aceout.c:868:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  ln = strlen(text) ;
data/acedb-4.9.39+dfsg.02/w1/arraysub.c:922:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  while (s->ptr + strlen(text)  > s->safe) 
data/acedb-4.9.39+dfsg.02/w1/arraysub.c:923:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    stackExtend (s,strlen(text)+1) ;
data/acedb-4.9.39+dfsg.02/w1/arraysub.c:941:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  while (s->ptr + strlen(text) > s->safe)
data/acedb-4.9.39+dfsg.02/w1/arraysub.c:942:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    stackExtend (s,strlen(text)+1) ;
data/acedb-4.9.39+dfsg.02/w1/arraysub.c:988:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  n = strlen(delimiters) ;
data/acedb-4.9.39+dfsg.02/w1/arraysub.c:1049:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  int length = strlen (text) ;
data/acedb-4.9.39+dfsg.02/w1/bump.c:290:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  n = strlen(text) ;
data/acedb-4.9.39+dfsg.02/w1/call.c:185:14:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      peek = fgetc (pipe) ;		/* first char from popen on DEC
data/acedb-4.9.39+dfsg.02/w1/dict.c:320:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen (s) ;
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:144:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strcmp((path + strlen(path) - 1), path_delim) != 0) /* Last char = "/" ?? */
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:193:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strcmp((path + strlen(path) - 1), path_delim) != 0) /* Last char = "/" ?? */
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:243:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(path) == 0)
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:247:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  path_copy = messalloc ((strlen(path)+1) * sizeof(char));
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:250:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  cp = path_copy + (strlen(path_copy) - 1);
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:323:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      cp = name + strlen (name) ;
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:383:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strlen(user) == 0)
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:602:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      realname = messalloc(strlen(nam)+strlen(suffix)+2); 
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:602:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      realname = messalloc(strlen(nam)+strlen(suffix)+2); 
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:605:7:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
      strcat(realname, ".");
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:823:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    endLen = strlen (ending) ;
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:828:3:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
  strcat (entryPathName, "/") ;
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:829:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  leaf = entryPathName + strlen(dirName) + 1 ;
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:833:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      dLen = strlen (dName) ;
data/acedb-4.9.39+dfsg.02/w1/filsubs.c:940:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	  if (read(curr_file, buffer, buf_size) != buf_size)
data/acedb-4.9.39+dfsg.02/w1/freeout.c:136:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  ln = strlen(text) ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:86:34:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#define _FREECHAR     (currfil ? getc (currfil) : *currtext++)
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:153:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(text) > 23)
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:351:12:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	  chint = getc(fil) ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:362:14:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	  if ((ch = getc (fil)) == '/')
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:363:15:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	    { while (getc(fil) != '\n' && !feof(fil)) ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:375:10:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	  *in = getc(fil) ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:378:30:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	      while (isspace (*in = getc(fil))) ;    /* remove whitespace */
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:638:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    || (endptr != (char *)(word + strlen((char *)word))) /* some other character wrong */
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:694:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      || (endptr != (char *)(word + strlen((char *)word))) /* some other character wrong */
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:754:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      || (endptr != (char *)(word + strlen((char *)word))) /* some other character wrong */
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:903:16:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      answer = getchar () ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:908:18:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        answer = getchar () ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1156:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  cq = cp + strlen(cp) - 1 ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1196:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      array (a, base+3*(1+strlen(text)), char) = 0 ; /* ensure long enough */
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1198:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      base += 1 + strlen(text) ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1203:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      array (a, 2*(1+strlen(text)), char) = 0 ; /* ensure long enough */
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1235:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      array (a, base+3*(1+strlen(text)), char) = 0 ; /* ensure long enough */
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1237:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      base += 1 + strlen(text) ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1242:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      array (a, 2*(1+strlen(text)), char) = 0 ; /* ensure long enough */
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1288:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      array (a, base+7*(1+strlen(text)), char) = 0 ; /* ensure long enough */
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1290:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      base += 1 + strlen(text) ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1295:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      array (a, 6*(1+strlen(text)), char) = 0 ; /* ensure long enough */
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1366:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      array (a, base+7*(1+strlen(text)), char) = 0 ; /* ensure long enough */
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1368:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      base += 1 + strlen(text) ;
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1374:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      array (a, 6*(1+strlen(text)), char) = 0 ; /* ensure long enough */
data/acedb-4.9.39+dfsg.02/w1/freesubs.c:1389:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      cq += strlen(array(translations, i, ARRAYTYPE).protect) ;
data/acedb-4.9.39+dfsg.02/w1/getopt.c:269:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
# if (!defined __STDC__ || !__STDC__) && !defined strlen
data/acedb-4.9.39+dfsg.02/w1/getopt.c:272:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
extern int strlen (const char *);
data/acedb-4.9.39+dfsg.02/w1/getopt.c:463:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      int len = nonoption_flags_max_len = strlen (orig_str);
data/acedb-4.9.39+dfsg.02/w1/getopt.c:691:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		== (unsigned int) strlen (p->name))
data/acedb-4.9.39+dfsg.02/w1/getopt.c:718:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  nextchar += strlen (nextchar);
data/acedb-4.9.39+dfsg.02/w1/getopt.c:750:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		  nextchar += strlen (nextchar);
data/acedb-4.9.39+dfsg.02/w1/getopt.c:766:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		  nextchar += strlen (nextchar);
data/acedb-4.9.39+dfsg.02/w1/getopt.c:771:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  nextchar += strlen (nextchar);
data/acedb-4.9.39+dfsg.02/w1/getopt.c:882:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      if ((unsigned int) (nameend - nextchar) == strlen (p->name))
data/acedb-4.9.39+dfsg.02/w1/getopt.c:905:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    nextchar += strlen (nextchar);
data/acedb-4.9.39+dfsg.02/w1/getopt.c:925:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    nextchar += strlen (nextchar);
data/acedb-4.9.39+dfsg.02/w1/getopt.c:939:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    nextchar += strlen (nextchar);
data/acedb-4.9.39+dfsg.02/w1/getopt.c:943:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    nextchar += strlen (nextchar);
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:179:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(subject) == 0) 
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:193:7:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
      strcpy (filename, "?");
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:199:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
  strcpy (filename, "");	/* intialise, if this is
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:230:4:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	  strcpy (filename, "");
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:244:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
		  strcpy (filename, "");
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:248:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  if (strlen(filename) > 0)
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:259:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			       strlen(subject_copy)) == 0)
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:271:8:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	      strcpy (filename, ""); /* not found */
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:310:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  j = strlen (subject_copy);
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:319:4:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	  strcpy (filename, "");
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:339:7:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
      strcpy (filename, "?");
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:443:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strcasecmp (helpFilename + (strlen(helpFilename)-4), ".gif") == 0)
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:525:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  for (i = 0; i < strlen(cp); ++i)
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:534:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (cp[strlen(cp)-1] == ' ')
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:535:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    cp[strlen(cp)-1] = '\0' ;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:563:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = 7+6+strlen(filGetFilename(link))+8+10+strlen(link)+2;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:563:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = 7+6+strlen(filGetFilename(link))+8+10+strlen(link)+2;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:604:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      len += strlen(s)*2 + strlen("html") + 19;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:604:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      len += strlen(s)*2 + strlen("html") + 19;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:623:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      cp += strlen(s)*2 + strlen("html") + 19;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:623:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      cp += strlen(s)*2 + strlen("html") + 19;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:877:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy (node->text, start, len) ;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:918:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy (node->text, start, len) ;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:1177:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy (node->text, start, len);
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:1190:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy (node->text, start, len) ;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:1267:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy (node->link, hstart, hlen) ;
data/acedb-4.9.39+dfsg.02/w1/helpsubs.c:1368:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy (node->link, start, srclen) ;
data/acedb-4.9.39+dfsg.02/w1/memsubs.c:254:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    { result = (char *)halloc_dbg(1+strlen(old), handle, hfname, hlineno) ;
data/acedb-4.9.39+dfsg.02/w1/messubs.c:197:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  prefixLength = _prefix ? strlen(_prefix) : 0 ; \
data/acedb-4.9.39+dfsg.02/w1/messubs.c:407:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy (messbuf, message, BUFSIZE) ;
data/acedb-4.9.39+dfsg.02/w1/messubs.c:446:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy (messbuf, message, BUFSIZE) ;
data/acedb-4.9.39+dfsg.02/w1/messubs.c:465:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy (messbuf, message, BUFSIZE) ;
data/acedb-4.9.39+dfsg.02/w1/messubs.c:509:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy (messbuf, message, BUFSIZE) ;
data/acedb-4.9.39+dfsg.02/w1/messubs.c:638:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy (messbuf, message, BUFSIZE) ;
data/acedb-4.9.39+dfsg.02/w1/messubs.c:700:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy (messbuf, message, BUFSIZE) ;
data/acedb-4.9.39+dfsg.02/w1/messubs.c:802:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (message && strlen (message) > buflen)
data/acedb-4.9.39+dfsg.02/w1/messubs.c:811:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy (buffer, message, buflen) ;
data/acedb-4.9.39+dfsg.02/w1/texthelp.c:136:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (!cp || !*cp || !strlen(cp))
data/acedb-4.9.39+dfsg.02/w1/texthelp.c:141:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			  strlen(filGetFilename(helpFilename))) != 0)
data/acedb-4.9.39+dfsg.02/w1/texthelp.c:145:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      n = strlen(cp) ;
data/acedb-4.9.39+dfsg.02/w1/texthelp.c:254:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      for (i = 0; i < strlen(node->text)+4; ++i)
data/acedb-4.9.39+dfsg.02/w1/texthelp.c:257:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      for (i = 0; i < strlen(node->text)+4; ++i)
data/acedb-4.9.39+dfsg.02/w1/texthelp.c:342:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      th->indent += strlen(messprintf ("%d. ", th->itemNumber)) ;
data/acedb-4.9.39+dfsg.02/w1/texthelp.c:370:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  th->indent -= strlen(messprintf ("%d. ", th->itemNumber)) ;
data/acedb-4.9.39+dfsg.02/w1/texthelp.c:428:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	  strncpy (th->buf, start, len) ;
data/acedb-4.9.39+dfsg.02/w1/texthelp.c:432:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  if (strlen(th->buf) > th->WINX)
data/acedb-4.9.39+dfsg.02/w1/texthelp.c:453:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      th->xPos += strlen(th->buf) ; /* place th->xPos at the end of word */
data/acedb-4.9.39+dfsg.02/w1/texthelp.c:484:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		      for (ii = strlen(th->buf)-1; ii >= i ; --ii)
data/acedb-4.9.39+dfsg.02/w1/texthelp.c:498:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      if (th->buf[strlen(th->buf)-1] == '\n')
data/acedb-4.9.39+dfsg.02/w1/texthelp.c:500:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		  th->buf[strlen(th->buf)-1] = 0 ;
data/acedb-4.9.39+dfsg.02/w1/texthelp.c:502:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		  th->xPos += strlen(th->buf) ;
data/acedb-4.9.39+dfsg.02/w1/texthelp.c:508:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		  th->xPos += strlen(th->buf) ;
data/acedb-4.9.39+dfsg.02/w1/timesubs.c:718:7:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
      strcpy (buf, "-") ;
data/acedb-4.9.39+dfsg.02/w1/utils.c:740:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  num_len = strlen(num_str) ;
data/acedb-4.9.39+dfsg.02/w1/utils.c:955:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      lenAdd = strlen(pVal);
data/acedb-4.9.39+dfsg.02/w1/vtxt.c:131:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      cp = cq + strlen (a) ;
data/acedb-4.9.39+dfsg.02/w1/vtxt.c:156:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      cr = cp ; cs = cq + strlen (end) ;
data/acedb-4.9.39+dfsg.02/w1/vtxt.c:267:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (txt && (len = strlen (txt)))
data/acedb-4.9.39+dfsg.02/w2/colcontrol.c:594:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  instance->name = handleAlloc(0, handle, strlen(name)+1);
data/acedb-4.9.39+dfsg.02/w2/colcontrol.c:1751:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strlen(cp)+3 > max)
data/acedb-4.9.39+dfsg.02/w2/colcontrol.c:1752:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	max = 3+strlen(cp) ;
data/acedb-4.9.39+dfsg.02/w2/colcontrol.c:1807:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  if (max < 3.0+strlen(map->cursor.text))
data/acedb-4.9.39+dfsg.02/w2/colcontrol.c:1808:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    max = 3.0+strlen(map->cursor.text);
data/acedb-4.9.39+dfsg.02/w2/colcontrol.c:1823:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			y-0.5, strlen(map->cursor.text)) ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:90:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  int i = strlen(file_filter) ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:179:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (dirName[strlen(dirName)-1] == '/')
data/acedb-4.9.39+dfsg.02/w2/filquery.c:180:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    dirName[strlen(dirName)-1] = 0 ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:234:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      cp = array(boxes, ibox, char*) = messalloc (strlen(cq)+2) ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:236:7:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
      strcat (cp, "/") ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:238:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      cpLength = strlen(cp) ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:276:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	  strcat(fileName, ".") ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:282:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int endLen = strlen(endName),  nameLen = strlen(fileName) ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:282:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int endLen = strlen(endName),  nameLen = strlen(fileName) ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:324:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      cp = array(boxes, ibox, char*) = messalloc (strlen(cq)+1) ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:353:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      tempLen = strlen (tempName) ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:365:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      while (curr < strlen(dirName))
data/acedb-4.9.39+dfsg.02/w2/filquery.c:374:8:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    { strcat(dirName, "/") ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:390:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  tempLen = strlen (tempName);
data/acedb-4.9.39+dfsg.02/w2/filquery.c:447:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(spec) > 1)
data/acedb-4.9.39+dfsg.02/w2/filquery.c:456:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy(file_filter, "*") ;	/* selecting directories */
data/acedb-4.9.39+dfsg.02/w2/filquery.c:460:24:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      if (end && *end) strncpy(file_filter+2, end, 28) ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:473:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy (dirName, ".") ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:475:4:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	{ strcpy (dirName, "/") ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:516:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (!path || path[strlen(path)-1] != '/') /* avoid // */
data/acedb-4.9.39+dfsg.02/w2/filquery.c:517:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat (path, "/") ;
data/acedb-4.9.39+dfsg.02/w2/filquery.c:520:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (!strlen(fileName)) /*mhmp 30.11.98 */
data/acedb-4.9.39+dfsg.02/w2/filquery.c:527:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	{ strcat (path, ".") ;
data/acedb-4.9.39+dfsg.02/w2/gex.c:777:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      (strlen(dirName) && strlen(fileName)) ? "/" : "",
data/acedb-4.9.39+dfsg.02/w2/gex.c:777:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      (strlen(dirName) && strlen(fileName)) ? "/" : "",
data/acedb-4.9.39+dfsg.02/w2/gex.c:796:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  i = strlen(fname);
data/acedb-4.9.39+dfsg.02/w2/gex.c:818:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strlen(fileName))
data/acedb-4.9.39+dfsg.02/w2/gex.c:832:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  else if (!strlen(fileName))
data/acedb-4.9.39+dfsg.02/w2/gex.c:859:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (file_end && strlen(file_end))
data/acedb-4.9.39+dfsg.02/w2/gex.c:946:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  (strlen(dirName)) ? "/" : "",
data/acedb-4.9.39+dfsg.02/w2/gex.c:953:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (file_end && strlen(file_end))
data/acedb-4.9.39+dfsg.02/w2/gex.c:1747:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    initText, strlen(initText));
data/acedb-4.9.39+dfsg.02/w2/gexhelp.c:177:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy (currHelpFilename, helpFilename, MAXPATHLEN);
data/acedb-4.9.39+dfsg.02/w2/gexhelp.c:411:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
  strcpy (fname, "");
data/acedb-4.9.39+dfsg.02/w2/gexhelp.c:693:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      indent += (strlen(messprintf ("%d", itemNumber))-1)*chWidth ;
data/acedb-4.9.39+dfsg.02/w2/gexhelp.c:725:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  indent -= (strlen(messprintf ("%d", itemNumber))-1)*chWidth ;
data/acedb-4.9.39+dfsg.02/w2/gexhelp.c:813:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	  strncpy (buf, start, len) ;
data/acedb-4.9.39+dfsg.02/w2/gexhelp.c:817:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  if (strlen(buf) > WINX)
data/acedb-4.9.39+dfsg.02/w2/gexhelp.c:847:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      xPos += strlen(buf)*chWidth ; /* place xPos at the end of word */
data/acedb-4.9.39+dfsg.02/w2/gexhelp.c:878:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		      for (ii = strlen(buf)-1; ii >= i ; --ii)
data/acedb-4.9.39+dfsg.02/w2/gexhelp.c:892:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      if (buf[strlen(buf)-1] == '\n')
data/acedb-4.9.39+dfsg.02/w2/gexhelp.c:894:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		  buf[strlen(buf)-1] = 0 ;
data/acedb-4.9.39+dfsg.02/w2/gexhelp.c:896:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		  xPos += strlen(buf)*chWidth ;
data/acedb-4.9.39+dfsg.02/w2/gexhelp.c:902:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		  xPos += strlen(buf)*chWidth ;
data/acedb-4.9.39+dfsg.02/w2/graphascii.c:85:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	lenOld = strlen (c->cp) ;
data/acedb-4.9.39+dfsg.02/w2/graphascii.c:91:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	asciiBumpItem(bump, strlen(c->cp) , 1, &(c->x), &(c->y)) ;
data/acedb-4.9.39+dfsg.02/w2/graphascii.c:122:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	oldx = x + strlen(cp) ;
data/acedb-4.9.39+dfsg.02/w2/graphcon.c:1574:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      len = strlen (buttons->text) ;
data/acedb-4.9.39+dfsg.02/w2/graphcon.c:1605:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      len = strlen (buttons->text) ;
data/acedb-4.9.39+dfsg.02/w2/graphcon.c:1726:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      if (strlen (x.s) > e->len)
data/acedb-4.9.39+dfsg.02/w2/graphcon.c:1735:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy (e->text, x.s, e->len) ;
data/acedb-4.9.39+dfsg.02/w2/graphcon.c:1750:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  x += strlen (label) + 0.5 ;
data/acedb-4.9.39+dfsg.02/w2/graphcon.c:1836:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy (text,label, 15) ;
data/acedb-4.9.39+dfsg.02/w2/graphcon.c:1872:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  char *text2 = (char*) halloc (strlen(label)+1, gActive->clearHandle) ;
data/acedb-4.9.39+dfsg.02/w2/graphcon.c:1879:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  graphRectangle(x,y,x+3+strlen(text),y+1);
data/acedb-4.9.39+dfsg.02/w2/graphcon.c:1891:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  x += strlen(text) + 4;
data/acedb-4.9.39+dfsg.02/w2/graphcon.c:1933:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  x += strlen (text) + 0.5 ;
data/acedb-4.9.39+dfsg.02/w2/graphgdi.c:452:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      TextOut(gdi->dc, x1, y1, text, strlen(text));
data/acedb-4.9.39+dfsg.02/w2/graphgdi.c:460:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		      y1 - strlen(text) * gdi->yFac * textHeight * 0.6,
data/acedb-4.9.39+dfsg.02/w2/graphgdi.c:461:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		      text, strlen(text));
data/acedb-4.9.39+dfsg.02/w2/graphgdi.c:469:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      TextOut(gdi->dc,x1,y1,text,strlen(text));
data/acedb-4.9.39+dfsg.02/w2/graphgdi.c:477:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		gdImageString(gdi->dc,x1,y1,text, strlen(text));
data/acedb-4.9.39+dfsg.02/w2/graphgdkremote.c:198:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		   strlen (rec->command));
data/acedb-4.9.39+dfsg.02/w2/graphgdkremote.c:243:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      else if (!data || strlen((char *) data) < 5)
data/acedb-4.9.39+dfsg.02/w2/graphgdkremote.c:282:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (orig_link && (strlen(orig_link) > 0))
data/acedb-4.9.39+dfsg.02/w2/graphgdkremote.c:359:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      rec->command = messalloc(11+strlen(link));
data/acedb-4.9.39+dfsg.02/w2/graphgdkremote.c:428:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      orig_len = strlen(orig_link) ;
data/acedb-4.9.39+dfsg.02/w2/graphgif.c:260:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      int n = strlen(text) ;
data/acedb-4.9.39+dfsg.02/w2/graphgtk.c:1137:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			  strlen((const char *)responseText));
data/acedb-4.9.39+dfsg.02/w2/graphgtk.c:1170:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		      strlen(versionString));
data/acedb-4.9.39+dfsg.02/w2/graphgtk.c:1178:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		      strlen(appName));
data/acedb-4.9.39+dfsg.02/w2/graphgtk.c:1395:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      int size = selection_string ? strlen(selection_string) : 0;
data/acedb-4.9.39+dfsg.02/w2/graphgtk.c:1655:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen((char *)selection_string);
data/acedb-4.9.39+dfsg.02/w2/graphgtk.c:1778:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (menu->title && strlen(menu->title) > 0)
data/acedb-4.9.39+dfsg.02/w2/graphmesglist.c:470:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      line_length = strlen(MESGLIST_NO_MESSAGES) ;
data/acedb-4.9.39+dfsg.02/w2/graphmesglist.c:482:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  line_len = strlen((char *)next->data) ;
data/acedb-4.9.39+dfsg.02/w2/graphmesglist.c:548:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  int msg_len = strlen(msg) ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:244:29:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
      if (pd->scale < 10.0) strcat (pd->scaleText, " ") ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:605:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (pd->dirBuffer[strlen(pd->dirBuffer)-1] == '/')
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:646:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      array (pl, n, char*) = (char*)messalloc (strlen(cp)+1) ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:659:19:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      while ((c = getc(printcap)) != EOF)
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:664:12:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	      c = getc(printcap);
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:672:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		  strncat (s, buf, i) ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:675:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		  if (strlen(g_strstrip(s)) > 0)
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:681:12:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		if ((c = getc(printcap)) == '\\')
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:684:11:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		    c = getc(printcap);
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:850:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      len = strlen (pd->ACEDB_LPR && n == 0 ? "ACE default" :
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:890:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      len = strlen (pd->ACEDB_LPR && n == 0 ? "ACE default" :
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1051:25:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
  if (pd->scale < 10.0) strcat (pd->scaleText, " ") ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1126:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy (result->mailerBuffer, "");
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1165:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy (result->dirBuffer, ".") ;
data/acedb-4.9.39+dfsg.02/w2/graphprint.c:1222:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  len = strlen (getenv ("ACEDB_LPR") && n == 0 ?
data/acedb-4.9.39+dfsg.02/w2/graphselect.c:163:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strlen(f->text) > maxLen)
data/acedb-4.9.39+dfsg.02/w2/graphselect.c:164:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	maxLen = strlen(f->text) ;
data/acedb-4.9.39+dfsg.02/w2/graphselect.c:206:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strlen(f->text) > maxLen)
data/acedb-4.9.39+dfsg.02/w2/graphselect.c:207:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	maxLen = strlen(f->text) ;
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:616:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    s = strlen(text) ;
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:629:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    s = strlen(text) ;
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:641:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    s = strlen(text) ;
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:654:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    s = strlen(text) ;
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:1408:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy (ebox->winText, ebox->text + ebox->winPos, ebox->winLen) ;
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:1425:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (n <= 0 || n > strlen(ebox->text))
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:1426:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = strlen(ebox->text) ;
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:1452:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    while (*cr && strlen(ebox->text) < maxtextlen)
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:1454:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	cq = ebox->text + strlen(ebox->text) ;
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:1493:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(ebox->text) > maxtextlen)
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:1496:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	       ebox->len, strlen(ebox->text)) ;
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:1505:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      cp = ebox->text + strlen(ebox->text) ;
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:1515:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      cp = ebox->text + strlen(ebox->text) ;
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:1621:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      cp = ebox->text + strlen(ebox->text) ;
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:1632:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  if (strlen(ebox->text) < maxtextlen)
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:1634:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      cq = ebox->text + strlen(ebox->text) ;
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:1682:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  n = strlen(text) ;
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:1690:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  if (previous->cp > text + strlen(text))
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:1691:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    previous->cp = text + strlen(text) ;
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:1722:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      ebox->cp = text + strlen(text) ;
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:1915:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen(text) * UtextX ;
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:1931:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen(text) ;
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:2349:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (link && (strlen(link) > 0))
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:2534:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      o[i].text = (char *) messalloc(1+strlen(options[i].text));
data/acedb-4.9.39+dfsg.02/w2/graphsub.c:2616:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      o[i].text = (char *) messalloc(1+strlen(options[i].text));
data/acedb-4.9.39+dfsg.02/w2/viewedit.c:156:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	  strcat(buf, "+");
data/acedb-4.9.39+dfsg.02/w2/xremotemain.c:190:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      display_str = (char*)malloc (strlen(getenv("DISPLAY")) + 1);
data/acedb-4.9.39+dfsg.02/w2/xremotemain.c:198:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	display_str = (char*)malloc (strlen(argv[i+1]) + 1);
data/acedb-4.9.39+dfsg.02/w2/xremotemain.c:285:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    commands[remoteArgNum-1] = (char*)malloc(strlen(argv[i])+1);
data/acedb-4.9.39+dfsg.02/w2/xremotemain.c:545:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		   strlen (command));
data/acedb-4.9.39+dfsg.02/w3/taqlmain.c:288:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          if (strlen(stackText(queryStack, 0)) == 0)
data/acedb-4.9.39+dfsg.02/w3/taqlmain.c:299:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (cl_query == NULL && (strlen(line) > 0))
data/acedb-4.9.39+dfsg.02/w3/taqlmain.c:301:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          if (strlen(stackText(queryStack, 0)) > 0)
data/acedb-4.9.39+dfsg.02/w3/taqlmain.c:318:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          for (i = 0; i < strlen(query); ++i)
data/acedb-4.9.39+dfsg.02/w4/alignment.c:326:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    { x = strlen (messprintf ("%d - %d", c->start, c->end)) ;
data/acedb-4.9.39+dfsg.02/w4/alignment.c:329:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      y = strlen (name (c->key)) ;
data/acedb-4.9.39+dfsg.02/w4/alignment.c:341:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      y = strlen (messprintf ("%d - %d", c->start, c->end)) ;
data/acedb-4.9.39+dfsg.02/w4/command.c:401:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  if (arg && strlen(arg) > 0)
data/acedb-4.9.39+dfsg.02/w4/command.c:995:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		  if (cp && strlen(cp) > 0) 
data/acedb-4.9.39+dfsg.02/w4/command.c:1116:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      if (assigned_text && strlen(assigned_text) > 0)
data/acedb-4.9.39+dfsg.02/w4/command.c:1133:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		  cq = filename + strlen(filename) - 4;
data/acedb-4.9.39+dfsg.02/w4/command.c:1145:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		  cq = filename + strlen(filename) - 2; 
data/acedb-4.9.39+dfsg.02/w4/command.c:1271:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      if (dumpDir[strlen(dumpDir)-1] != SUBDIR_DELIMITER)
data/acedb-4.9.39+dfsg.02/w4/command.c:1328:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  if (cp && strlen(cp) > 0)
data/acedb-4.9.39+dfsg.02/w4/command.c:1333:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      cq = cp + strlen(cp) - 1 ;
data/acedb-4.9.39+dfsg.02/w4/command.c:1593:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      if (!cp || strlen(cp) == 0)
data/acedb-4.9.39+dfsg.02/w4/command.c:1922:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  if (strlen(stackText (textStack,0)) > 0)
data/acedb-4.9.39+dfsg.02/w4/command.c:2261:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    aceOutBinary ( look->dump_out, cp, strlen(cp)) ;
data/acedb-4.9.39+dfsg.02/w4/command.c:2771:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    if (!strlen(arrp(dna, 0, char)))
data/acedb-4.9.39+dfsg.02/w4/command.c:2788:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    if (!strlen(arrp(pep, 0, char)))
data/acedb-4.9.39+dfsg.02/w4/command.c:3381:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      if ((cp = aceInPos(command_in)) && strlen(cp) > 0)
data/acedb-4.9.39+dfsg.02/w4/command.c:3615:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  if (strlen(querytext) == 0)
data/acedb-4.9.39+dfsg.02/w4/command.c:3699:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              aceOutBinary (result_out, cp, strlen(cp)) ;
data/acedb-4.9.39+dfsg.02/w4/command.c:3711:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  aceOutBinary (result_out, cp, strlen(cp)) ;
data/acedb-4.9.39+dfsg.02/w4/dump.c:264:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      aceOutBinary( dump_out, cp, strlen(cp)+1);
data/acedb-4.9.39+dfsg.02/w4/dump.c:374:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              aceOutBinary( dump_out, cp, strlen(cp) + 1) ;
data/acedb-4.9.39+dfsg.02/w4/gifcommand.c:431:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    fileName[strlen(fileName)-4] = '\0';
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:661:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    { strncpy (text, name(keySet(ks,0)), len-1) ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:665:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  n = strlen(text) ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:729:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(buffer, text, 79) ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:743:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      cp = text + strlen(text) ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:757:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(buffer, text, 79) ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:975:4:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	  strcpy (pick->template,"*") ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:1062:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      n = strlen(cp) ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:1065:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	  strcat (pick->template, "*") ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:1459:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy (mainPick->template,"*") ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:1465:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
  strcpy(mainPick->whatdoIdoText, "");
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:1499:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
  strcpy (mainPick->grepText, "");
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:1731:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy (mainPick->template,"*") ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:1842:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(pick->whatdoIdoText, text, ACTIVITY_LENGTH-1) ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:2049:7:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    { strcpy (pick->template, "*") ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:2069:7:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    { strcpy (pick->template, "*") ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:2133:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(lastText,localText,255) ;
data/acedb-4.9.39+dfsg.02/w4/mainpick.c:2134:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(pick->grepText,localText,255) ;
data/acedb-4.9.39+dfsg.02/w4/model.c:206:20:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      switch (c = (getc (fil) | inQuotes))
data/acedb-4.9.39+dfsg.02/w4/model.c:214:22:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
          while((c = getc(fil)) && c != '\n' && !feof(fil) ) ;
data/acedb-4.9.39+dfsg.02/w4/model.c:252:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		  if (strlen(word))
data/acedb-4.9.39+dfsg.02/w4/model.c:253:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    { cp = word + strlen(word) - 1 ;
data/acedb-4.9.39+dfsg.02/w4/model.c:1166:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      showModelNodeJaq (fo, bs->right, x + strlen(tname) + 1, y, lastTag, dLastTag) ;
data/acedb-4.9.39+dfsg.02/w4/newkey.c:151:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(pickVocList[i].text) > sep)
data/acedb-4.9.39+dfsg.02/w4/newkey.c:152:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      sep = strlen (pickVocList[i].text) ;
data/acedb-4.9.39+dfsg.02/w4/newkey.c:175:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strlen(buttonItem->text) > 0 && buttonItem->f)
data/acedb-4.9.39+dfsg.02/w4/newkey.c:240:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy (nameText, aceInPos(name_in), 127) ;
data/acedb-4.9.39+dfsg.02/w4/newkey.c:376:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(aliasName) == 0)
data/acedb-4.9.39+dfsg.02/w4/newkey.c:425:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(newName) == 0)
data/acedb-4.9.39+dfsg.02/w4/newkey.c:487:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(classNameBuf,name(currClass),31) ;
data/acedb-4.9.39+dfsg.02/w4/newkey.c:520:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(classNameBuf,name(currClass),31) ;
data/acedb-4.9.39+dfsg.02/w4/newkey.c:549:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(classNameBuf,className(key),31) ;
data/acedb-4.9.39+dfsg.02/w4/newkey.c:552:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy (nameText, name(key), 127) ;
data/acedb-4.9.39+dfsg.02/w4/parse.c:1157:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (*word == '-' && strlen(word) == 2)
data/acedb-4.9.39+dfsg.02/w4/parse.c:1900:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (pdisp->pf->filename && strlen(pdisp->pf->filename) > 0)
data/acedb-4.9.39+dfsg.02/w4/parse.c:1994:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy (pdisp->itemText, "");
data/acedb-4.9.39+dfsg.02/w4/parse.c:2003:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy (pdisp->lineText, "");
data/acedb-4.9.39+dfsg.02/w4/parse.c:2039:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy (pdisp->lineText, stackText(s, 0), 64);
data/acedb-4.9.39+dfsg.02/w4/parse.c:2052:7:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
      strcpy(pdisp->nparsedText, "") ;
data/acedb-4.9.39+dfsg.02/w4/parse.c:2053:7:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
      strcpy(pdisp->nokText, "") ;
data/acedb-4.9.39+dfsg.02/w4/parse.c:2054:7:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
      strcpy(pdisp->nerrorText, "") ;
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:124:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(item.name, buff+1, 32);
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:317:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			 REG_SZ, valbuff, strlen(valbuff)+1);
data/acedb-4.9.39+dfsg.02/w4/prefsubs.c:348:7:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
      strcat(filename, "/");
data/acedb-4.9.39+dfsg.02/w4/queryexe.c:745:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  if (strlen(cp) < 3)
data/acedb-4.9.39+dfsg.02/w4/queryexe.c:766:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  if (strlen(cp) < 3)
data/acedb-4.9.39+dfsg.02/w4/queryexe.c:1380:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  cond->stack = stackCreate(12*strlen(text)) ; /* wild big guess */
data/acedb-4.9.39+dfsg.02/w4/queryexe.c:2451:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strlen(cp) < 3 )
data/acedb-4.9.39+dfsg.02/w4/queryexe.c:2508:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  if (strlen(cp) >= 3)
data/acedb-4.9.39+dfsg.02/w4/queryexe.c:2528:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  if (strlen(cp) >= 3)
data/acedb-4.9.39+dfsg.02/w4/queryexe.c:2819:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    cq = buffer = messalloc (strlen(text) + 1) ;
data/acedb-4.9.39+dfsg.02/w4/session.c:456:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  text_copy = malloc(strlen(mesg_buf) + 1);
data/acedb-4.9.39+dfsg.02/w4/session.c:1410:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size = strlen(cp) + 1 ;
data/acedb-4.9.39+dfsg.02/w4/session.c:1622:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (bsGetData(obj,_Session_Title, _Text, &cp) && strlen(cp) > 0)
data/acedb-4.9.39+dfsg.02/w4/session.c:1627:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	st->len = strlen(st->title);
data/acedb-4.9.39+dfsg.02/w4/session.c:1639:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  st->len = strlen(st->title);
data/acedb-4.9.39+dfsg.02/w4/session.c:1839:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (strlen (word) > 31)
data/acedb-4.9.39+dfsg.02/w4/session.c:2447:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy (thisSession.name, getLogin(TRUE), 78) ;
data/acedb-4.9.39+dfsg.02/w4/session.c:3536:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(readlock_filename) == 0) /* don't use readlocks */
data/acedb-4.9.39+dfsg.02/w4/session.c:3656:7:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
      strcpy (readlock_filename, "");
data/acedb-4.9.39+dfsg.02/w4/session.c:3675:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  write (fd, buffer, strlen(buffer));
data/acedb-4.9.39+dfsg.02/w4/session.c:3686:7:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
      strcpy (readlock_filename, "");      
data/acedb-4.9.39+dfsg.02/w4/session.c:3725:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(readlock_filename) == 0)
data/acedb-4.9.39+dfsg.02/w4/session.c:3765:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(readlock_filename) == 0)
data/acedb-4.9.39+dfsg.02/w4/session.c:3774:7:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
      strcpy (readlock_filename, "");
data/acedb-4.9.39+dfsg.02/w4/session.c:3777:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
  strcpy (readlock_filename, "");
data/acedb-4.9.39+dfsg.02/w4/session.c:3860:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      cp3 = cp2 + strlen(cp2);
data/acedb-4.9.39+dfsg.02/w4/sigsubs.c:254:8:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	  c = getc(stdin);
data/acedb-4.9.39+dfsg.02/w4/status.c:392:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if ((indent = STATUS_JUSTIFY - strlen(label)) < STATUS_MIN_INDENT)
data/acedb-4.9.39+dfsg.02/w4/status.c:413:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if ((indent = STATUS_JUSTIFY - strlen(label)) < STATUS_MIN_INDENT)
data/acedb-4.9.39+dfsg.02/w4/tabledefio.c:113:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(spread->titleBuffer) > 0)
data/acedb-4.9.39+dfsg.02/w4/tabledefio.c:115:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(spread->paramBuffer) > 0)
data/acedb-4.9.39+dfsg.02/w4/tabledefio.c:249:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strlen(c->conditionBuffer) > 0)
data/acedb-4.9.39+dfsg.02/w4/tabledefio.c:342:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(spread->titleBuffer) > 0)
data/acedb-4.9.39+dfsg.02/w4/tabledefio.c:354:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(spread->paramBuffer) > 0)
data/acedb-4.9.39+dfsg.02/w4/tabledefio.c:368:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (c->headerBuffer && strlen(c->headerBuffer) > 0)
data/acedb-4.9.39+dfsg.02/w4/tabledefio.c:404:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strlen(c->conditionBuffer) > 0)
data/acedb-4.9.39+dfsg.02/w4/tabledefio.c:576:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (inParams && strlen(inParams) > 0)
data/acedb-4.9.39+dfsg.02/w4/tabledefio.c:603:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      if (cp && strlen(cp) > 0)
data/acedb-4.9.39+dfsg.02/w4/tabledefio.c:818:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(c->headerBuffer, cp, 59) ;
data/acedb-4.9.39+dfsg.02/w4/tabledefio.c:827:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(spread->titleBuffer, cp, 59) ;
data/acedb-4.9.39+dfsg.02/w4/tabledefio.c:846:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(spread->paramBuffer, cp, 179) ;
data/acedb-4.9.39+dfsg.02/w4/tabledefio.c:1059:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  out_buf = (char*)messalloc(strlen(from_buf) * 2 + 1);
data/acedb-4.9.39+dfsg.02/w4/tabledefsubs.c:472:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(masterCol->conditionBuffer) > 0 &&
data/acedb-4.9.39+dfsg.02/w4/tabledefsubs.c:478:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(masterCol->conditionBuffer) > 0)
data/acedb-4.9.39+dfsg.02/w4/update.c:196:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  fn = fileName + strlen(fileName) ;
data/acedb-4.9.39+dfsg.02/w5/acache.c:336:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (format && strlen(format) > 32)
data/acedb-4.9.39+dfsg.02/w5/acache.c:349:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(v->format, format, 32) ;
data/acedb-4.9.39+dfsg.02/w5/adisk.c:357:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strlen (cp) > 1023)
data/acedb-4.9.39+dfsg.02/w5/adisk.c:778:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  while((nb = read (p->r,vp,size)) != size)
data/acedb-4.9.39+dfsg.02/w5/blocksub.c:441:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   i += strlen(cp) ;
data/acedb-4.9.39+dfsg.02/w5/blocksub.c:459:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   i += strlen(cp) ;
data/acedb-4.9.39+dfsg.02/w5/bs2block.c:159:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	{ bs->size = bs->bt && bs->bt->cp ? strlen(bs->bt->cp) + 1 : 1 ;
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1183:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  while( (n = read(fd, vp, size)) != size )
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1619:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    FMfilwrite ( fpMap, (unsigned char*) mapString, strlen ( mapString ) ) ;
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1627:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (!strlen(pp->fileSystem)) strcpy(fileSystem, "ACEDB");
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1628:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (!strlen(pp->fileName))   strcpy(fileName, "NONE");
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1634:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      FMfilwrite (fpMap, (unsigned char*) mapString, strlen (mapString) ) ;
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1683:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strlen(pp->fileSystem) == 0)
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1686:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strlen(pp->fileName) == 0)
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1731:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
  strcpy(pp->fileSystem, "");
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1819:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	    strcpy(pp->fileSystem, "");
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1821:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	    strcpy(pp->fileName, "");
data/acedb-4.9.39+dfsg.02/w5/disknew.c:1943:7:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
      strcpy(error_text, "");
data/acedb-4.9.39+dfsg.02/w5/lexalpha.c:392:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		length += strlen (cp);
data/acedb-4.9.39+dfsg.02/w5/lexsubs4.c:832:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  for (cq = cp + strlen(cp) ; cq-- > cp ; )
data/acedb-4.9.39+dfsg.02/w5/lexsubs4.c:1346:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if ((strlen(nam) + strlen(classNam) + EXTRA_CHARS) > buflen)
data/acedb-4.9.39+dfsg.02/w5/lexsubs4.c:1346:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if ((strlen(nam) + strlen(classNam) + EXTRA_CHARS) > buflen)
data/acedb-4.9.39+dfsg.02/w5/lexsubs4.c:1350:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      buflen = strlen(nam) + strlen(classNam) + EXTRA_CHARS ;
data/acedb-4.9.39+dfsg.02/w5/lexsubs4.c:1350:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      buflen = strlen(nam) + strlen(classNam) + EXTRA_CHARS ;
data/acedb-4.9.39+dfsg.02/w5/lexsubs4.c:1616:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  int classe = class(key) , n = strlen(oldName) ;
data/acedb-4.9.39+dfsg.02/w5/lexsubs4.c:1621:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(newName) > n )
data/acedb-4.9.39+dfsg.02/w5/lexsubs4.c:2197:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
       ( (stackMark(Voc[t]) + strlen(cp)) > MAXVOCAB ))
data/acedb-4.9.39+dfsg.02/w6/acedbgraph.c:460:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy (buffer, aceInWord(view_in), 40);
data/acedb-4.9.39+dfsg.02/w6/acedbgraph.c:748:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(buffer, aceInWord(view_in), 40);
data/acedb-4.9.39+dfsg.02/w6/acedbgraph.c:752:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(buffer) == 0)
data/acedb-4.9.39+dfsg.02/w6/acedbgraph.c:860:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      viewnam = handleAlloc(0, handle, 1+strlen(s));
data/acedb-4.9.39+dfsg.02/w6/action.c:253:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	{ if (max < strlen(cp))
data/acedb-4.9.39+dfsg.02/w6/action.c:254:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  max = strlen(cp) ;
data/acedb-4.9.39+dfsg.02/w6/aqldisp.c:154:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      int len =  strlen(error);
data/acedb-4.9.39+dfsg.02/w6/bsdumps.c:132:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  cq = question + strlen(question) - 1 ;
data/acedb-4.9.39+dfsg.02/w6/bssubs.c:1490:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          bs->bt->cp = messalloc (strlen ((char*)xp) + 1) ;
data/acedb-4.9.39+dfsg.02/w6/bssubs.c:1517:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (!text || !strlen(text))
data/acedb-4.9.39+dfsg.02/w6/bstree.c:242:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  register int i = strlen(bsxxx->bt->cp) ;
data/acedb-4.9.39+dfsg.02/w6/bstree.c:299:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
     n = 2+(strlen(bs->bt->cp)+NODEX-1)/NODEX;  /* michel  was 1+.. */
data/acedb-4.9.39+dfsg.02/w6/bstree.c:348:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 int n = ( u ? strlen(u) : 0 )  + ( v ? strlen(v) : 0 ) ;
data/acedb-4.9.39+dfsg.02/w6/bstree.c:348:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 int n = ( u ? strlen(u) : 0 )  + ( v ? strlen(v) : 0 ) ;
data/acedb-4.9.39+dfsg.02/w6/display.c:615:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strlen(url) >= strlen(str) &&
data/acedb-4.9.39+dfsg.02/w6/display.c:615:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strlen(url) >= strlen(str) &&
data/acedb-4.9.39+dfsg.02/w6/display.c:616:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strncmp(url, str, strlen(str)) == 0 )
data/acedb-4.9.39+dfsg.02/w6/display.c:618:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            url += strlen(str);
data/acedb-4.9.39+dfsg.02/w6/display.c:624:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            (strlen(url) >= strlen(str) &&
data/acedb-4.9.39+dfsg.02/w6/display.c:624:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            (strlen(url) >= strlen(str) &&
data/acedb-4.9.39+dfsg.02/w6/display.c:625:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             strcmp(url+strlen(url)-strlen(str), str) == 0))
data/acedb-4.9.39+dfsg.02/w6/display.c:625:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             strcmp(url+strlen(url)-strlen(str), str) == 0))
data/acedb-4.9.39+dfsg.02/w6/display.c:626:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          *(url+strlen(url)-strlen(str)) = 0;
data/acedb-4.9.39+dfsg.02/w6/display.c:626:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          *(url+strlen(url)-strlen(str)) = 0;
data/acedb-4.9.39+dfsg.02/w6/display.c:641:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = 1+strlen(url);
data/acedb-4.9.39+dfsg.02/w6/display.c:642:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (arr(a, i, BSunit).s) len += strlen(arr(a, i, BSunit).s);
data/acedb-4.9.39+dfsg.02/w6/display.c:643:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    	if (arr(a, i+1, BSunit).s) len += strlen(arr(a, i+1, BSunit).s);
data/acedb-4.9.39+dfsg.02/w6/display.c:1028:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(dp->title, cp, 41) ;
data/acedb-4.9.39+dfsg.02/w6/display.c:1032:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		  strncpy(dp->help, cp, 31) ;
data/acedb-4.9.39+dfsg.02/w6/display.c:1141:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(dp->title, displayName, 31) ;
data/acedb-4.9.39+dfsg.02/w6/display.c:1142:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant character.
      strncpy(dp->help, "", 31) ;
data/acedb-4.9.39+dfsg.02/w6/dnasubs.c:263:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      dna_length = strlen(dna) ;
data/acedb-4.9.39+dfsg.02/w6/dnasubs.c:1456:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  aceOutBinary ( dump_out, cp, strlen(cp) + 1) ;
data/acedb-4.9.39+dfsg.02/w6/forest.c:252:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant character.
      strncpy (forest->mot,"", 1023) ;
data/acedb-4.9.39+dfsg.02/w6/forest.c:257:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy (forest->mot, stackText(forest->s, seg->n), 1023) ;
data/acedb-4.9.39+dfsg.02/w6/forest.c:276:7:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
      strcat (buf, "*") ;
data/acedb-4.9.39+dfsg.02/w6/forest.c:589:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strlen(cp) == 0)
data/acedb-4.9.39+dfsg.02/w6/forest.c:769:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!strncasecmp(cc,txt,strlen(txt)))
data/acedb-4.9.39+dfsg.02/w6/forest.c:1402:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(cp) > xPlus)
data/acedb-4.9.39+dfsg.02/w6/forest.c:1403:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  xPlus = strlen(cp) ;
data/acedb-4.9.39+dfsg.02/w6/forest.c:1409:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (strlen(cp)+2 >xPlus)
data/acedb-4.9.39+dfsg.02/w6/forest.c:1410:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      xPlus = strlen(cp)+2 ;
data/acedb-4.9.39+dfsg.02/w6/forest.c:1507:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(cp) > xPlus)
data/acedb-4.9.39+dfsg.02/w6/forest.c:1508:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  xPlus = strlen(cp) ;
data/acedb-4.9.39+dfsg.02/w6/forest.c:1511:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (strlen(cp)+2 >xPlus)
data/acedb-4.9.39+dfsg.02/w6/forest.c:1512:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      xPlus = strlen(cp)+2 ;
data/acedb-4.9.39+dfsg.02/w6/forest.c:1966:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  ii = strlen(cp) + 2 ;
data/acedb-4.9.39+dfsg.02/w6/ksetdisp.c:2040:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if ((j = strlen(cp3)) > *cWidth){
data/acedb-4.9.39+dfsg.02/w6/ksetdisp.c:2046:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if ((j = strlen(cp)) > *cWidth){
data/acedb-4.9.39+dfsg.02/w6/ksetdisp.c:2338:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      int len =  strlen(look->message);
data/acedb-4.9.39+dfsg.02/w6/layoutdisp.c:145:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    z->x = strlen(name(key)) + 2 ;
data/acedb-4.9.39+dfsg.02/w6/layoutdisp.c:557:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (ll->x + strlen(name(ll->key)) + 2 > xmax)
data/acedb-4.9.39+dfsg.02/w6/layoutdisp.c:558:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	xmax = ll->x + strlen(name(ll->key)) + 2 ;  
data/acedb-4.9.39+dfsg.02/w6/layoutdisp.c:561:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      x = ll->x + strlen(name(ll->key)) + 2 ;
data/acedb-4.9.39+dfsg.02/w6/layoutdisp.c:591:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (ll->x + strlen(name(ll->key)) + 2 > xmax)
data/acedb-4.9.39+dfsg.02/w6/layoutdisp.c:592:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	xmax = ll->x + strlen(name(ll->key)) + 2 ;  
data/acedb-4.9.39+dfsg.02/w6/layoutdisp.c:642:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      x = xmax + strlen(name(key)) ;
data/acedb-4.9.39+dfsg.02/w6/layoutdisp.c:648:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      xmax += strlen(name(key)) +1 ;
data/acedb-4.9.39+dfsg.02/w6/longtextdisp.c:329:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      x += strlen(cp) ;
data/acedb-4.9.39+dfsg.02/w6/longtextdisp.c:367:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      x += strlen(cp) + 1 ;
data/acedb-4.9.39+dfsg.02/w6/multimapdisp.c:543:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(mmdisp->title) > 0)
data/acedb-4.9.39+dfsg.02/w6/multimapdisp.c:1522:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(mmdisp->title) > 0)
data/acedb-4.9.39+dfsg.02/w6/multimapdisp.c:1540:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  if (strlen(tableGetColumnName(mmdisp->table, j)) > 0)
data/acedb-4.9.39+dfsg.02/w6/nicedump.c:144:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  aceOutBinary ( dump_out, cp, strlen(cp) + 1) ;
data/acedb-4.9.39+dfsg.02/w6/nicedump.c:179:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      aceOutBinary ( dump_out, cp, strlen(cp) + 1) ;
data/acedb-4.9.39+dfsg.02/w6/nicedump.c:186:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      aceOutBinary ( dump_out, cp, strlen(cp) + 1) ;
data/acedb-4.9.39+dfsg.02/w6/nicedump.c:194:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  aceOutBinary (dump_out, cp, strlen(cp) + 1) ;
data/acedb-4.9.39+dfsg.02/w6/nicedump.c:310:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          aceOutBinary ( dump_out, cp, strlen (cp) + 1) ;
data/acedb-4.9.39+dfsg.02/w6/nicedump.c:422:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  if (strlen(cp) > xPlus)
data/acedb-4.9.39+dfsg.02/w6/nicedump.c:423:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    xPlus = strlen(cp) ;
data/acedb-4.9.39+dfsg.02/w6/nicedump.c:434:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  if (strlen(cp)+2 > xPlus)
data/acedb-4.9.39+dfsg.02/w6/nicedump.c:435:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    xPlus = strlen(cp)+2 ;
data/acedb-4.9.39+dfsg.02/w6/nicedump.c:516:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  cq = question + strlen(question) - 1 ;
data/acedb-4.9.39+dfsg.02/w6/nicedump.c:704:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  cq = question + strlen(question) - 1 ;
data/acedb-4.9.39+dfsg.02/w6/nicedump.c:1077:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  cq = question + strlen(question) - 1 ;
data/acedb-4.9.39+dfsg.02/w6/peptide.c:1454:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      && strlen(translation) == 64
data/acedb-4.9.39+dfsg.02/w6/peptide.c:1455:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      && strlen(start) == 64
data/acedb-4.9.39+dfsg.02/w6/peptide.c:1456:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      && strlen(stop) == 64
data/acedb-4.9.39+dfsg.02/w6/peptide.c:1457:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      && strlen(base1) == 64
data/acedb-4.9.39+dfsg.02/w6/peptide.c:1458:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      && strlen(base2) == 64
data/acedb-4.9.39+dfsg.02/w6/peptide.c:1459:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      && strlen(base3) == 64)
data/acedb-4.9.39+dfsg.02/w6/peptide.c:1544:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  aceOutBinary (dump_out, cp, strlen(cp) + 1) ;
data/acedb-4.9.39+dfsg.02/w6/plot.c:819:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    graphText(cp, look->leftMargin -1  - look->axisShift - strlen(cp) , YY(i) - .5) ;
data/acedb-4.9.39+dfsg.02/w6/plot.c:824:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    graphText(cp, look->leftMargin - 1 - look->axisShift - strlen(cp) , YY(i) - .5) ;
data/acedb-4.9.39+dfsg.02/w6/plot2d.c:480:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	graphText (cp, p2d->leftMargin - strlen(cp)-1.5,y-.5) ;
data/acedb-4.9.39+dfsg.02/w6/qbedisp.c:532:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy(buffer, "");
data/acedb-4.9.39+dfsg.02/w6/qbedisp.c:854:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    length = strlen(tagval->name);  
data/acedb-4.9.39+dfsg.02/w6/qbedisp.c:889:8:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	      strcpy(tagval->name, "");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:278:7:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
      strcat(result, " ");  /* add a space between words */
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:293:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	  strcat(result, "\"");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:296:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	  strcat(result, "*");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:319:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	  strcat(result, "*");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:321:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	  strcat(result, "\"");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:351:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
     strcpy(ARR2STRING(qbuild->entries, i), "");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:352:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
     strcpy(ARR2STRING(qbuild->syntax, i), "");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:356:4:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
   strcpy(qbuild->classtag_entry, "");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:357:4:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
   strcpy(qbuild->classtag_syntax, "");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:361:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
     strcpy(ARR2STRING(qbuild->entries, i), "");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:362:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
     strcpy(ARR2STRING(qbuild->syntax, i), "");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:436:7:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
      strcpy(qbuild->preclass_syntax, "");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:477:7:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
      strcpy(qbuild->classtag_syntax,"");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:519:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy(qbuild->classtag_syntax,"");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:608:7:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
      strcpy(syntax_a, "");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:690:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(syntax_c,"");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:694:7:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
      strcpy(syntax_c, "");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:711:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(syntax_c, "");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:713:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(syntax_c, "=");	       
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:719:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(syntax_c, ">");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:725:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(syntax_c, "<");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:730:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(syntax_c, "");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:735:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(syntax_c, "");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:822:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  qc = quote_chr+strlen(quote_chr);
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:893:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy(syntax_j, "");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:904:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(syntax_j, "#");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:909:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(syntax_j, "&");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:929:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(syntax_j, "&");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:931:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(syntax_j, "|");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:934:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(syntax_j, "^");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:936:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(syntax_j, "");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:940:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(syntax_j, "");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:969:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	    strcpy(ARR2STRING(qbuild->syntax, i), "");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:971:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	    strcpy(ARR2STRING(qbuild->entries, i), "");
data/acedb-4.9.39+dfsg.02/w6/querybuild.c:985:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(syntax_j, "");
data/acedb-4.9.39+dfsg.02/w6/querydisp.c:148:7:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
      strcat (auto_filename, "X");
data/acedb-4.9.39+dfsg.02/w6/querydisp.c:192:14:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  while (c = fgetc(fil), c != (char)EOF)  
data/acedb-4.9.39+dfsg.02/w6/querydisp.c:281:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
       && strlen(quer->fileName)
data/acedb-4.9.39+dfsg.02/w6/querydisp.c:374:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  event.buffer.buff.blen = strlen(stackText(buf,0)) ;
data/acedb-4.9.39+dfsg.02/w6/querydisp.c:496:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy(ARR2STRING(quer->pgm, 0), "");
data/acedb-4.9.39+dfsg.02/w6/querydisp.c:556:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(buffer) >= QBUFF_MULT*BUFFER_SIZE)
data/acedb-4.9.39+dfsg.02/w6/querydisp.c:560:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(ARR2STRING(quer->pgm, (quer->curr - quer->pgmBox -1)/2), 
data/acedb-4.9.39+dfsg.02/w6/querydisp.c:702:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
  strcpy (quer->fileName, "") ;
data/acedb-4.9.39+dfsg.02/w6/sessiondisp.c:505:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  if(strlen(cp) > 80)
data/acedb-4.9.39+dfsg.02/w6/sessiondisp.c:507:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  if (strlen(cp) > 0)
data/acedb-4.9.39+dfsg.02/w6/smap.c:721:13:  [1] (buffer) mismatch:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
  if (info->mismatch)
data/acedb-4.9.39+dfsg.02/w6/smap.c:722:38:  [1] (buffer) mismatch:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
    for (i = 0 ; i < arrayMax (info->mismatch) ; ++i)
data/acedb-4.9.39+dfsg.02/w6/smap.c:724:33:  [1] (buffer) mismatch:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
	SMapMismatch *mis = arrp(info->mismatch, i, SMapMismatch) ;
data/acedb-4.9.39+dfsg.02/w6/smap.c:1570:23:  [1] (buffer) mismatch:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
	  mis = arrayp(info->mismatch, arrayMax(info->mismatch), SMapMismatch) ;
data/acedb-4.9.39+dfsg.02/w6/smap.c:1570:48:  [1] (buffer) mismatch:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
	  mis = arrayp(info->mismatch, arrayMax(info->mismatch), SMapMismatch) ;
data/acedb-4.9.39+dfsg.02/w6/smap.c:1578:26:  [1] (buffer) mismatch:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
      mis = arrayp(info->mismatch, 0, SMapMismatch) ;
data/acedb-4.9.39+dfsg.02/w6/smap.c:1586:13:  [1] (buffer) mismatch:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
  if (info->mismatch && !arrayMax (info->mismatch))
data/acedb-4.9.39+dfsg.02/w6/smap.c:1586:42:  [1] (buffer) mismatch:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
  if (info->mismatch && !arrayMax (info->mismatch))
data/acedb-4.9.39+dfsg.02/w6/smap.c:1587:25:  [1] (buffer) mismatch:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
    arrayDestroy (info->mismatch) ;
data/acedb-4.9.39+dfsg.02/w6/smap.c:2670:13:  [1] (buffer) mismatch:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
  if (info->mismatch)
data/acedb-4.9.39+dfsg.02/w6/smap.c:2675:35:  [1] (buffer) mismatch:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
	  SMapMismatch *m = arrayp(info->mismatch, i, SMapMismatch);
data/acedb-4.9.39+dfsg.02/w6/smap_.h:93:9:  [1] (buffer) mismatch:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
  Array mismatch ;					    /* of SMapMisMatch */
data/acedb-4.9.39+dfsg.02/w6/tabledisp.c:334:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(tdisp->title) > 0)
data/acedb-4.9.39+dfsg.02/w6/tabledisp.c:397:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(tdisp->title) > 0)
data/acedb-4.9.39+dfsg.02/w6/tabledisp.c:578:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(line, inText, 1000);
data/acedb-4.9.39+dfsg.02/w6/tabledisp.c:580:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(line) > outLength)
data/acedb-4.9.39+dfsg.02/w6/tabledisp.c:594:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  return strlen(line);
data/acedb-4.9.39+dfsg.02/w6/tablemakerdisp.c:307:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  && strlen(tmdisp->spread->filename)
data/acedb-4.9.39+dfsg.02/w6/tablemakerdisp.c:921:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy(cp, "?")  ;
data/acedb-4.9.39+dfsg.02/w6/tablemakerdisp.c:1264:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(col->conditionBuffer) > 0 &&
data/acedb-4.9.39+dfsg.02/w6/tablemakerdisp.c:1356:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(tmdisp->spread->titleBuffer) > 0)
data/acedb-4.9.39+dfsg.02/w6/tablemakerdisp.c:1561:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(col->tagTextBuffer, "?") ;
data/acedb-4.9.39+dfsg.02/w6/tablemakerdisp.c:1563:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(col->tagTextBuffer, stackText(col->tagStack,0), 359) ;
data/acedb-4.9.39+dfsg.02/w6/treedisp.c:1374:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  cp += strlen (cp0) ;
data/acedb-4.9.39+dfsg.02/w6/treedisp.c:1655:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      stackTextForceFeed (drawLook->textStack, strlen(text) + 2560) ;
data/acedb-4.9.39+dfsg.02/w6/treedisp.c:1658:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      y = drawTextEntry (class(bs->key), strlen(text) + 2500,
data/acedb-4.9.39+dfsg.02/w6/treedisp.c:1668:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strlen(text) > xPlus)
data/acedb-4.9.39+dfsg.02/w6/treedisp.c:1669:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	xPlus = strlen(text) ;
data/acedb-4.9.39+dfsg.02/w6/treedisp.c:1701:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strlen(cp) > xPlus)
data/acedb-4.9.39+dfsg.02/w6/treedisp.c:1702:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	xPlus = strlen(cp) ;
data/acedb-4.9.39+dfsg.02/w6/treedisp.c:1706:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  if (strlen(cp)+2 > xPlus)
data/acedb-4.9.39+dfsg.02/w6/treedisp.c:1707:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    xPlus = strlen(cp)+2 ;
data/acedb-4.9.39+dfsg.02/w6/treedisp.c:2026:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      x += strlen(cp) ;
data/acedb-4.9.39+dfsg.02/w6/treedisp.c:2035:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  x += strlen(cp) + 1 ;
data/acedb-4.9.39+dfsg.02/w6/treedisp.c:2045:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  if (1 + strlen (cp) > xmax)
data/acedb-4.9.39+dfsg.02/w6/treedisp.c:2046:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    xmax = 1 + strlen(cp) ;
data/acedb-4.9.39+dfsg.02/w6/treedisp.c:2607:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    { bs->bt->cp = (char*) messalloc (strlen (text) + 1) ;
data/acedb-4.9.39+dfsg.02/w6/treedisp.c:3058:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (look->tagWarp[strlen(look->tagWarp)-1] == '*')
data/acedb-4.9.39+dfsg.02/w6/treedisp.c:3060:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  look->tagWarp[strlen(look->tagWarp)-1] = '\0';
data/acedb-4.9.39+dfsg.02/w6/treedisp.c:3269:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (g_strncasecmp(element, pattern, strlen(pattern)) ==0)
data/acedb-4.9.39+dfsg.02/w7/alignmentdisp.c:139:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    { x = strlen (messprintf ("%d - %d", c->start, c->end)) ;
data/acedb-4.9.39+dfsg.02/w7/alignmentdisp.c:142:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      y = strlen (name (c->key)) ;
data/acedb-4.9.39+dfsg.02/w7/alignmentdisp.c:155:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  if (strlen (c->seq) > maxlen)
data/acedb-4.9.39+dfsg.02/w7/alignmentdisp.c:156:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    maxlen = strlen (c->seq) ;
data/acedb-4.9.39+dfsg.02/w7/alignmentdisp.c:197:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    { x = strlen (messprintf ("%s/%d-%d", name(c->key), c->start, c->end)) ;
data/acedb-4.9.39+dfsg.02/w7/biblio.c:677:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  lastSpace = strlen(cc) - 1 ;
data/acedb-4.9.39+dfsg.02/w7/biblio.c:680:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  for (i = 0; i < strlen(cc); i++)
data/acedb-4.9.39+dfsg.02/w7/biblio.c:685:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  for (i = lastSpace + 1; i < strlen(cc); i++)
data/acedb-4.9.39+dfsg.02/w7/biblio.c:693:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen (cc) - lastSpace > 4 + nbDot + nbMinus)
data/acedb-4.9.39+dfsg.02/w7/biblio.c:694:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    lastSpace = strlen(cc) - 1 ;
data/acedb-4.9.39+dfsg.02/w7/biblio.c:701:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (lastSpace != strlen(cc) - 1)
data/acedb-4.9.39+dfsg.02/w7/biblio.c:708:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  for (i=lastSpace + 1; i<strlen(cc); i++)
data/acedb-4.9.39+dfsg.02/w7/biblio.c:853:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		  if (strlen(cp))
data/acedb-4.9.39+dfsg.02/w7/biblio.c:880:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  lastSpace = strlen(cc) - 1 ;
data/acedb-4.9.39+dfsg.02/w7/biblio.c:883:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  for (i=0; i<strlen(cc); i++)
data/acedb-4.9.39+dfsg.02/w7/biblio.c:888:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  for (i=lastSpace + 1; i<strlen(cc); i++)
data/acedb-4.9.39+dfsg.02/w7/biblio.c:895:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen (cc) - lastSpace > 4 + nbDot + nbMinus)
data/acedb-4.9.39+dfsg.02/w7/biblio.c:896:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    lastSpace = strlen(cc) - 1 ;
data/acedb-4.9.39+dfsg.02/w7/biblio.c:901:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  for (i=lastSpace + 1; i<strlen(cc); i++)
data/acedb-4.9.39+dfsg.02/w7/biblio.c:909:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (lastSpace != strlen(cc) -1)/* initiales ? */
data/acedb-4.9.39+dfsg.02/w7/biblio.c:1065:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		  if (strlen(cp))
data/acedb-4.9.39+dfsg.02/w7/biblio.c:1130:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(biblio->cp, title, 70);
data/acedb-4.9.39+dfsg.02/w7/biblio.c:1449:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		  if (strlen(cp))
data/acedb-4.9.39+dfsg.02/w7/coltest.c:181:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  len = strlen(messprintf("%d", draw->number));
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:633:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
  strncat(look->title,messprintf("(%s)", name (key)),BUF_WIDTH-strlen(look->title)) ;
data/acedb-4.9.39+dfsg.02/w7/dendrogram.c:633:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  strncat(look->title,messprintf("(%s)", nam