Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/adios-1.13.1/src/query/common_query_read.c Examining data/adios-1.13.1/src/query/query_utils.h Examining data/adios-1.13.1/src/query/common_query.c Examining data/adios-1.13.1/src/query/query_minmax.c Examining data/adios-1.13.1/src/query/fastbit_adios.c Examining data/adios-1.13.1/src/query/query_fastbit.c Examining data/adios-1.13.1/src/query/query_alac.c Examining data/adios-1.13.1/src/query/common_query.h Examining data/adios-1.13.1/src/query/adios_query_hooks.c Examining data/adios-1.13.1/src/query/query_utils.c Examining data/adios-1.13.1/src/query/fastbit_adios.h Examining data/adios-1.13.1/src/query/adios_query.c Examining data/adios-1.13.1/src/query/adiosf_query.c Examining data/adios-1.13.1/src/query/adios_query_hooks.h Examining data/adios-1.13.1/src/read/read_icee.c Examining data/adios-1.13.1/src/read/read_bp.c Examining data/adios-1.13.1/src/read/read_flexpath.c Examining data/adios-1.13.1/src/read/read_bp_staged.c Examining data/adios-1.13.1/src/read/read_dataspaces.c Examining data/adios-1.13.1/src/read/read_bp_staged1.c Examining data/adios-1.13.1/src/read/read_dimes.c Examining data/adios-1.13.1/src/core/adiost_callback_internal.h Examining data/adios-1.13.1/src/core/buffer.h Examining data/adios-1.13.1/src/core/adios_copyspec.h Examining data/adios-1.13.1/src/core/adios_clock.h Examining data/adios-1.13.1/src/core/adios_logger.h Examining data/adios-1.13.1/src/core/common_read.c Examining data/adios-1.13.1/src/core/mpidummy.c Examining data/adios-1.13.1/src/core/adios_transform_methods.c Examining data/adios-1.13.1/src/core/adios_clock.c Examining data/adios-1.13.1/src/core/futils.c Examining data/adios-1.13.1/src/core/strutil.h Examining data/adios-1.13.1/src/core/buffer.c Examining data/adios-1.13.1/src/core/adios_socket.h Examining data/adios-1.13.1/src/core/util.c Examining data/adios-1.13.1/src/core/adios_infocache.c Examining data/adios-1.13.1/src/core/adios_read_hooks.h Examining data/adios-1.13.1/src/core/a2sel.h Examining data/adios-1.13.1/src/core/adios_copyspec.c Examining data/adios-1.13.1/src/core/types.h Examining data/adios-1.13.1/src/core/flexpath.h Examining data/adios-1.13.1/src/core/adios_socket.c Examining data/adios-1.13.1/src/core/adios_read_hooks.c Examining data/adios-1.13.1/src/core/futils.h Examining data/adios-1.13.1/src/core/adios_internals.h Examining data/adios-1.13.1/src/core/adios_read_ext.c Examining data/adios-1.13.1/src/core/common_adios.c Examining data/adios-1.13.1/src/core/adios_endianness.c Examining data/adios-1.13.1/src/core/adios_transport_hooks.c Examining data/adios-1.13.1/src/core/adios_transport_hooks.h Examining data/adios-1.13.1/src/core/bp_utils.h Examining data/adios-1.13.1/src/core/adios_internals.c Examining data/adios-1.13.1/src/core/adiosf.c Examining data/adios-1.13.1/src/core/adios_timing.h Examining data/adios-1.13.1/src/core/adios_error.c Examining data/adios-1.13.1/src/core/a2sel.c Examining data/adios-1.13.1/src/core/adiosf_read_v1.c Examining data/adios-1.13.1/src/core/adiost_callback_internal.c Examining data/adios-1.13.1/src/core/adios_logger.c Examining data/adios-1.13.1/src/core/qhashtbl.h Examining data/adios-1.13.1/src/core/adios_selection_util.h Examining data/adios-1.13.1/src/core/adios_read.c Examining data/adios-1.13.1/src/core/adios_selection_util.c Examining data/adios-1.13.1/src/core/adiosf_read.c Examining data/adios-1.13.1/src/core/ds_metadata.h Examining data/adios-1.13.1/src/core/globals.h Examining data/adios-1.13.1/src/core/adios_internals_mxml.h Examining data/adios-1.13.1/src/core/adios_bp_v1.h Examining data/adios-1.13.1/src/core/adios.c Examining data/adios-1.13.1/src/core/adios_endianness.h Examining data/adios-1.13.1/src/core/util_mpi.c Examining data/adios-1.13.1/src/core/adios_timing.c Examining data/adios-1.13.1/src/core/util_mpi.h Examining data/adios-1.13.1/src/core/adios_subvolume.h Examining data/adios-1.13.1/src/core/adios_icee.h Examining data/adios-1.13.1/src/core/common_read.h Examining data/adios-1.13.1/src/core/qhashtbl.c Examining data/adios-1.13.1/src/core/bp_types.h Examining data/adios-1.13.1/src/core/adios_subvolume.c Examining data/adios-1.13.1/src/core/transforms/plugindetect/detect_plugin_read_hook_reg.h Examining data/adios-1.13.1/src/core/transforms/plugindetect/plugin_info_types.h Examining data/adios-1.13.1/src/core/transforms/plugindetect/detect_plugin_read_hook_decls.h Examining data/adios-1.13.1/src/core/transforms/plugindetect/detect_plugin_types.h Examining data/adios-1.13.1/src/core/transforms/plugindetect/detect_plugin_infos.h Examining data/adios-1.13.1/src/core/transforms/plugindetect/detect_plugin_write_hook_decls.h Examining data/adios-1.13.1/src/core/transforms/plugindetect/detect_plugin_write_hook_reg.h Examining data/adios-1.13.1/src/core/transforms/adios_patchdata.h Examining data/adios-1.13.1/src/core/transforms/adios_transforms_reqgroup.h Examining data/adios-1.13.1/src/core/transforms/adios_transforms_reqgroup.c Examining data/adios-1.13.1/src/core/transforms/adios_transforms_read.h Examining data/adios-1.13.1/src/core/transforms/adios_transforms_hooks_read.h Examining data/adios-1.13.1/src/core/transforms/adios_transforms_util.c Examining data/adios-1.13.1/src/core/transforms/adios_transforms_transinfo.h Examining data/adios-1.13.1/src/core/transforms/adios_transforms_specparse.c Examining data/adios-1.13.1/src/core/transforms/adios_transforms_specparse.h Examining data/adios-1.13.1/src/core/transforms/adios_transforms_hooks_read.c Examining data/adios-1.13.1/src/core/transforms/adios_transforms_hooks_write.h Examining data/adios-1.13.1/src/core/transforms/adios_transforms_read.c Examining data/adios-1.13.1/src/core/transforms/adios_transforms_hooks_write.c Examining data/adios-1.13.1/src/core/transforms/adios_transforms_util.h Examining data/adios-1.13.1/src/core/transforms/adios_transforms_write.h Examining data/adios-1.13.1/src/core/transforms/adios_transforms_hooks.h Examining data/adios-1.13.1/src/core/transforms/adios_transforms_hooks.c Examining data/adios-1.13.1/src/core/transforms/adios_transforms_write.c Examining data/adios-1.13.1/src/core/transforms/adios_patchdata.c Examining data/adios-1.13.1/src/core/transforms/adios_transforms_common.c Examining data/adios-1.13.1/src/core/transforms/adios_transforms_common.h Examining data/adios-1.13.1/src/core/transforms/adios_transforms_datablock.c Examining data/adios-1.13.1/src/core/transforms/adios_transforms_datablock.h Examining data/adios-1.13.1/src/core/adios_infocache.h Examining data/adios-1.13.1/src/core/adios_read_v1.c Examining data/adios-1.13.1/src/core/globals.c Examining data/adios-1.13.1/src/core/util.h Examining data/adios-1.13.1/src/core/adios_internals_mxml.c Examining data/adios-1.13.1/src/core/adiost_default_tool.c Examining data/adios-1.13.1/src/core/common_adios.h Examining data/adios-1.13.1/src/core/strutil.c Examining data/adios-1.13.1/src/core/adios_bp_v1.c Examining data/adios-1.13.1/src/core/bp_utils.c Examining data/adios-1.13.1/src/public/adios_read_v1_defs.h Examining data/adios-1.13.1/src/public/adios_transform_methods.h Examining data/adios-1.13.1/src/public/adios_schema.h Examining data/adios-1.13.1/src/public/adios_read_ext.h Examining data/adios-1.13.1/src/public/adios_types.h Examining data/adios-1.13.1/src/public/adios_error.h Examining data/adios-1.13.1/src/public/adiost_callback_api.h Examining data/adios-1.13.1/src/public/adios_read_v2_fwd.h Examining data/adios-1.13.1/src/public/adios_query.h Examining data/adios-1.13.1/src/public/adios_mpi.h Examining data/adios-1.13.1/src/public/adios_read_v1.h Examining data/adios-1.13.1/src/public/adios_link.h Examining data/adios-1.13.1/src/public/adios_selection.h Examining data/adios-1.13.1/src/public/adios_version.h Examining data/adios-1.13.1/src/public/adios_read.h Examining data/adios-1.13.1/src/public/adios_read_v2.h Examining data/adios-1.13.1/src/public/adios.h Examining data/adios-1.13.1/src/public/mpidummy.h Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/src/decode3f.c Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/src/encode2d.c Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/src/block3.h Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/src/encode2f.c Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/src/decode2d.c Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/src/encode3d.c Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/src/decode1f.c Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/src/bitstream.c Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/src/encode1d.c Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/src/block1.h Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/src/traitsf.h Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/src/encode1f.c Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/src/decode2f.c Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/src/encode3f.c Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/src/decode1d.c Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/src/traitsd.h Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/src/block2.h Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/src/decode3d.c Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/src/zfp.c Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/src/inline/inline.h Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/src/inline/bitstream.c Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/src/template/encode.c Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/src/template/encode3.c Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/src/template/encode2.c Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/src/template/codec2.c Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/src/template/decompress.c Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/src/template/compress.c Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/src/template/decode1.c Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/src/template/codec3.c Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/src/template/codec.h Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/src/template/codec1.c Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/src/template/template.h Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/src/template/decode2.c Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/src/template/decode.c Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/src/template/decode3.c Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/src/template/encode1.c Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/examples/fields.c Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/examples/fields.h Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/examples/diffusion.cpp Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/examples/simple.c Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/examples/pgm.c Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/examples/testzfp.cpp Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/examples/speed.c Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/examples/array2d.h Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/examples/zfp.c Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/inc/types.h Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/inc/system.h Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/inc/bitstream.h Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/inc/macros.h Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/inc/zfp.h Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/array/memory.h Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/array/zfparray3.h Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/array/zfpcodecd.h Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/array/zfparray2.h Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/array/zfparray1.h Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/array/zfpcodec.h Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/array/zfparray.h Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/array/zfpcodecf.h Examining data/adios-1.13.1/src/zfp/zfp-0.5.0/array/cache.h Examining data/adios-1.13.1/src/mxml/mxml-2.9/mxml-private.c Examining data/adios-1.13.1/src/mxml/mxml-2.9/testmxml.c Examining data/adios-1.13.1/src/mxml/mxml-2.9/mxml-entity.c Examining data/adios-1.13.1/src/mxml/mxml-2.9/mxml-private.h Examining data/adios-1.13.1/src/mxml/mxml-2.9/mxml-set.c Examining data/adios-1.13.1/src/mxml/mxml-2.9/mxml-node.c Examining data/adios-1.13.1/src/mxml/mxml-2.9/mxml.h Examining data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c Examining data/adios-1.13.1/src/mxml/mxml-2.9/mxml-get.c Examining data/adios-1.13.1/src/mxml/mxml-2.9/mxml-search.c Examining data/adios-1.13.1/src/mxml/mxml-2.9/test/functype.cxx Examining data/adios-1.13.1/src/mxml/mxml-2.9/test/type.cxx Examining data/adios-1.13.1/src/mxml/mxml-2.9/test/struct.cxx Examining data/adios-1.13.1/src/mxml/mxml-2.9/test/class.cxx Examining data/adios-1.13.1/src/mxml/mxml-2.9/test/enum.cxx Examining data/adios-1.13.1/src/mxml/mxml-2.9/test/function.cxx Examining data/adios-1.13.1/src/mxml/mxml-2.9/mxml-index.c Examining data/adios-1.13.1/src/mxml/mxml-2.9/vcnet/config.h Examining data/adios-1.13.1/src/mxml/mxml-2.9/mxml-string.c Examining data/adios-1.13.1/src/mxml/mxml-2.9/mxml-file.c Examining data/adios-1.13.1/src/mxml/mxml-2.9/mxml-attr.c Examining data/adios-1.13.1/src/mxml/cmake_try_longlong.c Examining data/adios-1.13.1/src/mxml/config.h Examining data/adios-1.13.1/src/write/adios_dataspaces.c Examining data/adios-1.13.1/src/write/adios_mpi.c Examining data/adios-1.13.1/src/write/adios_flexpath.c Examining data/adios-1.13.1/src/write/adios_icee.c Examining data/adios-1.13.1/src/write/adios_mpi_amr.c Examining data/adios-1.13.1/src/write/adios_dimes.c Examining data/adios-1.13.1/src/write/adios_mpi_bgq.c Examining data/adios-1.13.1/src/write/adios_var_merge.c Examining data/adios-1.13.1/src/write/adios_posix.c Examining data/adios-1.13.1/src/write/adios_phdf5.c Examining data/adios-1.13.1/src/write/adios_mpi_lustre.c Examining data/adios-1.13.1/src/write/adios_nc4.c Examining data/adios-1.13.1/src/transforms/adios_transform_zfp_common.h Examining data/adios-1.13.1/src/transforms/adios_transform_blosc_common.h Examining data/adios-1.13.1/src/transforms/adios_transform_isobar_write.c Examining data/adios-1.13.1/src/transforms/adios_transform_alacrity_write.c Examining data/adios-1.13.1/src/transforms/adios_transform_sz_write.c Examining data/adios-1.13.1/src/transforms/adios_transform_zlib_read.c Examining data/adios-1.13.1/src/transforms/adios_transform_lz4_write.c Examining data/adios-1.13.1/src/transforms/adios_transform_zfp_write.c Examining data/adios-1.13.1/src/transforms/adios_transform_alacrity_read.c Examining data/adios-1.13.1/src/transforms/adios_transform_template_read.c Examining data/adios-1.13.1/src/transforms/adios_transform_identity_write.c Examining data/adios-1.13.1/src/transforms/adios_transform_mgard_write.c Examining data/adios-1.13.1/src/transforms/adios_transform_bzip2_write.c Examining data/adios-1.13.1/src/transforms/adios_transform_template_write.c Examining data/adios-1.13.1/src/transforms/adios_transform_sz_read.c Examining data/adios-1.13.1/src/transforms/adios_transform_aplod_write.c Examining data/adios-1.13.1/src/transforms/adios_transform_alacrity_common.h Examining data/adios-1.13.1/src/transforms/adios_transform_lz4_common.h Examining data/adios-1.13.1/src/transforms/adios_transform_bzip2_read.c Examining data/adios-1.13.1/src/transforms/adios_transform_identity_read.h Examining data/adios-1.13.1/src/transforms/adios_transform_zfp_read.c Examining data/adios-1.13.1/src/transforms/adios_transform_mgard_read.c Examining data/adios-1.13.1/src/transforms/adios_transform_szip.h Examining data/adios-1.13.1/src/transforms/adios_transform_identity_read.c Examining data/adios-1.13.1/src/transforms/adios_transform_zlib_write.c Examining data/adios-1.13.1/src/transforms/adios_transform_szip_read.c Examining data/adios-1.13.1/src/transforms/adios_transform_lz4_read.c Examining data/adios-1.13.1/src/transforms/zcheck_comm.h Examining data/adios-1.13.1/src/transforms/transform_plugins.h Examining data/adios-1.13.1/src/transforms/adios_transform_isobar_read.c Examining data/adios-1.13.1/src/transforms/adios_transform_blosc_write.c Examining data/adios-1.13.1/src/transforms/adios_transform_blosc_read.c Examining data/adios-1.13.1/src/transforms/adios_transform_aplod_read.c Examining data/adios-1.13.1/src/transforms/adios_transform_szip_write.c Examining data/adios-1.13.1/utils/bp2ncd/bp2ncd.h Examining data/adios-1.13.1/utils/bp2ncd/bp2ncd.c Examining data/adios-1.13.1/utils/bp2ascii/bp2ascii.c Examining data/adios-1.13.1/utils/bpsplit/bpsplit.c Examining data/adios-1.13.1/utils/bpsplit/bpappend.c Examining data/adios-1.13.1/utils/bpsplit/bpgettime.c Examining data/adios-1.13.1/utils/fastbit/adios_index_fastbit.c Examining data/adios-1.13.1/utils/skeldump/skeldump.h Examining data/adios-1.13.1/utils/skeldump/skeldump.c Examining data/adios-1.13.1/utils/bpmeta/bpmeta.c Examining data/adios-1.13.1/utils/adios_list_methods/adios_list_methods.c Examining data/adios-1.13.1/utils/bpdiff/bpdiff.c Examining data/adios-1.13.1/utils/bpdiff/utils.h Examining data/adios-1.13.1/utils/bpdiff/decompose.h Examining data/adios-1.13.1/utils/bpdiff/decompose_block.c Examining data/adios-1.13.1/utils/bpdiff/utils.c Examining data/adios-1.13.1/utils/bpdump/bpdump.c Examining data/adios-1.13.1/utils/bpls/bpls.h Examining data/adios-1.13.1/utils/bpls/bpls.c Examining data/adios-1.13.1/utils/bprecover/bprecover.c Examining data/adios-1.13.1/utils/bp2h5/bp2h5.c Examining data/adios-1.13.1/utils/adios_lint/adios_lint.c Examining data/adios-1.13.1/utils/bp2bp/bp2bp.c Examining data/adios-1.13.1/utils/skel/src/skel_xml_output_f.c Examining data/adios-1.13.1/utils/skel/src/skel_xml_output.h Examining data/adios-1.13.1/utils/skel/src/skel_xml_output.c Examining data/adios-1.13.1/tests/bp_read/bp_read_c.c Examining data/adios-1.13.1/tests/bp_read/genbp.c Examining data/adios-1.13.1/tests/suite/programs/many_vars.c Examining data/adios-1.13.1/tests/suite/programs/set_path_var.c Examining data/adios-1.13.1/tests/suite/programs/blocks.c Examining data/adios-1.13.1/tests/suite/programs/steps_read_stream.c Examining data/adios-1.13.1/tests/suite/programs/build_standard_dataset.c Examining data/adios-1.13.1/tests/suite/programs/transforms_writeblock_read.c Examining data/adios-1.13.1/tests/suite/programs/adios_amr_write.c Examining data/adios-1.13.1/tests/suite/programs/selections.c Examining data/adios-1.13.1/tests/suite/programs/steps_write.c Examining data/adios-1.13.1/tests/suite/programs/big_file.c Examining data/adios-1.13.1/tests/suite/programs/examples/scalars/scalars_write_C.c Examining data/adios-1.13.1/tests/suite/programs/examples/scalars/scalars_read_C.c Examining data/adios-1.13.1/tests/suite/programs/examples/global_array/global_array_aggregate_by_color_C.c Examining data/adios-1.13.1/tests/suite/programs/examples/global_array/global_array_write_noxml_C.c Examining data/adios-1.13.1/tests/suite/programs/examples/global_array/global_array_write_C.c Examining data/adios-1.13.1/tests/suite/programs/examples/global_array/global_array_read_C.c Examining data/adios-1.13.1/tests/suite/programs/examples/global_array/global_array_read_noxml_C.c Examining data/adios-1.13.1/tests/suite/programs/examples/global_array/global_array_write_byid_noxml_C.c Examining data/adios-1.13.1/tests/suite/programs/examples/global_array/global_array_read_byid_noxml_C.c Examining data/adios-1.13.1/tests/suite/programs/examples/attributes/attributes_read_C.c Examining data/adios-1.13.1/tests/suite/programs/examples/attributes/attributes_write_C.c Examining data/adios-1.13.1/tests/suite/programs/examples/global_array_time/global_array_time_read_as_stream_C.c Examining data/adios-1.13.1/tests/suite/programs/examples/global_array_time/global_array_time_write_multifile_C.c Examining data/adios-1.13.1/tests/suite/programs/examples/global_array_time/global_array_time_write_C.c Examining data/adios-1.13.1/tests/suite/programs/examples/global_array_time/global_array_time_read_as_file_C.c Examining data/adios-1.13.1/tests/suite/programs/examples/local_array/local_array_write_C.c Examining data/adios-1.13.1/tests/suite/programs/examples/local_array/local_array_read_C.c Examining data/adios-1.13.1/tests/suite/programs/adios_staged_read_2vars.c Examining data/adios-1.13.1/tests/suite/programs/two_groups.c Examining data/adios-1.13.1/tests/suite/programs/set_path.c Examining data/adios-1.13.1/tests/suite/programs/adios_transforms_read_write.c Examining data/adios-1.13.1/tests/suite/programs/write_read.c Examining data/adios-1.13.1/tests/suite/programs/adios_staged_read_v2.c Examining data/adios-1.13.1/tests/suite/programs/write_alternate.c Examining data/adios-1.13.1/tests/suite/programs/adios_staged_read.c Examining data/adios-1.13.1/tests/suite/programs/test_singlevalue.c Examining data/adios-1.13.1/tests/suite/programs/zerolength.c Examining data/adios-1.13.1/tests/suite/programs/steps_read_file.c Examining data/adios-1.13.1/tests/suite/programs/local_array_time.c Examining data/adios-1.13.1/tests/suite/programs/joinedarray.c Examining data/adios-1.13.1/tests/suite/programs/reuse_dim.c Examining data/adios-1.13.1/tests/suite/programs/adios_amr_write_2vars.c Examining data/adios-1.13.1/tests/suite/programs/connect_to_space_subset.c Examining data/adios-1.13.1/tests/suite/programs/path_test.c Examining data/adios-1.13.1/tests/C/flexpath_tests/include/test_common.h Examining data/adios-1.13.1/tests/C/flexpath_tests/include/misc.h Examining data/adios-1.13.1/tests/C/flexpath_tests/include/utils.h Examining data/adios-1.13.1/tests/C/flexpath_tests/two_streams/reader.c Examining data/adios-1.13.1/tests/C/flexpath_tests/two_streams/writer.c Examining data/adios-1.13.1/tests/C/flexpath_tests/two_streams/cfg.h Examining data/adios-1.13.1/tests/C/flexpath_tests/local_arrays/reader.c Examining data/adios-1.13.1/tests/C/flexpath_tests/local_arrays/writer.c Examining data/adios-1.13.1/tests/C/flexpath_tests/local_arrays/cfg.h Examining data/adios-1.13.1/tests/C/flexpath_tests/common/utils.c Examining data/adios-1.13.1/tests/C/flexpath_tests/global_range_select/reader.c Examining data/adios-1.13.1/tests/C/flexpath_tests/global_range_select/writer.c Examining data/adios-1.13.1/tests/C/flexpath_tests/maya_noxml/reader.c Examining data/adios-1.13.1/tests/C/flexpath_tests/maya_noxml/writer.c Examining data/adios-1.13.1/tests/C/flexpath_tests/maya_noxml/cfg.h Examining data/adios-1.13.1/tests/C/flexpath_tests/1D_arr_global_noxml/reader.c Examining data/adios-1.13.1/tests/C/flexpath_tests/1D_arr_global_noxml/writer.c Examining data/adios-1.13.1/tests/C/flexpath_tests/1D_arr_global_noxml/cfg.h Examining data/adios-1.13.1/tests/C/flexpath_tests/1D_arr_global/reader.c Examining data/adios-1.13.1/tests/C/flexpath_tests/1D_arr_global/writer.c Examining data/adios-1.13.1/tests/C/flexpath_tests/1D_arr_global/cfg.h Examining data/adios-1.13.1/tests/C/flexpath_tests/scalar/reader.c Examining data/adios-1.13.1/tests/C/flexpath_tests/scalar/writer.c Examining data/adios-1.13.1/tests/C/flexpath_tests/scalar/cfg.h Examining data/adios-1.13.1/tests/C/query/fastbit/fastbit_tests.c Examining data/adios-1.13.1/tests/C/query/common/adios_query_xml_parse.h Examining data/adios-1.13.1/tests/C/query/common/adios_query_test.c Examining data/adios-1.13.1/tests/C/query/common/compute_expected_query_results.c Examining data/adios-1.13.1/tests/C/query/common/adios_query_xml_parse.c Examining data/adios-1.13.1/tests/C/query/alacrity/adios_alac_query.c Examining data/adios-1.13.1/tests/C/query/alacrity/adios_show_bp_file.c Examining data/adios-1.13.1/tests/C/query/alacrity/adios_build_alac_index.c Examining data/adios-1.13.1/tests/C/query/alacrity/adios_read_ext_test.c Examining data/adios-1.13.1/tests/C/query/alacrity/adios_read_block.c Examining data/adios-1.13.1/tests/C/fgr_tests/posix_fgr.c Examining data/adios-1.13.1/tests/C/adios_test_c.c Examining data/adios-1.13.1/tests/test_src/transforms_specparse.c Examining data/adios-1.13.1/tests/test_src/hashtest.c Examining data/adios-1.13.1/tests/test_src/array_attribute.c Examining data/adios-1.13.1/tests/test_src/trim_spaces.c Examining data/adios-1.13.1/tests/test_src/read_points_3d.c Examining data/adios-1.13.1/tests/test_src/copy_subvolume.c Examining data/adios-1.13.1/tests/test_src/query_minmax.c Examining data/adios-1.13.1/tests/test_src/test_strutil.c Examining data/adios-1.13.1/tests/test_src/points_1DtoND.c Examining data/adios-1.13.1/tests/test_src/group_free_test.c Examining data/adios-1.13.1/tests/test_src/text_to_pairstruct.c Examining data/adios-1.13.1/tests/test_src/read_points_2d.c Examining data/adios-1.13.1/examples/staging/stage_write_varyingsize/stage_write.c Examining data/adios-1.13.1/examples/staging/stage_write_varyingsize/utils.h Examining data/adios-1.13.1/examples/staging/stage_write_varyingsize/decompose.h Examining data/adios-1.13.1/examples/staging/stage_write_varyingsize/decompose_block.c Examining data/adios-1.13.1/examples/staging/stage_write_varyingsize/test_decompose.c Examining data/adios-1.13.1/examples/staging/stage_write_varyingsize/decompose_single.c Examining data/adios-1.13.1/examples/staging/stage_write_varyingsize/utils.c Examining data/adios-1.13.1/examples/staging/stage_write/stage_write.c Examining data/adios-1.13.1/examples/staging/stage_write/utils.h Examining data/adios-1.13.1/examples/staging/stage_write/decompose.h Examining data/adios-1.13.1/examples/staging/stage_write/decompose_block.c Examining data/adios-1.13.1/examples/staging/stage_write/test_decompose.c Examining data/adios-1.13.1/examples/staging/stage_write/decompose_single.c Examining data/adios-1.13.1/examples/staging/stage_write/utils.c Examining data/adios-1.13.1/examples/C/time_aggregation/time_aggregation.c Examining data/adios-1.13.1/examples/C/time_aggregation/time_aggregation_no_xml.c Examining data/adios-1.13.1/examples/C/arrays/arrays_write.c Examining data/adios-1.13.1/examples/C/arrays/arrays_read.c Examining data/adios-1.13.1/examples/C/query/query_vars.c Examining data/adios-1.13.1/examples/C/query/write_table.c Examining data/adios-1.13.1/examples/C/query/query_table.c Examining data/adios-1.13.1/examples/C/query/write_vars.c Examining data/adios-1.13.1/examples/C/scalars/scalars_read.c Examining data/adios-1.13.1/examples/C/scalars/scalars_write.c Examining data/adios-1.13.1/examples/C/joined-array/joined-array.c Examining data/adios-1.13.1/examples/C/global-array-time/adios_read_globaltime.c Examining data/adios-1.13.1/examples/C/global-array-time/adios_read_globaltime_streaming.c Examining data/adios-1.13.1/examples/C/global-array-time/adios_globaltime.c Examining data/adios-1.13.1/examples/C/global-array-time/adios_globaltime_no_xml.c Examining data/adios-1.13.1/examples/C/global-array/adios_global.c Examining data/adios-1.13.1/examples/C/global-array/adios_read_chunk.c Examining data/adios-1.13.1/examples/C/global-array/adios_global_aggregate_by_color.c Examining data/adios-1.13.1/examples/C/global-array/adios_read_writeblock.c Examining data/adios-1.13.1/examples/C/global-array/adios_global_no_xml.c Examining data/adios-1.13.1/examples/C/global-array/adios_read_gpp.c Examining data/adios-1.13.1/examples/C/global-array/adios_global_2files.c Examining data/adios-1.13.1/examples/C/global-array/adios_read_global.c Examining data/adios-1.13.1/examples/C/global-array/adios_read_global_no_xml.c Examining data/adios-1.13.1/examples/C/global-array/read_no_xml_write_byid.c Examining data/adios-1.13.1/examples/C/global-array/no_xml_write_byid.c Examining data/adios-1.13.1/examples/C/manual/3_adios_read.c Examining data/adios-1.13.1/examples/C/manual/1_nonadios_example.c Examining data/adios-1.13.1/examples/C/manual/4_adios_nfiles.c Examining data/adios-1.13.1/examples/C/manual/2_adios_write.c Examining data/adios-1.13.1/examples/C/attributes/attributes_write.c Examining data/adios-1.13.1/examples/C/attributes/attributes_read.c Examining data/adios-1.13.1/examples/C/read_all/read_all_v1.c Examining data/adios-1.13.1/examples/C/read_all/read_all.c Examining data/adios-1.13.1/examples/C/icee_arrays/array/adios_read.c Examining data/adios-1.13.1/examples/C/icee_arrays/array/adios_write.c Examining data/adios-1.13.1/examples/C/schema/uniform2d.c Examining data/adios-1.13.1/examples/C/schema/uniform2d_noxml.c Examining data/adios-1.13.1/examples/C/schema/structured2d_noxml.c Examining data/adios-1.13.1/examples/C/schema/tri2d.c Examining data/adios-1.13.1/examples/C/schema/structured2d.c Examining data/adios-1.13.1/examples/C/schema/rectilinear2d.c Examining data/adios-1.13.1/examples/C/schema/tri2d_noxml.c Examining data/adios-1.13.1/examples/C/schema/triangle2d.c Examining data/adios-1.13.1/examples/C/schema/rectilinear2d_noxml.c Examining data/adios-1.13.1/examples/C/transforms/adios_global.c Examining data/adios-1.13.1/examples/C/transforms/adios_read_wb_subpg.c Examining data/adios-1.13.1/examples/C/transforms/adios_read_subv.c Examining data/adios-1.13.1/examples/C/transforms/adios_read_points.c Examining data/adios-1.13.1/examples/C/flexpath_arrays/process_select/arrays_write.c Examining data/adios-1.13.1/examples/C/flexpath_arrays/process_select/arrays_read.c Examining data/adios-1.13.1/examples/C/flexpath_arrays/global_range_select/arrays_write.c Examining data/adios-1.13.1/examples/C/flexpath_arrays/global_range_select/arrays_read.c Examining data/adios-1.13.1/examples/C/stat/stat_read.c Examining data/adios-1.13.1/examples/C/stat/stat_write.c Examining data/adios-1.13.1/wrappers/numpy/adios_mpi.cpp Examining data/adios-1.13.1/wrappers/numpy/mpi-compat.h Examining data/adios-1.13.1/wrappers/numpy/adios.cpp Examining data/adios-1.13.1/wrappers/numpy/compat.h Examining data/adios-1.13.1/wrappers/matlab/adiosclosec.c Examining data/adios-1.13.1/wrappers/matlab/adiosopenc.c Examining data/adios-1.13.1/wrappers/matlab/adiosreadc.c Examining data/adios-1.13.1/wrappers/java/gov_ornl_ccs_AdiosFile.cxx Examining data/adios-1.13.1/wrappers/java/gov_ornl_ccs_Adios.cxx Examining data/adios-1.13.1/wrappers/java/gov_ornl_ccs_AdiosGroup.cxx Examining data/adios-1.13.1/wrappers/java/gov_ornl_ccs_AdiosFlag.cxx Examining data/adios-1.13.1/wrappers/java/gov_ornl_ccs_AdiosDatatype.cxx Examining data/adios-1.13.1/wrappers/java/gov_ornl_ccs_AdiosBufferAllocWhen.cxx Examining data/adios-1.13.1/wrappers/java/gov_ornl_ccs_AdiosVarinfo.cxx FINAL RESULTS: data/adios-1.13.1/src/write/adios_flexpath.c:1038:3: [5] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. strncat(dims, el, DIMSIZE); data/adios-1.13.1/examples/C/global-array/adios_read_chunk.c:63:17: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ("%" PRIu64, varinfo->dims[i]); data/adios-1.13.1/examples/C/global-array/adios_read_writeblock.c:61:21: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ("%" PRIu64, varinfo->blockinfo[i].start[j]); data/adios-1.13.1/examples/C/global-array/adios_read_writeblock.c:66:21: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ("%" PRIu64, varinfo->blockinfo[i].count[j]); data/adios-1.13.1/examples/C/icee_arrays/array/adios_read.c:130:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(initstring, "verbose=%d;cm_host=%s;cm_port=%d;cm_remote_host=%s;cm_remote_port=%d;transport=%s;use_native_contact=%d;is_passive=%d", data/adios-1.13.1/examples/C/icee_arrays/array/adios_read.c:133:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(initstring, "verbose=%d;cm_host=%s;cm_port=%d;remote_list=%s;attr_list=%s;transport=%s;use_native_contact=%d;is_passive=%d", data/adios-1.13.1/examples/C/icee_arrays/array/adios_write.c:129:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(initstring, "verbose=%d;cm_host=%s;cm_port=%d;max_client=%d;transport=%s;is_passive=%d", data/adios-1.13.1/examples/C/manual/3_adios_read.c:47:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (result, s); data/adios-1.13.1/examples/C/read_all/read_all.c:64:17: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf("[%" PRIu64,v->dims[0]); data/adios-1.13.1/examples/C/read_all/read_all.c:66:21: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(", %" PRIu64,v->dims[j]); data/adios-1.13.1/examples/C/read_all/read_all.c:194:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (s, "%" PRId64, ((int64_t *) data)[idx]); data/adios-1.13.1/examples/C/read_all/read_all.c:198:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (s, "%" PRIu64, ((uint64_t *) data)[idx]); data/adios-1.13.1/examples/C/read_all/read_all_v1.c:71:21: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf("[%" PRIu64,v->dims[0]); data/adios-1.13.1/examples/C/read_all/read_all_v1.c:73:25: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(", %" PRIu64,v->dims[j]); data/adios-1.13.1/examples/C/read_all/read_all_v1.c:186:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (s, "%" PRId64, ((int64_t *) data)[idx]); data/adios-1.13.1/examples/C/read_all/read_all_v1.c:190:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (s, "%" PRIu64, ((uint64_t *) data)[idx]); data/adios-1.13.1/examples/staging/stage_write/utils.c:28:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (s,v); data/adios-1.13.1/examples/staging/stage_write/utils.c:44:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (s,v); data/adios-1.13.1/examples/staging/stage_write/utils.h:15:20: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define print(...) fprintf (stderr, __VA_ARGS__); data/adios-1.13.1/examples/staging/stage_write/utils.h:16:32: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define print0(...) if (!rank) fprintf (stderr, __VA_ARGS__); data/adios-1.13.1/examples/staging/stage_write_varyingsize/utils.c:28:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (s,v); data/adios-1.13.1/examples/staging/stage_write_varyingsize/utils.c:44:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (s,v); data/adios-1.13.1/examples/staging/stage_write_varyingsize/utils.h:15:20: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define print(...) fprintf (stderr, __VA_ARGS__); data/adios-1.13.1/examples/staging/stage_write_varyingsize/utils.h:16:32: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define print0(...) if (!rank) fprintf (stderr, __VA_ARGS__); data/adios-1.13.1/src/core/adios_bp_v1.c:2376:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (name, "%s%s", base_path, filename); data/adios-1.13.1/src/core/adios_error.c:44:12: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. (void) vsnprintf(aerr, ERRMSG_MAXLEN, fmt, ap); data/adios-1.13.1/src/core/adios_error.c:54:12: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. (void) vsnprintf(aerr, ERRMSG_MAXLEN, fmt, ap); data/adios-1.13.1/src/core/adios_internals.c:212:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (compare_name_path, "%s", root->name); data/adios-1.13.1/src/core/adios_internals.c:214:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (compare_name_path, "/%s", root->name); data/adios-1.13.1/src/core/adios_internals.c:216:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (compare_name_path, "%s/%s", root->path, root->name); data/adios-1.13.1/src/core/adios_internals.c:6589:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (mpath, name); data/adios-1.13.1/src/core/adios_internals.c:6778:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (mpath, name); data/adios-1.13.1/src/core/adios_internals.c:6814:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (mpath, name); data/adios-1.13.1/src/core/adios_internals.c:6862:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (mpath, name); data/adios-1.13.1/src/core/adios_internals.c:6925:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (mpath, name); data/adios-1.13.1/src/core/adios_internals.c:7037:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(*returnstr,meshname); data/adios-1.13.1/src/core/adios_internals.c:7039:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(*returnstr,att_nam); data/adios-1.13.1/src/core/adios_internals.c:7040:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(*returnstr,counterstr); data/adios-1.13.1/src/core/adios_internals.c:7055:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(*returnstr,meshname); data/adios-1.13.1/src/core/adios_internals.c:7057:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(*returnstr,att_nam); data/adios-1.13.1/src/core/adios_internals.c:7068:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(*returnstr,name); data/adios-1.13.1/src/core/adios_internals.c:7070:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(*returnstr,att_nam); data/adios-1.13.1/src/core/adios_internals.c:7071:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(*returnstr,counterstr); data/adios-1.13.1/src/core/adios_internals.c:7085:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(*returnstr,varname); data/adios-1.13.1/src/core/adios_internals.c:7087:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(*returnstr,att_nam); data/adios-1.13.1/src/core/adios_internals.c:8487:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mpath,varname); data/adios-1.13.1/src/core/adios_internals.c:8500:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mpath,varname); data/adios-1.13.1/src/core/adios_internals.c:8514:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (mpath, name); data/adios-1.13.1/src/core/adios_internals.c:8528:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (mpath, name); data/adios-1.13.1/src/core/adios_logger.h:25:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (adios_logf, __VA_ARGS__); \ data/adios-1.13.1/src/core/adios_logger.h:46:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (adios_logf, __VA_ARGS__); \ data/adios-1.13.1/src/core/adios_socket.c:149:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( host , pMyHost->h_name ); data/adios-1.13.1/src/core/adios_socket.c:163:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buffer,inet_ntoa(name.sin_addr)); data/adios-1.13.1/src/core/adios_socket.c:166:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(remotehost,pHost->h_name); data/adios-1.13.1/src/core/adios_timing.c:258:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (&labels[(ct++)*(max_label_len+1)], g->prev_timing_obj->names[i]); data/adios-1.13.1/src/core/adios_timing.c:262:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (&labels[(ct++)*(max_label_len+1)], data/adios-1.13.1/src/core/adios_timing.c:451:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (name, fd->group->prev_timing_obj->names[index]); data/adios-1.13.1/src/core/adios_timing.c:528:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ts->names[ADIOS_TIMING_MAX_USER_TIMERS + i], timer_names[i]); data/adios-1.13.1/src/core/adiost_callback_internal.c:31:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, __VA_ARGS__); \ data/adios-1.13.1/src/core/adiost_callback_internal.c:221:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(dims, "%s%c%llu", dims, delimiter, tmp->dimension.rank); data/adios-1.13.1/src/core/adiost_callback_internal.c:223:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(dims, "%s%c%lu", dims, delimiter, tmp->dimension.rank); data/adios-1.13.1/src/core/adiost_callback_internal.c:227:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(dims, "%s%c%s", dims, delimiter, tmp->dimension.var->name); data/adios-1.13.1/src/core/adiost_callback_internal.c:230:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(dims, "%s%c%s", dims, delimiter, tmp->dimension.attr->name); data/adios-1.13.1/src/core/adiost_callback_internal.c:235:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(global_dims, "%s%c%llu", global_dims, delimiter, tmp->global_dimension.rank); data/adios-1.13.1/src/core/adiost_callback_internal.c:237:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(global_dims, "%s%c%lu", global_dims, delimiter, tmp->global_dimension.rank); data/adios-1.13.1/src/core/adiost_callback_internal.c:241:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(global_dims, "%s%c%s", global_dims, delimiter, tmp->global_dimension.var->name); data/adios-1.13.1/src/core/adiost_callback_internal.c:244:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(global_dims, "%s%c%s", global_dims, delimiter, tmp->global_dimension.attr->name); data/adios-1.13.1/src/core/adiost_callback_internal.c:249:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(local_offsets, "%s%c%llu", local_offsets, delimiter, tmp->local_offset.rank); data/adios-1.13.1/src/core/adiost_callback_internal.c:251:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(local_offsets, "%s%c%lu", local_offsets, delimiter, tmp->local_offset.rank); data/adios-1.13.1/src/core/adiost_callback_internal.c:255:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(local_offsets, "%s%c%s", local_offsets, delimiter, tmp->local_offset.var->name); data/adios-1.13.1/src/core/adiost_callback_internal.c:258:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(local_offsets, "%s%c%s", local_offsets, delimiter, tmp->local_offset.attr->name); data/adios-1.13.1/src/core/adiost_callback_internal.c:266:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(dims, "%s%c", dims, delimiter); data/adios-1.13.1/src/core/adiost_callback_internal.c:271:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(global_dims, "%s%c", global_dims, delimiter); data/adios-1.13.1/src/core/adiost_callback_internal.c:276:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(local_offsets, "%s%c", local_offsets, delimiter); data/adios-1.13.1/src/core/adiost_callback_internal.c:281:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmpstr, "%s;%s;%s", dims, global_dims, local_offsets); data/adios-1.13.1/src/core/adiost_default_tool.c:45:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, __VA_ARGS__); \ data/adios-1.13.1/src/core/bp_utils.c:1014:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (namelist[group_count], (*root)->group_name); data/adios-1.13.1/src/core/bp_utils.c:1026:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (namelist[group_count], (*root)->group_name); data/adios-1.13.1/src/core/bp_utils.c:1429:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(attr_namelist[i], (*root)->attr_path); data/adios-1.13.1/src/core/bp_utils.c:1434:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&attr_namelist[i][lenpath], (*root)->attr_name); data/adios-1.13.1/src/core/bp_utils.c:1438:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(attr_namelist[i], (*root)->attr_name); data/adios-1.13.1/src/core/bp_utils.c:1685:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(var_namelist[i], (*root)->var_path); data/adios-1.13.1/src/core/bp_utils.c:1690:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&var_namelist[i][lenpath], (*root)->var_name); data/adios-1.13.1/src/core/bp_utils.c:1694:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(var_namelist[i], (*root)->var_name); data/adios-1.13.1/src/core/bp_utils.c:2212:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fp->var_namelist[j], var_root->var_path); data/adios-1.13.1/src/core/bp_utils.c:2217:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&(fp->var_namelist[j][lenpath]), var_root->var_name); data/adios-1.13.1/src/core/bp_utils.c:2221:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fp->var_namelist[j], var_root->var_name); data/adios-1.13.1/src/core/bp_utils.c:2301:25: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fp->attr_namelist[j], attr_root->attr_path); data/adios-1.13.1/src/core/bp_utils.c:2306:25: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&(fp->attr_namelist[j][lenpath]), attr_root->attr_name); data/adios-1.13.1/src/core/bp_utils.c:2310:25: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fp->attr_namelist[j], attr_root->attr_name); data/adios-1.13.1/src/core/bp_utils.c:3243:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s, "\"%s\"", ((char *) data)); data/adios-1.13.1/src/core/bp_utils.c:3248:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s, "\"%s\"", ( *(char **)data) ); data/adios-1.13.1/src/core/common_adios.c:1377:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn, "%s%s", fd->name, extension); data/adios-1.13.1/src/core/common_read.c:338:21: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (meshfile, meshname); data/adios-1.13.1/src/core/common_read.c:1305:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (var_mesh, var_name); data/adios-1.13.1/src/core/common_read.c:1344:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (data_centering, var_mesh); data/adios-1.13.1/src/core/common_read.c:1525:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (attribute, linkinfo->name); data/adios-1.13.1/src/core/common_read.c:1549:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (attribute, linkinfo->name); data/adios-1.13.1/src/core/common_read.c:1551:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (attribute, i_buffer); data/adios-1.13.1/src/core/common_read.c:1563:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (attribute, linkinfo->name); data/adios-1.13.1/src/core/common_read.c:1565:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (attribute, i_buffer); data/adios-1.13.1/src/core/common_read.c:1592:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (attribute, linkinfo->name); data/adios-1.13.1/src/core/common_read.c:1594:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (attribute, i_buffer); data/adios-1.13.1/src/core/common_read.c:1630:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (attribute, meshinfo->name); data/adios-1.13.1/src/core/common_read.c:1632:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (attribute, attrs); data/adios-1.13.1/src/core/common_read.c:1718:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (value, meshinfo->name); data/adios-1.13.1/src/core/common_read.c:1720:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (value, attrs); data/adios-1.13.1/src/core/common_read.c:1721:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (value, i_buffer); data/adios-1.13.1/src/core/common_read.c:1894:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (meshfile, meshinfo->name); data/adios-1.13.1/src/core/common_read.c:1912:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (time_varying, meshinfo->name); data/adios-1.13.1/src/core/common_read.c:1929:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (mesh_attribute, meshinfo->name); data/adios-1.13.1/src/core/common_read.c:1946:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (meshfile, meshinfo->name); data/adios-1.13.1/src/core/common_read.c:1991:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (time_varying, meshinfo->name); data/adios-1.13.1/src/core/common_read.c:2008:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (meshtype, meshinfo->name); data/adios-1.13.1/src/core/common_read.c:2045:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (dimension_attribute, meshinfo->name); data/adios-1.13.1/src/core/common_read.c:2075:17: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (dimensions_value, meshinfo->name); data/adios-1.13.1/src/core/common_read.c:2077:17: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (dimensions_value, i_buffer); data/adios-1.13.1/src/core/common_read.c:2189:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (dimension_attribute, meshinfo->name); data/adios-1.13.1/src/core/common_read.c:2217:17: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (dimensions_value, meshinfo->name); data/adios-1.13.1/src/core/common_read.c:2219:17: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (dimensions_value, i_buffer); data/adios-1.13.1/src/core/common_read.c:2281:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (coords_attribute, meshinfo->name); data/adios-1.13.1/src/core/common_read.c:2351:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (coords_attribute, meshinfo->name); data/adios-1.13.1/src/core/common_read.c:2391:21: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (coords_var, meshinfo->name); data/adios-1.13.1/src/core/common_read.c:2393:21: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (coords_var, i_buffer); data/adios-1.13.1/src/core/common_read.c:2451:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (dimension_attribute, meshinfo->name); data/adios-1.13.1/src/core/common_read.c:2477:17: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (dimensions_value, meshinfo->name); data/adios-1.13.1/src/core/common_read.c:2479:17: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (dimensions_value, i_buffer); data/adios-1.13.1/src/core/common_read.c:2538:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (points_attribute, meshinfo->name); data/adios-1.13.1/src/core/common_read.c:2606:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (points_attribute, meshinfo->name); data/adios-1.13.1/src/core/common_read.c:2645:21: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (points_var, meshinfo->name); data/adios-1.13.1/src/core/common_read.c:2647:21: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (points_var, i_buffer); data/adios-1.13.1/src/core/common_read.c:2721:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (mesh_nspace, meshinfo->name); data/adios-1.13.1/src/core/common_read.c:2775:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (points_attribute, meshinfo->name); data/adios-1.13.1/src/core/common_read.c:2826:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (points_attribute, meshinfo->name); data/adios-1.13.1/src/core/common_read.c:2856:21: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (points_var, meshinfo->name); data/adios-1.13.1/src/core/common_read.c:2858:21: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (points_var, i_buffer); data/adios-1.13.1/src/core/common_read.c:2971:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (num_points, meshinfo->name); data/adios-1.13.1/src/core/common_read.c:3047:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (mesh_nspace, meshinfo->name); data/adios-1.13.1/src/core/common_read.c:3120:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (num_cell_type, meshinfo->name); data/adios-1.13.1/src/core/common_read.c:3162:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (num_cells, meshinfo->name); data/adios-1.13.1/src/core/common_read.c:3228:17: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (ccount_var, meshinfo->name); data/adios-1.13.1/src/core/common_read.c:3230:17: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (ccount_var, i_buffer); data/adios-1.13.1/src/core/common_read.c:3286:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (data_cells, meshinfo->name); data/adios-1.13.1/src/core/common_read.c:3335:17: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (cdata_var, meshinfo->name); data/adios-1.13.1/src/core/common_read.c:3337:17: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (cdata_var, i_buffer); data/adios-1.13.1/src/core/common_read.c:3375:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (type_cells, meshinfo->name); data/adios-1.13.1/src/core/common_read.c:3435:17: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (ctype_mix_var, meshinfo->name); data/adios-1.13.1/src/core/common_read.c:3437:17: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (ctype_mix_var, i_buffer); data/adios-1.13.1/src/core/flexpath.h:31:42: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define perr(...) if(getenv("FP_DEBUG")) fprintf(stderr, __VA_ARGS__); data/adios-1.13.1/src/core/flexpath.h:40:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stdout, __VA_ARGS__); \ data/adios-1.13.1/src/core/globals.c:191:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (full_pathname, "%s\0", name); data/adios-1.13.1/src/core/globals.c:193:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (full_pathname, "/%s\0", name); data/adios-1.13.1/src/core/globals.c:196:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (full_pathname, "%s/%s\0", path, name); data/adios-1.13.1/src/core/mpidummy.c:224:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(string, mpierrmsg); data/adios-1.13.1/src/core/qhashtbl.c:197:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (*key, "%s", name); data/adios-1.13.1/src/core/qhashtbl.c:201:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (*key, "/%s", name); data/adios-1.13.1/src/core/qhashtbl.c:205:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (*key, "%s/%s", path, name); data/adios-1.13.1/src/mxml/config.h:32:13: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. # define snprintf _mxml_snprintf data/adios-1.13.1/src/mxml/config.h:37:13: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. # define vsnprintf _mxml_vsnprintf data/adios-1.13.1/src/mxml/mxml-2.9/mxml-private.c:78:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(s, sizeof(s), format, ap); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-string.c:54:11: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. bytes = vsnprintf(buffer, bufsize, format, ap); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-string.c:79:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). return (strcpy(t, s)); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-string.c:265:6: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(temp, tformat, va_arg(ap, double)); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-string.c:278:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(bufptr, temp); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-string.c:297:8: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(temp, tformat, va_arg(ap, long long)); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-string.c:300:6: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(temp, tformat, va_arg(ap, int)); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-string.c:313:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(bufptr, temp); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-string.c:323:6: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(temp, tformat, va_arg(ap, void *)); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-string.c:336:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(bufptr, temp); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-string.c:440:11: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. bytes = vsnprintf(temp, sizeof(temp), format, apcopy); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-string.c:457:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buffer, bytes + 1, format, ap); data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:649:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(bufptr, node->value.text.string); data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:678:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(bufptr, node->value.text.string); data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:691:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buffer, type->last_child->value.text.string); data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:1220:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(bufptr, node->value.text.string); data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:3264:10: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (!access(docset, 0) && !remove_directory(docset)) data/adios-1.13.1/src/mxml/mxml-2.9/vcnet/config.h:57:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/adios-1.13.1/src/mxml/mxml-2.9/vcnet/config.h:57:19: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/adios-1.13.1/src/mxml/mxml-2.9/vcnet/config.h:59:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define vsnprintf _vsnprintf data/adios-1.13.1/src/mxml/mxml-2.9/vcnet/config.h:113:13: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. # define snprintf _mxml_snprintf data/adios-1.13.1/src/mxml/mxml-2.9/vcnet/config.h:118:13: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. # define vsnprintf _mxml_vsnprintf data/adios-1.13.1/src/query/common_query.c:426:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(result->condition, "(%s < %s)", varName, value); data/adios-1.13.1/src/query/common_query.c:428:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(result->condition, "(%s <= %s)", varName, value); data/adios-1.13.1/src/query/common_query.c:430:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(result->condition, "(%s > %s)", varName, value); data/adios-1.13.1/src/query/common_query.c:432:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(result->condition, "(%s >= %s)", varName, value); data/adios-1.13.1/src/query/common_query.c:434:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(result->condition, "(%s = %s)", varName, value); data/adios-1.13.1/src/query/common_query.c:436:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(result->condition, "(%s != %s)", varName, value); data/adios-1.13.1/src/query/common_query.c:557:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(result->condition, "(%s and %s)", q1->condition, q2->condition); data/adios-1.13.1/src/query/common_query.c:559:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(result->condition, "(%s or %s)", q1->condition, q2->condition); data/adios-1.13.1/src/query/fastbit_adios.c:361:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(idxFileName, "%s.idx", idxFileNamePad); data/adios-1.13.1/src/query/fastbit_adios.c:560:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (s, "%" PRId64, ((int64_t *) data)[idx]); data/adios-1.13.1/src/query/fastbit_adios.c:564:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (s, "%" PRIu64, ((uint64_t *) data)[idx]); data/adios-1.13.1/src/query/query_fastbit.c:1111:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(" ERROR: %" PRIu64 " th element will not be found in pack starting at block:%" PRIu64, currPosInPack, *absBlockIdx); data/adios-1.13.1/src/query/query_fastbit.c:1847:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(casestudyLoggerPrefix, "block:%" PRIu64, currBlockIdx); data/adios-1.13.1/src/query/query_fastbit.c:1995:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(casestudyLoggerPrefix, "block:%" PRIu64, currBlockIdx); data/adios-1.13.1/src/query/query_fastbit.c:2367:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(casestudyLoggerPrefix, "block:%" PRIu64, currBlockIdx); data/adios-1.13.1/src/query/query_fastbit.c:2567:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(itn->_arrayName, "%s", blockDataName); data/adios-1.13.1/src/read/read_bp.c:136:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (name_no_path, ch + 1); \ data/adios-1.13.1/src/read/read_bp.c:141:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (name_no_path, fh->fname); \ data/adios-1.13.1/src/read/read_bp.c:145:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (name, "%s.dir/%s.%d", fh->fname, name_no_path, new_h->file_index); \ data/adios-1.13.1/src/read/read_bp.c:225:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (name_no_path, ch + 1); \ data/adios-1.13.1/src/read/read_bp.c:230:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (name_no_path, fh->fname); \ data/adios-1.13.1/src/read/read_bp.c:234:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (name, "%s.dir/%s.%d", fh->fname, name_no_path, new_h->file_index); \ data/adios-1.13.1/src/read/read_bp_staged.c:974:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (name_no_path, ch + 1); data/adios-1.13.1/src/read/read_bp_staged.c:979:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (name_no_path, fh->fname); data/adios-1.13.1/src/read/read_bp_staged.c:983:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (name, "%s.dir/%s.%d", fh->fname, name_no_path, new_h->file_index); data/adios-1.13.1/src/read/read_bp_staged1.c:3218:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (name_no_path, ch + 1); data/adios-1.13.1/src/read/read_bp_staged1.c:3223:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (name_no_path, fh->fname); data/adios-1.13.1/src/read/read_bp_staged1.c:3227:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (name, "%s.dir/%s.%d", fh->fname, name_no_path, new_h->file_index); data/adios-1.13.1/src/read/read_bp_staged1.c:3676:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (dirname, "%s%s", fname, ".dir"); data/adios-1.13.1/src/read/read_bp_staged1.c:4178:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (fp->group_namelist[i], fh->gvar_h->namelist[i]); data/adios-1.13.1/src/read/read_bp_staged1.c:4496:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(gp->var_namelist[i], gh->fh->gvar_h->var_namelist[i+offset]); data/adios-1.13.1/src/read/read_bp_staged1.c:4508:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(gp->attr_namelist[i], gh->fh->gattr_h->attr_namelist[i+offset]); data/adios-1.13.1/src/read/read_bp_staged1.c:5805:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (name_no_path, ch + 1); \ data/adios-1.13.1/src/read/read_bp_staged1.c:5810:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (name_no_path, fh->fname); \ data/adios-1.13.1/src/read/read_bp_staged1.c:5814:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (name, "%s.dir/%s.%d", fh->fname, name_no_path, new_h->file_index); \ data/adios-1.13.1/src/read/read_dataspaces.c:325:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ds->group_name,b); data/adios-1.13.1/src/read/read_dataspaces.c:1653:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (s,v); data/adios-1.13.1/src/read/read_dataspaces.c:1665:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(s,"%" PRIu64, values[0]); data/adios-1.13.1/src/read/read_dataspaces.c:1668:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (v,",%" PRIu64, values[i]); data/adios-1.13.1/src/read/read_dataspaces.c:1669:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (s,v); data/adios-1.13.1/src/read/read_dimes.c:362:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ds->group_name,b); data/adios-1.13.1/src/read/read_dimes.c:1681:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (s,v); data/adios-1.13.1/src/read/read_dimes.c:1697:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (s,v); data/adios-1.13.1/src/read/read_flexpath.c:1825:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(writer_info_filename, "%s_%s", fname, WRITER_CONTACT_FILE); data/adios-1.13.1/src/read/read_flexpath.c:1909:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(&data_contact_info[0], "%d:%s", fp->terminal_stone, string_list); data/adios-1.13.1/src/read/read_flexpath.c:1947:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(&send_buffer[num_bridges*CONTACT_LENGTH], "%d:%s", their_stone, in_contact); data/adios-1.13.1/src/read/read_flexpath.c:2011:13: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. sscanf(&this_side_contact_buffer[i*CONTACT_LENGTH], "%d:%s", &their_stone, in_contact); data/adios-1.13.1/src/read/read_icee.c:743:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(host, cm_remote_host); data/adios-1.13.1/src/read/read_icee.c:799:13: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. sscanf(token, "%d:%s", &remote_stone, &string_list[0]); data/adios-1.13.1/src/transforms/adios_transform_blosc_write.c:165:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( compressor, param->value ); data/adios-1.13.1/src/transforms/adios_transform_zfp_common.h:79:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(zbuff->name, name); data/adios-1.13.1/src/transforms/adios_transform_zfp_read.c:183:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(zbuff->ctol, metadata->ctol); data/adios-1.13.1/src/transforms/adios_transform_zfp_write.c:214:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(zbuff->ctol, param->value); data/adios-1.13.1/src/transforms/zcheck_comm.h:81:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(zname, "%s/%s", var->name, "entropy"); data/adios-1.13.1/src/transforms/zcheck_comm.h:85:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(zname, "%s/%s", var->name, "psnr"); data/adios-1.13.1/src/transforms/zcheck_comm.h:89:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(zname, "%s/%s", var->name, "ratio"); data/adios-1.13.1/src/transforms/zcheck_comm.h:93:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(zname, "%s/%s", var->name, "compress_time"); data/adios-1.13.1/src/transforms/zcheck_comm.h:97:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(zname, "%s/%s", var->name, "decompress_time"); data/adios-1.13.1/src/write/adios_flexpath.c:246:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fullname, path); data/adios-1.13.1/src/write/adios_flexpath.c:248:17: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(fullname, name); data/adios-1.13.1/src/write/adios_flexpath.c:253:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fullname, name); data/adios-1.13.1/src/write/adios_flexpath.c:315:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newName, dimName); data/adios-1.13.1/src/write/adios_flexpath.c:1189:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&recv_buf[i*CONTACT_LENGTH], msg->contacts[i]); data/adios-1.13.1/src/write/adios_flexpath.c:1213:9: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stdout, format, args); data/adios-1.13.1/src/write/adios_flexpath.c:1331:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(&sendmsg[0], "%d:%s", sub->multiStone, contact); data/adios-1.13.1/src/write/adios_flexpath.c:1339:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(writer_info_filename, "%s_%s", fd->name, "writer_info.txt"); data/adios-1.13.1/src/write/adios_flexpath.c:1340:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(writer_info_tmp, "%s_%s", fd->name, "writer_info.tmp"); data/adios-1.13.1/src/write/adios_flexpath.c:1376:9: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. sscanf(&recv_buff[i * CONTACT_LENGTH], "%d:%s", &their_main_stone, data/adios-1.13.1/src/write/adios_icee.c:996:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buff, "%s/%s", f->path, f->name); data/adios-1.13.1/src/write/adios_mpi.c:398:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (name, "%s%s", method->base_path, fd->name); data/adios-1.13.1/src/write/adios_mpi_amr.c:888:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s, "%s%s%s%s", "/", fname, "/", vars_root->var_path); data/adios-1.13.1/src/write/adios_mpi_amr.c:900:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s, "%s%s%s%s", "/", fname, "/", attrs_root->attr_path); data/adios-1.13.1/src/write/adios_mpi_amr.c:914:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (dir_name, "%s%s", path, ".dir"); data/adios-1.13.1/src/write/adios_mpi_amr.c:1147:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (name_no_path, ch + 1); data/adios-1.13.1/src/write/adios_mpi_amr.c:1152:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (name_no_path, filename); data/adios-1.13.1/src/write/adios_mpi_amr.c:1158:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (subfilename, "%s%s%s%s.%d", base_path, filename, ".dir/", name_no_path, color); data/adios-1.13.1/src/write/adios_mpi_amr.c:1231:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (name, "%s%s", method->base_path, fd->name); data/adios-1.13.1/src/write/adios_mpi_bgq.c:133:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (t, p); data/adios-1.13.1/src/write/adios_mpi_bgq.c:171:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (temp_string, parameters); data/adios-1.13.1/src/write/adios_mpi_bgq.c:191:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (temp_string, parameters); data/adios-1.13.1/src/write/adios_mpi_bgq.c:415:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s, "%s%s%s%s", "/", fname, "/", vars_root->var_path); data/adios-1.13.1/src/write/adios_mpi_bgq.c:427:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s, "%s%s%s%s", "/", fname, "/", attrs_root->attr_path); data/adios-1.13.1/src/write/adios_mpi_bgq.c:442:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (dir_name, "%s%s", fd->name, ".dir"); data/adios-1.13.1/src/write/adios_mpi_bgq.c:662:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (name, "%s%s", method->base_path, fd->name); data/adios-1.13.1/src/write/adios_mpi_bgq.c:701:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (name_no_path, ch + 1); data/adios-1.13.1/src/write/adios_mpi_bgq.c:706:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (name_no_path, fd->name); data/adios-1.13.1/src/write/adios_mpi_bgq.c:712:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (name, "%s%s%s%s.%d", fd->name, ".dir/", method->base_path, name_no_path, md->partition_id); data/adios-1.13.1/src/write/adios_mpi_lustre.c:613:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (name, "%s%s", method->base_path, fd->name); data/adios-1.13.1/src/write/adios_nc4.c:173:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(of->fpath, path); data/adios-1.13.1/src/write/adios_nc4.c:174:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(of->fname, name); data/adios-1.13.1/src/write/adios_nc4.c:329:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(dimname, "%s_dim", dim->var->name); data/adios-1.13.1/src/write/adios_nc4.c:332:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(dimname, "%s_dim", dim->attr->name); data/adios-1.13.1/src/write/adios_nc4.c:334:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(dimname, "%s_dim", dim->attr->var->name); data/adios-1.13.1/src/write/adios_nc4.c:338:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(dimname, "%s_dim", group->time_index_name); data/adios-1.13.1/src/write/adios_nc4.c:380:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(attname, patt->name); data/adios-1.13.1/src/write/adios_nc4.c:643:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(nc4_local_dimnames[local_idx], nc4_global_dimnames[global_idx]); data/adios-1.13.1/src/write/adios_nc4.c:644:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(nc4_local_offset_names[loffs_idx], nc4_global_dimnames[global_idx]); data/adios-1.13.1/src/write/adios_nc4.c:717:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(deciphered_dims->gbdims_name, "_%s_gbdims", dimname); data/adios-1.13.1/src/write/adios_nc4.c:718:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(deciphered_dims->gbdims_dim0_name, "_%s_gbdims_dim0", dimname); data/adios-1.13.1/src/write/adios_nc4.c:719:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(deciphered_dims->gbdims_dim1_name, "_%s_gbdims_dim1", dimname); data/adios-1.13.1/src/write/adios_nc4.c:969:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(str_var_dimname, "%s_dim", fullname); data/adios-1.13.1/src/write/adios_nc4.c:1389:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name, "%s%s", method->base_path, fd->name); data/adios-1.13.1/src/write/adios_nc4.c:1797:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fullname, "%s_%s", new_path, name); data/adios-1.13.1/src/write/adios_nc4.c:1799:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (fullname,new_path); data/adios-1.13.1/src/write/adios_nc4.c:1804:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fullname, "%s%s", new_path, name); data/adios-1.13.1/src/write/adios_nc4.c:1806:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (fullname,new_path); data/adios-1.13.1/src/write/adios_nc4.c:1811:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (fullname, name); data/adios-1.13.1/src/write/adios_phdf5.c:170:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name, "%s%s", method->base_path, fd->name); data/adios-1.13.1/src/write/adios_phdf5.c:580:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name, "_%s_gbdims", pvar->name); data/adios-1.13.1/src/write/adios_phdf5.c:784:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name, "_%s_gbdims", pvar->name); data/adios-1.13.1/src/write/adios_phdf5.c:1086:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tmpstr, path); data/adios-1.13.1/src/write/adios_phdf5.c:1093:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(grp_name[idx],pch); data/adios-1.13.1/src/write/adios_posix.c:228:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (name_with_rank, "%s.%s", n, rank_string); data/adios-1.13.1/src/write/adios_posix.c:237:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (subfile_name, "%s%s%s%s" data/adios-1.13.1/src/write/adios_posix.c:248:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (mdfile_name, "%s%s" data/adios-1.13.1/src/write/adios_posix.c:261:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (subfile_name, "%s%s", method->base_path, fd->name); data/adios-1.13.1/src/write/adios_posix.c:329:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (dir_name, "%s%s" data/adios-1.13.1/src/write/adios_posix.c:408:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (dir_name, "%s%s" data/adios-1.13.1/src/write/adios_var_merge.c:761:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(grp_name, "agg_%s",group_name); data/adios-1.13.1/src/write/adios_var_merge.c:773:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(vars->name, v->name); data/adios-1.13.1/src/write/adios_var_merge.c:776:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(vars->path, v->path); data/adios-1.13.1/src/write/adios_var_merge.c:816:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(io_method, p->value); data/adios-1.13.1/src/write/adios_var_merge.c:827:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(io_parameters, p->value); data/adios-1.13.1/src/write/adios_var_merge.c:1027:17: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(vars->dimensions,"%" PRIu64 , dim); data/adios-1.13.1/src/write/adios_var_merge.c:1029:17: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(vars->dimensions,"%s,%" PRIu64 ,vars->dimensions, dim); data/adios-1.13.1/src/write/adios_var_merge.c:1035:17: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(vars->global_dimensions,"%" PRIu64 , dim); data/adios-1.13.1/src/write/adios_var_merge.c:1037:17: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(vars->global_dimensions,"%s,%" PRIu64 ,vars->global_dimensions, dim); data/adios-1.13.1/src/write/adios_var_merge.c:1043:17: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(vars->local_offsets,"%" PRIu64 , dim); data/adios-1.13.1/src/write/adios_var_merge.c:1045:17: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(vars->local_offsets,"%s,%" PRIu64 ,vars->local_offsets, dim); data/adios-1.13.1/src/write/adios_var_merge.c:1141:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(vars->dimensions, new_ldims); data/adios-1.13.1/src/write/adios_var_merge.c:1446:21: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(new_ldims, "%" PRIu64 , gdims[i]); data/adios-1.13.1/src/write/adios_var_merge.c:1448:21: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(new_ldims, "%s,%" PRIu64 , new_ldims, gdims[i]); data/adios-1.13.1/src/zfp/zfp-0.5.0/array/cache.h:138:7: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. Tag access(Line*& ptr, Index x, bool write) data/adios-1.13.1/src/zfp/zfp-0.5.0/array/zfparray1.h:183:46: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. typename Cache<CacheLine>::Tag t = cache.access(p, b + 1, write); data/adios-1.13.1/src/zfp/zfp-0.5.0/array/zfparray2.h:205:46: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. typename Cache<CacheLine>::Tag t = cache.access(p, b + 1, write); data/adios-1.13.1/src/zfp/zfp-0.5.0/array/zfparray3.h:214:46: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. typename Cache<CacheLine>::Tag t = cache.access(p, b + 1, write); data/adios-1.13.1/tests/C/fgr_tests/posix_fgr.c:80:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (filename, "%s.%d", "posix_fgr.bin", rank); data/adios-1.13.1/tests/C/flexpath_tests/1D_arr_global_noxml/writer.c:51:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(filename, FILE_NAME); data/adios-1.13.1/tests/C/flexpath_tests/common/utils.c:314:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "/%s%d", maya_var_pfx, number); data/adios-1.13.1/tests/C/flexpath_tests/include/test_common.h:49:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, "%s "fmt, DBG_TEST_FAILED_STR, ##args); \ data/adios-1.13.1/tests/C/flexpath_tests/include/test_common.h:55:10: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, "%s "fmt, DBG_TEST_PASSED_STR, ##args); \ data/adios-1.13.1/tests/C/flexpath_tests/include/test_common.h:79:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, "%s(%d) %s:%s:%d: " fmt, DBG_ERROR_STR, (DBG_ERROR), __FILE__, __FUNCTION__, __LINE__, ##args); \ data/adios-1.13.1/tests/C/flexpath_tests/include/test_common.h:88:10: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, "%s(%d) %s:%s:%d: " fmt, DBG_WARN_STR, (DBG_ERROR), __FILE__, __FUNCTION__, __LINE__, ##args); \ data/adios-1.13.1/tests/C/flexpath_tests/include/test_common.h:96:10: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, "%s(%d) %s:%s:%d: " fmt, DBG_INFO_STR, (DBG_ERROR), __FILE__, __FUNCTION__, __LINE__, ##args); \ data/adios-1.13.1/tests/C/flexpath_tests/include/test_common.h:104:10: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, "%s(%d) %s:%s:%d: " fmt, DBG_DEBUG_STR, (DBG_ERROR), __FILE__, __FUNCTION__, __LINE__, ##args); \ data/adios-1.13.1/tests/C/flexpath_tests/local_arrays/writer.c:51:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(filename, FILE_NAME); data/adios-1.13.1/tests/C/flexpath_tests/maya_noxml/reader.c:64:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fullpath, "%s%s", fullname, path_str); \ data/adios-1.13.1/tests/C/flexpath_tests/maya_noxml/reader.c:147:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fullpath, "%s%s", fullname, "/patch_id"); data/adios-1.13.1/tests/C/flexpath_tests/maya_noxml/reader.c:151:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fullpath, "%s%s", fullname, "/shape_dim_x"); data/adios-1.13.1/tests/C/flexpath_tests/maya_noxml/reader.c:155:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fullpath, "%s%s", fullname, "/shape_dim_y"); data/adios-1.13.1/tests/C/flexpath_tests/maya_noxml/reader.c:159:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fullpath, "%s%s", fullname, "/shape_dim_z"); data/adios-1.13.1/tests/C/flexpath_tests/maya_noxml/writer.c:40:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fullpath, "%s%s", fullname, var_name); \ data/adios-1.13.1/tests/C/flexpath_tests/maya_noxml/writer.c:124:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(dimensions, "1,%s/shape_dim_x,%s/shape_dim_y,%s/shape_dim_z", fullname, fullname, fullname); data/adios-1.13.1/tests/C/flexpath_tests/maya_noxml/writer.c:127:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(single_offset, "%s/patch_id", fullname); data/adios-1.13.1/tests/C/flexpath_tests/maya_noxml/writer.c:145:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(local_offsets, "%s/patch_id,0", fullname); data/adios-1.13.1/tests/C/flexpath_tests/two_streams/reader.c:187:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(filename, FILE_NAME); data/adios-1.13.1/tests/C/flexpath_tests/two_streams/writer.c:104:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(filename, FILE_NAME); data/adios-1.13.1/tests/C/query/alacrity/adios_alac_query.c:100:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(xmlFileName, argv[2]); data/adios-1.13.1/tests/C/query/alacrity/adios_build_alac_index.c:198:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (input_xml, "%s/%s.xml", input_dir, transform); data/adios-1.13.1/tests/C/query/alacrity/adios_build_alac_index.c:202:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (output_bp_file, "%s/%s_%d.bp", input_dir, transform, pg_var_size); data/adios-1.13.1/tests/C/query/alacrity/adios_build_alac_index.c:208:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (varfile [i], "%s/%s", input_dir, vars [i]); data/adios-1.13.1/tests/C/query/alacrity/adios_build_alac_index.c:253:15: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(tmp, prefix, k); // N0, N1... D0, D1 ... O0, O1, ... data/adios-1.13.1/tests/C/query/alacrity/adios_build_alac_index.c:258:15: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(tmp, prefix, k); // N0, N1... D0, D1 ... O0, O1, ... data/adios-1.13.1/tests/C/query/alacrity/adios_build_alac_index.c:263:15: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(tmp, prefix, k); // N0, N1... D0, D1 ... O0, O1, ... data/adios-1.13.1/tests/C/query/alacrity/adios_build_alac_index.c:540:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((*varList)[countVar], attr->value); data/adios-1.13.1/tests/C/query/alacrity/adios_show_bp_file.c:105:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(varName, argv[2]); data/adios-1.13.1/tests/C/query/common/adios_query_test.c:198:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(xmlFileName, argv[2]); data/adios-1.13.1/tests/C/query/common/compute_expected_query_results.c:132:24: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). case adios_string: strcpy((char*)outValue, (const char*)value); break; data/adios-1.13.1/tests/C/query/common/compute_expected_query_results.c:543:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(" %" PRIu64, *points++); data/adios-1.13.1/tests/C/query/fastbit/fastbit_tests.c:56:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf ( stdout, __VA_ARGS__); \ data/adios-1.13.1/tests/bp_read/bp_read_c.c:19:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf("\t%dD variable: [%" PRIu64, ndim, dims[0]); \ data/adios-1.13.1/tests/bp_read/bp_read_c.c:20:41: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. for (ivar=1; ivar<ndim; ivar++) printf(", %" PRIu64, dims[ivar]); \ data/adios-1.13.1/tests/suite/programs/big_file.c:28:79: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define log(...) fprintf (stderr, "[rank=%3.3d, line %d]: ", rank, __LINE__); fprintf (stderr, __VA_ARGS__); fflush(stderr); data/adios-1.13.1/tests/suite/programs/big_file.c:29:89: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define printE(...) fprintf (stderr, "[rank=%3.3d, line %d]: ERROR: ", rank, __LINE__); fprintf (stderr, __VA_ARGS__); fflush(stderr); data/adios-1.13.1/tests/suite/programs/blocks.c:362:25: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ("%" PRIu64, block_offset [j*nblocks_per_step*size + i]); data/adios-1.13.1/tests/suite/programs/blocks.c:394:25: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ("\tERROR expected = %" PRIu64, data/adios-1.13.1/tests/suite/programs/blocks.c:422:21: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ("\tERROR expected = %" PRIu64, data/adios-1.13.1/tests/suite/programs/blocks.c:502:17: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ("\tERROR expected = %" PRIu64, data/adios-1.13.1/tests/suite/programs/build_standard_dataset.c:72:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. outbuf += sprintf(outbuf, i == 0 ? "%s%d" : ",%s%d", dimvar_base, i); data/adios-1.13.1/tests/suite/programs/build_standard_dataset.c:110:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outfile, HEADER_XML, xml_spec->group_name); data/adios-1.13.1/tests/suite/programs/build_standard_dataset.c:112:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outfile, DIMVAR_XML, i, i, i); data/adios-1.13.1/tests/suite/programs/build_standard_dataset.c:116:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outfile, GLOBALBOUNDS_HEADER_XML, dimvar_list_buf1, dimvar_list_buf2); data/adios-1.13.1/tests/suite/programs/build_standard_dataset.c:120:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outfile, VAR_XML, xml_spec->varnames[i], adios_type_to_string_int(xml_spec->vartypes[i]), dimvar_list_buf1, transform_name); data/adios-1.13.1/tests/suite/programs/build_standard_dataset.c:124:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outfile, FOOTER_XML, xml_spec->group_name, xml_spec->write_transport_method, xml_spec->buffer_size_mb); data/adios-1.13.1/tests/suite/programs/build_standard_dataset.c:131:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(dimvar_name, "%s%d", dimvar_basename, i); data/adios-1.13.1/tests/suite/programs/build_standard_dataset.c:187:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(xml_filename, "%s.xml", filename_prefix); data/adios-1.13.1/tests/suite/programs/build_standard_dataset.c:188:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(bp_filename, "%s.bp", filename_prefix); data/adios-1.13.1/tests/suite/programs/connect_to_space_subset.c:28:80: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define log(...) fprintf (stderr, "[rank=%3.3d, line %d]: ", wrank, __LINE__); fprintf (stderr, __VA_ARGS__); fflush(stderr); data/adios-1.13.1/tests/suite/programs/connect_to_space_subset.c:29:90: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define printE(...) fprintf (stderr, "[rank=%3.3d, line %d]: ERROR: ", wrank, __LINE__); fprintf (stderr, __VA_ARGS__); fflush(stderr); data/adios-1.13.1/tests/suite/programs/joinedarray.c:31:79: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define log(...) fprintf (stderr, "[rank=%3.3d, line %d]: ", rank, __LINE__); fprintf (stderr, __VA_ARGS__); fflush(stderr); data/adios-1.13.1/tests/suite/programs/joinedarray.c:32:89: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define printE(...) fprintf (stderr, "[rank=%3.3d, line %d]: ERROR: ", rank, __LINE__); fprintf (stderr, __VA_ARGS__); fflush(stderr); data/adios-1.13.1/tests/suite/programs/many_vars.c:28:79: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define log(...) fprintf (stderr, "[rank=%3.3d, line %d]: ", rank, __LINE__); fprintf (stderr, __VA_ARGS__); fflush(stderr); data/adios-1.13.1/tests/suite/programs/many_vars.c:29:89: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define printE(...) fprintf (stderr, "[rank=%3.3d, line %d]: ERROR: ", rank, __LINE__); fprintf (stderr, __VA_ARGS__); fflush(stderr); data/adios-1.13.1/tests/suite/programs/many_vars.c:80:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(varnames[i], fmt, i); data/adios-1.13.1/tests/suite/programs/path_test.c:25:79: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define log(...) fprintf (stderr, "[rank=%3.3d, line %d]: ", rank, __LINE__); fprintf (stderr, __VA_ARGS__); fflush(stderr); data/adios-1.13.1/tests/suite/programs/path_test.c:26:89: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define printE(...) fprintf (stderr, "[rank=%3.3d, line %d]: ERROR: ", rank, __LINE__); fprintf (stderr, __VA_ARGS__); fflush(stderr); data/adios-1.13.1/tests/suite/programs/reuse_dim.c:34:79: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define log(...) fprintf (stderr, "[rank=%3.3d, line %d]: ", rank, __LINE__); fprintf (stderr, __VA_ARGS__); fflush(stderr); data/adios-1.13.1/tests/suite/programs/reuse_dim.c:35:89: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define printE(...) fprintf (stderr, "[rank=%3.3d, line %d]: ERROR: ", rank, __LINE__); fprintf (stderr, __VA_ARGS__); fflush(stderr); data/adios-1.13.1/tests/suite/programs/selections.c:31:79: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define log(...) fprintf (stderr, "[rank=%3.3d, line %d]: ", rank, __LINE__); fprintf (stderr, __VA_ARGS__); fflush(stderr); data/adios-1.13.1/tests/suite/programs/selections.c:32:89: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define printE(...) fprintf (stderr, "[rank=%3.3d, line %d]: ERROR: ", rank, __LINE__); fprintf (stderr, __VA_ARGS__); fflush(stderr); data/adios-1.13.1/tests/suite/programs/set_path.c:27:79: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define log(...) fprintf (stderr, "[rank=%3.3d, line %d]: ", rank, __LINE__); fprintf (stderr, __VA_ARGS__); fflush(stderr); data/adios-1.13.1/tests/suite/programs/set_path.c:28:89: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define printE(...) fprintf (stderr, "[rank=%3.3d, line %d]: ERROR: ", rank, __LINE__); fprintf (stderr, __VA_ARGS__); fflush(stderr); data/adios-1.13.1/tests/suite/programs/set_path.c:265:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (varpath, "%s/s0", getpath(0)); data/adios-1.13.1/tests/suite/programs/set_path.c:267:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (varpath, "%s/s0", getpath(1)); data/adios-1.13.1/tests/suite/programs/set_path.c:269:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (varpath, "%s/s0", getpath(2)); data/adios-1.13.1/tests/suite/programs/set_path.c:272:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (varpath, "%s/a1", getpath(0)); data/adios-1.13.1/tests/suite/programs/set_path.c:274:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (varpath, "%s/a1", getpath(1)); data/adios-1.13.1/tests/suite/programs/set_path.c:276:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (varpath, "%s/a1", getpath(2)); data/adios-1.13.1/tests/suite/programs/set_path.c:281:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (varpath, "%s/s0", getpath(0)); data/adios-1.13.1/tests/suite/programs/set_path.c:283:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (varpath, "%s/s0", getpath(1)); data/adios-1.13.1/tests/suite/programs/set_path.c:285:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (varpath, "%s/s0", getpath(2)); data/adios-1.13.1/tests/suite/programs/set_path.c:288:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (varpath, "%s/a1", getpath(0)); data/adios-1.13.1/tests/suite/programs/set_path.c:290:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (varpath, "%s/a1", getpath(1)); data/adios-1.13.1/tests/suite/programs/set_path.c:292:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (varpath, "%s/a1", getpath(2)); data/adios-1.13.1/tests/suite/programs/set_path.c:300:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (varpath, "%s/s0", getpath(0)); data/adios-1.13.1/tests/suite/programs/set_path.c:303:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (varpath, "%s/s0", getpath(1)); data/adios-1.13.1/tests/suite/programs/set_path.c:306:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (varpath, "%s/s0", getpath(2)); data/adios-1.13.1/tests/suite/programs/set_path.c:310:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (varpath, "%s/a1", getpath(0)); data/adios-1.13.1/tests/suite/programs/set_path.c:313:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (varpath, "%s/a1", getpath(1)); data/adios-1.13.1/tests/suite/programs/set_path.c:316:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (varpath, "%s/a1", getpath(2)); data/adios-1.13.1/tests/suite/programs/set_path_var.c:27:79: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define log(...) fprintf (stderr, "[rank=%3.3d, line %d]: ", rank, __LINE__); fprintf (stderr, __VA_ARGS__); fflush(stderr); data/adios-1.13.1/tests/suite/programs/set_path_var.c:28:89: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define printE(...) fprintf (stderr, "[rank=%3.3d, line %d]: ERROR: ", rank, __LINE__); fprintf (stderr, __VA_ARGS__); fflush(stderr); data/adios-1.13.1/tests/suite/programs/set_path_var.c:160:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (varpath, "%s/s0", newpath); data/adios-1.13.1/tests/suite/programs/set_path_var.c:167:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (varpath, "%s/s0", newpath); data/adios-1.13.1/tests/suite/programs/set_path_var.c:174:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (varpath, "%s/s0", newpath); data/adios-1.13.1/tests/suite/programs/set_path_var.c:181:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (varpath, "%s/a1", newpath); data/adios-1.13.1/tests/suite/programs/set_path_var.c:188:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (varpath, "%s/a1", newpath); data/adios-1.13.1/tests/suite/programs/set_path_var.c:194:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (varpath, "%s/a1", newpath); data/adios-1.13.1/tests/suite/programs/set_path_var.c:284:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (varpath, "%s/s0", getpath(0)); data/adios-1.13.1/tests/suite/programs/set_path_var.c:286:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (varpath, "%s/s0", getpath(1)); data/adios-1.13.1/tests/suite/programs/set_path_var.c:288:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (varpath, "%s/s0", getpath(2)); data/adios-1.13.1/tests/suite/programs/set_path_var.c:291:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (varpath, "%s/a1", getpath(3)); data/adios-1.13.1/tests/suite/programs/set_path_var.c:293:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (varpath, "%s/a1", getpath(4)); data/adios-1.13.1/tests/suite/programs/set_path_var.c:295:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (varpath, "%s/a1", getpath(5)); data/adios-1.13.1/tests/suite/programs/set_path_var.c:301:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (varpath, "%s/s0", getpath(0)); data/adios-1.13.1/tests/suite/programs/set_path_var.c:303:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (varpath, "%s/s0", getpath(1)); data/adios-1.13.1/tests/suite/programs/set_path_var.c:305:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (varpath, "%s/s0", getpath(2)); data/adios-1.13.1/tests/suite/programs/set_path_var.c:308:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (varpath, "%s/a1", getpath(3)); data/adios-1.13.1/tests/suite/programs/set_path_var.c:310:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (varpath, "%s/a1", getpath(4)); data/adios-1.13.1/tests/suite/programs/set_path_var.c:312:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (varpath, "%s/a1", getpath(5)); data/adios-1.13.1/tests/suite/programs/set_path_var.c:320:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (varpath, "%s/s0", getpath(0)); data/adios-1.13.1/tests/suite/programs/set_path_var.c:323:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (varpath, "%s/s0", getpath(1)); data/adios-1.13.1/tests/suite/programs/set_path_var.c:326:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (varpath, "%s/s0", getpath(2)); data/adios-1.13.1/tests/suite/programs/set_path_var.c:330:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (varpath, "%s/a1", getpath(3)); data/adios-1.13.1/tests/suite/programs/set_path_var.c:333:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (varpath, "%s/a1", getpath(4)); data/adios-1.13.1/tests/suite/programs/set_path_var.c:336:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (varpath, "%s/a1", getpath(5)); data/adios-1.13.1/tests/suite/programs/test_singlevalue.c:31:79: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define log(...) fprintf (stderr, "[rank=%3.3d, line %d]: ", rank, __LINE__); fprintf (stderr, __VA_ARGS__); fflush(stderr); data/adios-1.13.1/tests/suite/programs/test_singlevalue.c:32:89: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define printE(...) fprintf (stderr, "[rank=%3.3d, line %d]: ERROR: ", rank, __LINE__); fprintf (stderr, __VA_ARGS__); fflush(stderr); data/adios-1.13.1/tests/suite/programs/two_groups.c:27:79: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define log(...) fprintf (stderr, "[rank=%3.3d, line %d]: ", rank, __LINE__); fprintf (stderr, __VA_ARGS__); fflush(stderr); data/adios-1.13.1/tests/suite/programs/two_groups.c:28:89: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define printE(...) fprintf (stderr, "[rank=%3.3d, line %d]: ERROR: ", rank, __LINE__); fprintf (stderr, __VA_ARGS__); fflush(stderr); data/adios-1.13.1/tests/suite/programs/write_alternate.c:27:79: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define log(...) fprintf (stderr, "[rank=%3.3d, line %d]: ", rank, __LINE__); fprintf (stderr, __VA_ARGS__); fflush(stderr); data/adios-1.13.1/tests/suite/programs/write_alternate.c:28:89: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define printE(...) fprintf (stderr, "[rank=%3.3d, line %d]: ERROR: ", rank, __LINE__); fprintf (stderr, __VA_ARGS__); fflush(stderr); data/adios-1.13.1/tests/suite/programs/write_read.c:25:79: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define log(...) fprintf (stderr, "[rank=%3.3d, line %d]: ", rank, __LINE__); fprintf (stderr, __VA_ARGS__); fflush(stderr); data/adios-1.13.1/tests/suite/programs/write_read.c:26:89: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define printE(...) fprintf (stderr, "[rank=%3.3d, line %d]: ERROR: ", rank, __LINE__); fprintf (stderr, __VA_ARGS__); fflush(stderr); data/adios-1.13.1/tests/test_src/hashtest.c:56:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(varpaths[p], fmt, p); data/adios-1.13.1/tests/test_src/hashtest.c:71:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(varnames[v], fmt, v); data/adios-1.13.1/tests/test_src/points_1DtoND.c:30:62: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define log(...) fprintf (stderr, "[line %3d]: ", __LINE__); fprintf (stderr, __VA_ARGS__); fflush(stderr); data/adios-1.13.1/tests/test_src/points_1DtoND.c:31:72: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define printE(...) fprintf (stderr, "[line %3d]: ERROR: ", __LINE__); fprintf (stderr, __VA_ARGS__); fflush(stderr); data/adios-1.13.1/tests/test_src/query_minmax.c:37:79: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define log(...) fprintf (stderr, "[rank=%3.3d, line %d]: ", rank, __LINE__); fprintf (stderr, __VA_ARGS__); fflush(stderr); data/adios-1.13.1/tests/test_src/query_minmax.c:38:89: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define printE(...) fprintf (stderr, "[rank=%3.3d, line %d]: ERROR: ", rank, __LINE__); fprintf (stderr, __VA_ARGS__); fflush(stderr); data/adios-1.13.1/tests/test_src/read_points_2d.c:63:79: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define log(...) fprintf (stderr, "[rank=%3.3d, line %d]: ", rank, __LINE__); fprintf (stderr, __VA_ARGS__); fflush(stderr); data/adios-1.13.1/tests/test_src/read_points_2d.c:64:89: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define printE(...) fprintf (stderr, "[rank=%3.3d, line %d]: ERROR: ", rank, __LINE__); fprintf (stderr, __VA_ARGS__); fflush(stderr); data/adios-1.13.1/tests/test_src/read_points_3d.c:69:79: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define log(...) fprintf (stderr, "[rank=%3.3d, line %d]: ", rank, __LINE__); fprintf (stderr, __VA_ARGS__); fflush(stderr); data/adios-1.13.1/tests/test_src/read_points_3d.c:70:89: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define printE(...) fprintf (stderr, "[rank=%3.3d, line %d]: ERROR: ", rank, __LINE__); fprintf (stderr, __VA_ARGS__); fflush(stderr); data/adios-1.13.1/utils/bp2ascii/bp2ascii.c:53:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (newfilename, argv[4]); data/adios-1.13.1/utils/bp2ascii/bp2ascii.c:56:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (newfilename, dump.dump_var); data/adios-1.13.1/utils/bp2bp/bp2bp.c:175:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(lustre_pars, tstring); data/adios-1.13.1/utils/bp2bp/bp2bp.c:178:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(lustre_pars, tstring); data/adios-1.13.1/utils/bp2bp/bp2bp.c:181:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(lustre_pars, tstring); data/adios-1.13.1/utils/bp2bp/bp2bp.c:233:21: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(lbounds, tstring); data/adios-1.13.1/utils/bp2bp/bp2bp.c:288:29: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(gbounds, tstring); data/adios-1.13.1/utils/bp2bp/bp2bp.c:291:29: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(lbounds, tstring); data/adios-1.13.1/utils/bp2bp/bp2bp.c:294:29: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(offs, tstring); data/adios-1.13.1/utils/bp2bp/bp2bp.c:298:25: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(gbounds, tstring); data/adios-1.13.1/utils/bp2bp/bp2bp.c:301:25: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(lbounds, tstring); data/adios-1.13.1/utils/bp2bp/bp2bp.c:304:25: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(offs, tstring); data/adios-1.13.1/utils/bp2bp/bp2bp.c:324:33: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(offs, tstring); data/adios-1.13.1/utils/bp2bp/bp2bp.c:326:33: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(lbounds, tstring); data/adios-1.13.1/utils/bp2bp/bp2bp.c:1075:13: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ("%" PRIu64, ((uint64_t *) data)[item]); data/adios-1.13.1/utils/bp2bp/bp2bp.c:1078:13: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ("%" PRId64, ((int64_t *) data)[item]); data/adios-1.13.1/utils/bp2h5/bp2h5.c:141:14: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(h5name,g->var_namelist[i]); data/adios-1.13.1/utils/bp2h5/bp2h5.c:162:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(h5name,g->var_namelist[i]); data/adios-1.13.1/utils/bp2h5/bp2h5.c:191:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(aname,grp_name[level-1]); data/adios-1.13.1/utils/bp2h5/bp2h5.c:196:15: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(fname,grp_name[j]); data/adios-1.13.1/utils/bp2h5/bp2h5.c:257:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (s, "%" PRId64, ((int64_t *) data)[idx]); data/adios-1.13.1/utils/bp2h5/bp2h5.c:261:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (s, "%" PRIu64, ((uint64_t *) data)[idx]); data/adios-1.13.1/utils/bp2h5/bp2h5.c:308:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmpstr,str); data/adios-1.13.1/utils/bp2h5/bp2h5.c:317:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(grp_name[idx],pch); data/adios-1.13.1/utils/bp2ncd/bp2ncd.c:51:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fullname, "%s_%s", new_path, name); data/adios-1.13.1/utils/bp2ncd/bp2ncd.c:53:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (fullname,new_path); data/adios-1.13.1/utils/bp2ncd/bp2ncd.c:59:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (fullname, "%s%s", new_path, name); data/adios-1.13.1/utils/bp2ncd/bp2ncd.c:61:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (fullname,new_path); data/adios-1.13.1/utils/bp2ncd/bp2ncd.c:66:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (fullname, name); data/adios-1.13.1/utils/bp2ncd/bp2ncd.c:85:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fullname, name); data/adios-1.13.1/utils/bp2ncd/bp2ncd.c:94:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fullname, name); data/adios-1.13.1/utils/bp2ncd/bp2ncd.c:361:25: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(dimname,"%s_%zu",fullname,rank); data/adios-1.13.1/utils/bp2ncd/bp2ncd.c:449:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(dimname,"%s_%zu", fullname,rank); data/adios-1.13.1/utils/bp2ncd/bp2ncd.c:672:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (out_fname,argv[2]); data/adios-1.13.1/utils/bp2ncd/bp2ncd.c:676:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (out_fname,argv[1]); data/adios-1.13.1/utils/bp2ncd/bp2ncd.c:780:14: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(var_dims[var_dims_count].dimname,pg_header.time_index_name); data/adios-1.13.1/utils/bp2ncd/bp2ncd.c:815:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(var_dims [var_dims_count].dimname,var_header.name); data/adios-1.13.1/utils/bpdiff/utils.c:28:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (s,v); data/adios-1.13.1/utils/bpdiff/utils.c:40:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(s,"%" PRIu64, values[0]); data/adios-1.13.1/utils/bpdiff/utils.c:43:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (v,",%" PRIu64, values[i]); data/adios-1.13.1/utils/bpdiff/utils.c:44:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (s,v); data/adios-1.13.1/utils/bpdiff/utils.c:82:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (s, "%" PRId64, ((int64_t *) data)[idx]); data/adios-1.13.1/utils/bpdiff/utils.c:86:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (s, "%" PRIu64, ((uint64_t *) data)[idx]); data/adios-1.13.1/utils/bpdiff/utils.h:16:20: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define print(...) fprintf (stderr, __VA_ARGS__); data/adios-1.13.1/utils/bpdiff/utils.h:17:32: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define print0(...) if (!rank) fprintf (stderr, __VA_ARGS__); data/adios-1.13.1/utils/bpdump/bpdump.c:149:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (DIVIDER); data/adios-1.13.1/utils/bpdump/bpdump.c:168:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (DIVIDER); data/adios-1.13.1/utils/bpdump/bpdump.c:174:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (DIVIDER); data/adios-1.13.1/utils/bpdump/bpdump.c:182:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (DIVIDER); data/adios-1.13.1/utils/bpdump/bpdump.c:211:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (DIVIDER); data/adios-1.13.1/utils/bpdump/bpdump.c:311:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (DIVIDER); data/adios-1.13.1/utils/bpdump/bpdump.c:446:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (s, "%" PRId64, p [element]); data/adios-1.13.1/utils/bpdump/bpdump.c:453:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (s, "%" PRIu64, p [element]); data/adios-1.13.1/utils/bpdump/bpdump.c:551:13: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ("%" PRIu64 ":%" PRIu64 ":%" PRIu64 data/adios-1.13.1/utils/bpdump/bpdump.c:559:13: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ("%" PRIu64 data/adios-1.13.1/utils/bpdump/bpdump.c:954:30: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. c += printf (",%" PRIu64, position [i]); data/adios-1.13.1/utils/bpdump/bpdump.c:956:30: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. c += printf ("%" PRIu64, position [i]); data/adios-1.13.1/utils/bpdump/bpdump.c:1140:25: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ("%" PRIu64 ":%" PRIu64 ":%" PRIu64 data/adios-1.13.1/utils/bpdump/bpdump.c:1148:25: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ("%" PRIu64 data/adios-1.13.1/utils/bpdump/bpdump.c:1173:25: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ("%" PRIu64 ":%" PRIu64 ":%" PRIu64 data/adios-1.13.1/utils/bpdump/bpdump.c:1181:25: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ("%" PRIu64 data/adios-1.13.1/utils/bpdump/bpdump.c:1303:25: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ("%" PRIu64 ":%" PRIu64 ":%" PRIu64 data/adios-1.13.1/utils/bpdump/bpdump.c:1311:25: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ("%" PRIu64 data/adios-1.13.1/utils/bpls/bpls.c:472:12: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. return snprintf (digitstr, 32, "%" PRId64, n); data/adios-1.13.1/utils/bpls/bpls.c:600:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,"{%" PRIu64, vi->dims[0]); data/adios-1.13.1/utils/bpls/bpls.c:602:25: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,", %" PRIu64, vi->dims[j]); data/adios-1.13.1/utils/bpls/bpls.c:764:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,"{%"#format, dims[0]); \ data/adios-1.13.1/utils/bpls/bpls.c:766:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,", %"#format, dims[loopvar]); \ data/adios-1.13.1/utils/bpls/bpls.c:776:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,"{%" PRIu64, dims[0]); \ data/adios-1.13.1/utils/bpls/bpls.c:778:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,", %" PRIu64, dims[loopvar]); \ data/adios-1.13.1/utils/bpls/bpls.c:1056:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(xtics, str); data/adios-1.13.1/utils/bpls/bpls.c:1718:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,"%c slice (%" PRIu64 ":%" PRIu64, commentchar, s[0], s[0]+c[0]-1); data/adios-1.13.1/utils/bpls/bpls.c:1720:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,", %" PRIu64 ":%" PRIu64, s[i], s[i]+c[i]-1); data/adios-1.13.1/utils/bpls/bpls.c:1761:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (min) fprintf(outf,(f ? format : "%10hhu "), * ((unsigned char *) min)); data/adios-1.13.1/utils/bpls/bpls.c:1763:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (max) fprintf(outf,(f ? format : "%10hhu "), * ((unsigned char *) max)); data/adios-1.13.1/utils/bpls/bpls.c:1771:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (min) fprintf(outf,(f ? format : "%10hhd "), * ((char *) min)); data/adios-1.13.1/utils/bpls/bpls.c:1773:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (max) fprintf(outf,(f ? format : "%10hhd "), * ((char *) max)); data/adios-1.13.1/utils/bpls/bpls.c:1784:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (min) fprintf(outf,(f ? format : "%10hu "), (* (unsigned short *) min)); data/adios-1.13.1/utils/bpls/bpls.c:1786:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (max) fprintf(outf,(f ? format : "%10hu "), (* (unsigned short *) max)); data/adios-1.13.1/utils/bpls/bpls.c:1794:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (min) fprintf(outf,(f ? format : "%10hd "), (* (short *) min)); data/adios-1.13.1/utils/bpls/bpls.c:1796:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (max) fprintf(outf,(f ? format : "%10hd "), (* (short *) max)); data/adios-1.13.1/utils/bpls/bpls.c:1805:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (min) fprintf(outf,(f ? format : "%10u "), (* (unsigned int *) min)); data/adios-1.13.1/utils/bpls/bpls.c:1807:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (max) fprintf(outf,(f ? format : "%10u "), (* (unsigned int *) max)); data/adios-1.13.1/utils/bpls/bpls.c:1815:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (min) fprintf(outf,(f ? format : "%10d "), (* (int *) min)); data/adios-1.13.1/utils/bpls/bpls.c:1817:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (max) fprintf(outf,(f ? format : "%10d "), (* (int *) max)); data/adios-1.13.1/utils/bpls/bpls.c:1826:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (min) fprintf(outf,(f ? format : "%10llu "), (* (unsigned long long *) min)); data/adios-1.13.1/utils/bpls/bpls.c:1828:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (max) fprintf(outf,(f ? format : "%10llu "), (* (unsigned long long *) max)); data/adios-1.13.1/utils/bpls/bpls.c:1836:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (min) fprintf(outf,(f ? format : "%10lld "), (* (long long *) min)); data/adios-1.13.1/utils/bpls/bpls.c:1838:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (max) fprintf(outf,(f ? format : "%10lld "), (* (long long *) max)); data/adios-1.13.1/utils/bpls/bpls.c:1847:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (min) fprintf(outf,(f ? format : "%10.2g "), (* (float *) min)); data/adios-1.13.1/utils/bpls/bpls.c:1849:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (max) fprintf(outf,(f ? format : "%10.2g "), (* (float *) max)); data/adios-1.13.1/utils/bpls/bpls.c:1857:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (min) fprintf(outf,(f ? format : "%10.2g "), (* (double *) min)); data/adios-1.13.1/utils/bpls/bpls.c:1859:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (max) fprintf(outf,(f ? format : "%10.2g "), (* (double *) max)); data/adios-1.13.1/utils/bpls/bpls.c:1897:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,(f ? format : "%hhu"), ((unsigned char *) data)[item]); data/adios-1.13.1/utils/bpls/bpls.c:1900:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,(f ? format : "%hhd"), ((signed char *) data)[item]); data/adios-1.13.1/utils/bpls/bpls.c:1904:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,(f ? format : "\"%s\""), ((char *) data)+item); data/adios-1.13.1/utils/bpls/bpls.c:1908:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,(f ? format : "\"%s\""), *((char **)data+item)); data/adios-1.13.1/utils/bpls/bpls.c:1913:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,(f ? format : "%hu"), ((unsigned short *) data)[item]); data/adios-1.13.1/utils/bpls/bpls.c:1916:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,(f ? format : "%hd"), ((signed short *) data)[item]); data/adios-1.13.1/utils/bpls/bpls.c:1920:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,(f ? format : "%u"), ((unsigned int *) data)[item]); data/adios-1.13.1/utils/bpls/bpls.c:1923:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,(f ? format : "%d"), ((signed int *) data)[item]); data/adios-1.13.1/utils/bpls/bpls.c:1927:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,(f ? format : "%llu"), ((unsigned long long *) data)[item]); data/adios-1.13.1/utils/bpls/bpls.c:1930:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,(f ? format : "%lld"), ((signed long long *) data)[item]); data/adios-1.13.1/utils/bpls/bpls.c:1934:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,(f ? format : "%g"), ((float *) data)[item]); data/adios-1.13.1/utils/bpls/bpls.c:1938:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,(f ? format : "%g"), ((double *) data)[item]); data/adios-1.13.1/utils/bpls/bpls.c:1943:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,(f ? format : "%Lg"), ((long double *) data)[item]); data/adios-1.13.1/utils/bpls/bpls.c:1949:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,(f ? format : "(%g,i%g)"), ((float *) data)[2*item], ((float *) data)[2*item+1]); data/adios-1.13.1/utils/bpls/bpls.c:1953:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,(f ? format : "(%g,i%g)" ), ((double *) data)[2*item], ((double *) data)[2*item+1]); data/adios-1.13.1/utils/bpls/bpls.c:1985:17: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(idxstr," (%*" PRIu64,ndigits[0], ids[0]); data/adios-1.13.1/utils/bpls/bpls.c:1987:21: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf,",%*" PRIu64,ndigits[i],ids[i]); data/adios-1.13.1/utils/bpls/bpls.c:1988:21: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(idxstr, buf); data/adios-1.13.1/utils/bpls/bpls.c:2117:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf, "%*" PRIu64 ":%*" PRIu64, data/adios-1.13.1/utils/bpmeta/bpmeta.c:618:29: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ("%" PRIu64 ":%" PRIu64 ":%" PRIu64 data/adios-1.13.1/utils/bpmeta/bpmeta.c:626:29: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ("%" PRIu64 data/adios-1.13.1/utils/bpmeta/bpmeta.c:651:29: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ("%" PRIu64 ":%" PRIu64 ":%" PRIu64 data/adios-1.13.1/utils/bpmeta/bpmeta.c:659:29: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ("%" PRIu64 data/adios-1.13.1/utils/bpmeta/bpmeta.c:734:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (name, "%s", var->var_name); data/adios-1.13.1/utils/bpmeta/bpmeta.c:738:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (name, "%s/%s", var->var_path, var->var_name); data/adios-1.13.1/utils/bpmeta/bpmeta.c:908:29: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ("%" PRIu64 ":%" PRIu64 ":%" PRIu64 data/adios-1.13.1/utils/bpmeta/bpmeta.c:916:29: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ("%" PRIu64 data/adios-1.13.1/utils/bprecover/bprecover.c:530:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (DIVIDER); data/adios-1.13.1/utils/bprecover/bprecover.c:623:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (DIVIDER); data/adios-1.13.1/utils/bprecover/bprecover.c:643:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (DIVIDER); data/adios-1.13.1/utils/bprecover/bprecover.c:706:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (s, "%" PRId64, p [element]); data/adios-1.13.1/utils/bprecover/bprecover.c:713:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (s, "%" PRIu64, p [element]); data/adios-1.13.1/utils/bprecover/bprecover.c:811:13: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ("%" PRIu64 ":%" PRIu64 ":%" PRIu64 data/adios-1.13.1/utils/bprecover/bprecover.c:819:13: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ("%" PRIu64 data/adios-1.13.1/utils/bprecover/bprecover.c:1292:25: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ("%" PRIu64 ":%" PRIu64 ":%" PRIu64 data/adios-1.13.1/utils/bprecover/bprecover.c:1300:25: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ("%" PRIu64 data/adios-1.13.1/utils/bprecover/bprecover.c:1325:25: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ("%" PRIu64 ":%" PRIu64 ":%" PRIu64 data/adios-1.13.1/utils/bprecover/bprecover.c:1333:25: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ("%" PRIu64 data/adios-1.13.1/utils/bprecover/bprecover.c:1455:25: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ("%" PRIu64 ":%" PRIu64 ":%" PRIu64 data/adios-1.13.1/utils/bprecover/bprecover.c:1463:25: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ("%" PRIu64 data/adios-1.13.1/utils/bpsplit/bpappend.c:214:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (DIVIDER); data/adios-1.13.1/utils/bpsplit/bpsplit.c:258:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (DIVIDER); data/adios-1.13.1/utils/fastbit/adios_index_fastbit.c:50:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(offsetStr, "%" PRIu64, offset[i]); data/adios-1.13.1/utils/fastbit/adios_index_fastbit.c:54:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(dimStr, "%" PRIu64, localDim[i]); data/adios-1.13.1/utils/fastbit/adios_index_fastbit.c:64:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(offsetStr, "%" PRIu64, offset); data/adios-1.13.1/utils/fastbit/adios_index_fastbit.c:68:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(dimStr, "%" PRIu64, localDim); data/adios-1.13.1/utils/fastbit/adios_index_fastbit.c:400:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(bmsVarName, "bms-%d-%d-%s", v->varid, timestep, selName); data/adios-1.13.1/utils/fastbit/adios_index_fastbit.c:401:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(keyVarName, "key-%d-%d-%s", v->varid, timestep, selName); data/adios-1.13.1/utils/fastbit/adios_index_fastbit.c:402:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(offsetName, "offset-%d-%d-%s", v->varid, timestep, selName); data/adios-1.13.1/utils/skeldump/skeldump.c:388:42: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. for (loopvar=0; loopvar<n;loopvar++) printf("%" PRId64, v64[loopvar]); \ data/adios-1.13.1/utils/skeldump/skeldump.c:604:25: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,"[%" PRId64, vi->blockinfo[0].count[0]); data/adios-1.13.1/utils/skeldump/skeldump.c:606:25: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,"[%" PRId64, vi->dims[0]); data/adios-1.13.1/utils/skeldump/skeldump.c:609:29: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,", %" PRId64, vi->blockinfo[0].count[j]); data/adios-1.13.1/utils/skeldump/skeldump.c:611:29: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,", %" PRId64, vi->dims[j]); data/adios-1.13.1/utils/skeldump/skeldump.c:914:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(xtics, str); data/adios-1.13.1/utils/skeldump/skeldump.c:1347:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,"%c slice (%" PRId64 ":%" PRId64, commentchar, s[0], s[0]+c[0]-1); data/adios-1.13.1/utils/skeldump/skeldump.c:1349:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,", %" PRId64 ":%" PRId64, s[i], s[i]+c[i]-1); data/adios-1.13.1/utils/skeldump/skeldump.c:1390:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (min) fprintf(outf,(f ? format : "%10hhu "), * ((unsigned char *) min)); data/adios-1.13.1/utils/skeldump/skeldump.c:1392:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (max) fprintf(outf,(f ? format : "%10hhu "), * ((unsigned char *) max)); data/adios-1.13.1/utils/skeldump/skeldump.c:1400:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (min) fprintf(outf,(f ? format : "%10hhd "), * ((char *) min)); data/adios-1.13.1/utils/skeldump/skeldump.c:1402:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (max) fprintf(outf,(f ? format : "%10hhd "), * ((char *) max)); data/adios-1.13.1/utils/skeldump/skeldump.c:1414:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (min) fprintf(outf,(f ? format : "%10hu "), (* (unsigned short *) min)); data/adios-1.13.1/utils/skeldump/skeldump.c:1416:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (max) fprintf(outf,(f ? format : "%10hu "), (* (unsigned short *) max)); data/adios-1.13.1/utils/skeldump/skeldump.c:1424:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (min) fprintf(outf,(f ? format : "%10hd "), (* (short *) min)); data/adios-1.13.1/utils/skeldump/skeldump.c:1426:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (max) fprintf(outf,(f ? format : "%10hd "), (* (short *) max)); data/adios-1.13.1/utils/skeldump/skeldump.c:1435:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (min) fprintf(outf,(f ? format : "%10u "), (* (unsigned int *) min)); data/adios-1.13.1/utils/skeldump/skeldump.c:1437:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (max) fprintf(outf,(f ? format : "%10u "), (* (unsigned int *) max)); data/adios-1.13.1/utils/skeldump/skeldump.c:1445:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (min) fprintf(outf,(f ? format : "%10d "), (* (int *) min)); data/adios-1.13.1/utils/skeldump/skeldump.c:1447:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (max) fprintf(outf,(f ? format : "%10d "), (* (int *) max)); data/adios-1.13.1/utils/skeldump/skeldump.c:1456:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (min) fprintf(outf,(f ? format : "%10llu "), (* (unsigned long long *) min)); data/adios-1.13.1/utils/skeldump/skeldump.c:1458:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (max) fprintf(outf,(f ? format : "%10llu "), (* (unsigned long long *) max)); data/adios-1.13.1/utils/skeldump/skeldump.c:1466:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (min) fprintf(outf,(f ? format : "%10lld "), (* (long long *) min)); data/adios-1.13.1/utils/skeldump/skeldump.c:1468:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (max) fprintf(outf,(f ? format : "%10lld "), (* (long long *) max)); data/adios-1.13.1/utils/skeldump/skeldump.c:1477:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (min) fprintf(outf,(f ? format : "%10.2g "), (* (float *) min)); data/adios-1.13.1/utils/skeldump/skeldump.c:1479:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (max) fprintf(outf,(f ? format : "%10.2g "), (* (float *) max)); data/adios-1.13.1/utils/skeldump/skeldump.c:1487:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (min) fprintf(outf,(f ? format : "%10.2g "), (* (double *) min)); data/adios-1.13.1/utils/skeldump/skeldump.c:1489:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (max) fprintf(outf,(f ? format : "%10.2g "), (* (double *) max)); data/adios-1.13.1/utils/skeldump/skeldump.c:1528:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,(f ? format : "%hhu "), ((unsigned char *) data)[item]); data/adios-1.13.1/utils/skeldump/skeldump.c:1531:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,(f ? format : "%hhd "), ((signed char *) data)[item]); data/adios-1.13.1/utils/skeldump/skeldump.c:1534:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,(f ? format : "%s"), ((char *) data)+item); data/adios-1.13.1/utils/skeldump/skeldump.c:1538:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,(f ? format : "\"%s\""), *((char **)data+item)); data/adios-1.13.1/utils/skeldump/skeldump.c:1542:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,(f ? format : "%hu "), ((unsigned short *) data)[item]); data/adios-1.13.1/utils/skeldump/skeldump.c:1545:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,(f ? format : "%hd "), ((signed short *) data)[item]); data/adios-1.13.1/utils/skeldump/skeldump.c:1549:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,(f ? format : "%u "), ((unsigned int *) data)[item]); data/adios-1.13.1/utils/skeldump/skeldump.c:1552:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,(f ? format : "%d "), ((signed int *) data)[item]); data/adios-1.13.1/utils/skeldump/skeldump.c:1556:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,(f ? format : "%llu "), ((unsigned long long *) data)[item]); data/adios-1.13.1/utils/skeldump/skeldump.c:1559:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,(f ? format : "%lld "), ((signed long long *) data)[item]); data/adios-1.13.1/utils/skeldump/skeldump.c:1563:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,(f ? format : "%g "), ((float *) data)[item]); data/adios-1.13.1/utils/skeldump/skeldump.c:1567:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,(f ? format : "%g "), ((double *) data)[item]); data/adios-1.13.1/utils/skeldump/skeldump.c:1578:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,(f ? format : "(%g,i%g) "), ((float *) data)[2*item], ((float *) data)[2*item+1]); data/adios-1.13.1/utils/skeldump/skeldump.c:1582:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf,(f ? format : "(%g,i%g)" ), ((double *) data)[2*item], ((double *) data)[2*item+1]); data/adios-1.13.1/utils/skeldump/skeldump.c:1613:17: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(idxstr," (%*" PRId64, ndigits[0], ids[0]); data/adios-1.13.1/utils/skeldump/skeldump.c:1615:21: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf,",%*" PRId64, ndigits[i], ids[i]); data/adios-1.13.1/utils/skeldump/skeldump.c:1616:21: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(idxstr, buf); data/adios-1.13.1/wrappers/java/gov_ornl_ccs_Adios.cxx:243:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(argv[i], chr); data/adios-1.13.1/wrappers/numpy/adios.cpp:716:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c); data/adios-1.13.1/wrappers/numpy/adios_mpi.cpp:718:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c); data/adios-1.13.1/examples/C/icee_arrays/array/adios_read.c:54:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt (argc, argv, "h:p:s:t:u:a:w:r:v:T:o:nP")) != -1) data/adios-1.13.1/examples/C/icee_arrays/array/adios_write.c:55:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt (argc, argv, "h:p:s:t:m:w:r:v:T:i:n:P")) != -1) data/adios-1.13.1/src/core/adiost_callback_internal.c:59:36: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *adiost_env_var = (char *)getenv(adiost_enabled_env_var); data/adios-1.13.1/src/core/adiost_default_tool.c:325:10: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (!getenv("ADIOST")) return; data/adios-1.13.1/src/core/flexpath.h:31:22: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. #define perr(...) if(getenv("FP_DEBUG")) fprintf(stderr, __VA_ARGS__); data/adios-1.13.1/src/core/flexpath.h:34:10: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("FLEXPATH_VERBOSE")) { \ data/adios-1.13.1/src/read/read_bp_staged.c:1953:19: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. env_str = getenv ("num_aggregators"); data/adios-1.13.1/src/read/read_bp_staged.c:1971:19: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. env_str = getenv ("chunk_size"); data/adios-1.13.1/src/read/read_bp_staged.c:2031:19: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. env_str = getenv ("num_aggregators"); data/adios-1.13.1/src/read/read_bp_staged.c:2049:19: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. env_str = getenv ("chunk_size"); data/adios-1.13.1/src/read/read_bp_staged1.c:3514:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. env_str = getenv ("num_aggregators"); data/adios-1.13.1/src/read/read_bp_staged1.c:3528:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. env_str = getenv ("chunk_size"); data/adios-1.13.1/src/read/read_flexpath.c:1777:17: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. transport = getenv("CMTransport"); data/adios-1.13.1/src/transforms/adios_transform_blosc_write.c:220:24: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char* envvar = getenv("BLOSC_COMPRESSOR"); data/adios-1.13.1/src/write/adios_flexpath.c:1205:27: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. fp_verbose_set = (getenv("FLEXPATH_VERBOSE") != NULL); data/adios-1.13.1/src/write/adios_flexpath.c:1243:24: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char * transport = getenv("CMTransport"); data/adios-1.13.1/src/write/adios_icee.c:902:13: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(NULL)); data/adios-1.13.1/tests/C/flexpath_tests/common/utils.c:185:14: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while( (c = getopt(argc, argv, "hvt:")) != -1){ data/adios-1.13.1/tests/suite/programs/adios_transforms_read_write.c:75:5: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand (rank); data/adios-1.13.1/utils/bpdiff/bpdiff.c:92:22: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((option = getopt (argc, argv, "vf:")) != -1){ data/adios-1.13.1/utils/bpls/bpls.c:187:17: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, optstring, options, NULL)) != -1) { data/adios-1.13.1/utils/bpmeta/bpmeta.c:122:17: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, optstring, options, NULL)) != -1) { data/adios-1.13.1/utils/bpsplit/bpappend.c:108:17: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, optstring, options, NULL)) != -1) { data/adios-1.13.1/utils/bpsplit/bpgettime.c:102:17: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, optstring, options, NULL)) != -1) { data/adios-1.13.1/utils/bpsplit/bpsplit.c:133:17: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, optstring, options, NULL)) != -1) { data/adios-1.13.1/utils/skeldump/skeldump.c:183:17: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, optstring, options, NULL)) != -1) { data/adios-1.13.1/wrappers/numpy/adios.cpp:55568:18: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!setstate) PyErr_Clear(); data/adios-1.13.1/wrappers/numpy/adios.cpp:55569:18: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) { data/adios-1.13.1/wrappers/numpy/adios.cpp:55569:58: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) { data/adios-1.13.1/wrappers/numpy/adios.cpp:55590:16: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. Py_XDECREF(setstate); data/adios-1.13.1/wrappers/numpy/adios_mpi.cpp:56212:18: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!setstate) PyErr_Clear(); data/adios-1.13.1/wrappers/numpy/adios_mpi.cpp:56213:18: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) { data/adios-1.13.1/wrappers/numpy/adios_mpi.cpp:56213:58: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) { data/adios-1.13.1/wrappers/numpy/adios_mpi.cpp:56234:16: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. Py_XDECREF(setstate); data/adios-1.13.1/examples/C/arrays/arrays_read.c:23:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/examples/C/arrays/arrays_read.c:37:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (filename, "arrays.bp"); data/adios-1.13.1/examples/C/arrays/arrays_write.c:20:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/examples/C/arrays/arrays_write.c:40:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (filename, "arrays.bp"); data/adios-1.13.1/examples/C/attributes/attributes_write.c:16:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/examples/C/attributes/attributes_write.c:39:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (filename, "attributes.bp"); data/adios-1.13.1/examples/C/flexpath_arrays/global_range_select/arrays_write.c:20:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/examples/C/flexpath_arrays/global_range_select/arrays_write.c:34:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (filename, "arrays"); data/adios-1.13.1/examples/C/flexpath_arrays/process_select/arrays_write.c:21:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/examples/C/flexpath_arrays/process_select/arrays_write.c:35:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (filename, "arrays"); data/adios-1.13.1/examples/C/global-array-time/adios_globaltime.c:14:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256], fname[256]; data/adios-1.13.1/examples/C/global-array-time/adios_globaltime.c:32:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (filename, "adios_globaltime.bp"); data/adios-1.13.1/examples/C/global-array-time/adios_globaltime_no_xml.c:36:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/examples/C/global-array-time/adios_globaltime_no_xml.c:71:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (filename, "adios_globaltime.bp"); data/adios-1.13.1/examples/C/global-array/adios_global.c:21:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/examples/C/global-array/adios_global.c:38:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (filename, "adios_global.bp"); data/adios-1.13.1/examples/C/global-array/adios_global_2files.c:13:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/examples/C/global-array/adios_global_2files.c:43:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (filename, "adios_global_%5.5d.bp", color); data/adios-1.13.1/examples/C/global-array/adios_global_aggregate_by_color.c:34:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/examples/C/global-array/adios_global_aggregate_by_color.c:35:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char color_str[256]; data/adios-1.13.1/examples/C/global-array/adios_global_aggregate_by_color.c:50:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (filename, "adios_global_aggregate_by_color.bp"); data/adios-1.13.1/examples/C/global-array/adios_global_aggregate_by_color.c:62:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (color_str, "color=%d", color); data/adios-1.13.1/examples/C/global-array/adios_global_no_xml.c:36:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/examples/C/global-array/adios_global_no_xml.c:54:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (filename, "adios_global_no_xml.bp"); data/adios-1.13.1/examples/C/global-array/adios_read_gpp.c:21:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/examples/C/global-array/adios_read_gpp.c:35:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (filename, "adios_global.bp"); data/adios-1.13.1/examples/C/global-array/no_xml_write_byid.c:35:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/examples/C/global-array/no_xml_write_byid.c:41:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char g_str[100], o_str[100], l_str[100]; data/adios-1.13.1/examples/C/global-array/no_xml_write_byid.c:54:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (g_str, "%d", gb); data/adios-1.13.1/examples/C/global-array/no_xml_write_byid.c:55:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (l_str, "%d", NX); data/adios-1.13.1/examples/C/global-array/no_xml_write_byid.c:57:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (filename, "no_xml_write_byid.bp"); data/adios-1.13.1/examples/C/global-array/no_xml_write_byid.c:72:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (o_str, "%d", offset); data/adios-1.13.1/examples/C/icee_arrays/array/adios_read.c:44:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char initstring [512]; data/adios-1.13.1/examples/C/icee_arrays/array/adios_read.c:62:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cm_port = atoi(optarg); data/adios-1.13.1/examples/C/icee_arrays/array/adios_read.c:68:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cm_remote_port = atoi(optarg); data/adios-1.13.1/examples/C/icee_arrays/array/adios_read.c:91:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). verbose_level = atoi(optarg); data/adios-1.13.1/examples/C/icee_arrays/array/adios_read.c:97:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). timeout_sec = atoi(optarg); data/adios-1.13.1/examples/C/icee_arrays/array/adios_write.c:45:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char initstring [512]; data/adios-1.13.1/examples/C/icee_arrays/array/adios_write.c:63:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cm_port = atoi(optarg); data/adios-1.13.1/examples/C/icee_arrays/array/adios_write.c:69:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cm_remote_port = atoi(optarg); data/adios-1.13.1/examples/C/icee_arrays/array/adios_write.c:72:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). max_client = atoi(optarg); data/adios-1.13.1/examples/C/icee_arrays/array/adios_write.c:87:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). verbose_level = atoi(optarg); data/adios-1.13.1/examples/C/icee_arrays/array/adios_write.c:93:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). interval_sec = atoi(optarg); data/adios-1.13.1/examples/C/icee_arrays/array/adios_write.c:96:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). NX = atoi(optarg); data/adios-1.13.1/examples/C/icee_arrays/array/adios_write.c:107:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/examples/C/icee_arrays/array/adios_write.c:127:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (filename, "adios_globaltime.bp"); data/adios-1.13.1/examples/C/manual/1_nonadios_example.c:18:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/examples/C/manual/1_nonadios_example.c:27:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (filename, "restart_%5.5d.dat", rank); data/adios-1.13.1/examples/C/manual/1_nonadios_example.c:32:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen (filename, "w"); data/adios-1.13.1/examples/C/manual/2_adios_write.c:36:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/examples/C/manual/2_adios_write.c:53:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (filename, "restart.bp"); data/adios-1.13.1/examples/C/manual/3_adios_read.c:22:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/examples/C/manual/3_adios_read.c:26:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result[1024], s[32]; data/adios-1.13.1/examples/C/manual/3_adios_read.c:36:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (filename, "restart.bp"); data/adios-1.13.1/examples/C/manual/3_adios_read.c:44:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(result, "rank=%d t=[%g", rank, t[0]); data/adios-1.13.1/examples/C/manual/3_adios_read.c:46:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, ",%g", t[i]); data/adios-1.13.1/examples/C/manual/4_adios_nfiles.c:20:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/examples/C/manual/4_adios_nfiles.c:51:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (filename, "restart_%5.5d.bp", color); data/adios-1.13.1/examples/C/query/write_table.c:66:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Columns[7][11] = { data/adios-1.13.1/examples/C/query/write_table.c:78:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Elements[3][9] = { data/adios-1.13.1/examples/C/query/write_table.c:93:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dimstr[32]; data/adios-1.13.1/examples/C/query/write_table.c:101:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (dimstr, "%d,%d", NX, NY); data/adios-1.13.1/examples/C/query/write_table.c:110:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (dimstr, "%d,%d", n_of_elements, Elements_length); data/adios-1.13.1/examples/C/query/write_table.c:112:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (dimstr, "%d,%d", NY, Columns_length); data/adios-1.13.1/examples/C/query/write_vars.c:70:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dimstr[32]; data/adios-1.13.1/examples/C/query/write_vars.c:72:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (dimstr, "%d,%d", NX, NY); data/adios-1.13.1/examples/C/read_all/read_all.c:163:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s [100]; data/adios-1.13.1/examples/C/read_all/read_all.c:170:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%u", ((uint8_t *) data)[idx]); data/adios-1.13.1/examples/C/read_all/read_all.c:174:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%d", ((int8_t *) data)[idx]); data/adios-1.13.1/examples/C/read_all/read_all.c:178:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%hd", ((int16_t *) data)[idx]); data/adios-1.13.1/examples/C/read_all/read_all.c:182:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%hu", ((uint16_t *) data)[idx]); data/adios-1.13.1/examples/C/read_all/read_all.c:186:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%d", ((int32_t *) data)[idx]); data/adios-1.13.1/examples/C/read_all/read_all.c:190:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%u", ((uint32_t *) data)[idx]); data/adios-1.13.1/examples/C/read_all/read_all.c:202:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%g", ((float *) data)[idx]); data/adios-1.13.1/examples/C/read_all/read_all.c:206:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%lg", ((double *) data)[idx]); data/adios-1.13.1/examples/C/read_all/read_all.c:210:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%Lg", ((long double *) data)[idx]); data/adios-1.13.1/examples/C/read_all/read_all.c:222:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "(%g, %g)", data/adios-1.13.1/examples/C/read_all/read_all.c:227:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "(%lg, %lg)", data/adios-1.13.1/examples/C/read_all/read_all_v1.c:155:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s [100]; data/adios-1.13.1/examples/C/read_all/read_all_v1.c:162:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%u", ((uint8_t *) data)[idx]); data/adios-1.13.1/examples/C/read_all/read_all_v1.c:166:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%d", ((int8_t *) data)[idx]); data/adios-1.13.1/examples/C/read_all/read_all_v1.c:170:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%hd", ((int16_t *) data)[idx]); data/adios-1.13.1/examples/C/read_all/read_all_v1.c:174:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%hu", ((uint16_t *) data)[idx]); data/adios-1.13.1/examples/C/read_all/read_all_v1.c:178:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%d", ((int32_t *) data)[idx]); data/adios-1.13.1/examples/C/read_all/read_all_v1.c:182:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%u", ((uint32_t *) data)[idx]); data/adios-1.13.1/examples/C/read_all/read_all_v1.c:194:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%g", ((float *) data)[idx]); data/adios-1.13.1/examples/C/read_all/read_all_v1.c:198:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%lg", ((double *) data)[idx]); data/adios-1.13.1/examples/C/read_all/read_all_v1.c:202:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%Lg", ((long double *) data)[idx]); data/adios-1.13.1/examples/C/read_all/read_all_v1.c:214:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "(%g, %g)", data/adios-1.13.1/examples/C/read_all/read_all_v1.c:219:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "(%lg, %lg)", data/adios-1.13.1/examples/C/scalars/scalars_read.c:31:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/examples/C/scalars/scalars_read.c:50:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char v11[256]; data/adios-1.13.1/examples/C/scalars/scalars_read.c:63:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (filename, "scalars.bp"); data/adios-1.13.1/examples/C/scalars/scalars_write.c:31:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/examples/C/scalars/scalars_write.c:64:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (filename, "scalars.bp"); data/adios-1.13.1/examples/C/schema/rectilinear2d.c:23:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char npx_str[256]; // # of procs in x dim (string value) data/adios-1.13.1/examples/C/schema/rectilinear2d.c:24:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char npy_str[256]; // # of procs in y dim (string value) data/adios-1.13.1/examples/C/schema/rectilinear2d.c:48:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). npx = atoi(npx_str); data/adios-1.13.1/examples/C/schema/rectilinear2d.c:49:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). npy = atoi(npy_str); data/adios-1.13.1/examples/C/schema/rectilinear2d_noxml.c:21:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char npx_str[256]; // # of procs in x dim (string value) data/adios-1.13.1/examples/C/schema/rectilinear2d_noxml.c:22:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char npy_str[256]; // # of procs in y dim (string value) data/adios-1.13.1/examples/C/schema/rectilinear2d_noxml.c:47:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). npx = atoi(npx_str); data/adios-1.13.1/examples/C/schema/rectilinear2d_noxml.c:48:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). npy = atoi(npy_str); data/adios-1.13.1/examples/C/schema/structured2d.c:23:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char npx_str[256]; // # of procs in x dim (string value) data/adios-1.13.1/examples/C/schema/structured2d.c:24:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char npy_str[256]; // # of procs in y dim (string value) data/adios-1.13.1/examples/C/schema/structured2d.c:48:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). npx = atoi(npx_str); data/adios-1.13.1/examples/C/schema/structured2d.c:49:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). npy = atoi(npy_str); data/adios-1.13.1/examples/C/schema/structured2d_noxml.c:21:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char npx_str[256]; // # of procs in x dim (string value) data/adios-1.13.1/examples/C/schema/structured2d_noxml.c:22:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char npy_str[256]; // # of procs in y dim (string value) data/adios-1.13.1/examples/C/schema/structured2d_noxml.c:47:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). npx = atoi(npx_str); data/adios-1.13.1/examples/C/schema/structured2d_noxml.c:48:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). npy = atoi(npy_str); data/adios-1.13.1/examples/C/schema/tri2d.c:23:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char npx_str[256]; // # of procs in x dim (string value) data/adios-1.13.1/examples/C/schema/tri2d.c:24:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char npy_str[256]; // # of procs in y dim (string value) data/adios-1.13.1/examples/C/schema/tri2d.c:48:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). npx = atoi(npx_str); data/adios-1.13.1/examples/C/schema/tri2d.c:49:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). npy = atoi(npy_str); data/adios-1.13.1/examples/C/schema/tri2d_noxml.c:21:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char npx_str[256]; // # of procs in x dim (string value) data/adios-1.13.1/examples/C/schema/tri2d_noxml.c:22:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char npy_str[256]; // # of procs in y dim (string value) data/adios-1.13.1/examples/C/schema/tri2d_noxml.c:47:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). npx = atoi(npx_str); data/adios-1.13.1/examples/C/schema/tri2d_noxml.c:48:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). npy = atoi(npy_str); data/adios-1.13.1/examples/C/schema/uniform2d.c:23:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char npx_str[256]; // # of procs in x dim (string value) data/adios-1.13.1/examples/C/schema/uniform2d.c:24:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char npy_str[256]; // # of procs in y dim (string value) data/adios-1.13.1/examples/C/schema/uniform2d.c:49:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). npx = atoi(npx_str); data/adios-1.13.1/examples/C/schema/uniform2d.c:50:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). npy = atoi(npy_str); data/adios-1.13.1/examples/C/schema/uniform2d_noxml.c:21:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char npx_str[256]; // # of procs in x dim (string value) data/adios-1.13.1/examples/C/schema/uniform2d_noxml.c:22:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char npy_str[256]; // # of procs in y dim (string value) data/adios-1.13.1/examples/C/schema/uniform2d_noxml.c:47:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). npx = atoi(npx_str); data/adios-1.13.1/examples/C/schema/uniform2d_noxml.c:48:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). npy = atoi(npy_str); data/adios-1.13.1/examples/C/stat/stat_write.c:21:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/examples/C/stat/stat_write.c:37:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (filename, "adios_stat.bp"); data/adios-1.13.1/examples/C/transforms/adios_global.c:21:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/examples/C/transforms/adios_global.c:38:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (filename, "adios_global.bp"); data/adios-1.13.1/examples/staging/stage_write/decompose_block.c:56:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ints[256]; data/adios-1.13.1/examples/staging/stage_write/stage_write.c:32:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char infilename[256]; // File/stream to read data/adios-1.13.1/examples/staging/stage_write/stage_write.c:33:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outfilename[256]; // File to write data/adios-1.13.1/examples/staging/stage_write/stage_write.c:34:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wmethodname[16]; // ADIOS write method data/adios-1.13.1/examples/staging/stage_write/stage_write.c:35:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wmethodparams[256]; // ADIOS write method data/adios-1.13.1/examples/staging/stage_write/stage_write.c:36:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rmethodname[16]; // ADIOS read method data/adios-1.13.1/examples/staging/stage_write/stage_write.c:37:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rmethodparams[256]; // ADIOS read method data/adios-1.13.1/examples/staging/stage_write/stage_write.c:148:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (rmethodparams, "max_chunk_size=100; " data/adios-1.13.1/examples/staging/stage_write/stage_write.c:286:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gdims[256], ldims[256], offs[256]; data/adios-1.13.1/examples/staging/stage_write/test_decompose.c:110:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ints[256]; data/adios-1.13.1/examples/staging/stage_write/utils.c:19:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char v[32]; data/adios-1.13.1/examples/staging/stage_write/utils.c:24:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s,"%d", values[0]); data/adios-1.13.1/examples/staging/stage_write/utils.c:27:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (v,",%d", values[i]); data/adios-1.13.1/examples/staging/stage_write/utils.c:35:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char v[32]; data/adios-1.13.1/examples/staging/stage_write/utils.c:40:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s,"%llu", values[0]); data/adios-1.13.1/examples/staging/stage_write/utils.c:43:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (v,",%llu", values[i]); data/adios-1.13.1/examples/staging/stage_write/utils.c:51:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s [100]; data/adios-1.13.1/examples/staging/stage_write/utils.c:58:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%u", ((uint8_t *) data)[idx]); data/adios-1.13.1/examples/staging/stage_write/utils.c:62:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%d", ((int8_t *) data)[idx]); data/adios-1.13.1/examples/staging/stage_write/utils.c:66:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%hd", ((int16_t *) data)[idx]); data/adios-1.13.1/examples/staging/stage_write/utils.c:70:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%hu", ((uint16_t *) data)[idx]); data/adios-1.13.1/examples/staging/stage_write/utils.c:74:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%d", ((int32_t *) data)[idx]); data/adios-1.13.1/examples/staging/stage_write/utils.c:78:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%u", ((uint32_t *) data)[idx]); data/adios-1.13.1/examples/staging/stage_write/utils.c:82:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%lld", ((int64_t *) data)[idx]); data/adios-1.13.1/examples/staging/stage_write/utils.c:86:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%llu", ((uint64_t *) data)[idx]); data/adios-1.13.1/examples/staging/stage_write/utils.c:90:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%g", ((float *) data)[idx]); data/adios-1.13.1/examples/staging/stage_write/utils.c:94:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%lg", ((double *) data)[idx]); data/adios-1.13.1/examples/staging/stage_write/utils.c:98:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%Lg", ((long double *) data)[idx]); data/adios-1.13.1/examples/staging/stage_write/utils.c:106:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "(%g, %g)", data/adios-1.13.1/examples/staging/stage_write/utils.c:111:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "(%lg, %lg)", data/adios-1.13.1/examples/staging/stage_write/utils.c:116:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "unknown"); data/adios-1.13.1/examples/staging/stage_write_varyingsize/decompose_block.c:56:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ints[256]; data/adios-1.13.1/examples/staging/stage_write_varyingsize/stage_write.c:32:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char infilename[256]; // File/stream to read data/adios-1.13.1/examples/staging/stage_write_varyingsize/stage_write.c:33:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outfilename[256]; // File to write data/adios-1.13.1/examples/staging/stage_write_varyingsize/stage_write.c:34:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wmethodname[16]; // ADIOS write method data/adios-1.13.1/examples/staging/stage_write_varyingsize/stage_write.c:35:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wmethodparams[256]; // ADIOS write method data/adios-1.13.1/examples/staging/stage_write_varyingsize/stage_write.c:36:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rmethodname[16]; // ADIOS read method data/adios-1.13.1/examples/staging/stage_write_varyingsize/stage_write.c:37:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rmethodparams[256]; // ADIOS read method data/adios-1.13.1/examples/staging/stage_write_varyingsize/stage_write.c:149:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (rmethodparams, "max_chunk_size=100; " data/adios-1.13.1/examples/staging/stage_write_varyingsize/stage_write.c:308:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gdims[256], ldims[256], offs[256]; data/adios-1.13.1/examples/staging/stage_write_varyingsize/test_decompose.c:110:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ints[256]; data/adios-1.13.1/examples/staging/stage_write_varyingsize/utils.c:19:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char v[32]; data/adios-1.13.1/examples/staging/stage_write_varyingsize/utils.c:24:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s,"%d", values[0]); data/adios-1.13.1/examples/staging/stage_write_varyingsize/utils.c:27:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (v,",%d", values[i]); data/adios-1.13.1/examples/staging/stage_write_varyingsize/utils.c:35:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char v[32]; data/adios-1.13.1/examples/staging/stage_write_varyingsize/utils.c:40:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s,"%llu", values[0]); data/adios-1.13.1/examples/staging/stage_write_varyingsize/utils.c:43:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (v,",%llu", values[i]); data/adios-1.13.1/examples/staging/stage_write_varyingsize/utils.c:51:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s [100]; data/adios-1.13.1/examples/staging/stage_write_varyingsize/utils.c:58:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%u", ((uint8_t *) data)[idx]); data/adios-1.13.1/examples/staging/stage_write_varyingsize/utils.c:62:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%d", ((int8_t *) data)[idx]); data/adios-1.13.1/examples/staging/stage_write_varyingsize/utils.c:66:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%hd", ((int16_t *) data)[idx]); data/adios-1.13.1/examples/staging/stage_write_varyingsize/utils.c:70:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%hu", ((uint16_t *) data)[idx]); data/adios-1.13.1/examples/staging/stage_write_varyingsize/utils.c:74:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%d", ((int32_t *) data)[idx]); data/adios-1.13.1/examples/staging/stage_write_varyingsize/utils.c:78:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%u", ((uint32_t *) data)[idx]); data/adios-1.13.1/examples/staging/stage_write_varyingsize/utils.c:82:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%lld", ((int64_t *) data)[idx]); data/adios-1.13.1/examples/staging/stage_write_varyingsize/utils.c:86:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%llu", ((uint64_t *) data)[idx]); data/adios-1.13.1/examples/staging/stage_write_varyingsize/utils.c:90:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%g", ((float *) data)[idx]); data/adios-1.13.1/examples/staging/stage_write_varyingsize/utils.c:94:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%lg", ((double *) data)[idx]); data/adios-1.13.1/examples/staging/stage_write_varyingsize/utils.c:98:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%Lg", ((long double *) data)[idx]); data/adios-1.13.1/examples/staging/stage_write_varyingsize/utils.c:106:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "(%g, %g)", data/adios-1.13.1/examples/staging/stage_write_varyingsize/utils.c:111:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "(%lg, %lg)", data/adios-1.13.1/examples/staging/stage_write_varyingsize/utils.c:116:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "unknown"); data/adios-1.13.1/src/core/a2sel.c:29:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (sel->u.bb.start, start, ndim * sizeof(uint64_t)); data/adios-1.13.1/src/core/a2sel.c:30:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (sel->u.bb.count, count, ndim * sizeof(uint64_t)); data/adios-1.13.1/src/core/a2sel.c:141:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (nsel->u.bb.start, sel->u.bb.start, sel->u.bb.ndim * 8); data/adios-1.13.1/src/core/a2sel.c:142:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (nsel->u.bb.count, sel->u.bb.count, sel->u.bb.ndim * 8); data/adios-1.13.1/src/core/a2sel.c:157:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (nsel->u.points.points, sel->u.points.points, sel->u.points.npoints * sel->u.points.ndim * 8); data/adios-1.13.1/src/core/adios_bp_v1.c:158:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&b->pg_index_offset, b->buff + b->offset, sizeof(uint64_t)); data/adios-1.13.1/src/core/adios_bp_v1.c:165:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&b->vars_index_offset, b->buff + b->offset, sizeof(uint64_t)); data/adios-1.13.1/src/core/adios_bp_v1.c:172:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&b->attrs_index_offset, b->buff + b->offset, sizeof(uint64_t)); data/adios-1.13.1/src/core/adios_bp_v1.c:206:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&process_groups_count, b->buff + b->offset, sizeof(uint64_t)); data/adios-1.13.1/src/core/adios_bp_v1.c:212:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&process_groups_length, b->buff + b->offset, sizeof(uint64_t)); data/adios-1.13.1/src/core/adios_bp_v1.c:247:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((*root)->group_name, b->buff + b->offset, length_of_name); data/adios-1.13.1/src/core/adios_bp_v1.c:269:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((*root)->time_index_name, b->buff + b->offset, length_of_name); data/adios-1.13.1/src/core/adios_bp_v1.c:278:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&((*root)->offset_in_file), b->buff + b->offset, data/adios-1.13.1/src/core/adios_bp_v1.c:325:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&vars_length, b->buff + b->offset, sizeof(uint64_t)); data/adios-1.13.1/src/core/adios_bp_v1.c:394:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&characteristics_sets_count, b->buff + b->offset, data/adios-1.13.1/src/core/adios_bp_v1.c:484:33: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data, (b->buff + b->offset), data_size); data/adios-1.13.1/src/core/adios_bp_v1.c:524:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((char *) data) [data_size] = '\0'; data/adios-1.13.1/src/core/adios_bp_v1.c:525:33: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data, (b->buff + b->offset), data_size); data/adios-1.13.1/src/core/adios_bp_v1.c:623:41: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hist->frequencies, (b->buff + b->offset), (num_breaks + 1) * adios_get_type_size(adios_unsigned_integer, "")); data/adios-1.13.1/src/core/adios_bp_v1.c:634:41: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hist->breaks, (b->buff + b->offset), num_breaks * adios_get_type_size(adios_double, "")); data/adios-1.13.1/src/core/adios_bp_v1.c:648:41: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data, (b->buff + b->offset), characteristic_size); data/adios-1.13.1/src/core/adios_bp_v1.c:677:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&((*root)->characteristics [j].offset), data/adios-1.13.1/src/core/adios_bp_v1.c:689:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&((*root)->characteristics [j].payload_offset), data/adios-1.13.1/src/core/adios_bp_v1.c:739:24: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((*root)->characteristics [j].dims.dims data/adios-1.13.1/src/core/adios_bp_v1.c:819:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&attrs_length, b->buff + b->offset, sizeof(uint64_t)); data/adios-1.13.1/src/core/adios_bp_v1.c:889:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&characteristics_sets_count, b->buff + b->offset, data/adios-1.13.1/src/core/adios_bp_v1.c:950:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((char *) data) [data_size] = '\0'; data/adios-1.13.1/src/core/adios_bp_v1.c:983:33: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data, (b->buff + b->offset), (*root)->nelems*data_size); data/adios-1.13.1/src/core/adios_bp_v1.c:1021:33: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data, (b->buff + b->offset), data_size); data/adios-1.13.1/src/core/adios_bp_v1.c:1037:41: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (p[k], (b->buff + b->offset), data_size); data/adios-1.13.1/src/core/adios_bp_v1.c:1056:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&((*root)->characteristics [j].offset), data/adios-1.13.1/src/core/adios_bp_v1.c:1080:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&((*root)->characteristics [j].payload_offset), data/adios-1.13.1/src/core/adios_bp_v1.c:1153:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((*root)->characteristics [j].dims.dims, data/adios-1.13.1/src/core/adios_bp_v1.c:1193:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&size, b->buff + b->offset, sizeof(uint64_t)); data/adios-1.13.1/src/core/adios_bp_v1.c:1213:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pg_header->name, b->buff + b->offset, len); data/adios-1.13.1/src/core/adios_bp_v1.c:1228:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pg_header->time_index_name, b->buff + b->offset, len); data/adios-1.13.1/src/core/adios_bp_v1.c:1304:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&vars_header->length, b->buff + b->offset, sizeof(uint64_t)); data/adios-1.13.1/src/core/adios_bp_v1.c:1331:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&length_of_var, b->buff + b->offset, sizeof(uint64_t)); data/adios-1.13.1/src/core/adios_bp_v1.c:1352:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (var_header->name, b->buff + b->offset, len); data/adios-1.13.1/src/core/adios_bp_v1.c:1362:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (var_header->path, b->buff + b->offset, len); data/adios-1.13.1/src/core/adios_bp_v1.c:1431:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&((*root)->dimension.rank), b->buff + b->offset, data/adios-1.13.1/src/core/adios_bp_v1.c:1456:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&((*root)->global_dimension.rank), b->buff + b->offset, data/adios-1.13.1/src/core/adios_bp_v1.c:1480:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&((*root)->local_offset.rank), b->buff + b->offset, data/adios-1.13.1/src/core/adios_bp_v1.c:1528:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&var_header->characteristics.offset, data/adios-1.13.1/src/core/adios_bp_v1.c:1537:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&var_header->characteristics.payload_offset, data/adios-1.13.1/src/core/adios_bp_v1.c:1614:33: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (hist->frequencies data/adios-1.13.1/src/core/adios_bp_v1.c:1626:33: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (hist->breaks, (b->buff + b->offset), num_breaks * 8); data/adios-1.13.1/src/core/adios_bp_v1.c:1639:33: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (var_header->characteristics.stats[c][idx].data, (b->buff + b->offset) data/adios-1.13.1/src/core/adios_bp_v1.c:1672:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (var_header->characteristics.dims.dims data/adios-1.13.1/src/core/adios_bp_v1.c:1697:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (var_header->characteristics.stats[0][adios_statistic_min].data, (b->buff + b->offset) data/adios-1.13.1/src/core/adios_bp_v1.c:1716:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (var_header->characteristics.stats[0][adios_statistic_max].data, (b->buff + b->offset) data/adios-1.13.1/src/core/adios_bp_v1.c:1736:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (var_header->characteristics.value, (b->buff + b->offset) data/adios-1.13.1/src/core/adios_bp_v1.c:1917:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (var_payload->payload, (b->buff + b->offset) data/adios-1.13.1/src/core/adios_bp_v1.c:1963:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&attrs_header->length, b->buff + b->offset, sizeof(uint64_t)); data/adios-1.13.1/src/core/adios_bp_v1.c:2067:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (p[k], (b->buff + b->offset), len); data/adios-1.13.1/src/core/adios_bp_v1.c:2086:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (attribute->value, (b->buff + b->offset), attribute->length); data/adios-1.13.1/src/core/adios_bp_v1.c:2101:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (attribute->value, (b->buff + b->offset), attribute->length); data/adios-1.13.1/src/core/adios_bp_v1.c:2177:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((char *) d, (char *) in, element_size); data/adios-1.13.1/src/core/adios_bp_v1.c:2190:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((char *) d, (char *) in, element_size + 1); data/adios-1.13.1/src/core/adios_bp_v1.c:2381:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). b->f = open (name, O_RDONLY | O_LARGEFILE); data/adios-1.13.1/src/core/adios_error.c:26:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char aerr[ERRMSG_MAXLEN]; data/adios-1.13.1/src/core/adios_internals.c:1134:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (attr->value, values, size); data/adios-1.13.1/src/core/adios_internals.c:1139:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (attr->value, values, nelems*size); data/adios-1.13.1/src/core/adios_internals.c:1841:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int count = atoi(bin_count); data/adios-1.13.1/src/core/adios_internals.c:2137:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (*buffer + *buffer_offset, data, size); data/adios-1.13.1/src/core/adios_internals.c:2612:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (cend, c1, sizeof(struct adios_index_characteristic_struct_v1)); data/adios-1.13.1/src/core/adios_internals.c:2618:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (cend, c2, sizeof(struct adios_index_characteristic_struct_v1)); data/adios-1.13.1/src/core/adios_internals.c:2624:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (cend, c1, sizeof(struct adios_index_characteristic_struct_v1)); data/adios-1.13.1/src/core/adios_internals.c:2630:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (cend, c2, sizeof(struct adios_index_characteristic_struct_v1)); data/adios-1.13.1/src/core/adios_internals.c:2673:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&olditem->characteristics [olditem->characteristics_count], data/adios-1.13.1/src/core/adios_internals.c:2735:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&(*root)->characteristics data/adios-1.13.1/src/core/adios_internals.c:3342:37: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (var_new_hist->frequencies, var_hist->frequencies, (var_hist->num_breaks + 1) * adios_get_type_size(adios_unsigned_integer, "")); data/adios-1.13.1/src/core/adios_internals.c:3344:37: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (var_new_hist->breaks, var_hist->breaks, (var_hist->num_breaks) * adios_get_type_size(adios_double, "")); data/adios-1.13.1/src/core/adios_internals.c:3350:37: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (var_new->stats[c][idx].data, var->stats[c][idx].data, characteristic_size); data/adios-1.13.1/src/core/adios_internals.c:3394:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (var_new->adata, var->data, size); data/adios-1.13.1/src/core/adios_internals.c:3404:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (var_new->adata, var->data, size); data/adios-1.13.1/src/core/adios_internals.c:3543:45: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (var_new_hist->frequencies, var_hist->frequencies, (var_hist->num_breaks + 1) * adios_get_type_size(adios_unsigned_integer, "")); data/adios-1.13.1/src/core/adios_internals.c:3545:45: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (var_new_hist->breaks, var_hist->breaks, (var_hist->num_breaks) * adios_get_type_size(adios_double, "")); data/adios-1.13.1/src/core/adios_internals.c:3551:45: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (var_new->stats[c][idx].data, var->stats[c][idx].data, characteristic_size); data/adios-1.13.1/src/core/adios_internals.c:3591:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (var_new->data, var->data, size); data/adios-1.13.1/src/core/adios_internals.c:3599:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (var_new->data, var->data, size); data/adios-1.13.1/src/core/adios_internals.c:3840:49: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (v_index_hist->frequencies, v_hist->frequencies, (v_hist->num_breaks + 1) * adios_get_type_size(adios_unsigned_integer, "")); data/adios-1.13.1/src/core/adios_internals.c:3842:49: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (v_index_hist->breaks, v_hist->breaks, (v_hist->num_breaks) * adios_get_type_size(adios_double, "")); data/adios-1.13.1/src/core/adios_internals.c:3848:49: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (v_index->characteristics [0].stats[c][idx].data, v->stats[c][idx].data, characteristic_size); data/adios-1.13.1/src/core/adios_internals.c:3891:29: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (v_index->characteristics [0].value, v->data data/adios-1.13.1/src/core/adios_internals.c:3903:29: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (v_index->characteristics [0].value, v->data, size); data/adios-1.13.1/src/core/adios_internals.c:4001:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (a_index->characteristics [0].value, a->value, size); data/adios-1.13.1/src/core/adios_internals.c:4799:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char verstr[25] = " "; data/adios-1.13.1/src/core/adios_internals.c:6183:49: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf [50]; data/adios-1.13.1/src/core/adios_internals.c:6184:42: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buf, "(unknown: %d)", type); data/adios-1.13.1/src/core/adios_internals.c:6192:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf [50]; data/adios-1.13.1/src/core/adios_internals.c:6202:33: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buf, "(unknown: %d)", mode); data/adios-1.13.1/src/core/adios_internals.c:6344:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(schema_version_major_att_nam,"adios_schema/version_major"); data/adios-1.13.1/src/core/adios_internals.c:6349:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(schema_version_minor_att_nam,"adios_schema/version_minor"); data/adios-1.13.1/src/core/adios_internals.c:6588:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (mpath, "/adios_schema/"); data/adios-1.13.1/src/core/adios_internals.c:6590:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (mpath, "/time-varying"); data/adios-1.13.1/src/core/adios_internals.c:6777:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (mpath, "/adios_schema/"); data/adios-1.13.1/src/core/adios_internals.c:6779:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (mpath, "/type"); data/adios-1.13.1/src/core/adios_internals.c:6813:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (mpath, "/adios_schema/"); data/adios-1.13.1/src/core/adios_internals.c:6815:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (mpath, "/type"); data/adios-1.13.1/src/core/adios_internals.c:6861:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (mpath, "/adios_schema/"); data/adios-1.13.1/src/core/adios_internals.c:6863:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (mpath, "/type"); data/adios-1.13.1/src/core/adios_internals.c:6924:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (mpath, "/adios_schema/"); data/adios-1.13.1/src/core/adios_internals.c:6926:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (mpath, "/type"); data/adios-1.13.1/src/core/adios_internals.c:7033:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void conca_mesh_numb_att_nam(char ** returnstr, const char * meshname, char * att_nam, char counterstr[5]) { data/adios-1.13.1/src/core/adios_internals.c:7033:55: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void conca_mesh_numb_att_nam(char ** returnstr, const char * meshname, char * att_nam, char counterstr[5]) { data/adios-1.13.1/src/core/adios_internals.c:7033:72: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void conca_mesh_numb_att_nam(char ** returnstr, const char * meshname, char * att_nam, char counterstr[5]) { data/adios-1.13.1/src/core/adios_internals.c:7033:88: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void conca_mesh_numb_att_nam(char ** returnstr, const char * meshname, char * att_nam, char counterstr[5]) { data/adios-1.13.1/src/core/adios_internals.c:7035:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(*returnstr,"adios_schema"); data/adios-1.13.1/src/core/adios_internals.c:7054:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(*returnstr,"adios_schema/"); data/adios-1.13.1/src/core/adios_internals.c:7061:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void adios_conca_link_att_nam(char ** returnstr, const char * name, char * att_nam, char counterstr[5]) { data/adios-1.13.1/src/core/adios_internals.c:7061:56: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void adios_conca_link_att_nam(char ** returnstr, const char * name, char * att_nam, char counterstr[5]) { data/adios-1.13.1/src/core/adios_internals.c:7061:69: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void adios_conca_link_att_nam(char ** returnstr, const char * name, char * att_nam, char counterstr[5]) { data/adios-1.13.1/src/core/adios_internals.c:7061:85: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void adios_conca_link_att_nam(char ** returnstr, const char * name, char * att_nam, char counterstr[5]) { data/adios-1.13.1/src/core/adios_internals.c:7067:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(*returnstr,"adios_link/"); data/adios-1.13.1/src/core/adios_internals.c:7086:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(*returnstr,"/adios_schema/"); data/adios-1.13.1/src/core/adios_internals.c:7679:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char counterstr[5] = {0,0,0,0,0}; // used to create dimX attributes data/adios-1.13.1/src/core/adios_internals.c:7729:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char counterstr[5] = {0,0,0,0,0}; // used to create maxX attributes data/adios-1.13.1/src/core/adios_internals.c:7777:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char counterstr[5] = {0,0,0,0,0}; // used to create orgX attributes data/adios-1.13.1/src/core/adios_internals.c:7825:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char counterstr[5] = {0,0,0,0,0}; // used to create spaX attributes if (!spacing) data/adios-1.13.1/src/core/adios_internals.c:7873:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char counterstr[5] = {0,0,0,0,0}; // used to create dimX attributes data/adios-1.13.1/src/core/adios_internals.c:7921:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char counterstr[5] = {0,0,0,0,0}; // used to create ptsX attributes data/adios-1.13.1/src/core/adios_internals.c:8036:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char counterstr[5] = {0,0,0,0,0}; // used to create dimX attributes data/adios-1.13.1/src/core/adios_internals.c:8108:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char counterstr[5] = {0,0,0,0,0}; // used to create ptsX attributes data/adios-1.13.1/src/core/adios_internals.c:8222:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char counterstr[5] = {0,0,0,0,0}; // used to create ptsX attributes data/adios-1.13.1/src/core/adios_internals.c:8365:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char counterstr[5] = {0,0,0,0,0}; // used to create countX, typeX, dataX? attributes data/adios-1.13.1/src/core/adios_internals.c:8488:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(mpath,"/adios_schema"); data/adios-1.13.1/src/core/adios_internals.c:8501:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(mpath,"/adios_schema/centering"); data/adios-1.13.1/src/core/adios_internals.c:8513:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (mpath, "/adios_schema/"); data/adios-1.13.1/src/core/adios_internals.c:8515:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (mpath, "/mesh-group"); data/adios-1.13.1/src/core/adios_internals.c:8527:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (mpath, "/adios_schema/"); data/adios-1.13.1/src/core/adios_internals.c:8529:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (mpath, "/mesh-file"); data/adios-1.13.1/src/core/adios_internals.h:755:37: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void adios_conca_mesh_numb_att_nam (char ** returnstr, const char * meshname, char * att_nam, char counterstr[5]); data/adios-1.13.1/src/core/adios_internals.h:755:62: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void adios_conca_mesh_numb_att_nam (char ** returnstr, const char * meshname, char * att_nam, char counterstr[5]); data/adios-1.13.1/src/core/adios_internals.h:755:79: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void adios_conca_mesh_numb_att_nam (char ** returnstr, const char * meshname, char * att_nam, char counterstr[5]); data/adios-1.13.1/src/core/adios_internals.h:755:95: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void adios_conca_mesh_numb_att_nam (char ** returnstr, const char * meshname, char * att_nam, char counterstr[5]); data/adios-1.13.1/src/core/adios_internals.h:757:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void adios_conca_link_att_nam(char ** returnstr, const char * name, char * att_nam, char counterstr[5]); data/adios-1.13.1/src/core/adios_internals.h:757:56: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void adios_conca_link_att_nam(char ** returnstr, const char * name, char * att_nam, char counterstr[5]); data/adios-1.13.1/src/core/adios_internals.h:757:69: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void adios_conca_link_att_nam(char ** returnstr, const char * name, char * att_nam, char counterstr[5]); data/adios-1.13.1/src/core/adios_internals.h:757:85: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void adios_conca_link_att_nam(char ** returnstr, const char * name, char * att_nam, char counterstr[5]); data/adios-1.13.1/src/core/adios_internals_mxml.c:1706:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_num[5]; data/adios-1.13.1/src/core/adios_internals_mxml.c:1947:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (parameters+len_parameters, n->value.text.string, len+1); data/adios-1.13.1/src/core/adios_internals_mxml.c:1958:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). p1 = atoi (priority); data/adios-1.13.1/src/core/adios_internals_mxml.c:1962:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). i1 = atoi (iterations); data/adios-1.13.1/src/core/adios_internals_mxml.c:2182:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen (config, "r"); data/adios-1.13.1/src/core/adios_logger.c:17:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *adios_log_names[4] = {"ERROR","WARN ","INFO ","DEBUG"}; data/adios-1.13.1/src/core/adios_logger.c:29:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[256]; data/adios-1.13.1/src/core/adios_logger.c:34:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). adios_logf = fopen (path, "w"); data/adios-1.13.1/src/core/adios_logger.h:11:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char *adios_log_names[4]; data/adios-1.13.1/src/core/adios_selection_util.c:85:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_pts_ptr, pts2_ptr, ndim * sizeof(uint64_t)); data/adios-1.13.1/src/core/adios_selection_util.c:136:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_pts_ptr, pts1_ptr, ndim * sizeof(uint64_t)); data/adios-1.13.1/src/core/adios_socket.c:61:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(address->sin_addr),hp->h_addr,hp->h_length); data/adios-1.13.1/src/core/adios_socket.c:144:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[255]; data/adios-1.13.1/src/core/adios_socket.c:159:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[255]; data/adios-1.13.1/src/core/adios_subvolume.c:229:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, *next_subv_dim); data/adios-1.13.1/src/core/adios_timing.c:149:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* f = fopen (filename, "a"); data/adios-1.13.1/src/core/adios_timing.c:227:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name_timers[256]; data/adios-1.13.1/src/core/adios_timing.c:228:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name_labels[256]; data/adios-1.13.1/src/core/adios_timing.c:340:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dim_str[256]; data/adios-1.13.1/src/core/adios_timing.c:341:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char glob_dim_str[256]; data/adios-1.13.1/src/core/adios_timing.c:342:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char loc_off_str[256]; data/adios-1.13.1/src/core/adios_timing.c:343:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name_timers[256]; data/adios-1.13.1/src/core/adios_timing.c:344:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name_labels[256]; data/adios-1.13.1/src/core/adios_timing.c:358:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (loc_off_str, "0,%i", rank); data/adios-1.13.1/src/core/adios_timing.c:359:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (glob_dim_str, "%i,%i", timer_count, size); data/adios-1.13.1/src/core/adios_timing.c:360:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (dim_str, "%i,1", timer_count); data/adios-1.13.1/src/core/adios_timing.c:362:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (loc_off_str, "%i,0", rank); data/adios-1.13.1/src/core/adios_timing.c:363:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (glob_dim_str, "%i,%i", size, timer_count); data/adios-1.13.1/src/core/adios_timing.c:364:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (dim_str, "1,%i",timer_count); data/adios-1.13.1/src/core/adios_timing.c:394:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (dim_str,"%i,%i", max_label_len+1, timer_count); data/adios-1.13.1/src/core/adios_timing.c:396:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (dim_str,"%i,%i", timer_count, max_label_len+1); data/adios-1.13.1/src/core/adiosf.c:334:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((char *) v->adata, var, element_size); data/adios-1.13.1/src/core/adiosf_read.c:326:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, vi->value, size); data/adios-1.13.1/src/core/adiosf_read.c:403:24: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (vi->value) memcpy(value, vi->value, size); data/adios-1.13.1/src/core/adiosf_read.c:417:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) gmin, (char *) vi->statistics->min, 3*size); data/adios-1.13.1/src/core/adiosf_read.c:419:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(((char *) gmax), (char *) vi->statistics->max, 3*size); data/adios-1.13.1/src/core/adiosf_read.c:421:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gavg, vi->statistics->avg, 3*sizeof(double)); data/adios-1.13.1/src/core/adiosf_read.c:423:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gstd_dev, vi->statistics->std_dev, 3*sizeof(double)); data/adios-1.13.1/src/core/adiosf_read.c:443:46: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (v_mins && v_mins[c]) memcpy(((double **) mins)[c], v_mins[c], vi->nsteps * size); data/adios-1.13.1/src/core/adiosf_read.c:444:46: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (v_maxs && v_maxs[c]) memcpy(((double **) maxs)[c], v_maxs[c], vi->nsteps * size); data/adios-1.13.1/src/core/adiosf_read.c:445:46: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (v_avgs && v_avgs[c]) memcpy(avgs[c], v_avgs[c], vi->nsteps * sizeof(double)); data/adios-1.13.1/src/core/adiosf_read.c:446:54: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (v_std_devs && v_std_devs[c]) memcpy(std_devs[c], v_std_devs[c], vi->nsteps * sizeof(double)); data/adios-1.13.1/src/core/adiosf_read.c:451:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) gmin, (char *) vi->statistics->min, size); data/adios-1.13.1/src/core/adiosf_read.c:453:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) gmax, (char *) vi->statistics->max, size); data/adios-1.13.1/src/core/adiosf_read.c:455:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gavg, vi->statistics->avg, sizeof(double)); data/adios-1.13.1/src/core/adiosf_read.c:457:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gstd_dev, vi->statistics->std_dev, sizeof(double)); data/adios-1.13.1/src/core/adiosf_read.c:461:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) mins, (char *) vi->statistics->steps->mins, vi->nsteps * size); data/adios-1.13.1/src/core/adiosf_read.c:463:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) maxs, (char *) vi->statistics->steps->maxs, vi->nsteps * size); data/adios-1.13.1/src/core/adiosf_read.c:465:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(avgs, vi->statistics->steps->avgs, vi->nsteps * sizeof(double)); data/adios-1.13.1/src/core/adiosf_read.c:467:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(std_devs, vi->statistics->steps->std_devs, vi->nsteps * sizeof(double)); data/adios-1.13.1/src/core/adiosf_read.c:494:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(attr, data, size); data/adios-1.13.1/src/core/adiosf_read.c:625:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (points, src, *npoints * sel->u.points.ndim * sizeof(uint64_t)); data/adios-1.13.1/src/core/adiosf_read_v1.c:506:24: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (vi->value) memcpy(value, vi->value, size); data/adios-1.13.1/src/core/adiosf_read_v1.c:520:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) gmin, (char *) vi->statistics->min, 3*size); data/adios-1.13.1/src/core/adiosf_read_v1.c:522:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(((char *) gmax), (char *) vi->statistics->max, 3*size); data/adios-1.13.1/src/core/adiosf_read_v1.c:524:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gavg, vi->statistics->avg, 3*sizeof(double)); data/adios-1.13.1/src/core/adiosf_read_v1.c:526:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gstd_dev, vi->statistics->std_dev, 3*sizeof(double)); data/adios-1.13.1/src/core/adiosf_read_v1.c:546:46: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (v_mins && v_mins[c]) memcpy(((double **) mins)[c], v_mins[c], vi->nsteps * size); data/adios-1.13.1/src/core/adiosf_read_v1.c:547:46: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (v_maxs && v_maxs[c]) memcpy(((double **) maxs)[c], v_maxs[c], vi->nsteps * size); data/adios-1.13.1/src/core/adiosf_read_v1.c:548:46: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (v_avgs && v_avgs[c]) memcpy(avgs[c], v_avgs[c], vi->nsteps * sizeof(double)); data/adios-1.13.1/src/core/adiosf_read_v1.c:549:54: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (v_std_devs && v_std_devs[c]) memcpy(std_devs[c], v_std_devs[c], vi->nsteps * sizeof(double)); data/adios-1.13.1/src/core/adiosf_read_v1.c:554:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) gmin, (char *) vi->statistics->min, size); data/adios-1.13.1/src/core/adiosf_read_v1.c:556:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) gmax, (char *) vi->statistics->max, size); data/adios-1.13.1/src/core/adiosf_read_v1.c:558:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gavg, vi->statistics->avg, sizeof(double)); data/adios-1.13.1/src/core/adiosf_read_v1.c:560:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gstd_dev, vi->statistics->std_dev, sizeof(double)); data/adios-1.13.1/src/core/adiosf_read_v1.c:564:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) mins, (char *) vi->statistics->steps->mins, vi->nsteps * size); data/adios-1.13.1/src/core/adiosf_read_v1.c:566:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) maxs, (char *) vi->statistics->steps->maxs, vi->nsteps * size); data/adios-1.13.1/src/core/adiosf_read_v1.c:568:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(avgs, vi->statistics->steps->avgs, vi->nsteps * sizeof(double)); data/adios-1.13.1/src/core/adiosf_read_v1.c:570:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(std_devs, vi->statistics->steps->std_devs, vi->nsteps * sizeof(double)); data/adios-1.13.1/src/core/adiosf_read_v1.c:612:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(attr, data, size); data/adios-1.13.1/src/core/adiost_callback_internal.c:206:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpstr[1024] = {0}; data/adios-1.13.1/src/core/adiost_callback_internal.c:211:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dims[256] = {0}; data/adios-1.13.1/src/core/adiost_callback_internal.c:212:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char global_dims[256] = {0}; data/adios-1.13.1/src/core/adiost_callback_internal.c:213:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char local_offsets[256] = {0}; data/adios-1.13.1/src/core/adiost_callback_internal.c:268:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(dims, "[]"); data/adios-1.13.1/src/core/adiost_callback_internal.c:273:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(global_dims, "[]"); data/adios-1.13.1/src/core/adiost_callback_internal.c:278:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(local_offsets, "[]"); data/adios-1.13.1/src/core/bp_utils.c:54:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define BUFREAD64(b,var) memcpy(&(var), b->buff + b->offset, sizeof(uint64_t));\ data/adios-1.13.1/src/core/bp_utils.c:249:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char e [MPI_MAX_ERROR_STRING]; data/adios-1.13.1/src/core/bp_utils.c:292:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char e [MPI_MAX_ERROR_STRING]; data/adios-1.13.1/src/core/bp_utils.c:457:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (varinfo->value, v->characteristics [i].value, size); data/adios-1.13.1/src/core/bp_utils.c:927:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char e [MPI_MAX_ERROR_STRING]; data/adios-1.13.1/src/core/bp_utils.c:938:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char e [MPI_MAX_ERROR_STRING]; data/adios-1.13.1/src/core/bp_utils.c:1008:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((*root)->group_name, b->buff + b->offset, length_of_name); data/adios-1.13.1/src/core/bp_utils.c:1044:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((*root)->time_index_name, b->buff + b->offset, length_of_name); data/adios-1.13.1/src/core/bp_utils.c:2030:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data, (b->buff + b->offset), characteristic_size); data/adios-1.13.1/src/core/bp_utils.c:2772:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data, (b->buff + b->offset), nelems*data_size); data/adios-1.13.1/src/core/bp_utils.c:2798:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data, (b->buff + b->offset), nelems*data_size); data/adios-1.13.1/src/core/bp_utils.c:2812:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data, (b->buff + b->offset), nelems*data_size); data/adios-1.13.1/src/core/bp_utils.c:2826:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data, (b->buff + b->offset), data_size); data/adios-1.13.1/src/core/bp_utils.c:2828:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((char *) data) [data_size] = '\0'; data/adios-1.13.1/src/core/bp_utils.c:2838:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (p[k], (b->buff + b->offset), data_size); data/adios-1.13.1/src/core/bp_utils.c:3192:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s [100]; data/adios-1.13.1/src/core/bp_utils.c:3199:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%u", *(((uint8_t *) data))); data/adios-1.13.1/src/core/bp_utils.c:3203:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%d", *(((int8_t *) data))); data/adios-1.13.1/src/core/bp_utils.c:3207:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%hd", *(((int16_t *) data))); data/adios-1.13.1/src/core/bp_utils.c:3211:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%uh", *(((uint16_t *) data))); data/adios-1.13.1/src/core/bp_utils.c:3215:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%d", *(((int32_t *) data))); data/adios-1.13.1/src/core/bp_utils.c:3219:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%u", *(((uint32_t *) data))); data/adios-1.13.1/src/core/bp_utils.c:3223:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%" PRId64 "", *(((int64_t *) data))); data/adios-1.13.1/src/core/bp_utils.c:3227:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%" PRIu64 "", *(((uint64_t *) data))); data/adios-1.13.1/src/core/bp_utils.c:3231:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%f", *(((float *) data))); data/adios-1.13.1/src/core/bp_utils.c:3235:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%le", *(((double *) data))); data/adios-1.13.1/src/core/bp_utils.c:3239:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%Le", *(((long double *) data))); data/adios-1.13.1/src/core/bp_utils.c:3252:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "(%f %f)", *(((float *) data) + 0) data/adios-1.13.1/src/core/bp_utils.c:3258:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "(%lf %lf)", *(((double *) data) + 0) data/adios-1.13.1/src/core/bp_utils.c:3456:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[9]; data/adios-1.13.1/src/core/bp_utils.c:3462:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char e [MPI_MAX_ERROR_STRING]; data/adios-1.13.1/src/core/common_adios.c:280:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char epoch[16]; data/adios-1.13.1/src/core/common_adios.c:282:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(epoch, "%d", (int)tp.tv_sec); data/adios-1.13.1/src/core/common_adios.c:845:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)v->adata, var, element_size); data/adios-1.13.1/src/core/common_adios.c:860:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)v->adata, var, element_size); data/adios-1.13.1/src/core/common_read.c:243:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( linkname, s, (size_t)(p-s) ); data/adios-1.13.1/src/core/common_read.c:254:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( tmp[ fp->nlinks ], s, (size_t)(p-s) ); data/adios-1.13.1/src/core/common_read.c:306:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( meshname, s, (size_t)(p-s) ); data/adios-1.13.1/src/core/common_read.c:317:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( tmp[ fp->nmeshes ], s, (size_t)(p-s) ); data/adios-1.13.1/src/core/common_read.c:337:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (meshfile, "/adios_schema/"); data/adios-1.13.1/src/core/common_read.c:339:21: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (meshfile, "/mesh-file"); data/adios-1.13.1/src/core/common_read.c:1306:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (var_mesh, "/adios_schema"); data/adios-1.13.1/src/core/common_read.c:1345:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (data_centering, "/centering"); data/adios-1.13.1/src/core/common_read.c:1524:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (attribute, "/adios_link/"); data/adios-1.13.1/src/core/common_read.c:1526:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (attribute, "/ref-num"); data/adios-1.13.1/src/core/common_read.c:1539:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char i_buffer[5]; // support no more than 5 digits data/adios-1.13.1/src/core/common_read.c:1545:20: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. i_digits = sprintf (i_buffer, "%d", i); data/adios-1.13.1/src/core/common_read.c:1548:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (attribute, "/adios_link/"); data/adios-1.13.1/src/core/common_read.c:1550:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (attribute, "/objref"); data/adios-1.13.1/src/core/common_read.c:1562:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (attribute, "/adios_link/"); data/adios-1.13.1/src/core/common_read.c:1564:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (attribute, "/extref"); data/adios-1.13.1/src/core/common_read.c:1591:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (attribute, "/adios_link/"); data/adios-1.13.1/src/core/common_read.c:1593:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (attribute, "/type"); data/adios-1.13.1/src/core/common_read.c:1629:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (attribute, "/adios_schema/"); data/adios-1.13.1/src/core/common_read.c:1633:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (attribute, "-num"); data/adios-1.13.1/src/core/common_read.c:1714:24: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. i_digits = sprintf (i_buffer, "%d", i); data/adios-1.13.1/src/core/common_read.c:1717:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (value, "/adios_schema/"); data/adios-1.13.1/src/core/common_read.c:1893:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (meshfile, "/adios_schema/"); data/adios-1.13.1/src/core/common_read.c:1895:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (meshfile, "/mesh-file"); data/adios-1.13.1/src/core/common_read.c:1911:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (time_varying, "/adios_schema/"); data/adios-1.13.1/src/core/common_read.c:1913:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (time_varying, "/time-varying"); data/adios-1.13.1/src/core/common_read.c:1928:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (mesh_attribute, "/adios_schema/"); data/adios-1.13.1/src/core/common_read.c:1930:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (mesh_attribute, "/type"); data/adios-1.13.1/src/core/common_read.c:1945:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (meshfile, "/adios_schema/"); data/adios-1.13.1/src/core/common_read.c:1947:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (meshfile, "/mesh-file"); data/adios-1.13.1/src/core/common_read.c:1990:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (time_varying, "/adios_schema/"); data/adios-1.13.1/src/core/common_read.c:1992:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (time_varying, "/time-varying"); data/adios-1.13.1/src/core/common_read.c:2007:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (meshtype, "/adios_schema/"); data/adios-1.13.1/src/core/common_read.c:2009:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (meshtype, "/type"); data/adios-1.13.1/src/core/common_read.c:2044:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (dimension_attribute, "/adios_schema/"); data/adios-1.13.1/src/core/common_read.c:2046:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (dimension_attribute, "/dimensions-num"); data/adios-1.13.1/src/core/common_read.c:2071:28: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. i_digits = sprintf (i_buffer, "%d", i); data/adios-1.13.1/src/core/common_read.c:2074:17: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (dimensions_value, "/adios_schema/"); data/adios-1.13.1/src/core/common_read.c:2076:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (dimensions_value, "/dimensions"); data/adios-1.13.1/src/core/common_read.c:2188:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (dimension_attribute, "/adios_schema/"); data/adios-1.13.1/src/core/common_read.c:2190:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (dimension_attribute, "/dimensions-num"); data/adios-1.13.1/src/core/common_read.c:2213:28: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. i_digits = sprintf (i_buffer, "%d", i); data/adios-1.13.1/src/core/common_read.c:2216:17: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (dimensions_value, "/adios_schema/"); data/adios-1.13.1/src/core/common_read.c:2218:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (dimensions_value, "/dimensions"); data/adios-1.13.1/src/core/common_read.c:2280:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (coords_attribute, "/adios_schema/"); data/adios-1.13.1/src/core/common_read.c:2282:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (coords_attribute, "/coords-single-var"); data/adios-1.13.1/src/core/common_read.c:2350:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (coords_attribute, "/adios_schema/"); data/adios-1.13.1/src/core/common_read.c:2352:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (coords_attribute, "/coords-multi-var-num"); data/adios-1.13.1/src/core/common_read.c:2387:32: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. i_digits = sprintf (i_buffer, "%d", i); data/adios-1.13.1/src/core/common_read.c:2390:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (coords_var, "/adios_schema/"); data/adios-1.13.1/src/core/common_read.c:2392:21: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (coords_var, "/coords-multi-var"); data/adios-1.13.1/src/core/common_read.c:2450:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (dimension_attribute, "/adios_schema/"); data/adios-1.13.1/src/core/common_read.c:2452:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (dimension_attribute, "/dimensions-num"); data/adios-1.13.1/src/core/common_read.c:2474:28: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. i_digits = sprintf (i_buffer, "%d", i); data/adios-1.13.1/src/core/common_read.c:2476:17: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (dimensions_value, "/adios_schema/"); data/adios-1.13.1/src/core/common_read.c:2478:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (dimensions_value, "/dimensions"); data/adios-1.13.1/src/core/common_read.c:2537:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (points_attribute, "/adios_schema/"); data/adios-1.13.1/src/core/common_read.c:2539:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (points_attribute, "/points-single-var"); data/adios-1.13.1/src/core/common_read.c:2605:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (points_attribute, "/adios_schema/"); data/adios-1.13.1/src/core/common_read.c:2607:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (points_attribute, "/points-multi-var-num"); data/adios-1.13.1/src/core/common_read.c:2642:32: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. i_digits = sprintf (i_buffer, "%d", i); data/adios-1.13.1/src/core/common_read.c:2644:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (points_var, "/adios_schema/"); data/adios-1.13.1/src/core/common_read.c:2646:21: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (points_var, "/points-multi-var"); data/adios-1.13.1/src/core/common_read.c:2720:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (mesh_nspace, "/adios_schema/"); data/adios-1.13.1/src/core/common_read.c:2722:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (mesh_nspace, "/nspace"); data/adios-1.13.1/src/core/common_read.c:2774:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (points_attribute, "/adios_schema/"); data/adios-1.13.1/src/core/common_read.c:2776:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (points_attribute, "/points-single-var"); data/adios-1.13.1/src/core/common_read.c:2825:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (points_attribute, "/adios_schema/"); data/adios-1.13.1/src/core/common_read.c:2827:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (points_attribute, "/points-multi-var-num"); data/adios-1.13.1/src/core/common_read.c:2853:32: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. i_digits = sprintf (i_buffer, "%d", i); data/adios-1.13.1/src/core/common_read.c:2855:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (points_var, "/adios_schema/"); data/adios-1.13.1/src/core/common_read.c:2857:21: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (points_var, "/points-multi-var"); data/adios-1.13.1/src/core/common_read.c:2970:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (num_points, "/adios_schema/"); data/adios-1.13.1/src/core/common_read.c:2972:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (num_points, "/npoints"); data/adios-1.13.1/src/core/common_read.c:3046:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (mesh_nspace, "/adios_schema/"); data/adios-1.13.1/src/core/common_read.c:3048:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (mesh_nspace, "/nspace"); data/adios-1.13.1/src/core/common_read.c:3119:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (num_cell_type, "/adios_schema/"); data/adios-1.13.1/src/core/common_read.c:3121:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (num_cell_type, "/ncsets"); data/adios-1.13.1/src/core/common_read.c:3161:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (num_cells, "/adios_schema/"); data/adios-1.13.1/src/core/common_read.c:3163:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (num_cells, "/ccount"); data/adios-1.13.1/src/core/common_read.c:3225:28: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. i_digits = sprintf (i_buffer, "%d", i); data/adios-1.13.1/src/core/common_read.c:3227:17: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (ccount_var, "/adios_schema/"); data/adios-1.13.1/src/core/common_read.c:3229:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (ccount_var, "/ccount"); data/adios-1.13.1/src/core/common_read.c:3285:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (data_cells, "/adios_schema/"); data/adios-1.13.1/src/core/common_read.c:3287:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (data_cells, "/cdata"); data/adios-1.13.1/src/core/common_read.c:3332:28: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. i_digits = sprintf (i_buffer, "%d", i); data/adios-1.13.1/src/core/common_read.c:3334:17: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (cdata_var, "/adios_schema/"); data/adios-1.13.1/src/core/common_read.c:3336:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (cdata_var, "/cdata"); data/adios-1.13.1/src/core/common_read.c:3374:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (type_cells, "/adios_schema/"); data/adios-1.13.1/src/core/common_read.c:3376:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (type_cells, "/ctype"); data/adios-1.13.1/src/core/common_read.c:3432:28: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. i_digits = sprintf (i_buffer, "%d", i); data/adios-1.13.1/src/core/common_read.c:3434:17: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (ctype_mix_var, "/adios_schema/"); data/adios-1.13.1/src/core/common_read.c:3436:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (ctype_mix_var, "/ctype"); data/adios-1.13.1/src/core/common_read.c:3890:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf [50]; data/adios-1.13.1/src/core/common_read.c:3891:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buf, "(unknown: %d)", type); data/adios-1.13.1/src/core/globals.c:151:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char OP[OPLEN] = { '(', ')' }; data/adios-1.13.1/src/core/globals.c:152:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *OP_REP[OPLEN] = { "_PPLT_", "_PPRT_" }; data/adios-1.13.1/src/core/globals.c:349:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char ascii_array[128]; data/adios-1.13.1/src/core/globals.c:350:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char reverse_array[128]; data/adios-1.13.1/src/core/globals.c:401:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mangle, "Z__"); data/adios-1.13.1/src/core/mpidummy.c:25:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). # define open64 open data/adios-1.13.1/src/core/mpidummy.c:28:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char mpierrmsg[MPI_MAX_ERROR_STRING]; data/adios-1.13.1/src/core/mpidummy.c:94:28: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if( ier == MPI_SUCCESS ) memcpy( recvbuf, sendbuf, nsent ); data/adios-1.13.1/src/core/mpidummy.c:134:28: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if( ier == MPI_SUCCESS ) memcpy( sendbuf, recvbuf, nsent ); data/adios-1.13.1/src/core/mpidummy.c:165:30: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if( ier == MPI_SUCCESS ) memcpy( recvbuf, sendbuf, nbytes ); data/adios-1.13.1/src/core/strutil.c:30:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (p[i], v[i], len); data/adios-1.13.1/src/core/strutil.c:139:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char * dims[32]; data/adios-1.13.1/src/core/strutil.c:221:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(res, s, final_len); data/adios-1.13.1/src/core/strutil.c:284:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[256]; data/adios-1.13.1/src/core/transforms/adios_patchdata.c:154:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char*)dst + byte_offset_in_pt_buffer - dst_byte_ragged_offset, (char*)src + byte_offset_in_bb_buffer - src_byte_ragged_offset, typelen); data/adios-1.13.1/src/core/transforms/adios_patchdata.c:158:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char*)dst + byte_offset_in_bb_buffer - dst_byte_ragged_offset, (char*)src + byte_offset_in_pt_buffer - src_byte_ragged_offset, typelen); data/adios-1.13.1/src/core/transforms/adios_patchdata.c:372:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copy_dst, copy_src, copy_nelems * typesize); data/adios-1.13.1/src/core/transforms/adios_transforms_common.c:269:28: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define BUFREAD(b,dst,len) memcpy((dst), (b->buff + b->offset), (len)); \ data/adios-1.13.1/src/core/transforms/adios_transforms_util.c:49:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (*buffer + *buffer_offset, data, size); data/adios-1.13.1/src/core/transforms/adios_transforms_write.c:519:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (*buffer + *buffer_offset, data, size); data/adios-1.13.1/src/core/transforms/adios_transforms_write.c:739:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst_transform->transform_metadata, src_var->transform_metadata, src_var->transform_metadata_len); data/adios-1.13.1/src/core/util.c:137:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((char *)dst + (i*dst_stride+dst_offset)*size_of_type, data/adios-1.13.1/src/core/util.c:307:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newbuf, buf, len); data/adios-1.13.1/src/core/util_mpi.c:77:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nid = atoi (nid_str); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-file.c:219:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[8192]; /* Temporary buffer */ data/adios-1.13.1/src/mxml/mxml-2.9/mxml-file.c:368:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ptr[2]; /* Pointers for putc_cb */ data/adios-1.13.1/src/mxml/mxml-2.9/mxml-file.c:1327:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char entity[64], /* Entity string */ data/adios-1.13.1/src/mxml/mxml-2.9/mxml-file.c:2716:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[255]; /* Temporary string */ data/adios-1.13.1/src/mxml/mxml-2.9/mxml-file.c:2883:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%d", node->value.integer); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-file.c:2913:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%f", node->value.real); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-node.c:679:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char element[1024]; /* Element text */ data/adios-1.13.1/src/mxml/mxml-2.9/mxml-private.c:60:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[1024]; /* Message string */ data/adios-1.13.1/src/mxml/mxml-2.9/mxml-search.c:131:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char element[256]; /* Current element name */ data/adios-1.13.1/src/mxml/mxml-2.9/mxml-search.c:172:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(element, path, pathsep - path); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-string.c:33:30: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define va_copy(dst,src) memcpy(&dst, src, sizeof(va_list)) data/adios-1.13.1/src/mxml/mxml-2.9/mxml-string.c:127:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tformat[100], /* Temporary format string for sprintf() */ data/adios-1.13.1/src/mxml/mxml-2.9/mxml-string.c:354:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bufptr, va_arg(ap, char *), (size_t)width); data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:451:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(argv[i], "r")) != NULL) data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:501:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(argv[i], "r")) == NULL) data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:525:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(xmlfile, "w")) != NULL) data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:608:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[16384], /* String buffer */ data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:785:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[10240], /* Description text */ data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:788:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char info[1024]; /* Info string */ data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:846:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, current->value.text.string, len); data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:855:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, current->value.opaque, len); data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:921:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[1024]; /* Current filename */ data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:1014:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[65536], /* String buffer */ data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:2743:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[10240], /* Text for description */ data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:2975:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[8192]; /* Line from file */ data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:2978:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(file, "r")) == NULL) data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:3146:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[1024]; /* Current output filename */ data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:3170:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((out = fopen(filename, "w")) == NULL) data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:3216:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((out = fopen(filename, "w")) == NULL) data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:3246:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((out = fopen(filename, "w")) == NULL) data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:3313:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((out = fopen(filename, "w")) == NULL) data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:3368:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((out = fopen(filename, "w")) == NULL) data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:3400:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((out = fopen(filename, "w")) == NULL) data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:3423:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((out = fopen(filename, "w")) == NULL) data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:3768:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *args[5]; /* Argument array */ data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:4026:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024]; /* String buffer */ data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:4809:26: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (introfile && (fp = fopen(introfile, "r")) != NULL) data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:4811:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[8192], /* Line from file */ data/adios-1.13.1/src/mxml/mxml-2.9/test/struct.cxx:54:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b[255]; /* Value of "b" */ data/adios-1.13.1/src/mxml/mxml-2.9/testmxml.c:67:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[16384]; /* Save string */ data/adios-1.13.1/src/mxml/mxml-2.9/testmxml.c:459:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fp = fopen(argv[1], "rb")) == NULL) data/adios-1.13.1/src/mxml/mxml-2.9/testmxml.c:521:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fp = fopen(argv[1], "rb")) == NULL) data/adios-1.13.1/src/mxml/mxml-2.9/testmxml.c:580:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(argv[2], "w"); data/adios-1.13.1/src/mxml/mxml-2.9/testmxml.c:602:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(argv[1], O_RDONLY | O_BINARY)) < 0) data/adios-1.13.1/src/mxml/mxml-2.9/testmxml.c:622:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(buffer, O_WRONLY | O_CREAT | O_TRUNC | O_BINARY, 0666)) < 0) data/adios-1.13.1/src/mxml/mxml-2.9/testmxml.c:652:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fp = fopen(argv[1], "rb")) == NULL) data/adios-1.13.1/src/mxml/mxml-2.9/vcnet/config.h:55:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #define open _open data/adios-1.13.1/src/query/common_query_read.c:163:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data+coord_idx*elemsize, pointvalues+n*elemsize, elemsize); data/adios-1.13.1/src/query/common_query_read.c:219:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data+bb_start*elemsize, block+block_start*elemsize, nelems*elemsize); data/adios-1.13.1/src/query/common_query_read.c:242:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data+pos*elemsize, block+n*elemsize, (j_max-j)*elemsize); data/adios-1.13.1/src/query/common_query_read.c:291:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (bb_data+block_start_offset*elemsize, block_data, nelements*elemsize); data/adios-1.13.1/src/query/common_query_read.c:364:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (bb_data + write_offset, block_data, slice_size); data/adios-1.13.1/src/query/fastbit_adios.c:356:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char idxFileNamePad [len]; data/adios-1.13.1/src/query/fastbit_adios.c:529:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s [100]; data/adios-1.13.1/src/query/fastbit_adios.c:536:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%u", ((uint8_t *) data)[idx]); data/adios-1.13.1/src/query/fastbit_adios.c:540:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%d", ((int8_t *) data)[idx]); data/adios-1.13.1/src/query/fastbit_adios.c:544:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%hd", ((int16_t *) data)[idx]); data/adios-1.13.1/src/query/fastbit_adios.c:548:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%hu", ((uint16_t *) data)[idx]); data/adios-1.13.1/src/query/fastbit_adios.c:552:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%d", ((int32_t *) data)[idx]); data/adios-1.13.1/src/query/fastbit_adios.c:556:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%u", ((uint32_t *) data)[idx]); data/adios-1.13.1/src/query/fastbit_adios.c:568:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%g", ((float *) data)[idx]); data/adios-1.13.1/src/query/fastbit_adios.c:572:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%lg", ((double *) data)[idx]); data/adios-1.13.1/src/query/fastbit_adios.c:576:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%Lg", ((long double *) data)[idx]); data/adios-1.13.1/src/query/fastbit_adios.c:584:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "(%g, %g)", data/adios-1.13.1/src/query/fastbit_adios.c:589:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "(%lg, %lg)", data/adios-1.13.1/src/query/fastbit_adios.c:608:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(bmsVarName, "bms-%d-%d-box-%d", v->varid, timestep, blockNum); data/adios-1.13.1/src/query/fastbit_adios.c:609:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(keyVarName, "key-%d-%d-box-%d", v->varid, timestep, blockNum); data/adios-1.13.1/src/query/fastbit_adios.c:610:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(offsetName, "offset-%d-%d-box-%d", v->varid, timestep, blockNum); data/adios-1.13.1/src/query/fastbit_adios.c:628:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keyVarName[100]; data/adios-1.13.1/src/query/fastbit_adios.c:629:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char offsetName[100]; data/adios-1.13.1/src/query/fastbit_adios.c:689:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bmsVarName[100]; data/adios-1.13.1/src/query/fastbit_adios.c:690:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keyVarName[100]; data/adios-1.13.1/src/query/fastbit_adios.c:691:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char offsetName[100]; data/adios-1.13.1/src/query/query_alac.c:160:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char set_bit_count[65536]; data/adios-1.13.1/src/query/query_alac.c:161:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char set_bit_position[65536][16]; data/adios-1.13.1/src/query/query_alac.c:1967:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bitstr[65]; data/adios-1.13.1/src/query/query_alac.c:2293:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(movePtr+ metaLen, b->bits, sizeof(uint64_t) * b->length); data/adios-1.13.1/src/query/query_alac.c:2308:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bout->bits, ptr+4, sizeof(uint64_t)*(bout->length)); data/adios-1.13.1/src/query/query_fastbit.c:319:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char BitsSetTable256[256] = data/adios-1.13.1/src/query/query_fastbit.c:1420:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bitsArrayName[60]; data/adios-1.13.1/src/query/query_fastbit.c:1421:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(bitsArrayName, "%ld_%d", fastbit_adios_getCurrentTimeMillis(), timeStep); data/adios-1.13.1/src/query/query_fastbit.c:1563:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bitsArrayName[60]; data/adios-1.13.1/src/query/query_fastbit.c:1564:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(bitsArrayName, "%ld_%d", fastbit_adios_getCurrentTimeMillis(), timeStep); data/adios-1.13.1/src/query/query_fastbit.c:1794:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bitsArrayName[60]; data/adios-1.13.1/src/query/query_fastbit.c:1795:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(bitsArrayName, "%ld_%d_%d_%d", fastbit_adios_getCurrentTimeMillis(), q->varinfo->varid, timeStep, rank); data/adios-1.13.1/src/query/query_fastbit.c:1800:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char casestudyLoggerPrefix[30]; data/adios-1.13.1/src/query/query_fastbit.c:1973:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bitsArrayName[60]; data/adios-1.13.1/src/query/query_fastbit.c:1974:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(bitsArrayName, "%ld_%d_%d_%d", fastbit_adios_getCurrentTimeMillis(), v->varid, timeStep, rank); data/adios-1.13.1/src/query/query_fastbit.c:1986:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char casestudyLoggerPrefix[30]; data/adios-1.13.1/src/query/query_fastbit.c:2345:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bitsArrayName[60]; data/adios-1.13.1/src/query/query_fastbit.c:2346:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(bitsArrayName, "%ld_%d_%d_%d", fastbit_adios_getCurrentTimeMillis(), v->varid, timeStep, rank); data/adios-1.13.1/src/query/query_fastbit.c:2358:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char casestudyLoggerPrefix[30]; data/adios-1.13.1/src/query/query_fastbit.c:2516:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char blockDataName[40+strlen(q->condition)]; data/adios-1.13.1/src/query/query_fastbit.c:2518:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(blockDataName, "_%d_%d_%d_%ld_%d", v->varid,timeStep, blockIdx, fastbit_adios_getCurrentTimeMillis(), rank); data/adios-1.13.1/src/query/query_fastbit.c:2667:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char datasetName[strlen(q->condition) + 40]; data/adios-1.13.1/src/query/query_fastbit.c:2669:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(datasetName, "_noidx_%d_%ld_%d", timeStep, fastbit_adios_getCurrentTimeMillis(),rank); data/adios-1.13.1/src/query/query_fastbit.c:3708:16: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). count[i]=atol(dimSpecStart); data/adios-1.13.1/src/query/query_fastbit.c:3716:18: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). start[i] = atol(dimSpecStart); data/adios-1.13.1/src/query/query_fastbit.c:3724:14: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). count[i] = atol(dimSpecStart); data/adios-1.13.1/src/read/read_bp.c:598:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (dest, data/adios-1.13.1/src/read/read_bp.c:627:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, src+idxInBB*size_of_type, size_of_type); data/adios-1.13.1/src/read/read_bp.c:820:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((char *)data, fh->b->buff + fh->b->offset, size_of_type); data/adios-1.13.1/src/read/read_bp.c:944:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((char *)data, fh->b->buff + fh->b->offset, slice_size); data/adios-1.13.1/src/read/read_bp.c:1007:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((char *)data + write_offset, fh->b->buff + fh->b->offset, slice_size); data/adios-1.13.1/src/read/read_bp.c:1424:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (s, start, bndim * 8); data/adios-1.13.1/src/read/read_bp.c:1425:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (c, readn, bndim * 8); data/adios-1.13.1/src/read/read_bp.c:2550:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vs->min, stats[map[adios_statistic_min]].data, size); data/adios-1.13.1/src/read/read_bp.c:2555:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vs->min, stats[map[adios_statistic_min]].data, size); data/adios-1.13.1/src/read/read_bp.c:2562:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vs->steps->mins[tidx], stats[map[adios_statistic_min]].data, size); data/adios-1.13.1/src/read/read_bp.c:2566:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vs->steps->mins[tidx], stats[map[adios_statistic_min]].data, size); data/adios-1.13.1/src/read/read_bp.c:2574:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vs->blocks->mins[idx], stats[map[adios_statistic_min]].data, size); data/adios-1.13.1/src/read/read_bp.c:2578:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vs->blocks->mins[idx], stats[map[adios_statistic_min]].data, size); data/adios-1.13.1/src/read/read_bp.c:2588:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vs->max, stats[map[adios_statistic_max]].data, size); data/adios-1.13.1/src/read/read_bp.c:2593:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vs->max, stats[map[adios_statistic_max]].data, size); data/adios-1.13.1/src/read/read_bp.c:2600:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vs->steps->maxs[tidx], stats[map[adios_statistic_max]].data, size); data/adios-1.13.1/src/read/read_bp.c:2604:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vs->steps->maxs[tidx], stats[map[adios_statistic_max]].data, size); data/adios-1.13.1/src/read/read_bp.c:2612:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vs->blocks->maxs[idx], stats[map[adios_statistic_max]].data, size); data/adios-1.13.1/src/read/read_bp.c:2616:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vs->blocks->maxs[idx], stats[map[adios_statistic_max]].data, size); data/adios-1.13.1/src/read/read_bp.c:2626:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gsum, stats[map[adios_statistic_sum]].data, sum_size); data/adios-1.13.1/src/read/read_bp.c:2637:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sums[tidx], stats[map[adios_statistic_sum]].data, sum_size); data/adios-1.13.1/src/read/read_bp.c:2649:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bsums[idx], stats[map[adios_statistic_sum]].data, sum_size); data/adios-1.13.1/src/read/read_bp.c:2663:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gsum_square, stats[map[adios_statistic_sum_square]].data, sum_size); data/adios-1.13.1/src/read/read_bp.c:2675:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sum_squares[tidx], stats[map[adios_statistic_sum_square]].data, sum_size); data/adios-1.13.1/src/read/read_bp.c:2687:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bsum_squares[idx], stats[map[adios_statistic_sum_square]].data, sum_size); data/adios-1.13.1/src/read/read_bp.c:2938:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (blockinfo[i].start, offsets, dimcount * 8); data/adios-1.13.1/src/read/read_bp.c:2939:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (blockinfo[i].count, ldims, dimcount * 8); data/adios-1.13.1/src/read/read_bp.c:3390:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (start, sel->u.bb.start, ndim * 8); data/adios-1.13.1/src/read/read_bp.c:3391:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (count, sel->u.bb.count, ndim * 8); data/adios-1.13.1/src/read/read_bp.c:3407:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (newreq->sel->u.bb.start, data/adios-1.13.1/src/read/read_bp.c:3425:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (newreq->sel->u.bb.count, data/adios-1.13.1/src/read/read_bp.c:3507:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (newreq->sel->u.points.points, data/adios-1.13.1/src/read/read_bp.c:3753:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*data, attr_root->characteristics[attr_c_index].value, *size); data/adios-1.13.1/src/read/read_bp.c:3861:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char varname[512]; data/adios-1.13.1/src/read/read_bp.c:3940:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*data, var_root->characteristics[var_c_index].value, *size); data/adios-1.13.1/src/read/read_bp.c:3980:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((*group_namelist)[i], fh->gvar_h->namelist[i], strlen (fh->gvar_h->namelist[i]) + 1); data/adios-1.13.1/src/read/read_bp.c:4211:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)data, fh->b->buff + fh->b->offset, size_of_type); data/adios-1.13.1/src/read/read_bp_staged.c:114:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (* buffer, data, size); data/adios-1.13.1/src/read/read_bp_staged.c:141:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (*buffer + *buffer_offset, data, size); data/adios-1.13.1/src/read/read_bp_staged.c:167:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (*buffer + *buffer_offset, data, size); data/adios-1.13.1/src/read/read_bp_staged.c:176:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data, buffer + *buffer_offset, size); data/adios-1.13.1/src/read/read_bp_staged.c:286:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (gdims, ldims, ndim * 8); data/adios-1.13.1/src/read/read_bp_staged.c:546:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (r->data, b, r->datasize); data/adios-1.13.1/src/read/read_bp_staged.c:598:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (r->sel->u.bb.start, b, r->sel->u.bb.ndim * 8); data/adios-1.13.1/src/read/read_bp_staged.c:601:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (r->sel->u.bb.count, b, r->sel->u.bb.ndim * 8); data/adios-1.13.1/src/read/read_bp_staged.c:723:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (gdims, ldims, ndim * 8); data/adios-1.13.1/src/read/read_bp_staged.c:791:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (n->sel->u.bb.start, start, ndim * 8); data/adios-1.13.1/src/read/read_bp_staged.c:792:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (n->sel->u.bb.count, count, ndim * 8); data/adios-1.13.1/src/read/read_bp_staged.c:1217:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data, fh->b->buff + slice_offset - buffer_offset, size_unit); data/adios-1.13.1/src/read/read_bp_staged.c:1258:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (gdims, ldims, ndim * 8); data/adios-1.13.1/src/read/read_bp_staged.c:1327:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data, fh->b->buff + slice_offset - buffer_offset, slice_size); data/adios-1.13.1/src/read/read_bp_staged.c:1386:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((char *) data + write_offset, data/adios-1.13.1/src/read/read_bp_staged.c:1961:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). num_aggregators = atoi (env_str); data/adios-1.13.1/src/read/read_bp_staged.c:1979:43: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). chunk_buffer_size = 1024 * 1024 * atoi (env_str); data/adios-1.13.1/src/read/read_bp_staged.c:2039:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). num_aggregators = atoi (env_str); data/adios-1.13.1/src/read/read_bp_staged.c:2057:43: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). chunk_buffer_size = 1024 * 1024 * atoi (env_str); data/adios-1.13.1/src/read/read_bp_staged.c:2493:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((*group_namelist)[i], fh->gvar_h->namelist[i], strlen (fh->gvar_h-> data/adios-1.13.1/src/read/read_bp_staged1.c:417:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (* buffer, data, size); data/adios-1.13.1/src/read/read_bp_staged1.c:444:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (*buffer + *buffer_offset, data, size); data/adios-1.13.1/src/read/read_bp_staged1.c:471:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (*buffer + *buffer_offset, data, size); data/adios-1.13.1/src/read/read_bp_staged1.c:480:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data, buffer + *buffer_offset, size); data/adios-1.13.1/src/read/read_bp_staged1.c:1020:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (n->ra->start, r->ra->start, 8 * n->ra->ndims); data/adios-1.13.1/src/read/read_bp_staged1.c:1024:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (n->ra->count, r->ra->count, 8 * n->ra->ndims); data/adios-1.13.1/src/read/read_bp_staged1.c:1260:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (n->ra->start, b + offset, n->ra->ndims * 8); data/adios-1.13.1/src/read/read_bp_staged1.c:1263:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (n->ra->count, b + offset, n->ra->ndims * 8); data/adios-1.13.1/src/read/read_bp_staged1.c:1489:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (start, b + offset, ndims * 8); data/adios-1.13.1/src/read/read_bp_staged1.c:1492:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (count, b + offset, ndims * 8); data/adios-1.13.1/src/read/read_bp_staged1.c:1524:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (r->ra->data, b + offset, l); data/adios-1.13.1/src/read/read_bp_staged1.c:1553:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (n->ra->start, b + offset, n->ra->ndims * 8); data/adios-1.13.1/src/read/read_bp_staged1.c:1556:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (n->ra->count, b + offset, n->ra->ndims * 8); data/adios-1.13.1/src/read/read_bp_staged1.c:1581:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (r->ra->data, n->ra->data, n->ra->size); data/adios-1.13.1/src/read/read_bp_staged1.c:1809:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (r->ra->data, b, r->ra->size); data/adios-1.13.1/src/read/read_bp_staged1.c:1852:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (r->ra->start, b, r->ra->ndims * 8); data/adios-1.13.1/src/read/read_bp_staged1.c:1856:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (r->ra->count, b, r->ra->ndims * 8); data/adios-1.13.1/src/read/read_bp_staged1.c:1961:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (start_notime, start, ndim * 8); data/adios-1.13.1/src/read/read_bp_staged1.c:1962:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (count_notime, count, ndim * 8); data/adios-1.13.1/src/read/read_bp_staged1.c:1972:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (start_notime data/adios-1.13.1/src/read/read_bp_staged1.c:1976:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (count_notime data/adios-1.13.1/src/read/read_bp_staged1.c:2070:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (gdims, ldims, ndim * 8); data/adios-1.13.1/src/read/read_bp_staged1.c:2166:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (n->ra->start, start_notime, ndim_notime * 8); data/adios-1.13.1/src/read/read_bp_staged1.c:2167:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (n->ra->count, count_notime, ndim_notime * 8); data/adios-1.13.1/src/read/read_bp_staged1.c:2566:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (parent->ra->data, child->ra->data, size_unit); data/adios-1.13.1/src/read/read_bp_staged1.c:2611:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (parent->ra->data, child->ra->data, child->ra->size); data/adios-1.13.1/src/read/read_bp_staged1.c:2631:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (parent->ra->data + write_offset, child->ra->data, child->ra->size); data/adios-1.13.1/src/read/read_bp_staged1.c:2789:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data, fh->b->buff + slice_offset - buffer_offset, size_unit); data/adios-1.13.1/src/read/read_bp_staged1.c:2837:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (gdims, ldims, ri.ndim * 8); data/adios-1.13.1/src/read/read_bp_staged1.c:2929:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data, fh->b->buff + slice_offset - buffer_offset, slice_size); data/adios-1.13.1/src/read/read_bp_staged1.c:2994:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data, fh->b->buff + slice_offset - buffer_offset, slice_size); data/adios-1.13.1/src/read/read_bp_staged1.c:3521:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). p->num_aggregators = atoi (env_str); data/adios-1.13.1/src/read/read_bp_staged1.c:3535:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). p->chunk_size = 1024 * 1024 * atoi (env_str); data/adios-1.13.1/src/read/read_bp_staged1.c:4774:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*data, attr_root->characteristics[0].value, *size); data/adios-1.13.1/src/read/read_bp_staged1.c:4842:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char varname[512]; data/adios-1.13.1/src/read/read_bp_staged1.c:4889:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*data, var_root->characteristics[0].value, *size); data/adios-1.13.1/src/read/read_bp_staged1.c:5015:12: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vi->value, var_root->characteristics [0].value, size); data/adios-1.13.1/src/read/read_bp_staged1.c:5964:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ri->start_notime, start, ri->ndim * 8); data/adios-1.13.1/src/read/read_bp_staged1.c:5965:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ri->count_notime, count, ri->ndim * 8); data/adios-1.13.1/src/read/read_bp_staged1.c:5980:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ri->start_notime data/adios-1.13.1/src/read/read_bp_staged1.c:5984:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ri->count_notime data/adios-1.13.1/src/read/read_bp_staged1.c:6067:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (start_notime, start, ndim * 8); data/adios-1.13.1/src/read/read_bp_staged1.c:6068:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (count_notime, count, ndim * 8); data/adios-1.13.1/src/read/read_bp_staged1.c:6078:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (start_notime data/adios-1.13.1/src/read/read_bp_staged1.c:6082:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (count_notime data/adios-1.13.1/src/read/read_bp_staged1.c:6126:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (gdims, ldims, ndim * 8); data/adios-1.13.1/src/read/read_bp_staged1.c:6254:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ra->start, start, ra->ndims * 8); data/adios-1.13.1/src/read/read_bp_staged1.c:6257:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ra->count, count, ra->ndims * 8); data/adios-1.13.1/src/read/read_bp_staged1.c:6426:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)data + total_size, fh->b->buff + fh->b->offset, size_of_type); data/adios-1.13.1/src/read/read_bp_staged1.c:6548:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((char *)data, fh->b->buff + fh->b->offset, slice_size); data/adios-1.13.1/src/read/read_bp_staged1.c:6974:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)data+total_size, fh->b->buff + fh->b->offset, size_of_type); data/adios-1.13.1/src/read/read_bp_staged1.c:7107:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (char *)data, fh->b->buff + fh->b->offset, slice_size); data/adios-1.13.1/src/read/read_bp_staged1.c:7156:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((char *)data + write_offset, fh->b->buff + fh->b->offset, slice_size); data/adios-1.13.1/src/read/read_bp_staged1.c:7417:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)data+total_size, fh->b->buff + fh->b->offset, size_of_type); data/adios-1.13.1/src/read/read_bp_staged1.c:7419:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)data+total_size, var_root->characteristics[start_idx+idx].value, size_of_type); data/adios-1.13.1/src/read/read_bp_staged1.c:7557:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (char *)data, fh->b->buff + fh->b->offset, slice_size); data/adios-1.13.1/src/read/read_bp_staged1.c:7607:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((char *)data + write_offset, fh->b->buff + fh->b->offset, slice_size); data/adios-1.13.1/src/read/read_dataspaces.c:98:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char * filename[MAXNFILE]; data/adios-1.13.1/src/read/read_dataspaces.c:420:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fp->var_namelist[i], b, namelen); data/adios-1.13.1/src/read/read_dataspaces.c:457:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&datasize, b, sizeof(int)); data/adios-1.13.1/src/read/read_dataspaces.c:463:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (vars[i].value, b, datasize); data/adios-1.13.1/src/read/read_dataspaces.c:465:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((char *)vars[i].value)[datasize] = '\0'; data/adios-1.13.1/src/read/read_dataspaces.c:490:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fp->attr_namelist[i], b, namelen); data/adios-1.13.1/src/read/read_dataspaces.c:503:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&datasize, b, sizeof(int)); data/adios-1.13.1/src/read/read_dataspaces.c:510:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (attrs[i].value, b, datasize); data/adios-1.13.1/src/read/read_dataspaces.c:542:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ds_name[MAX_DS_NAMELEN]; data/adios-1.13.1/src/read/read_dataspaces.c:592:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * which_version_str[3] = {"current", "next available", "last"}; data/adios-1.13.1/src/read/read_dataspaces.c:602:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_info_buf[FILEINFO_BUFLEN]; data/adios-1.13.1/src/read/read_dataspaces.c:605:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ds_vname[MAX_DS_NAMELEN]; data/adios-1.13.1/src/read/read_dataspaces.c:606:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ds_fname[MAX_DS_NAMELEN]; data/adios-1.13.1/src/read/read_dataspaces.c:929:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ds_vname[MAX_DS_NAMELEN]; data/adios-1.13.1/src/read/read_dataspaces.c:1049:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (vi->dims, vars[varid].dims, vi->ndim*sizeof(uint64_t)); data/adios-1.13.1/src/read/read_dataspaces.c:1058:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (vi->value, vars[varid].value, datasize); data/adios-1.13.1/src/read/read_dataspaces.c:1136:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gdims_str[256], lb_str[256], ub_str[256]; data/adios-1.13.1/src/read/read_dataspaces.c:1178:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gdims_str[256], lb_str[256], ub_str[256]; data/adios-1.13.1/src/read/read_dataspaces.c:1216:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gdims_str[256], lb_str[256], ub_str[256]; data/adios-1.13.1/src/read/read_dataspaces.c:1251:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf+padsize, data, datasize); data/adios-1.13.1/src/read/read_dataspaces.c:1259:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, buf+padsize, datasize); data/adios-1.13.1/src/read/read_dataspaces.c:1356:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (c, var->dims, var->ndims*sizeof(uint64_t)); data/adios-1.13.1/src/read/read_dataspaces.c:1423:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char offset_str[256], readsize_str[256]; data/adios-1.13.1/src/read/read_dataspaces.c:1427:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ds_name[MAX_DS_NAMELEN]; data/adios-1.13.1/src/read/read_dataspaces.c:1449:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (r->data, var->value, elemsize); data/adios-1.13.1/src/read/read_dataspaces.c:1644:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char v[32]; data/adios-1.13.1/src/read/read_dataspaces.c:1649:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s,"%d", values[0]); data/adios-1.13.1/src/read/read_dataspaces.c:1652:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (v,",%d", values[i]); data/adios-1.13.1/src/read/read_dataspaces.c:1660:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char v[32]; data/adios-1.13.1/src/read/read_dataspaces.c:1690:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (*data, attrs[attrid].value, *size); data/adios-1.13.1/src/read/read_dimes.c:96:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char * filename[MAXNFILE]; data/adios-1.13.1/src/read/read_dimes.c:163:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ds_vname[MAX_DS_NAMELEN]; data/adios-1.13.1/src/read/read_dimes.c:457:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fp->var_namelist[i], b, namelen); data/adios-1.13.1/src/read/read_dimes.c:494:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&datasize, b, sizeof(int)); data/adios-1.13.1/src/read/read_dimes.c:500:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (vars[i].value, b, datasize); data/adios-1.13.1/src/read/read_dimes.c:502:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((char *)vars[i].value)[datasize] = '\0'; data/adios-1.13.1/src/read/read_dimes.c:527:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fp->attr_namelist[i], b, namelen); data/adios-1.13.1/src/read/read_dimes.c:540:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&datasize, b, sizeof(int)); data/adios-1.13.1/src/read/read_dimes.c:547:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (attrs[i].value, b, datasize); data/adios-1.13.1/src/read/read_dimes.c:579:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ds_name[MAX_DS_NAMELEN]; data/adios-1.13.1/src/read/read_dimes.c:629:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * which_version_str[3] = {"current", "next available", "last"}; data/adios-1.13.1/src/read/read_dimes.c:639:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_info_buf[FILEINFO_BUFLEN]; data/adios-1.13.1/src/read/read_dimes.c:642:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ds_vname[MAX_DS_NAMELEN]; data/adios-1.13.1/src/read/read_dimes.c:643:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ds_fname[MAX_DS_NAMELEN]; data/adios-1.13.1/src/read/read_dimes.c:956:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ds_vname[MAX_DS_NAMELEN]; data/adios-1.13.1/src/read/read_dimes.c:1078:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (vi->dims, vars[varid].dims, vi->ndim*sizeof(uint64_t)); data/adios-1.13.1/src/read/read_dimes.c:1087:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (vi->value, vars[varid].value, datasize); data/adios-1.13.1/src/read/read_dimes.c:1164:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gdims_str[256], lb_str[256], ub_str[256]; data/adios-1.13.1/src/read/read_dimes.c:1205:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gdims_str[256], lb_str[256], ub_str[256]; data/adios-1.13.1/src/read/read_dimes.c:1243:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gdims_str[256], lb_str[256], ub_str[256]; data/adios-1.13.1/src/read/read_dimes.c:1280:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf+padsize, data, datasize); data/adios-1.13.1/src/read/read_dimes.c:1288:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, buf+padsize, datasize); data/adios-1.13.1/src/read/read_dimes.c:1385:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (c, var->dims, var->ndims*sizeof(uint64_t)); data/adios-1.13.1/src/read/read_dimes.c:1452:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char offset_str[256], readsize_str[256]; data/adios-1.13.1/src/read/read_dimes.c:1456:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ds_name[MAX_DS_NAMELEN]; data/adios-1.13.1/src/read/read_dimes.c:1478:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (r->data, var->value, elemsize); data/adios-1.13.1/src/read/read_dimes.c:1672:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char v[32]; data/adios-1.13.1/src/read/read_dimes.c:1677:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s,"%d", values[0]); data/adios-1.13.1/src/read/read_dimes.c:1680:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (v,",%d", values[i]); data/adios-1.13.1/src/read/read_dimes.c:1688:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char v[32]; data/adios-1.13.1/src/read/read_dimes.c:1693:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s,"%llu", values[0]); data/adios-1.13.1/src/read/read_dimes.c:1696:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (v,",%llu", values[i]); data/adios-1.13.1/src/read/read_dimes.c:1718:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (*data, attrs[attrid].value, *size); data/adios-1.13.1/src/read/read_flexpath.c:373:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fpvar->global_dims, global_dimensions, data/adios-1.13.1/src/read/read_flexpath.c:887:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(v->value, chunk->data, value_size); data/adios-1.13.1/src/read/read_flexpath.c:901:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(v->dims, fpvar->global_dims, cpysize); data/adios-1.13.1/src/read/read_flexpath.c:904:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(v->dims, fpvar->local_dims, cpysize); data/adios-1.13.1/src/read/read_flexpath.c:1441:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(selection, data, block_size * element_size); data/adios-1.13.1/src/read/read_flexpath.c:1510:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char atom_name[200] = ""; data/adios-1.13.1/src/read/read_flexpath.c:1512:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *dims[100]; /* more than we should ever need */ data/adios-1.13.1/src/read/read_flexpath.c:1591:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(var->chunks[0].user_buf, tmp_data, f->field_size); data/adios-1.13.1/src/read/read_flexpath.c:1630:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(var->chunks[0].user_buf, arrays_data, var->array_size); data/adios-1.13.1/src/read/read_flexpath.c:1699:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(chunk->data, tmp_data, f->field_size); data/adios-1.13.1/src/read/read_flexpath.c:1823:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char writer_info_filename[200]; data/adios-1.13.1/src/read/read_flexpath.c:1829:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp_in = fopen(writer_info_filename, "r"); data/adios-1.13.1/src/read/read_flexpath.c:1832:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp_in = fopen(writer_info_filename, "r"); data/adios-1.13.1/src/read/read_flexpath.c:1907:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data_contact_info[CONTACT_LENGTH] = {0}; data/adios-1.13.1/src/read/read_flexpath.c:1925:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char in_contact[CONTACT_LENGTH] = ""; data/adios-1.13.1/src/read/read_flexpath.c:2010:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char in_contact[CONTACT_LENGTH]; data/adios-1.13.1/src/read/read_flexpath.c:2405:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(counts, fpvar->global_dims, fpvar->ndims*sizeof(uint64_t)); data/adios-1.13.1/src/read/read_flexpath.c:2442:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, chunk->data, fpvar->type_size); data/adios-1.13.1/src/read/read_flexpath.c:2596:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (*data) memcpy(*data, fpvar->chunks[0].data, *size); data/adios-1.13.1/src/read/read_icee.c:205:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, src, sizeof(icee_fileinfo_rec_t)); data/adios-1.13.1/src/read/read_icee.c:250:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, src, sizeof(icee_varinfo_rec_t)); data/adios-1.13.1/src/read/read_icee.c:259:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->gdims, src->gdims, dimsize); data/adios-1.13.1/src/read/read_icee.c:260:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->ldims, src->ldims, dimsize); data/adios-1.13.1/src/read/read_icee.c:261:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->offsets, src->offsets, dimsize); data/adios-1.13.1/src/read/read_icee.c:264:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->data, src->data, src->varlen); data/adios-1.13.1/src/read/read_icee.c:437:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m->dims, dims, ndims * sizeof(uint64_t)); data/adios-1.13.1/src/read/read_icee.c:457:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(v->vdims, vdims, m->ndims * sizeof(uint64_t)); data/adios-1.13.1/src/read/read_icee.c:458:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(v->offsets, offsets, m->ndims * sizeof(uint64_t)); data/adios-1.13.1/src/read/read_icee.c:485:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->mat->data + d * dest->mat->typesize, data/adios-1.13.1/src/read/read_icee.c:500:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->mat->data + d * dest->mat->typesize, data/adios-1.13.1/src/read/read_icee.c:514:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->mat->data + d * dest->mat->typesize, data/adios-1.13.1/src/read/read_icee.c:533:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->mat->data + d * dest->mat->typesize, data/adios-1.13.1/src/read/read_icee.c:642:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cm_port = atoi(p->value); data/adios-1.13.1/src/read/read_icee.c:650:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cm_remote_port = atoi(p->value); data/adios-1.13.1/src/read/read_icee.c:692:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). icee_read_num_parallel = atoi(p->value); data/adios-1.13.1/src/read/read_icee.c:696:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). is_read_cm_passive = atoi(p->value); data/adios-1.13.1/src/read/read_icee.c:700:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). use_native_contact = atoi(p->value); data/adios-1.13.1/src/read/read_icee.c:704:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). use_read_probe = atoi(p->value); data/adios-1.13.1/src/read/read_icee.c:738:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host[256]; data/adios-1.13.1/src/read/read_icee.c:744:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). port = atoi(token+1); data/adios-1.13.1/src/read/read_icee.c:753:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). port = atoi(pch+1); data/adios-1.13.1/src/read/read_icee.c:797:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string_list[256]; data/adios-1.13.1/src/read/read_icee.c:1303:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, vp->data, vp->varlen); data/adios-1.13.1/src/read/read_icee.c:1318:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, vp->data, vp->varlen); data/adios-1.13.1/src/read/read_icee.c:1383:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, vp->data, vp->varlen); data/adios-1.13.1/src/read/read_icee.c:1459:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a->value, vp->data, vp->typesize); data/adios-1.13.1/src/read/read_icee.c:1465:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a->dims, vp->gdims, dimsize); data/adios-1.13.1/src/read/read_icee.c:1471:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a->dims, vp->ldims, dimsize); data/adios-1.13.1/src/transforms/adios_transform_alacrity_write.c:53:50: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). config.alac_config.significantBits = atoi(param->value); data/adios-1.13.1/src/transforms/adios_transform_aplod_read.c:33:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(metaout->components, transform_metadata, metaout->numComponents * sizeof(int32_t)); data/adios-1.13.1/src/transforms/adios_transform_aplod_read.c:61:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). numComponentsToUse = atoi(reqgroup->read_param); data/adios-1.13.1/src/transforms/adios_transform_aplod_write.c:91:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int compInt = atoi(comp); data/adios-1.13.1/src/transforms/adios_transform_aplod_write.c:183:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((char*)var->transform_metadata, &input_size, sizeof(uint64_t)); data/adios-1.13.1/src/transforms/adios_transform_aplod_write.c:184:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((char*)var->transform_metadata + sizeof (uint64_t), &numComponents, sizeof (numComponents)); data/adios-1.13.1/src/transforms/adios_transform_aplod_write.c:185:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((char*)var->transform_metadata + sizeof (uint64_t) + sizeof (numComponents), componentVector, numComponents * sizeof (int32_t)); data/adios-1.13.1/src/transforms/adios_transform_blosc_read.c:163:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(output_buff, input_buff, input_size); data/adios-1.13.1/src/transforms/adios_transform_blosc_write.c:112:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char compressor[32]; data/adios-1.13.1/src/transforms/adios_transform_blosc_write.c:113:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( compressor, "memcpy" ); data/adios-1.13.1/src/transforms/adios_transform_blosc_write.c:128:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). compress_level = atoi( param->value ); data/adios-1.13.1/src/transforms/adios_transform_blosc_write.c:140:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). threshold_size = atoi( param->value ); data/adios-1.13.1/src/transforms/adios_transform_blosc_write.c:159:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). num_threads = atoi( param->value ); data/adios-1.13.1/src/transforms/adios_transform_blosc_write.c:169:17: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( compressor, "memcpy" ); data/adios-1.13.1/src/transforms/adios_transform_blosc_write.c:257:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(output_buff, input_buff, input_size); data/adios-1.13.1/src/transforms/adios_transform_blosc_write.c:284:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char*)var->transform_metadata, &n_chunks, sizeof(adiosBloscSize_t)); data/adios-1.13.1/src/transforms/adios_transform_blosc_write.c:286:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char*)var->transform_metadata + sizeof(adiosBloscSize_t), &compressed_size_last_chunk, sizeof(adiosBloscSize_t)); data/adios-1.13.1/src/transforms/adios_transform_bzip2_read.c:105:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(uncompressed_data, compressed_data, compressed_size); data/adios-1.13.1/src/transforms/adios_transform_bzip2_write.c:83:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). compress_level = atoi(var->transform_spec->params[0].key); data/adios-1.13.1/src/transforms/adios_transform_bzip2_write.c:128:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(output_buff, input_buff, input_size); data/adios-1.13.1/src/transforms/adios_transform_bzip2_write.c:148:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char*)var->transform_metadata, &input_size, sizeof(uint64_t)); data/adios-1.13.1/src/transforms/adios_transform_bzip2_write.c:149:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char*)var->transform_metadata + sizeof(uint64_t), &compress_ok, sizeof(char)); data/adios-1.13.1/src/transforms/adios_transform_isobar_read.c:114:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(uncompressed_data, compressed_data, compressed_size); data/adios-1.13.1/src/transforms/adios_transform_isobar_write.c:119:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). compress_level = atoi(var->transform_spec->params[0].key); data/adios-1.13.1/src/transforms/adios_transform_isobar_write.c:165:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(output_buff, input_buff, input_size); data/adios-1.13.1/src/transforms/adios_transform_isobar_write.c:185:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char*)var->transform_metadata, &input_size, sizeof(uint64_t)); data/adios-1.13.1/src/transforms/adios_transform_isobar_write.c:186:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char*)var->transform_metadata + sizeof(uint64_t), &compress_ok, sizeof(char)); data/adios-1.13.1/src/transforms/adios_transform_lz4_read.c:153:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(output_buff, input_buff, input_size); data/adios-1.13.1/src/transforms/adios_transform_lz4_write.c:140:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). compress_level = atoi(param->value); data/adios-1.13.1/src/transforms/adios_transform_lz4_write.c:146:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). threshold_size = atoi(param->value); data/adios-1.13.1/src/transforms/adios_transform_lz4_write.c:238:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(output_buff, input_buff, input_size); data/adios-1.13.1/src/transforms/adios_transform_lz4_write.c:264:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char*) var->transform_metadata, &n_chunks, sizeof (adiosLz4Size_t)); data/adios-1.13.1/src/transforms/adios_transform_lz4_write.c:266:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char*) var->transform_metadata + sizeof (adiosLz4Size_t), &compressed_size_last_chunk, sizeof (adiosLz4Size_t)); data/adios-1.13.1/src/transforms/adios_transform_mgard_read.c:68:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mgard_out_buff, raw_buff, raw_size); data/adios-1.13.1/src/transforms/adios_transform_mgard_write.c:218:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mgard_comp_buff, input_buff, input_size); data/adios-1.13.1/src/transforms/adios_transform_mgard_write.c:263:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(output_buff, mgard_comp_buff, (size_t)output_size); data/adios-1.13.1/src/transforms/adios_transform_sz_write.c:157:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sz.max_quant_intervals = atoi(param->value); data/adios-1.13.1/src/transforms/adios_transform_sz_write.c:161:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sz.quantization_intervals = atoi(param->value); data/adios-1.13.1/src/transforms/adios_transform_sz_write.c:165:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sz.dataEndianType = atoi(param->value); data/adios-1.13.1/src/transforms/adios_transform_sz_write.c:169:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sz.sysEndianType = atoi(param->value); data/adios-1.13.1/src/transforms/adios_transform_sz_write.c:173:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sz.sol_ID = atoi(param->value); data/adios-1.13.1/src/transforms/adios_transform_sz_write.c:177:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sz.layers = atoi(param->value); data/adios-1.13.1/src/transforms/adios_transform_sz_write.c:181:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sz.sampleDistance = atoi(param->value); data/adios-1.13.1/src/transforms/adios_transform_sz_write.c:189:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sz.offset = atoi(param->value); data/adios-1.13.1/src/transforms/adios_transform_sz_write.c:214:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sz.gzipMode = atoi(param->value); data/adios-1.13.1/src/transforms/adios_transform_sz_write.c:259:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sz.segment_size = atoi(param->value); data/adios-1.13.1/src/transforms/adios_transform_sz_write.c:419:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bytes, input_buff, input_size); data/adios-1.13.1/src/transforms/adios_transform_sz_write.c:463:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(output_buff, bytes, output_size); data/adios-1.13.1/src/transforms/adios_transform_szip.h:56:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const union { unsigned char bytes[4]; uint32_t value; } o32_host_order = data/adios-1.13.1/src/transforms/adios_transform_zfp_common.h:52:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ctol[ZFP_STRSIZE]; // string of "tolerance" data/adios-1.13.1/src/transforms/adios_transform_zfp_common.h:53:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[ZFP_STRSIZE]; // variable name data/adios-1.13.1/src/transforms/adios_transform_zfp_common.h:62:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[ZFP_STRSIZE]; // Name of variable data/adios-1.13.1/src/transforms/adios_transform_zfp_common.h:65:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ctol[ZFP_STRSIZE]; // string for "tolerance" data/adios-1.13.1/src/transforms/adios_transform_zfp_read.c:44:29: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static void read_metastring(char s[ZFP_STRSIZE], const void* pos, size_t* offset) data/adios-1.13.1/src/transforms/adios_transform_zfp_write.c:37:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pos + *offset, towrite, size); data/adios-1.13.1/src/transforms/adios_transform_zfp_write.c:227:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(outbuffer, var->data, insize); data/adios-1.13.1/src/transforms/adios_transform_zlib_read.c:101:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(uncompressed_data, compressed_data, compressed_size); data/adios-1.13.1/src/transforms/adios_transform_zlib_write.c:103:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). compress_level = atoi(var->transform_spec->params[0].key); data/adios-1.13.1/src/transforms/adios_transform_zlib_write.c:149:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(output_buff, input_buff, input_size); data/adios-1.13.1/src/transforms/adios_transform_zlib_write.c:169:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char*)var->transform_metadata, &input_size, sizeof(uint64_t)); data/adios-1.13.1/src/transforms/adios_transform_zlib_write.c:170:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char*)var->transform_metadata + sizeof(uint64_t), &compress_ok, sizeof(char)); data/adios-1.13.1/src/transforms/zcheck_comm.h:80:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char zname[255]; data/adios-1.13.1/src/write/adios_dataspaces.c:34:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char ds_var_name[MAX_DS_NAMELEN]; data/adios-1.13.1/src/write/adios_dataspaces.c:180:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[64]; data/adios-1.13.1/src/write/adios_dataspaces.c:303:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lb_str[256], ub_str[256], gdims_str[256], dims_str[256], didx_str[256]; data/adios-1.13.1/src/write/adios_dataspaces.c:699:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/adios-1.13.1/src/write/adios_dataspaces.c:702:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, buffer_size, sizeof(int)); data/adios-1.13.1/src/write/adios_dataspaces.c:704:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, nvars, sizeof(int)); data/adios-1.13.1/src/write/adios_dataspaces.c:706:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, nattrs, sizeof(int)); data/adios-1.13.1/src/write/adios_dataspaces.c:710:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, &namelen, sizeof(int)); // length of full path data/adios-1.13.1/src/write/adios_dataspaces.c:712:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, name, namelen); // full path data/adios-1.13.1/src/write/adios_dataspaces.c:714:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, &(v->type), sizeof(int)); // type data/adios-1.13.1/src/write/adios_dataspaces.c:740:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, &hastime, sizeof(int)); // has time dimension? data/adios-1.13.1/src/write/adios_dataspaces.c:743:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, &ndims, sizeof(int)); // number of dimensions data/adios-1.13.1/src/write/adios_dataspaces.c:752:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, &(gdims[didx[i]]), 8); // ith dimension data/adios-1.13.1/src/write/adios_dataspaces.c:756:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, &(ldims[didx[i]]), 8); // ith dimension data/adios-1.13.1/src/write/adios_dataspaces.c:765:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, v->characteristics->value, size); data/adios-1.13.1/src/write/adios_dataspaces.c:769:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, &size, sizeof(int)); data/adios-1.13.1/src/write/adios_dataspaces.c:771:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, v->characteristics->value, size); data/adios-1.13.1/src/write/adios_dataspaces.c:780:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, &namelen, sizeof(int)); // length of full path data/adios-1.13.1/src/write/adios_dataspaces.c:782:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, name, namelen); // full path data/adios-1.13.1/src/write/adios_dataspaces.c:784:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, &(a->type), sizeof(int)); // type data/adios-1.13.1/src/write/adios_dataspaces.c:789:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, a->characteristics->value, size); data/adios-1.13.1/src/write/adios_dataspaces.c:793:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, &size, sizeof(int)); data/adios-1.13.1/src/write/adios_dataspaces.c:795:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, a->characteristics->value, size); data/adios-1.13.1/src/write/adios_dataspaces.c:804:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, &zero, align_bytes); data/adios-1.13.1/src/write/adios_dataspaces.c:814:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (*buffer, buffer_size, sizeof(int)); data/adios-1.13.1/src/write/adios_dataspaces.c:841:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, buf_len, sizeof(int)); /* 0-: length of this buffer */ data/adios-1.13.1/src/write/adios_dataspaces.c:843:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, &time, sizeof(int)); /* 4-: time */ data/adios-1.13.1/src/write/adios_dataspaces.c:845:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, &nvars, sizeof(int)); /* 8-: number of variables */ data/adios-1.13.1/src/write/adios_dataspaces.c:847:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, &nattrs, sizeof(int)); /* 12-: number of attributes */ data/adios-1.13.1/src/write/adios_dataspaces.c:849:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, &group_index_len, sizeof(int)); /* 16-: length of group index*/ data/adios-1.13.1/src/write/adios_dataspaces.c:851:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, &namelen, sizeof(int)); /* 20-: length of group name */ data/adios-1.13.1/src/write/adios_dataspaces.c:853:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, groupname, namelen); /* 24-: group name */ data/adios-1.13.1/src/write/adios_dataspaces.c:977:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ds_var_name[MAX_DS_NAMELEN]; data/adios-1.13.1/src/write/adios_dimes.c:66:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char ds_var_name[MAX_DS_NAMELEN]; data/adios-1.13.1/src/write/adios_dimes.c:265:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[64]; data/adios-1.13.1/src/write/adios_dimes.c:436:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lb_str[256], ub_str[256], gdims_str[256], dims_str[256], didx_str[256]; data/adios-1.13.1/src/write/adios_dimes.c:832:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/adios-1.13.1/src/write/adios_dimes.c:835:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, buffer_size, sizeof(int)); data/adios-1.13.1/src/write/adios_dimes.c:837:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, nvars, sizeof(int)); data/adios-1.13.1/src/write/adios_dimes.c:839:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, nattrs, sizeof(int)); data/adios-1.13.1/src/write/adios_dimes.c:843:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, &namelen, sizeof(int)); // length of full path data/adios-1.13.1/src/write/adios_dimes.c:845:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, name, namelen); // full path data/adios-1.13.1/src/write/adios_dimes.c:847:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, &(v->type), sizeof(int)); // type data/adios-1.13.1/src/write/adios_dimes.c:873:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, &hastime, sizeof(int)); // has time dimension? data/adios-1.13.1/src/write/adios_dimes.c:876:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, &ndims, sizeof(int)); // number of dimensions data/adios-1.13.1/src/write/adios_dimes.c:885:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, &(gdims[didx[i]]), 8); // ith dimension data/adios-1.13.1/src/write/adios_dimes.c:889:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, &(ldims[didx[i]]), 8); // ith dimension data/adios-1.13.1/src/write/adios_dimes.c:898:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, v->characteristics->value, size); data/adios-1.13.1/src/write/adios_dimes.c:902:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, &size, sizeof(int)); data/adios-1.13.1/src/write/adios_dimes.c:904:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, v->characteristics->value, size); data/adios-1.13.1/src/write/adios_dimes.c:913:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, &namelen, sizeof(int)); // length of full path data/adios-1.13.1/src/write/adios_dimes.c:915:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, name, namelen); // full path data/adios-1.13.1/src/write/adios_dimes.c:917:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, &(a->type), sizeof(int)); // type data/adios-1.13.1/src/write/adios_dimes.c:922:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, a->characteristics->value, size); data/adios-1.13.1/src/write/adios_dimes.c:926:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, &size, sizeof(int)); data/adios-1.13.1/src/write/adios_dimes.c:928:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, a->characteristics->value, size); data/adios-1.13.1/src/write/adios_dimes.c:937:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, &zero, align_bytes); data/adios-1.13.1/src/write/adios_dimes.c:947:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (*buffer, buffer_size, sizeof(int)); data/adios-1.13.1/src/write/adios_dimes.c:974:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, buf_len, sizeof(int)); /* 0-: length of this buffer */ data/adios-1.13.1/src/write/adios_dimes.c:976:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, &time, sizeof(int)); /* 4-: time */ data/adios-1.13.1/src/write/adios_dimes.c:978:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, &nvars, sizeof(int)); /* 8-: number of variables */ data/adios-1.13.1/src/write/adios_dimes.c:980:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, &nattrs, sizeof(int)); /* 12-: number of attributes */ data/adios-1.13.1/src/write/adios_dimes.c:982:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, &group_index_len, sizeof(int)); /* 16-: length of group index*/ data/adios-1.13.1/src/write/adios_dimes.c:984:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, &namelen, sizeof(int)); /* 20-: length of group name */ data/adios-1.13.1/src/write/adios_dimes.c:986:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b, groupname, namelen); /* 24-: group name */ data/adios-1.13.1/src/write/adios_dimes.c:1132:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ds_var_name[MAX_DS_NAMELEN]; data/adios-1.13.1/src/write/adios_flexpath.c:675:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. snprintf((char *) field_list[fieldNo].field_type, 255, data/adios-1.13.1/src/write/adios_flexpath.c:678:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. snprintf((char *) field_list[fieldNo].field_type, 255, data/adios-1.13.1/src/write/adios_flexpath.c:691:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. snprintf((char *) field_list[fieldNo].field_type, 255, data/adios-1.13.1/src/write/adios_flexpath.c:694:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. snprintf((char *) field_list[fieldNo].field_type, 255, data/adios-1.13.1/src/write/adios_flexpath.c:707:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. snprintf((char *) field_list[fieldNo].field_type, 255, data/adios-1.13.1/src/write/adios_flexpath.c:710:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. snprintf((char *) field_list[fieldNo].field_type, 255, data/adios-1.13.1/src/write/adios_flexpath.c:736:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. snprintf((char *) field_list[fieldNo].field_type, 255, data/adios-1.13.1/src/write/adios_flexpath.c:739:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. snprintf((char *) field_list[fieldNo].field_type, 255, data/adios-1.13.1/src/write/adios_flexpath.c:751:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. snprintf((char *) field_list[fieldNo].field_type, 255, data/adios-1.13.1/src/write/adios_flexpath.c:754:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. snprintf((char *) field_list[fieldNo].field_type, 255, data/adios-1.13.1/src/write/adios_flexpath.c:766:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. snprintf((char *) field_list[fieldNo].field_type, 255, "*(char%s)", data/adios-1.13.1/src/write/adios_flexpath.c:769:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. snprintf((char *) field_list[fieldNo].field_type, 255, "char%s", data/adios-1.13.1/src/write/adios_flexpath.c:781:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. snprintf((char *) field_list[fieldNo].field_type, 255, "*(char%s)", data/adios-1.13.1/src/write/adios_flexpath.c:784:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. snprintf((char *) field_list[fieldNo].field_type, 255, "char%s", data/adios-1.13.1/src/write/adios_flexpath.c:797:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. snprintf((char *) field_list[fieldNo].field_type, 255, data/adios-1.13.1/src/write/adios_flexpath.c:800:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. snprintf((char *) field_list[fieldNo].field_type, 255, data/adios-1.13.1/src/write/adios_flexpath.c:814:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. snprintf((char *) field_list[fieldNo].field_type, 255, data/adios-1.13.1/src/write/adios_flexpath.c:817:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. snprintf((char *) field_list[fieldNo].field_type, 255, data/adios-1.13.1/src/write/adios_flexpath.c:831:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. snprintf((char *) field_list[fieldNo].field_type, 255, data/adios-1.13.1/src/write/adios_flexpath.c:834:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. snprintf((char *) field_list[fieldNo].field_type, 255, data/adios-1.13.1/src/write/adios_flexpath.c:848:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. snprintf((char *) field_list[fieldNo].field_type, 255, data/adios-1.13.1/src/write/adios_flexpath.c:851:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. snprintf((char *) field_list[fieldNo].field_type, 255, data/adios-1.13.1/src/write/adios_flexpath.c:864:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. snprintf((char *) field_list[fieldNo].field_type, 255, "*(complex%s)", data/adios-1.13.1/src/write/adios_flexpath.c:867:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. snprintf((char *) field_list[fieldNo].field_type, 255, "complex%s", data/adios-1.13.1/src/write/adios_flexpath.c:879:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. snprintf((char *) field_list[fieldNo].field_type, 255, "*(double_complex%s)", data/adios-1.13.1/src/write/adios_flexpath.c:882:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. snprintf((char *) field_list[fieldNo].field_type, 255, "double_complex%s", data/adios-1.13.1/src/write/adios_flexpath.c:949:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dims[100]; data/adios-1.13.1/src/write/adios_flexpath.c:950:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(&dims[0], "[%d]", attr->nelems); data/adios-1.13.1/src/write/adios_flexpath.c:1020:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dims[DIMSIZE] = ""; data/adios-1.13.1/src/write/adios_flexpath.c:1021:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char el[ELSIZE] = ""; data/adios-1.13.1/src/write/adios_flexpath.c:1063:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&field_list[fieldNo], a->field, sizeof(FMField)); data/adios-1.13.1/src/write/adios_flexpath.c:1093:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(temp, buffer, fileData->fm->size); data/adios-1.13.1/src/write/adios_flexpath.c:1305:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char writer_info_filename[200]; data/adios-1.13.1/src/write/adios_flexpath.c:1306:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char writer_info_tmp[200]; data/adios-1.13.1/src/write/adios_flexpath.c:1318:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sendmsg[CONTACT_LENGTH] = {0}; data/adios-1.13.1/src/write/adios_flexpath.c:1341:29: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *writer_info = fopen(writer_info_filename, "w"); data/adios-1.13.1/src/write/adios_flexpath.c:1373:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char in_contact[CONTACT_LENGTH]; data/adios-1.13.1/src/write/adios_flexpath.c:1533:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&fm->buffer[field->field_offset], data, field->field_size); data/adios-1.13.1/src/write/adios_flexpath.c:1553:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&fm->buffer[a->field->field_offset], data/adios-1.13.1/src/write/adios_flexpath.c:1576:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(datacpy, data, arraysize); data/adios-1.13.1/src/write/adios_flexpath.c:1629:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&send_block[send_count], local_dimensions, ndims * sizeof(send_block[0])); data/adios-1.13.1/src/write/adios_flexpath.c:1630:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&send_block[send_count+ndims], local_offsets, ndims * sizeof(send_block[0])); data/adios-1.13.1/src/write/adios_flexpath.c:1653:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&send_block[send_count], fileData->fm->write_bitfield.array, data/adios-1.13.1/src/write/adios_flexpath.c:1691:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&all_local_dims[i*ndims], &comm_block[i*send_count + block_index], ndims * sizeof(send_block[0])); data/adios-1.13.1/src/write/adios_flexpath.c:1692:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&all_offsets[i*ndims], &comm_block[i*send_count + block_index + ndims], ndims * sizeof(send_block[0])); data/adios-1.13.1/src/write/adios_flexpath.c:1705:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&gp->write_bitfields[i * fileData->fm->write_bitfield.len], &comm_block[i*send_count + block_index], data/adios-1.13.1/src/write/adios_flexpath.c:1795:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buffer[field->field_offset], data, field->field_size); data/adios-1.13.1/src/write/adios_flexpath.c:1852:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&gp->write_bitfields[i * fileData->fm->write_bitfield.len], fileData->fm->write_bitfield.array, data/adios-1.13.1/src/write/adios_flexpath.c:1868:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, fileData->fm->buffer, fileData->fm->size); data/adios-1.13.1/src/write/adios_icee.c:647:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cm_port = atoi(p->value); data/adios-1.13.1/src/write/adios_icee.c:677:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cm_port = atoi(token); data/adios-1.13.1/src/write/adios_icee.c:683:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cm_port = atoi(token); data/adios-1.13.1/src/write/adios_icee.c:694:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). max_client = atoi(p->value); data/adios-1.13.1/src/write/adios_icee.c:698:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). icee_num_parallel = atoi(p->value); data/adios-1.13.1/src/write/adios_icee.c:715:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). is_cm_passive = atoi(p->value); data/adios-1.13.1/src/write/adios_icee.c:719:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). use_probe = atoi(p->value); data/adios-1.13.1/src/write/adios_icee.c:995:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[80]; data/adios-1.13.1/src/write/adios_icee.c:1114:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, fp, sizeof(icee_fileinfo_rec_t)); data/adios-1.13.1/src/write/adios_mpi.c:134:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&t [0], &timing, sizeof (struct timing_metrics)); data/adios-1.13.1/src/write/adios_mpi.c:171:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * f = fopen ("adios_metrics", "a"); data/adios-1.13.1/src/write/adios_mpi.c:418:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char e [MPI_MAX_ERROR_STRING]; data/adios-1.13.1/src/write/adios_mpi.c:557:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char e [MPI_MAX_ERROR_STRING]; data/adios-1.13.1/src/write/adios_mpi.c:624:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char e [MPI_MAX_ERROR_STRING]; data/adios-1.13.1/src/write/adios_mpi.c:663:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char e [MPI_MAX_ERROR_STRING]; data/adios-1.13.1/src/write/adios_mpi.c:820:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char e [MPI_MAX_ERROR_STRING]; data/adios-1.13.1/src/write/adios_mpi.c:1319:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char e [MPI_MAX_ERROR_STRING]; data/adios-1.13.1/src/write/adios_mpi.c:1391:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char e [MPI_MAX_ERROR_STRING]; data/adios-1.13.1/src/write/adios_mpi.c:1545:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char e [MPI_MAX_ERROR_STRING]; data/adios-1.13.1/src/write/adios_mpi.c:1595:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char e [MPI_MAX_ERROR_STRING]; data/adios-1.13.1/src/write/adios_mpi_amr.c:177:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid[40]; data/adios-1.13.1/src/write/adios_mpi_amr.c:205:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char n[16]; data/adios-1.13.1/src/write/adios_mpi_amr.c:220:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ost_id1 = atoi (p); data/adios-1.13.1/src/write/adios_mpi_amr.c:227:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ost_id1 = atoi (n); data/adios-1.13.1/src/write/adios_mpi_amr.c:231:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ost_id2 = atoi (n); data/adios-1.13.1/src/write/adios_mpi_amr.c:317:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). should_striping = atoi (q + 1); data/adios-1.13.1/src/write/adios_mpi_amr.c:319:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). should_striping = atoi (p + 1); data/adios-1.13.1/src/write/adios_mpi_amr.c:338:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). striping_count = atoi (q + 1); data/adios-1.13.1/src/write/adios_mpi_amr.c:340:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). striping_count = atoi (p + 1); data/adios-1.13.1/src/write/adios_mpi_amr.c:355:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). random_offset_flag = atoi (q + 1); data/adios-1.13.1/src/write/adios_mpi_amr.c:357:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). random_offset_flag = atoi (p + 1); data/adios-1.13.1/src/write/adios_mpi_amr.c:372:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). striping_unit = atoi(q + 1); data/adios-1.13.1/src/write/adios_mpi_amr.c:374:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). striping_unit = atoi(p + 1); data/adios-1.13.1/src/write/adios_mpi_amr.c:387:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(filename, O_RDONLY | O_CREAT | O_LOV_DELAY_CREATE, perm); data/adios-1.13.1/src/write/adios_mpi_amr.c:469:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). md->g_have_mdf = atoi (q + 1); data/adios-1.13.1/src/write/adios_mpi_amr.c:471:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). md->g_have_mdf = atoi (p + 1); data/adios-1.13.1/src/write/adios_mpi_amr.c:495:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). md->g_num_ost = atoi(q + 1); data/adios-1.13.1/src/write/adios_mpi_amr.c:497:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). md->g_num_ost = atoi(p + 1); data/adios-1.13.1/src/write/adios_mpi_amr.c:510:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). md->is_local_fs = atoi(q + 1); data/adios-1.13.1/src/write/adios_mpi_amr.c:512:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). md->is_local_fs = atoi(p + 1); data/adios-1.13.1/src/write/adios_mpi_amr.c:527:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). md->g_num_aggregators = atoi(q + 1); data/adios-1.13.1/src/write/adios_mpi_amr.c:529:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). md->g_num_aggregators = atoi(p + 1); data/adios-1.13.1/src/write/adios_mpi_amr.c:556:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). md->g_color1 = atoi (q + 1); data/adios-1.13.1/src/write/adios_mpi_amr.c:558:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). md->g_color1 = atoi (p + 1); data/adios-1.13.1/src/write/adios_mpi_amr.c:574:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). md->g_have_mdf = atoi (q + 1); data/adios-1.13.1/src/write/adios_mpi_amr.c:576:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). md->g_have_mdf = atoi (p + 1); data/adios-1.13.1/src/write/adios_mpi_amr.c:592:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). md->g_threading = atoi(q + 1); data/adios-1.13.1/src/write/adios_mpi_amr.c:594:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). md->g_threading = atoi(p + 1); data/adios-1.13.1/src/write/adios_mpi_amr.c:629:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). md->g_io_type = atoi (q + 1); data/adios-1.13.1/src/write/adios_mpi_amr.c:631:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). md->g_io_type = atoi (p + 1); data/adios-1.13.1/src/write/adios_mpi_amr.c:943:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char e [MPI_MAX_ERROR_STRING]; data/adios-1.13.1/src/write/adios_mpi_amr.c:1041:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char e [MPI_MAX_ERROR_STRING]; data/adios-1.13.1/src/write/adios_mpi_amr.c:1254:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = open(name, O_CREAT | O_RDWR | O_LOV_DELAY_CREATE, 0644); data/adios-1.13.1/src/write/adios_mpi_amr.c:1361:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = open(name, O_RDWR, 0644); data/adios-1.13.1/src/write/adios_mpi_amr.c:2481:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (aggr_buff + total_data_size, buffer, buffer_offset); data/adios-1.13.1/src/write/adios_mpi_bgq.c:167:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[64], *temp_string, *p_count,*p_size; data/adios-1.13.1/src/write/adios_mpi_bgq.c:180:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). md->g_io_type = atoi (q + 1); data/adios-1.13.1/src/write/adios_mpi_bgq.c:182:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). md->g_io_type = atoi (p + 1); data/adios-1.13.1/src/write/adios_mpi_bgq.c:200:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). md->g_have_mdf = atoi (q + 1); data/adios-1.13.1/src/write/adios_mpi_bgq.c:202:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). md->g_have_mdf = atoi (p + 1); data/adios-1.13.1/src/write/adios_mpi_bgq.c:277:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (*buffer + *buffer_offset, data, size); data/adios-1.13.1/src/write/adios_mpi_bgq.c:287:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[64]; data/adios-1.13.1/src/write/adios_mpi_bgq.c:295:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (flag) return atoi(value); data/adios-1.13.1/src/write/adios_mpi_bgq.c:1118:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char e [MPI_MAX_ERROR_STRING]; data/adios-1.13.1/src/write/adios_mpi_bgq.c:1293:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char e [MPI_MAX_ERROR_STRING]; data/adios-1.13.1/src/write/adios_mpi_bgq.c:1664:29: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (aggr_buff, recv_buff, pg_sizes[i + 1]); data/adios-1.13.1/src/write/adios_mpi_bgq.c:2456:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (aggr_buff + total_data_size, buffer, buffer_offset); data/adios-1.13.1/src/write/adios_mpi_lustre.c:208:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid[40]; data/adios-1.13.1/src/write/adios_mpi_lustre.c:233:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(filename, O_RDONLY | O_CREAT | O_LOV_DELAY_CREATE, perm); data/adios-1.13.1/src/write/adios_mpi_lustre.c:259:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). striping_count = atoi (q + 1); data/adios-1.13.1/src/write/adios_mpi_lustre.c:261:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). striping_count = atoi (p + 1); data/adios-1.13.1/src/write/adios_mpi_lustre.c:280:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). md->striping_unit = atoi(q + 1); data/adios-1.13.1/src/write/adios_mpi_lustre.c:282:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). md->striping_unit = atoi(p + 1); data/adios-1.13.1/src/write/adios_mpi_lustre.c:297:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). stripe_offset = atoi (q + 1); data/adios-1.13.1/src/write/adios_mpi_lustre.c:299:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). stripe_offset = atoi (p + 1); data/adios-1.13.1/src/write/adios_mpi_lustre.c:340:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *block_unit = atoi(q + 1); data/adios-1.13.1/src/write/adios_mpi_lustre.c:342:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *block_unit = atoi(p + 1); data/adios-1.13.1/src/write/adios_mpi_lustre.c:357:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[64]; data/adios-1.13.1/src/write/adios_mpi_lustre.c:369:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (flag) return atoi(value); data/adios-1.13.1/src/write/adios_mpi_lustre.c:385:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(filename, O_RDONLY, perm); data/adios-1.13.1/src/write/adios_mpi_lustre.c:634:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char e [MPI_MAX_ERROR_STRING]; data/adios-1.13.1/src/write/adios_mpi_lustre.c:772:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char e [MPI_MAX_ERROR_STRING]; data/adios-1.13.1/src/write/adios_mpi_lustre.c:848:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char e [MPI_MAX_ERROR_STRING]; data/adios-1.13.1/src/write/adios_mpi_lustre.c:886:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char e [MPI_MAX_ERROR_STRING]; data/adios-1.13.1/src/write/adios_mpi_lustre.c:1042:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char e [MPI_MAX_ERROR_STRING]; data/adios-1.13.1/src/write/adios_nc4.c:54:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef char nc4_dimname_t[256]; data/adios-1.13.1/src/write/adios_nc4.c:129:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fpath[NC4_PATH_MAX]; data/adios-1.13.1/src/write/adios_nc4.c:130:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[NC4_PATH_MAX]; data/adios-1.13.1/src/write/adios_nc4.c:341:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(dimname, "n%lld_dim", dim->rank); data/adios-1.13.1/src/write/adios_nc4.c:367:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char attname[255]; data/adios-1.13.1/src/write/adios_nc4.c:368:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char varname[255]; data/adios-1.13.1/src/write/adios_nc4.c:538:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dimname[255]; data/adios-1.13.1/src/write/adios_nc4.c:652:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(dimname, "local_%d", local_idx); data/adios-1.13.1/src/write/adios_nc4.c:665:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(dimname, "global_%d", global_idx); data/adios-1.13.1/src/write/adios_nc4.c:678:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(dimname, "offset_%d", loffs_idx); data/adios-1.13.1/src/write/adios_nc4.c:739:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(deciphered_dims->nc4_gbglobaldims_dimids, nc4_gbglobaldims_dimids, 2*sizeof(int)); data/adios-1.13.1/src/write/adios_nc4.c:782:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fullname[255]; data/adios-1.13.1/src/write/adios_nc4.c:944:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fullname[255]; data/adios-1.13.1/src/write/adios_nc4.c:968:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_var_dimname[40]; data/adios-1.13.1/src/write/adios_nc4.c:1160:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fullname[255]; data/adios-1.13.1/src/write/adios_phdf5.c:555:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/adios-1.13.1/src/write/adios_phdf5.c:749:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/adios-1.13.1/src/write/adios_posix.c:166:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char * name_with_rank, rank_string[16]; data/adios-1.13.1/src/write/adios_posix.c:225:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (rank_string, "%d", p->rank); data/adios-1.13.1/src/write/adios_posix.c:296:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). p->b.f = open (subfile_name, O_RDONLY | O_LARGEFILE); data/adios-1.13.1/src/write/adios_posix.c:341:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). p->b.f = open (subfile_name, O_WRONLY | O_CREAT | O_TRUNC | O_LARGEFILE data/adios-1.13.1/src/write/adios_posix.c:366:29: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). p->mf = open (mdfile_name, O_WRONLY | O_CREAT | O_TRUNC | O_LARGEFILE data/adios-1.13.1/src/write/adios_posix.c:425:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). p->b.f = open (subfile_name, O_RDWR | O_LARGEFILE); data/adios-1.13.1/src/write/adios_posix.c:429:30: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). p->b.f = open (subfile_name, O_WRONLY | O_CREAT | O_LARGEFILE, data/adios-1.13.1/src/write/adios_posix.c:451:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). p->mf = open (mdfile_name, O_WRONLY | O_TRUNC | O_LARGEFILE data/adios-1.13.1/src/write/adios_posix.c:458:29: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). p->mf = open (mdfile_name, O_WRONLY| O_CREAT | O_LARGEFILE data/adios-1.13.1/src/write/adios_var_merge.c:33:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char io_method[16]; //the IO method for data output data/adios-1.13.1/src/write/adios_var_merge.c:34:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char io_parameters[256]; //the IO method parameters data/adios-1.13.1/src/write/adios_var_merge.c:250:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sbuf, ldims, ndims*sizeof(uint64_t)); data/adios-1.13.1/src/write/adios_var_merge.c:252:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sbuf+slen, offsets, ndims*sizeof(uint64_t)); data/adios-1.13.1/src/write/adios_var_merge.c:271:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t_ldims, recvbuf+blen, ndims*sizeof(uint64_t)); data/adios-1.13.1/src/write/adios_var_merge.c:273:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t_offsets, recvbuf+blen, ndims*sizeof(uint64_t)); data/adios-1.13.1/src/write/adios_var_merge.c:330:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sbuf, procs, 3*sizeof(int)); data/adios-1.13.1/src/write/adios_var_merge.c:333:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sbuf+slen, &decomp, sizeof(int)); data/adios-1.13.1/src/write/adios_var_merge.c:336:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sbuf+slen, &layout, sizeof(int)); data/adios-1.13.1/src/write/adios_var_merge.c:339:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sbuf+slen, sequence, 3*sizeof(int)); data/adios-1.13.1/src/write/adios_var_merge.c:354:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(procs, sbuf, 3*sizeof(int)); data/adios-1.13.1/src/write/adios_var_merge.c:355:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&decomp, sbuf+3*sizeof(int), sizeof(int)); data/adios-1.13.1/src/write/adios_var_merge.c:356:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&layout, sbuf+(3+1)*sizeof(int), sizeof(int)); data/adios-1.13.1/src/write/adios_var_merge.c:357:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sequence, sbuf+(3+2)*sizeof(int), 3*sizeof(int)); data/adios-1.13.1/src/write/adios_var_merge.c:731:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_mode[2]; data/adios-1.13.1/src/write/adios_var_merge.c:822:17: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(io_method, "MPI"); data/adios-1.13.1/src/write/adios_var_merge.c:948:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*data+l*sizeof(double), &val,sizeof(double)); data/adios-1.13.1/src/write/adios_var_merge.c:1055:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vars->data, data, varsize); data/adios-1.13.1/src/write/adios_var_merge.c:1120:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vars->data, data, varsize); data/adios-1.13.1/src/write/adios_var_merge.c:1154:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vars->data, data, varsize); data/adios-1.13.1/src/write/adios_var_merge.c:1292:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((char *)dst + (i*dst_stride+dst_offset)*size_of_type, data/adios-1.13.1/src/write/adios_var_merge.c:1357:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmpbuf, data, varsize); data/adios-1.13.1/src/write/adios_var_merge.c:1368:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. tmpbuf=(char *)realloc(tmpbuf, (aggr_cnt[ndims-1][lev]+1)*varsize); data/adios-1.13.1/src/write/adios_var_merge.c:1379:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ldims_list, ldims, ndims*sizeof(uint64_t)); data/adios-1.13.1/src/write/adios_var_merge.c:1381:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gdims, ldims, ndims*sizeof(uint64_t)); data/adios-1.13.1/src/write/adios_var_merge.c:1402:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ldims_list+(i+1)*ndims, recvbuf, ndims*sizeof(uint64_t)); data/adios-1.13.1/src/write/adios_var_merge.c:1403:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp_dims, recvbuf, ndims*sizeof(uint64_t)); data/adios-1.13.1/src/write/adios_var_merge.c:1420:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp_offsets, recvbuf+ndims*sizeof(uint64_t), ndims*sizeof(uint64_t)); data/adios-1.13.1/src/write/adios_var_merge.c:1458:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ldims, gdims, ndims*sizeof(uint64_t)); data/adios-1.13.1/src/write/adios_var_merge.c:1471:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sendbuf, ldims, ndims*sizeof(uint64_t)); data/adios-1.13.1/src/write/adios_var_merge.c:1473:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sendbuf+ndims*sizeof(uint64_t), offsets, ndims*sizeof(uint64_t)); data/adios-1.13.1/src/write/adios_var_merge.c:1489:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(output, tmpbuf, buff_offset); data/adios-1.13.1/src/write/adios_var_merge.c:1517:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(input, *output, totalsize); data/adios-1.13.1/src/zfp/zfp-0.5.0/examples/pgm.c:15:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[0x100]; data/adios-1.13.1/src/zfp/zfp-0.5.0/examples/zfp.c:266:49: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* file = !strcmp(inpath, "-") ? stdin : fopen(inpath, "rb"); data/adios-1.13.1/src/zfp/zfp-0.5.0/examples/zfp.c:286:50: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* file = !strcmp(zfppath, "-") ? stdin : fopen(zfppath, "rb"); data/adios-1.13.1/src/zfp/zfp-0.5.0/examples/zfp.c:393:53: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* file = !strcmp(zfppath, "-") ? stdout : fopen(zfppath, "wb"); data/adios-1.13.1/src/zfp/zfp-0.5.0/examples/zfp.c:449:53: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* file = !strcmp(outpath, "-") ? stdout : fopen(outpath, "wb"); data/adios-1.13.1/tests/C/adios_test_c.c:60:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [100]; data/adios-1.13.1/tests/C/adios_test_c.c:79:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (filename, "restart%d.bp", rank % 2); data/adios-1.13.1/tests/C/adios_test_c.c:82:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (filename, "restart.bp"); data/adios-1.13.1/tests/C/adios_test_c.c:218:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&(time_diff_all [0]), &time_diff, sizeof (struct timeval)); data/adios-1.13.1/tests/C/adios_test_c.c:265:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&(time_diff_all [0]), &time_diff, sizeof (struct timeval)); data/adios-1.13.1/tests/C/fgr_tests/posix_fgr.c:49:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid[40]; data/adios-1.13.1/tests/C/fgr_tests/posix_fgr.c:59:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/tests/C/fgr_tests/posix_fgr.c:85:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = open(filename, O_CREAT | O_RDWR | O_LOV_DELAY_CREATE, 0644); data/adios-1.13.1/tests/C/flexpath_tests/1D_arr_global_noxml/reader.c:72:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[STR_BUFFER_SIZE]; data/adios-1.13.1/tests/C/flexpath_tests/1D_arr_global_noxml/reader.c:150:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "Rank %d: var_1d_array: step %d: t: ", rank, step); data/adios-1.13.1/tests/C/flexpath_tests/1D_arr_global_noxml/writer.c:32:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[256]; // the name of the file to write data and compare with flexpath data/adios-1.13.1/tests/C/flexpath_tests/common/utils.c:198:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(p_tsprt_opts->transport, "FLEXPATH"); data/adios-1.13.1/tests/C/flexpath_tests/common/utils.c:199:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(p_tsprt_opts->xml_adios_init_filename, "test_config_flex.xml"); data/adios-1.13.1/tests/C/flexpath_tests/common/utils.c:202:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(p_tsprt_opts->transport, "MPI"); data/adios-1.13.1/tests/C/flexpath_tests/common/utils.c:203:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(p_tsprt_opts->xml_adios_init_filename, "test_config_mpi.xml"); data/adios-1.13.1/tests/C/flexpath_tests/global_range_select/writer.c:24:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[256]; data/adios-1.13.1/tests/C/flexpath_tests/include/misc.h:81:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tsprt[256]; data/adios-1.13.1/tests/C/flexpath_tests/include/misc.h:93:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xml_adios_init_filename[256]; data/adios-1.13.1/tests/C/flexpath_tests/include/misc.h:97:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char transport[256]; data/adios-1.13.1/tests/C/flexpath_tests/include/misc.h:100:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char adios_options[256]; data/adios-1.13.1/tests/C/flexpath_tests/local_arrays/reader.c:72:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[STR_BUFFER_SIZE]; data/adios-1.13.1/tests/C/flexpath_tests/local_arrays/reader.c:143:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "Rank %d: var_1d_array: step %d: t: ", rank, step); data/adios-1.13.1/tests/C/flexpath_tests/local_arrays/writer.c:32:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[256]; // the name of the file to write data and compare with flexpath data/adios-1.13.1/tests/C/flexpath_tests/maya_noxml/reader.c:119:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fullname[MAYA_VAR_BUF_SIZE]; data/adios-1.13.1/tests/C/flexpath_tests/maya_noxml/reader.c:138:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fullpath[STR_BUFFER_SIZE]; data/adios-1.13.1/tests/C/flexpath_tests/maya_noxml/writer.c:81:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fullname[MAYA_VAR_BUF_SIZE]; data/adios-1.13.1/tests/C/flexpath_tests/maya_noxml/writer.c:122:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(offsets, "%d,0,0,0", rank); data/adios-1.13.1/tests/C/flexpath_tests/maya_noxml/writer.c:138:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ndim[16]; data/adios-1.13.1/tests/C/flexpath_tests/maya_noxml/writer.c:139:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char global_dims[18]; data/adios-1.13.1/tests/C/flexpath_tests/maya_noxml/writer.c:140:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char local_offsets[25]; data/adios-1.13.1/tests/C/flexpath_tests/maya_noxml/writer.c:143:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ndim, "1,%d", 2 * dim); data/adios-1.13.1/tests/C/flexpath_tests/maya_noxml/writer.c:144:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(global_dims, "P,%d", 2 * dim); data/adios-1.13.1/tests/C/flexpath_tests/maya_noxml/writer.c:149:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ndim, "1,%d", dim); data/adios-1.13.1/tests/C/flexpath_tests/maya_noxml/writer.c:150:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(global_dims, "P,%d", dim); data/adios-1.13.1/tests/C/flexpath_tests/maya_noxml/writer.c:154:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ndim, "1,%d", dim); data/adios-1.13.1/tests/C/flexpath_tests/maya_noxml/writer.c:155:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(global_dims, "P,%d", dim); data/adios-1.13.1/tests/C/flexpath_tests/maya_noxml/writer.c:195:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fullpath[STR_BUFFER_SIZE]; data/adios-1.13.1/tests/C/flexpath_tests/two_streams/reader.c:60:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[STR_BUFFER_SIZE]; data/adios-1.13.1/tests/C/flexpath_tests/two_streams/reader.c:138:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "Rank %d: var_1d_array: step %d: t: ", rank, step); data/adios-1.13.1/tests/C/flexpath_tests/two_streams/reader.c:174:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[256]; // stream 1 data/adios-1.13.1/tests/C/flexpath_tests/two_streams/reader.c:175:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename2[256]; // stream 2 data/adios-1.13.1/tests/C/flexpath_tests/two_streams/reader.c:188:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(filename2, "test2.bp"); data/adios-1.13.1/tests/C/flexpath_tests/two_streams/writer.c:94:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[256]; // stream 1 data/adios-1.13.1/tests/C/flexpath_tests/two_streams/writer.c:95:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename2[256]; // stream 2 data/adios-1.13.1/tests/C/flexpath_tests/two_streams/writer.c:105:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(filename2, "test2.bp"); data/adios-1.13.1/tests/C/query/alacrity/adios_alac_query.c:83:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xmlFileName[256]; data/adios-1.13.1/tests/C/query/alacrity/adios_build_alac_index.c:173:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char varfile [nvars][256]; data/adios-1.13.1/tests/C/query/alacrity/adios_build_alac_index.c:180:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char input_xml [256]; data/adios-1.13.1/tests/C/query/alacrity/adios_build_alac_index.c:181:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char output_bp_file [256]; data/adios-1.13.1/tests/C/query/alacrity/adios_build_alac_index.c:209:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp [i] = fopen (varfile [i], "rb"); data/adios-1.13.1/tests/C/query/alacrity/adios_build_alac_index.c:234:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[256]; data/adios-1.13.1/tests/C/query/alacrity/adios_build_alac_index.c:250:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix[256]; data/adios-1.13.1/tests/C/query/alacrity/adios_build_alac_index.c:251:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(prefix, "N%d"); data/adios-1.13.1/tests/C/query/alacrity/adios_build_alac_index.c:256:14: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(prefix, "D%d"); data/adios-1.13.1/tests/C/query/alacrity/adios_build_alac_index.c:261:14: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(prefix, "O%d"); data/adios-1.13.1/tests/C/query/alacrity/adios_build_alac_index.c:372:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * fp = fopen (inputxml,"r"); data/adios-1.13.1/tests/C/query/alacrity/adios_build_alac_index.c:428:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). numVars = atoi(numVarS); data/adios-1.13.1/tests/C/query/alacrity/adios_build_alac_index.c:451:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tsNum = atoi(tsNumS); data/adios-1.13.1/tests/C/query/alacrity/adios_build_alac_index.c:479:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). numDim = atoi(dimS); data/adios-1.13.1/tests/C/query/alacrity/adios_build_alac_index.c:486:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). elmSize = atoi(elmSizeS); data/adios-1.13.1/tests/C/query/alacrity/adios_build_alac_index.c:514:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). inputDataDim[j] = atoi(dim_tokens[j]); data/adios-1.13.1/tests/C/query/alacrity/adios_build_alac_index.c:515:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). inputPGDim[j] = atoi(pgDimTokens[j]); data/adios-1.13.1/tests/C/query/alacrity/adios_build_alac_index.c:522:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((*dataDim)->dims, inputDataDim, sizeof(uint32_t)* (*dataDim)->ndims); data/adios-1.13.1/tests/C/query/alacrity/adios_build_alac_index.c:524:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((*pgDim)->dims, inputPGDim, sizeof(uint32_t)* (*pgDim)->ndims); data/adios-1.13.1/tests/C/query/alacrity/adios_build_alac_index.c:581:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pgoffNum = atoi(pgoffNumS); data/adios-1.13.1/tests/C/query/alacrity/adios_build_alac_index.c:592:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pgoffName[16]; data/adios-1.13.1/tests/C/query/alacrity/adios_build_alac_index.c:603:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pgoffName,"pg_%d", j); data/adios-1.13.1/tests/C/query/alacrity/adios_build_alac_index.c:614:45: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (*pgOff)->off[i*numDim+j] = atoi(pgoffValue_tokens[j]); data/adios-1.13.1/tests/C/query/alacrity/adios_read_block.c:43:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). block = atoi(argv[2]); data/adios-1.13.1/tests/C/query/alacrity/adios_read_ext_test.c:117:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/tests/C/query/alacrity/adios_read_ext_test.c:141:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char varName[256] = "rdm"; data/adios-1.13.1/tests/C/query/alacrity/adios_show_bp_file.c:80:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/tests/C/query/alacrity/adios_show_bp_file.c:104:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char varName[256]; data/adios-1.13.1/tests/C/query/common/adios_query_test.c:182:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xmlFileName[256]; data/adios-1.13.1/tests/C/query/common/adios_query_xml_parse.c:84:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * fp = fopen (inputxml,"r"); data/adios-1.13.1/tests/C/query/common/adios_query_xml_parse.c:144:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). numQuery = atoi(numVarS); data/adios-1.13.1/tests/C/query/common/adios_query_xml_parse.c:145:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). fromTimestep = atoi(fromTimestepS); data/adios-1.13.1/tests/C/query/common/adios_query_xml_parse.c:146:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). numTimesteps = atoi(numTimestepsS); data/adios-1.13.1/tests/C/query/common/adios_query_xml_parse.c:183:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int specifiedDim = atoi(outputDimS); data/adios-1.13.1/tests/C/query/common/adios_query_xml_parse.c:204:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). outputStart[j] = atoi(outputStartTokens[j]); data/adios-1.13.1/tests/C/query/common/adios_query_xml_parse.c:205:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). outputCount[j] = atoi(outputCountTokens[j]); data/adios-1.13.1/tests/C/query/common/adios_query_xml_parse.c:233:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). outputWbIndex = atoi(outputWbIndexS); data/adios-1.13.1/tests/C/query/common/adios_query_xml_parse.c:344:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int specifiedDim = atoi(dimS); data/adios-1.13.1/tests/C/query/common/adios_query_xml_parse.c:365:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). queryStart[j] = atoi(queryStartTokens[j]); data/adios-1.13.1/tests/C/query/common/adios_query_xml_parse.c:366:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). queryCount[j] = atoi(queryCountTokens[j]); data/adios-1.13.1/tests/C/query/common/adios_query_xml_parse.c:393:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). wbIndex = atoi(wbIndexS); data/adios-1.13.1/tests/C/query/common/compute_expected_query_results.c:221:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nextPoint, curPoint, ndim * sizeof(uint64_t)); data/adios-1.13.1/tests/C/query/common/compute_expected_query_results.c:346:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(curPoint, (compare < 0) ? leftHeadPoint : rightHeadPoint, ndim * sizeof(uint64_t)); data/adios-1.13.1/tests/C/query/common/compute_expected_query_results.c:364:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(curPoint, leftHeadPoint, coordsRemaining * sizeof(uint64_t)); data/adios-1.13.1/tests/C/query/common/compute_expected_query_results.c:368:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(curPoint, rightHeadPoint, coordsRemaining * sizeof(uint64_t)); data/adios-1.13.1/tests/C/query/fastbit/fastbit_tests.c:21:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _gTagQuery[20] = "query"; data/adios-1.13.1/tests/C/query/fastbit/fastbit_tests.c:22:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _gTagSel[20] = "selection"; data/adios-1.13.1/tests/C/query/fastbit/fastbit_tests.c:23:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _gTagEntry[20] = "entry"; data/adios-1.13.1/tests/C/query/fastbit/fastbit_tests.c:24:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _gTagOutput[20] = "output"; data/adios-1.13.1/tests/C/query/fastbit/fastbit_tests.c:26:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _gAttrAction[20] = "action"; data/adios-1.13.1/tests/C/query/fastbit/fastbit_tests.c:27:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _gAttrBPFile[20] = "bpFile"; data/adios-1.13.1/tests/C/query/fastbit/fastbit_tests.c:28:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _gAttrBatchSize[20] = "batchSize"; data/adios-1.13.1/tests/C/query/fastbit/fastbit_tests.c:29:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _gAttrQueryName[20] = "name"; data/adios-1.13.1/tests/C/query/fastbit/fastbit_tests.c:30:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _gAttrVarName[20] = "varName"; data/adios-1.13.1/tests/C/query/fastbit/fastbit_tests.c:31:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _gAttrVarValue[20] = "value"; data/adios-1.13.1/tests/C/query/fastbit/fastbit_tests.c:32:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _gAttrOperand[20] = "op"; data/adios-1.13.1/tests/C/query/fastbit/fastbit_tests.c:33:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _gAttrSelType[20] = "type"; data/adios-1.13.1/tests/C/query/fastbit/fastbit_tests.c:34:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _gAttrSelDim[20] = "dim"; data/adios-1.13.1/tests/C/query/fastbit/fastbit_tests.c:35:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _gAttrSelID[20] = "id"; data/adios-1.13.1/tests/C/query/fastbit/fastbit_tests.c:36:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _gAttrSelStart[20] = "start"; data/adios-1.13.1/tests/C/query/fastbit/fastbit_tests.c:37:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _gAttrSelCount[20] = "count"; data/adios-1.13.1/tests/C/query/fastbit/fastbit_tests.c:38:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _gAttrNode[20] = "node"; data/adios-1.13.1/tests/C/query/fastbit/fastbit_tests.c:231:20: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (*result)[i] = atol(token); data/adios-1.13.1/tests/C/query/fastbit/fastbit_tests.c:262:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int dim = atoi(dimStr); data/adios-1.13.1/tests/C/query/fastbit/fastbit_tests.c:286:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int blockID = atoi(idStr); data/adios-1.13.1/tests/C/query/fastbit/fastbit_tests.c:514:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * fp = fopen (xmlQueryFileName,"r"); data/adios-1.13.1/tests/C/query/fastbit/fastbit_tests.c:569:29: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). batchSize = atol(currAttr.value); data/adios-1.13.1/tests/suite/programs/adios_amr_write.c:21:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/tests/suite/programs/adios_amr_write.c:40:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pattern = atoi (argv[1]); data/adios-1.13.1/tests/suite/programs/adios_amr_write.c:77:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (filename, "adios_amr_write.bp"); data/adios-1.13.1/tests/suite/programs/adios_amr_write_2vars.c:21:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/tests/suite/programs/adios_amr_write_2vars.c:40:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pattern = atoi (argv[1]); data/adios-1.13.1/tests/suite/programs/adios_amr_write_2vars.c:79:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (filename, "adios_amr_write_2vars.bp"); data/adios-1.13.1/tests/suite/programs/adios_staged_read.c:33:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/tests/suite/programs/adios_staged_read.c:47:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pattern = atoi (argv[1]); data/adios-1.13.1/tests/suite/programs/adios_staged_read_2vars.c:33:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/tests/suite/programs/adios_staged_read_2vars.c:48:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pattern = atoi (argv[1]); data/adios-1.13.1/tests/suite/programs/adios_staged_read_v2.c:32:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/tests/suite/programs/adios_staged_read_v2.c:49:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pattern = atoi (argv[1]); data/adios-1.13.1/tests/suite/programs/adios_transforms_read_write.c:145:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/tests/suite/programs/adios_transforms_read_write.c:164:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (filename, "adios_transforms_read_write.bp"); data/adios-1.13.1/tests/suite/programs/build_standard_dataset.c:107:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dimvar_list_buf1[256]; // for storing D0,D1,D2,...,Dn data/adios-1.13.1/tests/suite/programs/build_standard_dataset.c:108:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dimvar_list_buf2[256]; // for storing D0,D1,D2,...,Dn data/adios-1.13.1/tests/suite/programs/build_standard_dataset.c:129:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dimvar_name[32]; data/adios-1.13.1/tests/suite/programs/build_standard_dataset.c:173:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *filename_prefix, data/adios-1.13.1/tests/suite/programs/build_standard_dataset.c:174:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *transform_name, data/adios-1.13.1/tests/suite/programs/build_standard_dataset.c:181:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xml_filename[strlen(filename_prefix) + strlen(".xml") + 1]; data/adios-1.13.1/tests/suite/programs/build_standard_dataset.c:182:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bp_filename[strlen(filename_prefix) + strlen(".bp") + 1]; data/adios-1.13.1/tests/suite/programs/build_standard_dataset.c:184:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dimvar[32]; data/adios-1.13.1/tests/suite/programs/build_standard_dataset.c:191:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *xml_out = fopen(xml_filename, "w"); data/adios-1.13.1/tests/suite/programs/build_standard_dataset.c:257:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *varblock_datas[nvar]; data/adios-1.13.1/tests/suite/programs/build_standard_dataset.c:260:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. varblock_datas[var] = (const char *)varblocks_by_var[var]; data/adios-1.13.1/tests/suite/programs/build_standard_dataset.c:305:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *filename_prefix, data/adios-1.13.1/tests/suite/programs/build_standard_dataset.c:306:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *transform_name, data/adios-1.13.1/tests/suite/programs/build_standard_dataset.c:355:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *VARNAMES[NUM_VARS] = { "temp" }; data/adios-1.13.1/tests/suite/programs/build_standard_dataset.c:443:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *VARNAMES[NUM_VARS] = { "temp" }; data/adios-1.13.1/tests/suite/programs/build_standard_dataset.c:501:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *VARNAMES[NUM_VARS] = { "temp" }; data/adios-1.13.1/tests/suite/programs/build_standard_dataset.c:559:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *VARNAMES[NUM_VARS] = { "temp" }; data/adios-1.13.1/tests/suite/programs/build_standard_dataset.c:677:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *VARNAMES[NUM_VARS] = { "temp" }; data/adios-1.13.1/tests/suite/programs/examples/attributes/attributes_write_C.c:16:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/tests/suite/programs/examples/attributes/attributes_write_C.c:39:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (filename, "attributes_C.bp"); data/adios-1.13.1/tests/suite/programs/examples/global_array/global_array_aggregate_by_color_C.c:34:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/tests/suite/programs/examples/global_array/global_array_aggregate_by_color_C.c:35:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char color_str[256]; data/adios-1.13.1/tests/suite/programs/examples/global_array/global_array_aggregate_by_color_C.c:50:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (filename, "global_array_aggregate_by_color_C.bp"); data/adios-1.13.1/tests/suite/programs/examples/global_array/global_array_aggregate_by_color_C.c:62:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (color_str, "color=%d", color); data/adios-1.13.1/tests/suite/programs/examples/global_array/global_array_write_C.c:21:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/tests/suite/programs/examples/global_array/global_array_write_C.c:38:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (filename, "global_array_C.bp"); data/adios-1.13.1/tests/suite/programs/examples/global_array/global_array_write_byid_noxml_C.c:34:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/tests/suite/programs/examples/global_array/global_array_write_byid_noxml_C.c:40:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char g_str[100], o_str[100], l_str[100]; data/adios-1.13.1/tests/suite/programs/examples/global_array/global_array_write_byid_noxml_C.c:53:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (g_str, "%d", gb); data/adios-1.13.1/tests/suite/programs/examples/global_array/global_array_write_byid_noxml_C.c:54:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (l_str, "%d", NX); data/adios-1.13.1/tests/suite/programs/examples/global_array/global_array_write_byid_noxml_C.c:56:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (filename, "global_array_byid_noxml_C.bp"); data/adios-1.13.1/tests/suite/programs/examples/global_array/global_array_write_byid_noxml_C.c:71:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (o_str, "%d", offset); data/adios-1.13.1/tests/suite/programs/examples/global_array/global_array_write_noxml_C.c:34:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/tests/suite/programs/examples/global_array/global_array_write_noxml_C.c:50:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (filename, "global_array_noxml_C.bp"); data/adios-1.13.1/tests/suite/programs/examples/global_array_time/global_array_time_write_C.c:14:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/tests/suite/programs/examples/global_array_time/global_array_time_write_C.c:32:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (filename, "global_array_time_C.bp"); data/adios-1.13.1/tests/suite/programs/examples/global_array_time/global_array_time_write_multifile_C.c:14:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/tests/suite/programs/examples/global_array_time/global_array_time_write_multifile_C.c:21:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mode[2] = "w"; data/adios-1.13.1/tests/suite/programs/examples/global_array_time/global_array_time_write_multifile_C.c:49:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (filename, "global_array_time_C_%d.bp", fidx); data/adios-1.13.1/tests/suite/programs/examples/local_array/local_array_read_C.c:25:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/tests/suite/programs/examples/local_array/local_array_read_C.c:41:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (filename, "local_array_C.bp"); data/adios-1.13.1/tests/suite/programs/examples/local_array/local_array_write_C.c:20:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/tests/suite/programs/examples/local_array/local_array_write_C.c:40:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (filename, "local_array_C.bp"); data/adios-1.13.1/tests/suite/programs/examples/scalars/scalars_read_C.c:31:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/tests/suite/programs/examples/scalars/scalars_read_C.c:50:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char v11[256]; data/adios-1.13.1/tests/suite/programs/examples/scalars/scalars_read_C.c:63:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* outf = fopen ("c_read.txt", "w"); data/adios-1.13.1/tests/suite/programs/examples/scalars/scalars_read_C.c:64:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (filename, "scalars_C.bp"); data/adios-1.13.1/tests/suite/programs/examples/scalars/scalars_write_C.c:31:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/tests/suite/programs/examples/scalars/scalars_write_C.c:64:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (filename, "scalars_C.bp"); data/adios-1.13.1/tests/suite/programs/joinedarray.c:133:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char write_method[16]; data/adios-1.13.1/tests/suite/programs/joinedarray.c:160:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(write_method,"MPI"); data/adios-1.13.1/tests/suite/programs/joinedarray.c:163:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(write_method,"DATASPACES"); data/adios-1.13.1/tests/suite/programs/local_array_time.c:26:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char basedatapath[256] ; // data output files' starting path (without varname) data/adios-1.13.1/tests/suite/programs/local_array_time.c:27:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char baseimgpath[256] ; // image output files' starting path (without varname) data/adios-1.13.1/tests/suite/programs/local_array_time.c:28:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outpath1[256] ; // data output files' starting path (can be extended with subdirs, names, indexes) data/adios-1.13.1/tests/suite/programs/local_array_time.c:29:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outpath2[256] ; // image output files' starting path (can be extended with subdirs, names, indexes) data/adios-1.13.1/tests/suite/programs/local_array_time.c:30:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char title[256]; // Title of the (single) plot data/adios-1.13.1/tests/suite/programs/local_array_time.c:31:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char subtitle[256]; // subtitle of the (single) plot data/adios-1.13.1/tests/suite/programs/local_array_time.c:32:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xname[256]; // force to plot this as X axis string data/adios-1.13.1/tests/suite/programs/local_array_time.c:33:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char varname [100]; // variable name data/adios-1.13.1/tests/suite/programs/local_array_time.c:34:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vardirpath[256]; // variable path for a variable name data/adios-1.13.1/tests/suite/programs/local_array_time.c:35:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char txtpath[256]; // text path for a text file to be registered data/adios-1.13.1/tests/suite/programs/local_array_time.c:36:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char datapath[256]; // data path for a data file to be registered data/adios-1.13.1/tests/suite/programs/local_array_time.c:37:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char longvarname[256]; data/adios-1.13.1/tests/suite/programs/local_array_time.c:49:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/tests/suite/programs/local_array_time.c:65:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(filename, "local_array_time.bp"); data/adios-1.13.1/tests/suite/programs/local_array_time.c:143:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[256]; data/adios-1.13.1/tests/suite/programs/local_array_time.c:146:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xstr[128], ystr[128]; data/adios-1.13.1/tests/suite/programs/local_array_time.c:153:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((f = fopen(fn,"w")) == NULL) { data/adios-1.13.1/tests/suite/programs/local_array_time.c:163:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( xstr, "%g", x[i] ); data/adios-1.13.1/tests/suite/programs/local_array_time.c:164:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( ystr, "%g", y[i] ); data/adios-1.13.1/tests/suite/programs/many_vars.c:75:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fmt[16]; data/adios-1.13.1/tests/suite/programs/many_vars.c:76:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (fmt, "v%%%d.%dd",digit,digit); data/adios-1.13.1/tests/suite/programs/reuse_dim.c:130:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/tests/suite/programs/reuse_dim.c:136:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (filename, "reuse_dim.bp"); data/adios-1.13.1/tests/suite/programs/selections.c:134:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char write_method[16]; data/adios-1.13.1/tests/suite/programs/selections.c:160:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(write_method,"MPI"); data/adios-1.13.1/tests/suite/programs/selections.c:163:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(write_method,"DATASPACES"); data/adios-1.13.1/tests/suite/programs/set_path.c:130:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char newpath[128]; data/adios-1.13.1/tests/suite/programs/set_path.c:131:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (newpath, "/data/vars_%d", varid); data/adios-1.13.1/tests/suite/programs/set_path.c:244:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char varpath[128]; data/adios-1.13.1/tests/suite/programs/set_path_var.c:130:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char newpath[128]; data/adios-1.13.1/tests/suite/programs/set_path_var.c:131:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (newpath, "/data/var_%d", varid); data/adios-1.13.1/tests/suite/programs/set_path_var.c:140:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char varpath[128]; data/adios-1.13.1/tests/suite/programs/set_path_var.c:263:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char varpath[128]; data/adios-1.13.1/tests/suite/programs/steps_read_file.c:121:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gdims[256], ldims[256], offs[256]; data/adios-1.13.1/tests/suite/programs/steps_read_stream.c:155:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gdims[256], ldims[256], offs[256]; data/adios-1.13.1/tests/suite/programs/steps_write.c:16:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename [256]; data/adios-1.13.1/tests/suite/programs/steps_write.c:25:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char t[NX][Width]; data/adios-1.13.1/tests/suite/programs/steps_write.c:39:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (filename, "steps.bp"); data/adios-1.13.1/tests/suite/programs/steps_write.c:76:21: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (t[i], "r%2d b%2d s%2d i%2d ", rank, block, step, i); data/adios-1.13.1/tests/suite/programs/test_singlevalue.c:112:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gdimstr[32], ldimstr[32], offsstr[32]; data/adios-1.13.1/tests/suite/programs/test_singlevalue.c:113:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(gdimstr, "%d", gdim1); data/adios-1.13.1/tests/suite/programs/test_singlevalue.c:114:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ldimstr, "%d", ldim1); data/adios-1.13.1/tests/suite/programs/test_singlevalue.c:115:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(offsstr, "%d", offs1); data/adios-1.13.1/tests/suite/programs/zerolength.c:29:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char fname[256]; data/adios-1.13.1/tests/suite/programs/zerolength.c:68:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char transformstr[256]; data/adios-1.13.1/tests/test_src/copy_subvolume.c:105:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ndims = atoi(argv[0]); data/adios-1.13.1/tests/test_src/copy_subvolume.c:106:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nvolumes = atoi(argv[1]); data/adios-1.13.1/tests/test_src/copy_subvolume.c:176:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(final_volume, volumes[0], prod(ndims, volume_dims + 0*ndims)); data/adios-1.13.1/tests/test_src/copy_subvolume.c:238:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *argv[256]; data/adios-1.13.1/tests/test_src/group_free_test.c:37:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char g_str[100], o_str[100], l_str[100]; data/adios-1.13.1/tests/test_src/group_free_test.c:38:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char groupname[256]; data/adios-1.13.1/tests/test_src/group_free_test.c:45:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (g_str, "%d", gb); data/adios-1.13.1/tests/test_src/group_free_test.c:46:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (l_str, "%d", NX); data/adios-1.13.1/tests/test_src/group_free_test.c:57:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (groupname, "group%1.1d", j); data/adios-1.13.1/tests/test_src/group_free_test.c:64:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (o_str, "%d", offset); data/adios-1.13.1/tests/test_src/hashtest.c:52:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fmt[16]; data/adios-1.13.1/tests/test_src/hashtest.c:53:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (fmt, "p%%%d.%dd",digit,digit); data/adios-1.13.1/tests/test_src/hashtest.c:68:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (fmt, "v%%%d.%dd",digit,digit); data/adios-1.13.1/tests/test_src/test_strutil.c:20:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * dims1[1] = {"a"}; data/adios-1.13.1/tests/test_src/test_strutil.c:28:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * dims2[2] = {"abc","efg"}; data/adios-1.13.1/tests/test_src/test_strutil.c:37:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * dims3[1] = {"a"}; data/adios-1.13.1/tests/test_src/test_strutil.c:45:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * dims4[2] = {"a\tb", "c\td"}; data/adios-1.13.1/utils/bp2ascii/bp2ascii.c:38:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newfilename [256]; data/adios-1.13.1/utils/bp2ascii/bp2ascii.c:57:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (newfilename, ".dat"); data/adios-1.13.1/utils/bp2ascii/bp2ascii.c:79:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outf = fopen (newfilename, "w"); data/adios-1.13.1/utils/bp2bp/bp2bp.c:77:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gbounds[1007], lbounds[1007], offs[1007],tstring[100]; data/adios-1.13.1/utils/bp2bp/bp2bp.c:139:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). read_buffer = atoi(argv[3]); data/adios-1.13.1/utils/bp2bp/bp2bp.c:140:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). write_buffer = atoi(argv[4]); data/adios-1.13.1/utils/bp2bp/bp2bp.c:171:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lustre_pars[1000]; data/adios-1.13.1/utils/bp2bp/bp2bp.c:173:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(lustre_pars, "stripe_count="); data/adios-1.13.1/utils/bp2bp/bp2bp.c:174:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tstring, "%d", atoi(argv[6])); data/adios-1.13.1/utils/bp2bp/bp2bp.c:174:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sprintf(tstring, "%d", atoi(argv[6])); data/adios-1.13.1/utils/bp2bp/bp2bp.c:176:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(lustre_pars, ",stripe_size="); data/adios-1.13.1/utils/bp2bp/bp2bp.c:177:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tstring, "%d", atoi(argv[7])); data/adios-1.13.1/utils/bp2bp/bp2bp.c:177:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sprintf(tstring, "%d", atoi(argv[7])); data/adios-1.13.1/utils/bp2bp/bp2bp.c:179:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(lustre_pars, ",block_size="); data/adios-1.13.1/utils/bp2bp/bp2bp.c:180:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tstring, "%d", atoi(argv[8])); data/adios-1.13.1/utils/bp2bp/bp2bp.c:180:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sprintf(tstring, "%d", atoi(argv[8])); data/adios-1.13.1/utils/bp2bp/bp2bp.c:232:21: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tstring, "%" PRId64 ",", c[j]); data/adios-1.13.1/utils/bp2bp/bp2bp.c:287:29: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tstring, "%d,", (int)v->dims[j]); data/adios-1.13.1/utils/bp2bp/bp2bp.c:290:29: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tstring, "ldim%d,", j); data/adios-1.13.1/utils/bp2bp/bp2bp.c:293:29: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tstring, "offs%d,", j); data/adios-1.13.1/utils/bp2bp/bp2bp.c:297:25: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tstring, "%d", (int)v->dims[v->ndim-1]); data/adios-1.13.1/utils/bp2bp/bp2bp.c:300:25: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tstring, "ldim%d", v->ndim-1); data/adios-1.13.1/utils/bp2bp/bp2bp.c:303:25: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tstring, "offs%d", v->ndim-1); data/adios-1.13.1/utils/bp2bp/bp2bp.c:309:29: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tstring, "ldim%d", j); data/adios-1.13.1/utils/bp2bp/bp2bp.c:312:29: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tstring, "offs%d", j); data/adios-1.13.1/utils/bp2bp/bp2bp.c:323:33: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tstring, "%" PRId64 ",", ts[j]); data/adios-1.13.1/utils/bp2bp/bp2bp.c:325:33: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tstring, "%" PRId64 ",", uc[j]); data/adios-1.13.1/utils/bp2bp/bp2bp.c:518:33: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tstring, "ldim%d", k); data/adios-1.13.1/utils/bp2bp/bp2bp.c:528:33: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tstring, "offs%d", k); data/adios-1.13.1/utils/bp2bp/bp2bp.c:1047:40: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. printf ("%hhu", ((unsigned char *) data)[item]); data/adios-1.13.1/utils/bp2bp/bp2bp.c:1050:38: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. printf ("%hhd", ((signed char *) data)[item]); data/adios-1.13.1/utils/bp2h5/bp2h5.c:56:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char format[32]; // format string for one data element (e.g. %6.2f) data/adios-1.13.1/utils/bp2h5/bp2h5.c:99:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char h5name[256],aname[256],fname[256]; data/adios-1.13.1/utils/bp2h5/bp2h5.c:226:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s [100]; data/adios-1.13.1/utils/bp2h5/bp2h5.c:233:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%u", ((uint8_t *) data)[idx]); data/adios-1.13.1/utils/bp2h5/bp2h5.c:237:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%d", ((int8_t *) data)[idx]); data/adios-1.13.1/utils/bp2h5/bp2h5.c:241:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%hd", ((int16_t *) data)[idx]); data/adios-1.13.1/utils/bp2h5/bp2h5.c:245:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%hu", ((uint16_t *) data)[idx]); data/adios-1.13.1/utils/bp2h5/bp2h5.c:249:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%d", ((int32_t *) data)[idx]); data/adios-1.13.1/utils/bp2h5/bp2h5.c:253:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%u", ((uint32_t *) data)[idx]); data/adios-1.13.1/utils/bp2h5/bp2h5.c:265:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%g", ((float *) data)[idx]); data/adios-1.13.1/utils/bp2h5/bp2h5.c:269:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%lg", ((double *) data)[idx]); data/adios-1.13.1/utils/bp2h5/bp2h5.c:273:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%Lg", ((long double *) data)[idx]); data/adios-1.13.1/utils/bp2h5/bp2h5.c:285:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "(%g, %g)", data/adios-1.13.1/utils/bp2h5/bp2h5.c:290:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "(%lg, %lg)", data/adios-1.13.1/utils/bp2ncd/bp2ncd.c:26:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dimname[256]; data/adios-1.13.1/utils/bp2ncd/bp2ncd.c:32:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (dest, src, sizeof(struct adios_bp_buffer_struct_v1)); data/adios-1.13.1/utils/bp2ncd/bp2ncd.c:76:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fullname[255]; data/adios-1.13.1/utils/bp2ncd/bp2ncd.c:224:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fullname[256],dimname[256]; data/adios-1.13.1/utils/bp2ncd/bp2ncd.c:660:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char out_fname [256]; data/adios-1.13.1/utils/bp2ncd/bp2ncd.c:682:11: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(out_fname, ".nc"); data/adios-1.13.1/utils/bp2ncd/bp2ncd.h:20:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char varname[256]; data/adios-1.13.1/utils/bp2ncd/bp2ncd.h:31:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (dest, src, sizeof(struct adios_bp_buffer_struct_v1)); data/adios-1.13.1/utils/bpdiff/bpdiff.c:43:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char infilename1[256]; // File1 data/adios-1.13.1/utils/bpdiff/bpdiff.c:44:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char infilename2[256]; // File2 data/adios-1.13.1/utils/bpdiff/bpdiff.c:45:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fuzzfactor[256]; //fuzz factor data/adios-1.13.1/utils/bpdiff/bpdiff.c:46:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outfilename[256]; // File to write data/adios-1.13.1/utils/bpdiff/bpdiff.c:47:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char methodname[16]; // ADIOS write method data/adios-1.13.1/utils/bpdiff/bpdiff.c:48:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char methodparams[256]; // ADIOS write method data/adios-1.13.1/utils/bpdiff/bpdiff.c:380:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if(((unsigned char *) data1)[item] != ((unsigned char *) data2)[item] )//not identical data/adios-1.13.1/utils/bpdiff/bpdiff.c:380:63: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if(((unsigned char *) data1)[item] != ((unsigned char *) data2)[item] )//not identical data/adios-1.13.1/utils/bpdiff/bpdiff.c:382:83: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. print("%s : %hhu in %s | %hhu in %s\n", variable_name, ((unsigned char *) data1)[item], infilename1, ((unsigned char *) data2)[item], infilename2); data/adios-1.13.1/utils/bpdiff/bpdiff.c:382:129: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. print("%s : %hhu in %s | %hhu in %s\n", variable_name, ((unsigned char *) data1)[item], infilename1, ((unsigned char *) data2)[item], infilename2); data/adios-1.13.1/utils/bpdiff/bpdiff.c:387:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if(((signed char *) data1)[item] != ((signed char *) data2)[item])//not identical data/adios-1.13.1/utils/bpdiff/bpdiff.c:387:58: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if(((signed char *) data1)[item] != ((signed char *) data2)[item])//not identical data/adios-1.13.1/utils/bpdiff/bpdiff.c:389:81: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. print("%s : %hhd in %s | %hhd in %s\n", variable_name, ((signed char *) data1)[item], infilename1, ((signed char *) data2)[item], infilename2); data/adios-1.13.1/utils/bpdiff/bpdiff.c:389:125: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. print("%s : %hhd in %s | %hhd in %s\n", variable_name, ((signed char *) data1)[item], infilename1, ((signed char *) data2)[item], infilename2); data/adios-1.13.1/utils/bpdiff/decompose_block.c:56:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ints[256]; data/adios-1.13.1/utils/bpdiff/utils.c:19:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char v[32]; data/adios-1.13.1/utils/bpdiff/utils.c:24:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s,"%d", values[0]); data/adios-1.13.1/utils/bpdiff/utils.c:27:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (v,",%d", values[i]); data/adios-1.13.1/utils/bpdiff/utils.c:35:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char v[32]; data/adios-1.13.1/utils/bpdiff/utils.c:51:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s [100]; data/adios-1.13.1/utils/bpdiff/utils.c:58:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%u", ((uint8_t *) data)[idx]); data/adios-1.13.1/utils/bpdiff/utils.c:62:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%d", ((int8_t *) data)[idx]); data/adios-1.13.1/utils/bpdiff/utils.c:66:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%hd", ((int16_t *) data)[idx]); data/adios-1.13.1/utils/bpdiff/utils.c:70:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%hu", ((uint16_t *) data)[idx]); data/adios-1.13.1/utils/bpdiff/utils.c:74:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%d", ((int32_t *) data)[idx]); data/adios-1.13.1/utils/bpdiff/utils.c:78:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%u", ((uint32_t *) data)[idx]); data/adios-1.13.1/utils/bpdiff/utils.c:90:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%g", ((float *) data)[idx]); data/adios-1.13.1/utils/bpdiff/utils.c:94:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%lg", ((double *) data)[idx]); data/adios-1.13.1/utils/bpdiff/utils.c:98:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%Lg", ((long double *) data)[idx]); data/adios-1.13.1/utils/bpdiff/utils.c:106:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "(%g, %g)", data/adios-1.13.1/utils/bpdiff/utils.c:111:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "(%lg, %lg)", data/adios-1.13.1/utils/bpdiff/utils.c:116:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "unknown"); data/adios-1.13.1/utils/bpdump/bpdump.c:395:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s [100]; data/adios-1.13.1/utils/bpdump/bpdump.c:404:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%u", p [element]); data/adios-1.13.1/utils/bpdump/bpdump.c:411:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%d", p [element]); data/adios-1.13.1/utils/bpdump/bpdump.c:418:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%hd", p [element]); data/adios-1.13.1/utils/bpdump/bpdump.c:425:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%uh", p [element]); data/adios-1.13.1/utils/bpdump/bpdump.c:432:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%d", p [element]); data/adios-1.13.1/utils/bpdump/bpdump.c:439:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%u", p [element]); data/adios-1.13.1/utils/bpdump/bpdump.c:460:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%f", p [element]); data/adios-1.13.1/utils/bpdump/bpdump.c:467:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%le", p [element]); data/adios-1.13.1/utils/bpdump/bpdump.c:474:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%Le", p [element]); data/adios-1.13.1/utils/bpdump/bpdump.c:490:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "(%g %g)", p [element * 2 + 0] data/adios-1.13.1/utils/bpdump/bpdump.c:499:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "(%lf %lf)", p [element * 2 + 0] data/adios-1.13.1/utils/bpls/bpls.c:47:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *varmask[MAX_MASKS]; // can have many -var masks (either shell patterns or extended regular expressions) data/adios-1.13.1/utils/bpls/bpls.c:53:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char format[32]; // format string for one data element (e.g. %6.2f) data/adios-1.13.1/utils/bpls/bpls.c:471:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char digitstr[32]; data/adios-1.13.1/utils/bpls/bpls.c:925:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char init_params[128]; data/adios-1.13.1/utils/bpls/bpls.c:933:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (init_params, "verbose=%d", adios_verbose); data/adios-1.13.1/utils/bpls/bpls.c:935:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (init_params, ";show_hidden_attrs"); data/adios-1.13.1/utils/bpls/bpls.c:1013:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hist_file[256], gnuplot_file[256]; data/adios-1.13.1/utils/bpls/bpls.c:1015:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xtics[512], str[512]; data/adios-1.13.1/utils/bpls/bpls.c:1019:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hist_file, varname, strlen(varname) + 1); data/adios-1.13.1/utils/bpls/bpls.c:1020:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(hist_file, ".hist"); data/adios-1.13.1/utils/bpls/bpls.c:1022:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((out_hist = fopen(hist_file,"w")) == NULL) { data/adios-1.13.1/utils/bpls/bpls.c:1028:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gnuplot_file, varname, strlen(varname) + 1); data/adios-1.13.1/utils/bpls/bpls.c:1029:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(gnuplot_file, ".gpl"); data/adios-1.13.1/utils/bpls/bpls.c:1031:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((out_plot = fopen(gnuplot_file,"w")) == NULL) { data/adios-1.13.1/utils/bpls/bpls.c:1038:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(xtics, "set xtics offset start axis ("); data/adios-1.13.1/utils/bpls/bpls.c:1044:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "\"-Inf\" pos(%d)", i); data/adios-1.13.1/utils/bpls/bpls.c:1049:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, ", \"%.2lf\" pos(%d)", h->breaks[i - 1], i); data/adios-1.13.1/utils/bpls/bpls.c:1054:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, ", \"Inf\" pos(%d)", i); data/adios-1.13.1/utils/bpls/bpls.c:1058:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(xtics, ")\n"); data/adios-1.13.1/utils/bpls/bpls.c:1686:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((outf = fopen(fname,"w")) == NULL) { data/adios-1.13.1/utils/bpls/bpls.c:1897:60: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. fprintf(outf,(f ? format : "%hhu"), ((unsigned char *) data)[item]); data/adios-1.13.1/utils/bpls/bpls.c:1900:58: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. fprintf(outf,(f ? format : "%hhd"), ((signed char *) data)[item]); data/adios-1.13.1/utils/bpls/bpls.c:1966:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char idxstr[128], buf[16]; data/adios-1.13.1/utils/bpls/bpls.c:1990:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(idxstr,") "); data/adios-1.13.1/utils/bpls/bpls.c:2230:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/adios-1.13.1/utils/bpmeta/bpmeta.c:309:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = open (fname, O_CREAT | O_WRONLY | O_TRUNC, 0644); data/adios-1.13.1/utils/bpmeta/bpmeta.c:373:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[256]; data/adios-1.13.1/utils/bpmeta/bpmeta.c:465:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pattern[256]; data/adios-1.13.1/utils/bpmeta/bpmeta.c:731:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/adios-1.13.1/utils/bpmeta/bpmeta.c:778:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&new_ch[newidx], &old_ch[oldidx], data/adios-1.13.1/utils/bprecover/bprecover.c:208:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gname[MAX_GROUP_NAME_LENGTH]; data/adios-1.13.1/utils/bprecover/bprecover.c:209:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (gname, buf+offset, namelen); data/adios-1.13.1/utils/bprecover/bprecover.c:237:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[N_READ_AHEAD]; // temporary buffer to read data in and parse for info data/adios-1.13.1/utils/bprecover/bprecover.c:383:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&v_index->characteristics[0].transform, data/adios-1.13.1/utils/bprecover/bprecover.c:393:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (v_index->characteristics [0].value, var_payload->payload, size); data/adios-1.13.1/utils/bprecover/bprecover.c:397:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (v_index->characteristics [0].value, var_payload->payload, size); data/adios-1.13.1/utils/bprecover/bprecover.c:499:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open (filename, flags); data/adios-1.13.1/utils/bprecover/bprecover.c:655:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s [100]; data/adios-1.13.1/utils/bprecover/bprecover.c:664:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%u", p [element]); data/adios-1.13.1/utils/bprecover/bprecover.c:671:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%d", p [element]); data/adios-1.13.1/utils/bprecover/bprecover.c:678:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%hd", p [element]); data/adios-1.13.1/utils/bprecover/bprecover.c:685:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%uh", p [element]); data/adios-1.13.1/utils/bprecover/bprecover.c:692:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%d", p [element]); data/adios-1.13.1/utils/bprecover/bprecover.c:699:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%u", p [element]); data/adios-1.13.1/utils/bprecover/bprecover.c:720:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%f", p [element]); data/adios-1.13.1/utils/bprecover/bprecover.c:727:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%le", p [element]); data/adios-1.13.1/utils/bprecover/bprecover.c:734:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "%Le", p [element]); data/adios-1.13.1/utils/bprecover/bprecover.c:750:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "(%g %g)", p [element * 2 + 0] data/adios-1.13.1/utils/bprecover/bprecover.c:759:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "(%lf %lf)", p [element * 2 + 0] data/adios-1.13.1/utils/bpsplit/bpappend.c:48:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). # define open64 open data/adios-1.13.1/utils/bpsplit/bpappend.c:270:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[COPYBUFSIZE]; data/adios-1.13.1/utils/bpsplit/bpappend.c:450:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[COPYBUFSIZE]; data/adios-1.13.1/utils/bpsplit/bpsplit.c:48:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). # define open64 open data/adios-1.13.1/utils/bpsplit/bpsplit.c:300:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). rf = fopen( recordfile, "r"); data/adios-1.13.1/utils/bpsplit/bpsplit.c:324:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). rf = fopen( recordfile, "w"); data/adios-1.13.1/utils/bpsplit/bpsplit.c:549:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[COPYBUFSIZE]; data/adios-1.13.1/utils/fastbit/adios_index_fastbit.c:11:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gVarNameFastbitIdxKey[10] = "key"; data/adios-1.13.1/utils/fastbit/adios_index_fastbit.c:12:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gVarNameFastbitIdxOffset[10] = "offsets"; data/adios-1.13.1/utils/fastbit/adios_index_fastbit.c:13:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gVarNameFastbitIdxBms[10] = "bms"; data/adios-1.13.1/utils/fastbit/adios_index_fastbit.c:15:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gGroupNameFastbitIdx[20] = "notNamed"; data/adios-1.13.1/utils/fastbit/adios_index_fastbit.c:48:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char offsetStr[100] = ""; data/adios-1.13.1/utils/fastbit/adios_index_fastbit.c:53:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dimStr[100]; data/adios-1.13.1/utils/fastbit/adios_index_fastbit.c:62:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char offsetStr[100] = ""; data/adios-1.13.1/utils/fastbit/adios_index_fastbit.c:67:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dimStr[100]; data/adios-1.13.1/utils/fastbit/adios_index_fastbit.c:324:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char selName[100]; data/adios-1.13.1/utils/fastbit/adios_index_fastbit.c:325:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(selName, "block-%d..%d", blockStart, blockEnd); data/adios-1.13.1/utils/fastbit/adios_index_fastbit.c:364:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char selName[100]; data/adios-1.13.1/utils/fastbit/adios_index_fastbit.c:365:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(selName, "box-%lu", start[0]); data/adios-1.13.1/utils/fastbit/adios_index_fastbit.c:392:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bmsVarName[100]; data/adios-1.13.1/utils/fastbit/adios_index_fastbit.c:393:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keyVarName[100]; data/adios-1.13.1/utils/fastbit/adios_index_fastbit.c:394:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char offsetName[100]; data/adios-1.13.1/utils/fastbit/adios_index_fastbit.c:456:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bmsVarName[100]; data/adios-1.13.1/utils/fastbit/adios_index_fastbit.c:457:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keyVarName[100]; data/adios-1.13.1/utils/fastbit/adios_index_fastbit.c:458:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char offsetName[100]; data/adios-1.13.1/utils/fastbit/adios_index_fastbit.c:464:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(bmsVarName, "bms-%d-%d-%d", v->varid, i, j); data/adios-1.13.1/utils/fastbit/adios_index_fastbit.c:465:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(keyVarName, "key-%d-%d-%d", v->varid, i, j); data/adios-1.13.1/utils/fastbit/adios_index_fastbit.c:466:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(offsetName, "offset-%d-%d-%d", v->varid, i, j); data/adios-1.13.1/utils/fastbit/adios_index_fastbit.c:472:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char notes[100]; data/adios-1.13.1/utils/fastbit/adios_index_fastbit.c:475:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(notes, " reading data from adios on varid=%d, time=%d, block: %d, size=%ld bytes=%ld", v->varid, i, j, blockSize, blockDataByteSize); data/adios-1.13.1/utils/fastbit/adios_index_fastbit.c:497:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char selName[20]; data/adios-1.13.1/utils/fastbit/adios_index_fastbit.c:498:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(selName, "block-%d", j); data/adios-1.13.1/utils/skel/src/skel_xml_output.c:96:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* f = fopen (filename, "a"); data/adios-1.13.1/utils/skeldump/skeldump.c:51:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *varmask[MAX_MASKS]; // can have many -var masks (either shell patterns or extended regular expressions) data/adios-1.13.1/utils/skeldump/skeldump.c:57:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char format[32]; // format string for one data element (e.g. %6.2f) data/adios-1.13.1/utils/skeldump/skeldump.c:458:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char digitstr[32]; data/adios-1.13.1/utils/skeldump/skeldump.c:791:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char init_params[128]; data/adios-1.13.1/utils/skeldump/skeldump.c:796:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (init_params, "verbose=2"); data/adios-1.13.1/utils/skeldump/skeldump.c:798:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (init_params, ";show_hidden_attrs"); data/adios-1.13.1/utils/skeldump/skeldump.c:871:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hist_file[256], gnuplot_file[256]; data/adios-1.13.1/utils/skeldump/skeldump.c:873:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xtics[512], str[512]; data/adios-1.13.1/utils/skeldump/skeldump.c:877:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hist_file, varname, strlen(varname) + 1); data/adios-1.13.1/utils/skeldump/skeldump.c:878:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(hist_file, ".hist"); data/adios-1.13.1/utils/skeldump/skeldump.c:880:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((out_hist = fopen(hist_file,"w")) == NULL) { data/adios-1.13.1/utils/skeldump/skeldump.c:886:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gnuplot_file, varname, strlen(varname) + 1); data/adios-1.13.1/utils/skeldump/skeldump.c:887:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(gnuplot_file, ".gpl"); data/adios-1.13.1/utils/skeldump/skeldump.c:889:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((out_plot = fopen(gnuplot_file,"w")) == NULL) { data/adios-1.13.1/utils/skeldump/skeldump.c:896:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(xtics, "set xtics offset start axis ("); data/adios-1.13.1/utils/skeldump/skeldump.c:902:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "\"-Inf\" pos(%d)", i); data/adios-1.13.1/utils/skeldump/skeldump.c:907:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, ", \"%.2lf\" pos(%d)", h->breaks[i - 1], i); data/adios-1.13.1/utils/skeldump/skeldump.c:912:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, ", \"Inf\" pos(%d)", i); data/adios-1.13.1/utils/skeldump/skeldump.c:916:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(xtics, ")\n"); data/adios-1.13.1/utils/skeldump/skeldump.c:1315:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((outf = fopen(fname,"w")) == NULL) { data/adios-1.13.1/utils/skeldump/skeldump.c:1528:61: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. fprintf(outf,(f ? format : "%hhu "), ((unsigned char *) data)[item]); data/adios-1.13.1/utils/skeldump/skeldump.c:1531:59: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. fprintf(outf,(f ? format : "%hhd "), ((signed char *) data)[item]); data/adios-1.13.1/utils/skeldump/skeldump.c:1594:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char idxstr[128], buf[16]; data/adios-1.13.1/utils/skeldump/skeldump.c:1618:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(idxstr,") "); data/adios-1.13.1/utils/skeldump/skeldump.c:1748:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/adios-1.13.1/wrappers/matlab/adiosclosec.c:33:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[512]; /* error messages from function calls */ data/adios-1.13.1/wrappers/matlab/adiosopenc.c:63:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[512]; /* error messages from function calls */ data/adios-1.13.1/wrappers/matlab/adiosopenc.c:315:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( mxGetData(arr), data, mxGetElementSize(arr)); data/adios-1.13.1/wrappers/matlab/adiosreadc.c:53:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[512]; /* error messages from function calls */ data/adios-1.13.1/wrappers/matlab/adiosreadc.c:227:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[512]; data/adios-1.13.1/wrappers/numpy/adios.cpp:669:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ascii_chars[128]; data/adios-1.13.1/wrappers/numpy/adios.cpp:4184:77: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. __pyx_t_5 = PyBytes_AsString(__pyx_v_bstr); if (unlikely(__pyx_t_5 == ((char *)NULL))) __PYX_ERR(0, 75, __pyx_L1_error) data/adios-1.13.1/wrappers/numpy/adios.cpp:29718:49: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. __pyx_t_5 = __Pyx_PyBytes_FromString((((char **)__pyx_v_p)[__pyx_v_i])); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 1775, __pyx_L1_error) data/adios-1.13.1/wrappers/numpy/adios.cpp:58180:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ctversion[4], rtversion[4]; data/adios-1.13.1/wrappers/numpy/adios.cpp:58184:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[200]; data/adios-1.13.1/wrappers/numpy/adios.cpp:58221:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char warning[200]; data/adios-1.13.1/wrappers/numpy/adios_mpi.cpp:671:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ascii_chars[128]; data/adios-1.13.1/wrappers/numpy/adios_mpi.cpp:4535:77: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. __pyx_t_5 = PyBytes_AsString(__pyx_v_bstr); if (unlikely(__pyx_t_5 == ((char *)NULL))) __PYX_ERR(0, 75, __pyx_L1_error) data/adios-1.13.1/wrappers/numpy/adios_mpi.cpp:30150:49: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. __pyx_t_5 = __Pyx_PyBytes_FromString((((char **)__pyx_v_p)[__pyx_v_i])); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 1774, __pyx_L1_error) data/adios-1.13.1/wrappers/numpy/adios_mpi.cpp:58604:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ctversion[4], rtversion[4]; data/adios-1.13.1/wrappers/numpy/adios_mpi.cpp:58608:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[200]; data/adios-1.13.1/wrappers/numpy/adios_mpi.cpp:58645:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char warning[200]; data/adios-1.13.1/examples/C/schema/rectilinear2d.c:45:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(npx_str, argv[1], sizeof(npx_str)); data/adios-1.13.1/examples/C/schema/rectilinear2d.c:46:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(npy_str, argv[2], sizeof(npy_str)); data/adios-1.13.1/examples/C/schema/rectilinear2d_noxml.c:44:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(npx_str, argv[1], sizeof(npx_str)); data/adios-1.13.1/examples/C/schema/rectilinear2d_noxml.c:45:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(npy_str, argv[2], sizeof(npy_str)); data/adios-1.13.1/examples/C/schema/structured2d.c:45:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(npx_str, argv[1], sizeof(npx_str)); data/adios-1.13.1/examples/C/schema/structured2d.c:46:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(npy_str, argv[2], sizeof(npy_str)); data/adios-1.13.1/examples/C/schema/structured2d_noxml.c:44:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(npx_str, argv[1], sizeof(npx_str)); data/adios-1.13.1/examples/C/schema/structured2d_noxml.c:45:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(npy_str, argv[2], sizeof(npy_str)); data/adios-1.13.1/examples/C/schema/tri2d.c:45:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(npx_str, argv[1], sizeof(npx_str)); data/adios-1.13.1/examples/C/schema/tri2d.c:46:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(npy_str, argv[2], sizeof(npy_str)); data/adios-1.13.1/examples/C/schema/tri2d_noxml.c:44:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(npx_str, argv[1], sizeof(npx_str)); data/adios-1.13.1/examples/C/schema/tri2d_noxml.c:45:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(npy_str, argv[2], sizeof(npy_str)); data/adios-1.13.1/examples/C/schema/uniform2d.c:46:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(npx_str, argv[1], sizeof(npx_str)); data/adios-1.13.1/examples/C/schema/uniform2d.c:47:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(npy_str, argv[2], sizeof(npy_str)); data/adios-1.13.1/examples/C/schema/uniform2d_noxml.c:44:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(npx_str, argv[1], sizeof(npx_str)); data/adios-1.13.1/examples/C/schema/uniform2d_noxml.c:45:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(npy_str, argv[2], sizeof(npy_str)); data/adios-1.13.1/examples/staging/stage_write/stage_write.c:92:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(infilename, argv[1], sizeof(infilename)); data/adios-1.13.1/examples/staging/stage_write/stage_write.c:93:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(outfilename, argv[2], sizeof(outfilename)); data/adios-1.13.1/examples/staging/stage_write/stage_write.c:94:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(rmethodname, argv[3], sizeof(rmethodname)); data/adios-1.13.1/examples/staging/stage_write/stage_write.c:95:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(rmethodparams, argv[4], sizeof(rmethodparams)); data/adios-1.13.1/examples/staging/stage_write/stage_write.c:96:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(wmethodname, argv[5], sizeof(wmethodname)); data/adios-1.13.1/examples/staging/stage_write/stage_write.c:97:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(wmethodparams, argv[6], sizeof(wmethodparams)); data/adios-1.13.1/examples/staging/stage_write/utils.c:131:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (work[strlen(work)-1] == '/' && strlen(work)>1) data/adios-1.13.1/examples/staging/stage_write/utils.c:131:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (work[strlen(work)-1] == '/' && strlen(work)>1) data/adios-1.13.1/examples/staging/stage_write/utils.c:132:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). work[strlen(work)-1] = '\0'; data/adios-1.13.1/examples/staging/stage_write_varyingsize/stage_write.c:93:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(infilename, argv[1], sizeof(infilename)); data/adios-1.13.1/examples/staging/stage_write_varyingsize/stage_write.c:94:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(outfilename, argv[2], sizeof(outfilename)); data/adios-1.13.1/examples/staging/stage_write_varyingsize/stage_write.c:95:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(rmethodname, argv[3], sizeof(rmethodname)); data/adios-1.13.1/examples/staging/stage_write_varyingsize/stage_write.c:96:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(rmethodparams, argv[4], sizeof(rmethodparams)); data/adios-1.13.1/examples/staging/stage_write_varyingsize/stage_write.c:97:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(wmethodname, argv[5], sizeof(wmethodname)); data/adios-1.13.1/examples/staging/stage_write_varyingsize/stage_write.c:98:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(wmethodparams, argv[6], sizeof(wmethodparams)); data/adios-1.13.1/examples/staging/stage_write_varyingsize/utils.c:131:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (work[strlen(work)-1] == '/' && strlen(work)>1) data/adios-1.13.1/examples/staging/stage_write_varyingsize/utils.c:131:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (work[strlen(work)-1] == '/' && strlen(work)>1) data/adios-1.13.1/examples/staging/stage_write_varyingsize/utils.c:132:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). work[strlen(work)-1] = '\0'; data/adios-1.13.1/src/core/adios_bp_v1.c:367:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ((*root)->group_name, b->buff + b->offset, len); data/adios-1.13.1/src/core/adios_bp_v1.c:377:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ((*root)->var_name, b->buff + b->offset, len); data/adios-1.13.1/src/core/adios_bp_v1.c:387:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ((*root)->var_path, b->buff + b->offset, len); data/adios-1.13.1/src/core/adios_bp_v1.c:862:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ((*root)->group_name, b->buff + b->offset, len); data/adios-1.13.1/src/core/adios_bp_v1.c:872:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ((*root)->attr_name, b->buff + b->offset, len); data/adios-1.13.1/src/core/adios_bp_v1.c:882:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ((*root)->attr_path, b->buff + b->offset, len); data/adios-1.13.1/src/core/adios_bp_v1.c:1273:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ((*root)->parameters, b->buff + b->offset, len); data/adios-1.13.1/src/core/adios_bp_v1.c:2009:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (attribute->name, b->buff + b->offset, len); data/adios-1.13.1/src/core/adios_bp_v1.c:2019:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (attribute->path, b->buff + b->offset, len); data/adios-1.13.1/src/core/adios_bp_v1.c:2223:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = read (b->f, b->buff, 28); data/adios-1.13.1/src/core/adios_bp_v1.c:2266:37: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ssize_t actual_read_bytes = read (f, buff+bytes_read, to_read); data/adios-1.13.1/src/core/adios_bp_v1.c:2351:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). pg_size += read (b->f, b->buff + pg_size, b->read_pg_size - pg_size); data/adios-1.13.1/src/core/adios_bp_v1.c:2375:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name = malloc (strlen (base_path) + strlen (filename) + 1); data/adios-1.13.1/src/core/adios_bp_v1.c:2375:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name = malloc (strlen (base_path) + strlen (filename) + 1); data/adios-1.13.1/src/core/adios_bp_v1.c:2420:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen ((const char *) var); data/adios-1.13.1/src/core/adios_internals.c:207:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). compare_name_path = malloc ( strlen (root->name) data/adios-1.13.1/src/core/adios_internals.c:208:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen (root->path) data/adios-1.13.1/src/core/adios_internals.c:1890:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (path); data/adios-1.13.1/src/core/adios_internals.c:1899:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (p, path, len); data/adios-1.13.1/src/core/adios_internals.c:2232:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). overhead += strlen (v->name); // name data/adios-1.13.1/src/core/adios_internals.c:2234:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). overhead += strlen (v->path); // path data/adios-1.13.1/src/core/adios_internals.c:2295:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). overhead += strlen (a->name); // name data/adios-1.13.1/src/core/adios_internals.c:2297:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). overhead += strlen (a->path); // path data/adios-1.13.1/src/core/adios_internals.c:2337:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). overhead += strlen (fd->group->name); // group name data/adios-1.13.1/src/core/adios_internals.c:2341:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ? strlen (fd->group->time_index_name) data/adios-1.13.1/src/core/adios_internals.c:2353:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). overhead += strlen (m->method->parameters); data/adios-1.13.1/src/core/adios_internals.c:2396:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (g->name); data/adios-1.13.1/src/core/adios_internals.c:2412:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = ((g->time_index_name) ? strlen (g->time_index_name) : 0); data/adios-1.13.1/src/core/adios_internals.c:2431:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). methods_length += 1 + 2 + strlen (m->method->parameters); data/adios-1.13.1/src/core/adios_internals.c:2445:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint16_t len = strlen (m->method->parameters); data/adios-1.13.1/src/core/adios_internals.c:3768:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). - strlen (old_var->path) // take out the length of path defined in XML data/adios-1.13.1/src/core/adios_internals.c:3769:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen (v->path); // add length of the actual, current path of this var data/adios-1.13.1/src/core/adios_internals.c:4084:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (pg_root->group_name); data/adios-1.13.1/src/core/adios_internals.c:4109:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (pg_root->time_index_name); data/adios-1.13.1/src/core/adios_internals.c:4169:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (vars_root->group_name); data/adios-1.13.1/src/core/adios_internals.c:4179:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (vars_root->var_name); data/adios-1.13.1/src/core/adios_internals.c:4189:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (vars_root->var_path); data/adios-1.13.1/src/core/adios_internals.c:4559:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (attrs_root->group_name); data/adios-1.13.1/src/core/adios_internals.c:4569:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (attrs_root->attr_name); data/adios-1.13.1/src/core/adios_internals.c:4579:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (attrs_root->attr_path); data/adios-1.13.1/src/core/adios_internals.c:4720:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (v[k]); data/adios-1.13.1/src/core/adios_internals.c:5808:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (v->name); data/adios-1.13.1/src/core/adios_internals.c:5815:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (v->path); data/adios-1.13.1/src/core/adios_internals.c:5882:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (a->name); data/adios-1.13.1/src/core/adios_internals.c:5889:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (a->path); data/adios-1.13.1/src/core/adios_internals.c:5924:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (v[k])+1; // include the terminating 0 data/adios-1.13.1/src/core/adios_internals.c:6340:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slength = strlen("adios_schema/"); data/adios-1.13.1/src/core/adios_internals.c:6342:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slength = slength + strlen("version_major") + 1; data/adios-1.13.1/src/core/adios_internals.c:6347:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slength = slength + strlen("version_minor") + 1; data/adios-1.13.1/src/core/adios_internals.c:6587:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mpath = malloc(strlen("/adios_schema/")+strlen(name)+strlen("/time-varying")+1); data/adios-1.13.1/src/core/adios_internals.c:6587:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mpath = malloc(strlen("/adios_schema/")+strlen(name)+strlen("/time-varying")+1); data/adios-1.13.1/src/core/adios_internals.c:6587:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mpath = malloc(strlen("/adios_schema/")+strlen(name)+strlen("/time-varying")+1); data/adios-1.13.1/src/core/adios_internals.c:6776:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mpath = malloc(strlen("/adios_schema/")+strlen(name)+strlen("/type")+1); data/adios-1.13.1/src/core/adios_internals.c:6776:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mpath = malloc(strlen("/adios_schema/")+strlen(name)+strlen("/type")+1); data/adios-1.13.1/src/core/adios_internals.c:6776:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mpath = malloc(strlen("/adios_schema/")+strlen(name)+strlen("/type")+1); data/adios-1.13.1/src/core/adios_internals.c:6812:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mpath = malloc(strlen("/adios_schema/")+strlen(name)+strlen("/type")+1); data/adios-1.13.1/src/core/adios_internals.c:6812:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mpath = malloc(strlen("/adios_schema/")+strlen(name)+strlen("/type")+1); data/adios-1.13.1/src/core/adios_internals.c:6812:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mpath = malloc(strlen("/adios_schema/")+strlen(name)+strlen("/type")+1); data/adios-1.13.1/src/core/adios_internals.c:6860:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mpath = malloc(strlen("/adios_schema/")+strlen(name)+strlen("/type")+1); data/adios-1.13.1/src/core/adios_internals.c:6860:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mpath = malloc(strlen("/adios_schema/")+strlen(name)+strlen("/type")+1); data/adios-1.13.1/src/core/adios_internals.c:6860:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mpath = malloc(strlen("/adios_schema/")+strlen(name)+strlen("/type")+1); data/adios-1.13.1/src/core/adios_internals.c:6923:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mpath = malloc(strlen("/adios_schema/")+strlen(name)+strlen("/type")+1); data/adios-1.13.1/src/core/adios_internals.c:6923:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mpath = malloc(strlen("/adios_schema/")+strlen(name)+strlen("/type")+1); data/adios-1.13.1/src/core/adios_internals.c:6923:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mpath = malloc(strlen("/adios_schema/")+strlen(name)+strlen("/type")+1); data/adios-1.13.1/src/core/adios_internals.c:7034:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *returnstr = malloc (strlen("adios_schema/") + strlen(meshname) + strlen(att_nam) + strlen(counterstr) + 3); data/adios-1.13.1/src/core/adios_internals.c:7034:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *returnstr = malloc (strlen("adios_schema/") + strlen(meshname) + strlen(att_nam) + strlen(counterstr) + 3); data/adios-1.13.1/src/core/adios_internals.c:7034:71: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *returnstr = malloc (strlen("adios_schema/") + strlen(meshname) + strlen(att_nam) + strlen(counterstr) + 3); data/adios-1.13.1/src/core/adios_internals.c:7034:89: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *returnstr = malloc (strlen("adios_schema/") + strlen(meshname) + strlen(att_nam) + strlen(counterstr) + 3); data/adios-1.13.1/src/core/adios_internals.c:7036:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(*returnstr,"/"); data/adios-1.13.1/src/core/adios_internals.c:7038:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(*returnstr,"/"); data/adios-1.13.1/src/core/adios_internals.c:7046:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slength = strlen("adios_schema/"); data/adios-1.13.1/src/core/adios_internals.c:7047:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slength = slength + strlen(meshname); data/adios-1.13.1/src/core/adios_internals.c:7050:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slength = slength + strlen(att_nam); data/adios-1.13.1/src/core/adios_internals.c:7056:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(*returnstr,"/"); data/adios-1.13.1/src/core/adios_internals.c:7063:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slength = strlen("adios_link/") + strlen(name) + strlen(att_nam) + strlen(counterstr) + 2; data/adios-1.13.1/src/core/adios_internals.c:7063:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slength = strlen("adios_link/") + strlen(name) + strlen(att_nam) + strlen(counterstr) + 2; data/adios-1.13.1/src/core/adios_internals.c:7063:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slength = strlen("adios_link/") + strlen(name) + strlen(att_nam) + strlen(counterstr) + 2; data/adios-1.13.1/src/core/adios_internals.c:7063:72: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slength = strlen("adios_link/") + strlen(name) + strlen(att_nam) + strlen(counterstr) + 2; data/adios-1.13.1/src/core/adios_internals.c:7069:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(*returnstr,"/"); data/adios-1.13.1/src/core/adios_internals.c:7077:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slength = strlen("adios_schema/"); data/adios-1.13.1/src/core/adios_internals.c:7078:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slength = slength + strlen(varname); data/adios-1.13.1/src/core/adios_internals.c:7081:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slength = slength + strlen(att_nam); data/adios-1.13.1/src/core/adios_internals.c:8486:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mpath = malloc(strlen("/adios_schema")+strlen(varname)+1); data/adios-1.13.1/src/core/adios_internals.c:8486:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mpath = malloc(strlen("/adios_schema")+strlen(varname)+1); data/adios-1.13.1/src/core/adios_internals.c:8499:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mpath = malloc(strlen("/adios_schema/centering")+strlen(varname)+1); data/adios-1.13.1/src/core/adios_internals.c:8499:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mpath = malloc(strlen("/adios_schema/centering")+strlen(varname)+1); data/adios-1.13.1/src/core/adios_internals.c:8512:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mpath = malloc(strlen("/adios_schema/")+strlen(name)+strlen("/mesh-group")+1); data/adios-1.13.1/src/core/adios_internals.c:8512:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mpath = malloc(strlen("/adios_schema/")+strlen(name)+strlen("/mesh-group")+1); data/adios-1.13.1/src/core/adios_internals.c:8512:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mpath = malloc(strlen("/adios_schema/")+strlen(name)+strlen("/mesh-group")+1); data/adios-1.13.1/src/core/adios_internals.c:8526:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mpath = malloc(strlen("/adios_schema/")+strlen(name)+strlen("/mesh-file")+1); data/adios-1.13.1/src/core/adios_internals.c:8526:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mpath = malloc(strlen("/adios_schema/")+strlen(name)+strlen("/mesh-file")+1); data/adios-1.13.1/src/core/adios_internals.c:8526:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mpath = malloc(strlen("/adios_schema/")+strlen(name)+strlen("/mesh-file")+1); data/adios-1.13.1/src/core/adios_internals_mxml.c:1940:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(n->value.text.string); data/adios-1.13.1/src/core/adios_internals_mxml.c:1971:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint16_t len = strlen (base_path); data/adios-1.13.1/src/core/adios_logger.c:33:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (path, logpath, 256); data/adios-1.13.1/src/core/adios_timing.c:245:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(g->prev_timing_obj->names[i])); data/adios-1.13.1/src/core/adios_timing.c:250:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(g->prev_timing_obj->names[ADIOS_TIMING_MAX_USER_TIMERS + i])); data/adios-1.13.1/src/core/adios_timing.c:382:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). max_label_len = MAX(max_label_len, strlen(g->prev_timing_obj->names[i])); data/adios-1.13.1/src/core/adios_timing.c:386:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). max_label_len = MAX(max_label_len, strlen(g->prev_timing_obj->names[ADIOS_TIMING_MAX_USER_TIMERS + i])); data/adios-1.13.1/src/core/adios_timing.c:527:71: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ts->names[ADIOS_TIMING_MAX_USER_TIMERS + i] = (char*) malloc (strlen(timer_names[i]) + 1 * sizeof (char) ); data/adios-1.13.1/src/core/adiost_callback_internal.c:63:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (adiost_env_var == NULL || strlen(adiost_env_var) == 0) { data/adios-1.13.1/src/core/adiost_callback_internal.c:265:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(dims) > 0) { data/adios-1.13.1/src/core/adiost_callback_internal.c:270:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(global_dims) > 0) { data/adios-1.13.1/src/core/adiost_callback_internal.c:275:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(local_offsets) > 0) { data/adios-1.13.1/src/core/bp_utils.c:1257:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ((*root)->group_name, b->buff + b->offset, len); data/adios-1.13.1/src/core/bp_utils.c:1263:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ((*root)->attr_name, b->buff + b->offset, len); data/adios-1.13.1/src/core/bp_utils.c:1269:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ((*root)->attr_path, b->buff + b->offset, len); data/adios-1.13.1/src/core/bp_utils.c:1424:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lenpath = strlen((*root)->attr_path); data/adios-1.13.1/src/core/bp_utils.c:1425:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lenname = strlen((*root)->attr_name); data/adios-1.13.1/src/core/bp_utils.c:1570:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ((*root)->group_name, b->buff + b->offset, len); data/adios-1.13.1/src/core/bp_utils.c:1576:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ((*root)->var_name, b->buff + b->offset, len); data/adios-1.13.1/src/core/bp_utils.c:1582:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy ((*root)->var_path, b->buff + b->offset, len); data/adios-1.13.1/src/core/bp_utils.c:1680:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lenpath = strlen((*root)->var_path); data/adios-1.13.1/src/core/bp_utils.c:1681:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lenname = strlen((*root)->var_name); data/adios-1.13.1/src/core/bp_utils.c:2207:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lenpath = strlen(var_root->var_path); data/adios-1.13.1/src/core/bp_utils.c:2208:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lenname = strlen(var_root->var_name); data/adios-1.13.1/src/core/bp_utils.c:2296:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lenpath = strlen(attr_root->attr_path); data/adios-1.13.1/src/core/bp_utils.c:2297:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lenname = strlen(attr_root->attr_name); data/adios-1.13.1/src/core/bp_utils.c:3358:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen ((const char *) var) + 1; data/adios-1.13.1/src/core/common_adios.c:1373:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int name_len = strlen(fd->name); data/adios-1.13.1/src/core/common_adios.c:1374:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int fn_len = name_len + strlen(extension) + 1; data/adios-1.13.1/src/core/common_read.c:231:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *s = fp->attr_namelist[i]+strlen("/adios_link/"); data/adios-1.13.1/src/core/common_read.c:294:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *s = fp->attr_namelist[i]+strlen("/adios_schema/"); data/adios-1.13.1/src/core/common_read.c:336:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * meshfile = malloc ( strlen("/adios_schema/")+strlen(meshname)+strlen("/mesh-file")+1 ); data/adios-1.13.1/src/core/common_read.c:336:73: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * meshfile = malloc ( strlen("/adios_schema/")+strlen(meshname)+strlen("/mesh-file")+1 ); data/adios-1.13.1/src/core/common_read.c:336:90: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * meshfile = malloc ( strlen("/adios_schema/")+strlen(meshname)+strlen("/mesh-file")+1 ); data/adios-1.13.1/src/core/common_read.c:892:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int varlen = strlen (varpath); data/adios-1.13.1/src/core/common_read.c:897:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int attlen = strlen (attr); data/adios-1.13.1/src/core/common_read.c:1304:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * var_mesh = malloc (strlen(var_name)+strlen("/adios_schema")+1); data/adios-1.13.1/src/core/common_read.c:1304:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * var_mesh = malloc (strlen(var_name)+strlen("/adios_schema")+1); data/adios-1.13.1/src/core/common_read.c:1343:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * data_centering = malloc (strlen(var_mesh)+strlen("/centering")+1); data/adios-1.13.1/src/core/common_read.c:1343:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * data_centering = malloc (strlen(var_mesh)+strlen("/centering")+1); data/adios-1.13.1/src/core/common_read.c:1523:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * attribute = malloc (strlen("/adios_link/")+strlen(linkinfo->name)+strlen("/ref-num")+1 ); data/adios-1.13.1/src/core/common_read.c:1523:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * attribute = malloc (strlen("/adios_link/")+strlen(linkinfo->name)+strlen("/ref-num")+1 ); data/adios-1.13.1/src/core/common_read.c:1523:78: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * attribute = malloc (strlen("/adios_link/")+strlen(linkinfo->name)+strlen("/ref-num")+1 ); data/adios-1.13.1/src/core/common_read.c:1547:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). attribute = malloc (strlen("/adios_link/")+strlen(linkinfo->name)+strlen("/objref")+i_digits+1 ); data/adios-1.13.1/src/core/common_read.c:1547:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). attribute = malloc (strlen("/adios_link/")+strlen(linkinfo->name)+strlen("/objref")+i_digits+1 ); data/adios-1.13.1/src/core/common_read.c:1547:75: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). attribute = malloc (strlen("/adios_link/")+strlen(linkinfo->name)+strlen("/objref")+i_digits+1 ); data/adios-1.13.1/src/core/common_read.c:1561:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). attribute = malloc (strlen("/adios_link/")+strlen(linkinfo->name)+strlen("/extref")+i_digits+1 ); data/adios-1.13.1/src/core/common_read.c:1561:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). attribute = malloc (strlen("/adios_link/")+strlen(linkinfo->name)+strlen("/extref")+i_digits+1 ); data/adios-1.13.1/src/core/common_read.c:1561:75: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). attribute = malloc (strlen("/adios_link/")+strlen(linkinfo->name)+strlen("/extref")+i_digits+1 ); data/adios-1.13.1/src/core/common_read.c:1590:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). attribute = malloc (strlen("/adios_link/")+strlen(linkinfo->name)+strlen("/type")+i_digits+1 ); data/adios-1.13.1/src/core/common_read.c:1590:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). attribute = malloc (strlen("/adios_link/")+strlen(linkinfo->name)+strlen("/type")+i_digits+1 ); data/adios-1.13.1/src/core/common_read.c:1590:75: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). attribute = malloc (strlen("/adios_link/")+strlen(linkinfo->name)+strlen("/type")+i_digits+1 ); data/adios-1.13.1/src/core/common_read.c:1628:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * attribute = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/")+strlen(attrs)+strlen("-num")+1 ); data/adios-1.13.1/src/core/common_read.c:1628:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * attribute = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/")+strlen(attrs)+strlen("-num")+1 ); data/adios-1.13.1/src/core/common_read.c:1628:80: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * attribute = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/")+strlen(attrs)+strlen("-num")+1 ); data/adios-1.13.1/src/core/common_read.c:1628:92: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * attribute = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/")+strlen(attrs)+strlen("-num")+1 ); data/adios-1.13.1/src/core/common_read.c:1628:106: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * attribute = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/")+strlen(attrs)+strlen("-num")+1 ); data/adios-1.13.1/src/core/common_read.c:1631:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (attribute, "/"); data/adios-1.13.1/src/core/common_read.c:1716:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * value = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/")+strlen(attrs)+i_digits+1 ); data/adios-1.13.1/src/core/common_read.c:1716:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * value = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/")+strlen(attrs)+i_digits+1 ); data/adios-1.13.1/src/core/common_read.c:1716:84: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * value = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/")+strlen(attrs)+i_digits+1 ); data/adios-1.13.1/src/core/common_read.c:1716:96: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * value = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/")+strlen(attrs)+i_digits+1 ); data/adios-1.13.1/src/core/common_read.c:1719:13: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (value, "/"); data/adios-1.13.1/src/core/common_read.c:1892:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * meshfile = malloc ( strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/mesh-file")+1 ); data/adios-1.13.1/src/core/common_read.c:1892:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * meshfile = malloc ( strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/mesh-file")+1 ); data/adios-1.13.1/src/core/common_read.c:1892:80: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * meshfile = malloc ( strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/mesh-file")+1 ); data/adios-1.13.1/src/core/common_read.c:1910:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * time_varying = malloc ( strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/time-varying")+1 ); data/adios-1.13.1/src/core/common_read.c:1910:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * time_varying = malloc ( strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/time-varying")+1 ); data/adios-1.13.1/src/core/common_read.c:1910:84: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * time_varying = malloc ( strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/time-varying")+1 ); data/adios-1.13.1/src/core/common_read.c:1927:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * mesh_attribute = malloc ( strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/type")+1 ); data/adios-1.13.1/src/core/common_read.c:1927:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * mesh_attribute = malloc ( strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/type")+1 ); data/adios-1.13.1/src/core/common_read.c:1927:86: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * mesh_attribute = malloc ( strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/type")+1 ); data/adios-1.13.1/src/core/common_read.c:1944:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * meshfile = malloc ( strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/mesh-file")+1 ); data/adios-1.13.1/src/core/common_read.c:1944:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * meshfile = malloc ( strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/mesh-file")+1 ); data/adios-1.13.1/src/core/common_read.c:1944:80: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * meshfile = malloc ( strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/mesh-file")+1 ); data/adios-1.13.1/src/core/common_read.c:1989:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * time_varying = malloc ( strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/time-varying")+1 ); data/adios-1.13.1/src/core/common_read.c:1989:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * time_varying = malloc ( strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/time-varying")+1 ); data/adios-1.13.1/src/core/common_read.c:1989:88: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * time_varying = malloc ( strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/time-varying")+1 ); data/adios-1.13.1/src/core/common_read.c:2006:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * meshtype = malloc ( strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/type")+1 ); data/adios-1.13.1/src/core/common_read.c:2006:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * meshtype = malloc ( strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/type")+1 ); data/adios-1.13.1/src/core/common_read.c:2006:84: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * meshtype = malloc ( strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/type")+1 ); data/adios-1.13.1/src/core/common_read.c:2043:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * dimension_attribute = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/dimensions-num")+1 ); data/adios-1.13.1/src/core/common_read.c:2043:71: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * dimension_attribute = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/dimensions-num")+1 ); data/adios-1.13.1/src/core/common_read.c:2043:94: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * dimension_attribute = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/dimensions-num")+1 ); data/adios-1.13.1/src/core/common_read.c:2073:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * dimensions_value = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/dimensions")+i_digits+1 ); data/adios-1.13.1/src/core/common_read.c:2073:76: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * dimensions_value = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/dimensions")+i_digits+1 ); data/adios-1.13.1/src/core/common_read.c:2073:99: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * dimensions_value = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/dimensions")+i_digits+1 ); data/adios-1.13.1/src/core/common_read.c:2187:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * dimension_attribute = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/dimensions-num")+1 ); data/adios-1.13.1/src/core/common_read.c:2187:71: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * dimension_attribute = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/dimensions-num")+1 ); data/adios-1.13.1/src/core/common_read.c:2187:94: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * dimension_attribute = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/dimensions-num")+1 ); data/adios-1.13.1/src/core/common_read.c:2215:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * dimensions_value = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/dimensions")+i_digits+1 ); data/adios-1.13.1/src/core/common_read.c:2215:76: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * dimensions_value = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/dimensions")+i_digits+1 ); data/adios-1.13.1/src/core/common_read.c:2215:99: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * dimensions_value = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/dimensions")+i_digits+1 ); data/adios-1.13.1/src/core/common_read.c:2279:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * coords_attribute = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/coordinates-single-var")+1 ); data/adios-1.13.1/src/core/common_read.c:2279:68: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * coords_attribute = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/coordinates-single-var")+1 ); data/adios-1.13.1/src/core/common_read.c:2279:91: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * coords_attribute = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/coordinates-single-var")+1 ); data/adios-1.13.1/src/core/common_read.c:2349:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). coords_attribute = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/coords-multi-var-num")+1 ); data/adios-1.13.1/src/core/common_read.c:2349:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). coords_attribute = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/coords-multi-var-num")+1 ); data/adios-1.13.1/src/core/common_read.c:2349:88: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). coords_attribute = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/coords-multi-var-num")+1 ); data/adios-1.13.1/src/core/common_read.c:2389:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * coords_var = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/coords-multi-var")+i_digits+1 ); data/adios-1.13.1/src/core/common_read.c:2389:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * coords_var = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/coords-multi-var")+i_digits+1 ); data/adios-1.13.1/src/core/common_read.c:2389:97: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * coords_var = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/coords-multi-var")+i_digits+1 ); data/adios-1.13.1/src/core/common_read.c:2449:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * dimension_attribute = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/dimensions-num")+1 ); data/adios-1.13.1/src/core/common_read.c:2449:71: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * dimension_attribute = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/dimensions-num")+1 ); data/adios-1.13.1/src/core/common_read.c:2449:94: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * dimension_attribute = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/dimensions-num")+1 ); data/adios-1.13.1/src/core/common_read.c:2475:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * dimensions_value = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/dimensions")+i_digits+1 ); data/adios-1.13.1/src/core/common_read.c:2475:76: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * dimensions_value = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/dimensions")+i_digits+1 ); data/adios-1.13.1/src/core/common_read.c:2475:99: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * dimensions_value = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/dimensions")+i_digits+1 ); data/adios-1.13.1/src/core/common_read.c:2536:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * points_attribute = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/coordinates-single-var")+1 ); data/adios-1.13.1/src/core/common_read.c:2536:68: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * points_attribute = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/coordinates-single-var")+1 ); data/adios-1.13.1/src/core/common_read.c:2536:91: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * points_attribute = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/coordinates-single-var")+1 ); data/adios-1.13.1/src/core/common_read.c:2604:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). points_attribute = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/coords-multi-var-num")+1 ); data/adios-1.13.1/src/core/common_read.c:2604:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). points_attribute = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/coords-multi-var-num")+1 ); data/adios-1.13.1/src/core/common_read.c:2604:88: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). points_attribute = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/coords-multi-var-num")+1 ); data/adios-1.13.1/src/core/common_read.c:2643:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * points_var = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/points-multi-var")+i_digits+1 ); data/adios-1.13.1/src/core/common_read.c:2643:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * points_var = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/points-multi-var")+i_digits+1 ); data/adios-1.13.1/src/core/common_read.c:2643:97: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * points_var = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/points-multi-var")+i_digits+1 ); data/adios-1.13.1/src/core/common_read.c:2719:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * mesh_nspace = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/nspace")+1 ); data/adios-1.13.1/src/core/common_read.c:2719:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * mesh_nspace = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/nspace")+1 ); data/adios-1.13.1/src/core/common_read.c:2719:86: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * mesh_nspace = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/nspace")+1 ); data/adios-1.13.1/src/core/common_read.c:2773:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * points_attribute = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/points-single-var")+1 ); data/adios-1.13.1/src/core/common_read.c:2773:68: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * points_attribute = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/points-single-var")+1 ); data/adios-1.13.1/src/core/common_read.c:2773:91: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * points_attribute = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/points-single-var")+1 ); data/adios-1.13.1/src/core/common_read.c:2824:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). points_attribute = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/coords-multi-var-num")+1 ); data/adios-1.13.1/src/core/common_read.c:2824:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). points_attribute = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/coords-multi-var-num")+1 ); data/adios-1.13.1/src/core/common_read.c:2824:88: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). points_attribute = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/coords-multi-var-num")+1 ); data/adios-1.13.1/src/core/common_read.c:2854:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * points_var = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/points-multi-var")+i_digits+1 ); data/adios-1.13.1/src/core/common_read.c:2854:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * points_var = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/points-multi-var")+i_digits+1 ); data/adios-1.13.1/src/core/common_read.c:2854:97: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * points_var = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/points-multi-var")+i_digits+1 ); data/adios-1.13.1/src/core/common_read.c:2969:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * num_points = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/npoints")+1 ); data/adios-1.13.1/src/core/common_read.c:2969:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * num_points = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/npoints")+1 ); data/adios-1.13.1/src/core/common_read.c:2969:85: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * num_points = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/npoints")+1 ); data/adios-1.13.1/src/core/common_read.c:3045:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * mesh_nspace = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/nspace")+1 ); data/adios-1.13.1/src/core/common_read.c:3045:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * mesh_nspace = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/nspace")+1 ); data/adios-1.13.1/src/core/common_read.c:3045:86: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * mesh_nspace = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/nspace")+1 ); data/adios-1.13.1/src/core/common_read.c:3118:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * num_cell_type = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/ncsets")+1 ); data/adios-1.13.1/src/core/common_read.c:3118:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * num_cell_type = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/ncsets")+1 ); data/adios-1.13.1/src/core/common_read.c:3118:88: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * num_cell_type = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/ncsets")+1 ); data/adios-1.13.1/src/core/common_read.c:3160:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * num_cells = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/ccount")+1 ); data/adios-1.13.1/src/core/common_read.c:3160:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * num_cells = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/ccount")+1 ); data/adios-1.13.1/src/core/common_read.c:3160:88: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * num_cells = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/ccount")+1 ); data/adios-1.13.1/src/core/common_read.c:3226:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * ccount_var = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/ccount")+i_digits+1 ); data/adios-1.13.1/src/core/common_read.c:3226:70: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * ccount_var = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/ccount")+i_digits+1 ); data/adios-1.13.1/src/core/common_read.c:3226:93: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * ccount_var = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/ccount")+i_digits+1 ); data/adios-1.13.1/src/core/common_read.c:3284:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * data_cells = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/cdata")+1 ); data/adios-1.13.1/src/core/common_read.c:3284:66: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * data_cells = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/cdata")+1 ); data/adios-1.13.1/src/core/common_read.c:3284:89: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * data_cells = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/cdata")+1 ); data/adios-1.13.1/src/core/common_read.c:3333:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * cdata_var = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/cdata")+i_digits+1 ); data/adios-1.13.1/src/core/common_read.c:3333:69: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * cdata_var = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/cdata")+i_digits+1 ); data/adios-1.13.1/src/core/common_read.c:3333:92: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * cdata_var = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/cdata")+i_digits+1 ); data/adios-1.13.1/src/core/common_read.c:3373:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * type_cells = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/ctype")+1 ); data/adios-1.13.1/src/core/common_read.c:3373:66: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * type_cells = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/ctype")+1 ); data/adios-1.13.1/src/core/common_read.c:3373:89: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * type_cells = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/ctype")+1 ); data/adios-1.13.1/src/core/common_read.c:3433:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * ctype_mix_var = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/ctype")+i_digits+1 ); data/adios-1.13.1/src/core/common_read.c:3433:73: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * ctype_mix_var = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/ctype")+i_digits+1 ); data/adios-1.13.1/src/core/common_read.c:3433:96: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * ctype_mix_var = malloc (strlen("/adios_schema/")+strlen(meshinfo->name)+strlen("/ctype")+i_digits+1 ); data/adios-1.13.1/src/core/futils.c:26:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int clen = strlen(cs); data/adios-1.13.1/src/core/futils.c:29:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fs, cs, clen); /* does not copy the '\0' */ data/adios-1.13.1/src/core/futils.c:47:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (cs, fs, clen); data/adios-1.13.1/src/core/globals.c:185:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *full_pathname = (char *) malloc(strlen(name)+strlen(path)+2); data/adios-1.13.1/src/core/globals.c:185:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *full_pathname = (char *) malloc(strlen(name)+strlen(path)+2); data/adios-1.13.1/src/core/globals.c:399:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mangle = malloc(2*strlen(name) + 4); /* worst case */ data/adios-1.13.1/src/core/globals.c:400:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memset(mangle, 0, 2*strlen(name) + 4); data/adios-1.13.1/src/core/globals.c:402:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int end = strlen(mangle); data/adios-1.13.1/src/core/globals.c:430:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unmangle = malloc(strlen(name)); /* worst case */ data/adios-1.13.1/src/core/globals.c:431:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memset(unmangle, 0, strlen(name)); data/adios-1.13.1/src/core/mpidummy.c:197:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bytes_read = read (fh, buf, bytes_to_read); data/adios-1.13.1/src/core/mpidummy.c:225:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *resultlen = strlen(string); data/adios-1.13.1/src/core/mpidummy.c:239:5: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sprintf(name, "0"); data/adios-1.13.1/src/core/qhashtbl.c:195:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *keylen = strlen (name); data/adios-1.13.1/src/core/qhashtbl.c:199:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *keylen = strlen (name) + 1; data/adios-1.13.1/src/core/qhashtbl.c:203:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *keylen = strlen (name) + strlen (path) + 1; data/adios-1.13.1/src/core/qhashtbl.c:203:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *keylen = strlen (name) + strlen (path) + 1; data/adios-1.13.1/src/core/qhashtbl.c:283:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int keylen = strlen(fullpath); data/adios-1.13.1/src/core/qhashtbl.c:362:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int keylen = strlen(fullpath); data/adios-1.13.1/src/core/qhashtbl.c:395:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int keylen = strlen (fullpath); data/adios-1.13.1/src/core/strutil.c:27:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (v[i]) + 1; data/adios-1.13.1/src/core/strutil.c:94:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(str); data/adios-1.13.1/src/core/strutil.c:111:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(str); data/adios-1.13.1/src/core/strutil.c:243:11: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. char *equal; // position of first = sign in line data/adios-1.13.1/src/core/strutil.c:246:9: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal && equal != line) { data/adios-1.13.1/src/core/strutil.c:246:18: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal && equal != line) { data/adios-1.13.1/src/core/strutil.c:256:16: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. } else if (equal != line) { data/adios-1.13.1/src/core/strutil.c:318:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (item); data/adios-1.13.1/src/core/strutil.c:320:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (line, item, len); data/adios-1.13.1/src/core/transforms/adios_transforms_specparse.c:69:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). spec->backing_str_len = strlen(new_spec_str); data/adios-1.13.1/src/core/transforms/adios_transforms_write.c:599:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const uint8_t transform_uid_len = (uint8_t)strlen(transform_uid); data/adios-1.13.1/src/core/transforms/adios_transforms_write.c:783:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(transform_uid); // The UID string itself data/adios-1.13.1/src/mxml/mxml-2.9/mxml-file.c:1021:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((bytes = read(buf->fd, buf->buffer, sizeof(buf->buffer))) < 0) data/adios-1.13.1/src/mxml/mxml-2.9/mxml-file.c:1104:8: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(fp); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-file.c:1137:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(fp); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-file.c:1151:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(fp); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-file.c:1165:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((temp = getc(fp)) == EOF || (temp & 0xc0) != 0x80) data/adios-1.13.1/src/mxml/mxml-2.9/mxml-file.c:1182:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((temp = getc(fp)) == EOF || (temp & 0xc0) != 0x80) data/adios-1.13.1/src/mxml/mxml-2.9/mxml-file.c:1187:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((temp = getc(fp)) == EOF || (temp & 0xc0) != 0x80) data/adios-1.13.1/src/mxml/mxml-2.9/mxml-file.c:1211:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((temp = getc(fp)) == EOF || (temp & 0xc0) != 0x80) data/adios-1.13.1/src/mxml/mxml-2.9/mxml-file.c:1216:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((temp = getc(fp)) == EOF || (temp & 0xc0) != 0x80) data/adios-1.13.1/src/mxml/mxml-2.9/mxml-file.c:1221:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((temp = getc(fp)) == EOF || (temp & 0xc0) != 0x80) data/adios-1.13.1/src/mxml/mxml-2.9/mxml-file.c:1241:19: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = (ch << 8) | getc(fp); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-file.c:1255:21: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int lch = getc(fp); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-file.c:1256:30: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). lch = (lch << 8) | getc(fp); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-file.c:1270:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch |= (getc(fp) << 8); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-file.c:1284:21: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int lch = getc(fp); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-file.c:1285:19: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). lch |= (getc(fp) << 8); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-file.c:2749:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). col += strlen(node->value.element.name) + 1; data/adios-1.13.1/src/mxml/mxml-2.9/mxml-file.c:2755:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). width = strlen(attr->name); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-file.c:2758:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). width += strlen(attr->value) + 3; data/adios-1.13.1/src/mxml/mxml-2.9/mxml-file.c:2833:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). col += strlen(node->value.element.name) + 3; data/adios-1.13.1/src/mxml/mxml-2.9/mxml-file.c:2887:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). col += strlen(s); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-file.c:2894:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). col += strlen(node->value.opaque); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-file.c:2917:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). col += strlen(s); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-file.c:2939:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). col += strlen(node->value.text.string); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-file.c:2956:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). col += strlen(data); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-file.c:2958:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). col = strlen(newline); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-search.c:167:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pathsep = path + strlen(path); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-string.c:76:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((t = malloc(strlen(s) + 1)) == NULL) data/adios-1.13.1/src/mxml/mxml-2.9/mxml-string.c:176:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tptr += strlen(tptr); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-string.c:208:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tptr += strlen(tptr); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-string.c:267:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bytes += strlen(temp); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-string.c:271:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((bufptr + strlen(temp)) > bufend) data/adios-1.13.1/src/mxml/mxml-2.9/mxml-string.c:273:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(bufptr, temp, (size_t)(bufend - bufptr)); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-string.c:279:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufptr += strlen(temp); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-string.c:302:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bytes += strlen(temp); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-string.c:306:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((bufptr + strlen(temp)) > bufend) data/adios-1.13.1/src/mxml/mxml-2.9/mxml-string.c:308:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(bufptr, temp, (size_t)(bufend - bufptr)); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-string.c:314:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufptr += strlen(temp); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-string.c:325:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bytes += strlen(temp); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-string.c:329:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((bufptr + strlen(temp)) > bufend) data/adios-1.13.1/src/mxml/mxml-2.9/mxml-string.c:331:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(bufptr, temp, (size_t)(bufend - bufptr)); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-string.c:337:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufptr += strlen(temp); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-string.c:364:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(s); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-string.c:380:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(bufptr, s, (size_t)slen); data/adios-1.13.1/src/mxml/mxml-2.9/mxml-string.c:386:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(bufptr + width - slen, s, (size_t)slen); data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:437:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int)strlen(argv[i]); data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:644:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (bufptr = buffer; node; bufptr += strlen(bufptr)) data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:673:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (bufptr = buffer; node; bufptr += strlen(bufptr)) data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:802:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(since, ptr + 7, sizeof(since) - 1); data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:842:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int)strlen(current->value.text.string); data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:851:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int)strlen(current->value.opaque); data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:1082:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((ch = getc(fp)) != EOF) data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:1095:19: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(fp); data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:1215:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufptr += strlen(bufptr)) data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:1628:6: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getc(fp); data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:1635:23: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((ch = getc(fp)) != EOF) data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:1638:12: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(fp); data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:2131:18: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). *bufptr++ = getc(fp); data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:2147:18: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). *bufptr++ = getc(fp); data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:2687:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (ptr = comment->value.text.string + strlen(comment->value.text.string) - 1; data/adios-1.13.1/src/mxml/mxml-2.9/mxmldoc.c:4842:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = line + strlen(line); data/adios-1.13.1/src/mxml/mxml-2.9/vcnet/config.h:56:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). #define read _read data/adios-1.13.1/src/query/common_query.c:424:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result->condition = malloc(strlen(varName)+strlen(value)+ 10); // 10 is enough for op and spaces data/adios-1.13.1/src/query/common_query.c:424:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result->condition = malloc(strlen(varName)+strlen(value)+ 10); // 10 is enough for op and spaces data/adios-1.13.1/src/query/common_query.c:555:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result->condition = malloc(strlen(q1->condition)+strlen(q2->condition)+10); data/adios-1.13.1/src/query/common_query.c:555:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result->condition = malloc(strlen(q1->condition)+strlen(q2->condition)+10); data/adios-1.13.1/src/query/fastbit_adios.c:355:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(dataFileLoc); data/adios-1.13.1/src/query/fastbit_adios.c:359:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(idxFileNamePad, dataFileLoc, len-3); data/adios-1.13.1/src/query/query_fastbit.c:2516:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char blockDataName[40+strlen(q->condition)]; data/adios-1.13.1/src/query/query_fastbit.c:2566:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). itn->_arrayName = malloc(strlen(blockDataName)+2); data/adios-1.13.1/src/query/query_fastbit.c:2667:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char datasetName[strlen(q->condition) + 40]; data/adios-1.13.1/src/query/query_fastbit.c:3687:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((dimDef == NULL) || (strlen(dimDef) == 0)) { data/adios-1.13.1/src/read/read_bp.c:135:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name_no_path = (char *) malloc (strlen (ch + 1) + 1); \ data/adios-1.13.1/src/read/read_bp.c:140:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name_no_path = (char *) malloc (strlen (fh->fname) + 1); \ data/adios-1.13.1/src/read/read_bp.c:144:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name = (char *) malloc (strlen (fh->fname) + 5 + strlen (name_no_path) + 1 + 10 + 1); \ data/adios-1.13.1/src/read/read_bp.c:144:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name = (char *) malloc (strlen (fh->fname) + 5 + strlen (name_no_path) + 1 + 10 + 1); \ data/adios-1.13.1/src/read/read_bp.c:224:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name_no_path = (char *) malloc (strlen (ch + 1) + 1); \ data/adios-1.13.1/src/read/read_bp.c:229:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name_no_path = (char *) malloc (strlen (fh->fname) + 1); \ data/adios-1.13.1/src/read/read_bp.c:233:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name = (char *) malloc (strlen (fh->fname) + 5 + strlen (name_no_path) + 1 + 10 + 1); \ data/adios-1.13.1/src/read/read_bp.c:233:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name = (char *) malloc (strlen (fh->fname) + 5 + strlen (name_no_path) + 1 + 10 + 1); \ data/adios-1.13.1/src/read/read_bp.c:3919:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *size = strlen( (char *)data ); data/adios-1.13.1/src/read/read_bp.c:3977:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (*group_namelist)[i] = malloc (strlen (fh->gvar_h->namelist[i]) + 1); data/adios-1.13.1/src/read/read_bp.c:3980:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy ((*group_namelist)[i], fh->gvar_h->namelist[i], strlen (fh->gvar_h->namelist[i]) + 1); data/adios-1.13.1/src/read/read_bp_staged.c:973:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name_no_path = malloc (strlen (ch + 1) + 1); data/adios-1.13.1/src/read/read_bp_staged.c:978:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name_no_path = malloc (strlen (fh->fname) + 1); data/adios-1.13.1/src/read/read_bp_staged.c:982:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name = malloc (strlen (fh->fname) + 5 + strlen (name_no_path) + 1 + 10 + 1); data/adios-1.13.1/src/read/read_bp_staged.c:982:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name = malloc (strlen (fh->fname) + 5 + strlen (name_no_path) + 1 + 10 + 1); data/adios-1.13.1/src/read/read_bp_staged.c:1546:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (fh->gvar_h->namelist[i]); data/adios-1.13.1/src/read/read_bp_staged.c:1565:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (fh->gvar_h->var_namelist[i]); data/adios-1.13.1/src/read/read_bp_staged.c:1574:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (fh->gattr_h->attr_namelist[i]); data/adios-1.13.1/src/read/read_bp_staged.c:1589:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (pgs_root->group_name); data/adios-1.13.1/src/read/read_bp_staged.c:1615:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (vars_root->group_name); data/adios-1.13.1/src/read/read_bp_staged.c:1621:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (vars_root->var_name); data/adios-1.13.1/src/read/read_bp_staged.c:1627:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (vars_root->var_path); data/adios-1.13.1/src/read/read_bp_staged.c:2490:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (*group_namelist)[i] = malloc (strlen (fh->gvar_h->namelist[i]) + 1); data/adios-1.13.1/src/read/read_bp_staged.c:2493:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy ((*group_namelist)[i], fh->gvar_h->namelist[i], strlen (fh->gvar_h-> data/adios-1.13.1/src/read/read_bp_staged1.c:3217:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name_no_path = malloc (strlen (ch + 1) + 1); data/adios-1.13.1/src/read/read_bp_staged1.c:3222:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name_no_path = malloc (strlen (fh->fname) + 1); data/adios-1.13.1/src/read/read_bp_staged1.c:3226:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name = malloc (strlen (fh->fname) + 5 + strlen (name_no_path) + 1 + 10 + 1); data/adios-1.13.1/src/read/read_bp_staged1.c:3226:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name = malloc (strlen (fh->fname) + 5 + strlen (name_no_path) + 1 + 10 + 1); data/adios-1.13.1/src/read/read_bp_staged1.c:3675:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dirname = malloc (strlen (fname) + 5); data/adios-1.13.1/src/read/read_bp_staged1.c:3729:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (fh->gvar_h->namelist[i]); data/adios-1.13.1/src/read/read_bp_staged1.c:3743:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (fh->gvar_h->var_namelist[i]); data/adios-1.13.1/src/read/read_bp_staged1.c:3750:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (fh->gattr_h->attr_namelist[i]); data/adios-1.13.1/src/read/read_bp_staged1.c:3761:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (pgs_root->group_name); data/adios-1.13.1/src/read/read_bp_staged1.c:3780:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (vars_root->group_name); data/adios-1.13.1/src/read/read_bp_staged1.c:3784:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (vars_root->var_name); data/adios-1.13.1/src/read/read_bp_staged1.c:3788:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (vars_root->var_path); data/adios-1.13.1/src/read/read_bp_staged1.c:4875:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *size = strlen( (char *)data ); data/adios-1.13.1/src/read/read_bp_staged1.c:5804:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name_no_path = malloc (strlen (ch + 1) + 1); \ data/adios-1.13.1/src/read/read_bp_staged1.c:5809:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name_no_path = malloc (strlen (fh->fname) + 1); \ data/adios-1.13.1/src/read/read_bp_staged1.c:5813:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name = malloc (strlen (fh->fname) + 5 + strlen (name_no_path) + 1 + 10 + 1); \ data/adios-1.13.1/src/read/read_bp_staged1.c:5813:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name = malloc (strlen (fh->fname) + 5 + strlen (name_no_path) + 1 + 10 + 1); \ data/adios-1.13.1/src/read/read_dataspaces.c:317:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ds->group_name = (char *) malloc (strlen(b)+1); data/adios-1.13.1/src/read/read_dimes.c:354:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ds->group_name = (char *) malloc (strlen(b)+1); data/adios-1.13.1/src/read/read_flexpath.c:790:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(ffs_type) == strlen(bracket)) { data/adios-1.13.1/src/read/read_flexpath.c:790:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(ffs_type) == strlen(bracket)) { data/adios-1.13.1/src/read/read_flexpath.c:795:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(filtered_type, ffs_type, posfound); data/adios-1.13.1/src/read/read_flexpath.c:1540:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dims[num_dims], tmp, len); data/adios-1.13.1/src/read/read_flexpath.c:2593:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *size = strlen(fpvar->chunks[0].data) +1; data/adios-1.13.1/src/read/read_icee.c:751:21: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(host, token, pch - token); data/adios-1.13.1/src/read/read_icee.c:757:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(token); data/adios-1.13.1/src/read/read_icee.c:758:21: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(host, token, len); data/adios-1.13.1/src/read/read_icee.c:1032:9: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(0.1*1E6); data/adios-1.13.1/src/read/read_icee.c:1048:9: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(0.1*1E6); data/adios-1.13.1/src/read/read_icee.c:1169:9: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(0.1*1E6); data/adios-1.13.1/src/read/read_icee.c:1299:9: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(0.1*1E6); data/adios-1.13.1/src/transforms/adios_transform_zlib_write.c:20:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(input_str) > 2) // at most 2 digits for zlib data/adios-1.13.1/src/transforms/adios_transform_zlib_write.c:26:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(i = 0; i < strlen(input_str); i++) data/adios-1.13.1/src/write/adios_dataspaces.c:599:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(name); data/adios-1.13.1/src/write/adios_dataspaces.c:601:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(name)+1; data/adios-1.13.1/src/write/adios_dataspaces.c:603:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(path) + strlen(name) + 1; data/adios-1.13.1/src/write/adios_dataspaces.c:603:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(path) + strlen(name) + 1; data/adios-1.13.1/src/write/adios_dataspaces.c:615:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(name); data/adios-1.13.1/src/write/adios_dataspaces.c:616:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(out, name, maxlen); data/adios-1.13.1/src/write/adios_dataspaces.c:618:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(name)+1; data/adios-1.13.1/src/write/adios_dataspaces.c:620:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(out+1, name, maxlen-1); data/adios-1.13.1/src/write/adios_dataspaces.c:622:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(path); data/adios-1.13.1/src/write/adios_dataspaces.c:623:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(out, path, maxlen-1); // path + data/adios-1.13.1/src/write/adios_dataspaces.c:625:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(out+len+1, name, maxlen-len-1); // name data/adios-1.13.1/src/write/adios_dataspaces.c:626:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(name) + 1; data/adios-1.13.1/src/write/adios_dataspaces.c:840:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int namelen = strlen(groupname); data/adios-1.13.1/src/write/adios_dimes.c:732:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(name); data/adios-1.13.1/src/write/adios_dimes.c:734:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(name)+1; data/adios-1.13.1/src/write/adios_dimes.c:736:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(path) + strlen(name) + 1; data/adios-1.13.1/src/write/adios_dimes.c:736:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(path) + strlen(name) + 1; data/adios-1.13.1/src/write/adios_dimes.c:748:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(name); data/adios-1.13.1/src/write/adios_dimes.c:749:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(out, name, maxlen); data/adios-1.13.1/src/write/adios_dimes.c:751:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(name) + 1; data/adios-1.13.1/src/write/adios_dimes.c:753:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(out+1, name, maxlen-1); data/adios-1.13.1/src/write/adios_dimes.c:755:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(path); data/adios-1.13.1/src/write/adios_dimes.c:756:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(out, path, maxlen-1); // path + data/adios-1.13.1/src/write/adios_dimes.c:758:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(out+len+1, name, maxlen-len-1); // name data/adios-1.13.1/src/write/adios_dimes.c:759:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(name) + 1; data/adios-1.13.1/src/write/adios_dimes.c:973:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int namelen = strlen(groupname); data/adios-1.13.1/src/write/adios_flexpath.c:245:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fullname = malloc(strlen(path) + strlen(name) + 8); data/adios-1.13.1/src/write/adios_flexpath.c:245:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fullname = malloc(strlen(path) + strlen(name) + 8); data/adios-1.13.1/src/write/adios_flexpath.c:247:17: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(fullname, "/"); data/adios-1.13.1/src/write/adios_flexpath.c:252:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fullname = malloc(strlen(name)+1); data/adios-1.13.1/src/write/adios_flexpath.c:313:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(name) + strlen(dimName) + strlen("FPDIM_") + 2; data/adios-1.13.1/src/write/adios_flexpath.c:313:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(name) + strlen(dimName) + strlen("FPDIM_") + 2; data/adios-1.13.1/src/write/adios_flexpath.c:313:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(name) + strlen(dimName) + strlen("FPDIM_") + 2; data/adios-1.13.1/src/write/adios_icee.c:611:9: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(0.1*1E7); data/adios-1.13.1/src/write/adios_icee.c:767:17: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(0.1*1E7); data/adios-1.13.1/src/write/adios_icee.c:857:13: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(0.1*1E7); data/adios-1.13.1/src/write/adios_mpi.c:397:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name = malloc (strlen (method->base_path) + strlen (fd->name) + 1); data/adios-1.13.1/src/write/adios_mpi.c:397:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name = malloc (strlen (method->base_path) + strlen (fd->name) + 1); data/adios-1.13.1/src/write/adios_mpi_amr.c:225:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (n, p, dash - p); data/adios-1.13.1/src/write/adios_mpi_amr.c:229:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (n, dash + 1, strlen (dash + 1)); data/adios-1.13.1/src/write/adios_mpi_amr.c:229:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy (n, dash + 1, strlen (dash + 1)); data/adios-1.13.1/src/write/adios_mpi_amr.c:230:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n[strlen (dash + 1)] = '\0'; data/adios-1.13.1/src/write/adios_mpi_amr.c:383:16: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). old_mask = umask(022); data/adios-1.13.1/src/write/adios_mpi_amr.c:384:5: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(old_mask); data/adios-1.13.1/src/write/adios_mpi_amr.c:885:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = 1 + strlen (fname) + 1 + strlen (vars_root->var_path) + 1; data/adios-1.13.1/src/write/adios_mpi_amr.c:885:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = 1 + strlen (fname) + 1 + strlen (vars_root->var_path) + 1; data/adios-1.13.1/src/write/adios_mpi_amr.c:897:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = 1 + strlen (fname) + 1 + strlen (attrs_root->attr_path) + 1; data/adios-1.13.1/src/write/adios_mpi_amr.c:897:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = 1 + strlen (fname) + 1 + strlen (attrs_root->attr_path) + 1; data/adios-1.13.1/src/write/adios_mpi_amr.c:913:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * dir_name = malloc (strlen (path) + 4 + 1); data/adios-1.13.1/src/write/adios_mpi_amr.c:1146:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name_no_path = malloc (strlen (ch + 1) + 1); data/adios-1.13.1/src/write/adios_mpi_amr.c:1151:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name_no_path = malloc (strlen (filename) + 1); data/adios-1.13.1/src/write/adios_mpi_amr.c:1155:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). subfilename = malloc (strlen (base_path) + strlen (filename) + 5 + strlen (name_no_path) + 1 + 10 + 1); data/adios-1.13.1/src/write/adios_mpi_amr.c:1155:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). subfilename = malloc (strlen (base_path) + strlen (filename) + 5 + strlen (name_no_path) + 1 + 10 + 1); data/adios-1.13.1/src/write/adios_mpi_amr.c:1155:72: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). subfilename = malloc (strlen (base_path) + strlen (filename) + 5 + strlen (name_no_path) + 1 + 10 + 1); data/adios-1.13.1/src/write/adios_mpi_amr.c:1230:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name = malloc (strlen (method->base_path) + strlen (fd->name) + 1); data/adios-1.13.1/src/write/adios_mpi_amr.c:1230:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name = malloc (strlen (method->base_path) + strlen (fd->name) + 1); data/adios-1.13.1/src/write/adios_mpi_bgq.c:169:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). temp_string = (char *) malloc (strlen (parameters) + 1); data/adios-1.13.1/src/write/adios_mpi_bgq.c:412:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = 1 + strlen (fname) + 1 + strlen (vars_root->var_path) + 1; data/adios-1.13.1/src/write/adios_mpi_bgq.c:412:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = 1 + strlen (fname) + 1 + strlen (vars_root->var_path) + 1; data/adios-1.13.1/src/write/adios_mpi_bgq.c:424:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = 1 + strlen (fname) + 1 + strlen (attrs_root->attr_path) + 1; data/adios-1.13.1/src/write/adios_mpi_bgq.c:424:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = 1 + strlen (fname) + 1 + strlen (attrs_root->attr_path) + 1; data/adios-1.13.1/src/write/adios_mpi_bgq.c:441:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * dir_name = malloc (strlen (fd->name) + 4 + 1); data/adios-1.13.1/src/write/adios_mpi_bgq.c:661:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name = malloc (strlen (method->base_path) + strlen (fd->name) + 1); data/adios-1.13.1/src/write/adios_mpi_bgq.c:661:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name = malloc (strlen (method->base_path) + strlen (fd->name) + 1); data/adios-1.13.1/src/write/adios_mpi_bgq.c:700:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name_no_path = malloc (strlen (ch + 1) + 1); data/adios-1.13.1/src/write/adios_mpi_bgq.c:705:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name_no_path = malloc (strlen (fd->name) + 1); data/adios-1.13.1/src/write/adios_mpi_bgq.c:709:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name = realloc (name, strlen (fd->name) + 5 + strlen (method->base_path) + strlen (name_no_path) + 1 + 10 + 1); data/adios-1.13.1/src/write/adios_mpi_bgq.c:709:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name = realloc (name, strlen (fd->name) + 5 + strlen (method->base_path) + strlen (name_no_path) + 1 + 10 + 1); data/adios-1.13.1/src/write/adios_mpi_bgq.c:709:88: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name = realloc (name, strlen (fd->name) + 5 + strlen (method->base_path) + strlen (name_no_path) + 1 + 10 + 1); data/adios-1.13.1/src/write/adios_mpi_lustre.c:229:16: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). old_mask = umask(022); data/adios-1.13.1/src/write/adios_mpi_lustre.c:230:5: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(old_mask); data/adios-1.13.1/src/write/adios_mpi_lustre.c:381:20: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). old_mask = umask(022); data/adios-1.13.1/src/write/adios_mpi_lustre.c:382:9: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(old_mask); data/adios-1.13.1/src/write/adios_mpi_lustre.c:612:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name = malloc (strlen (method->base_path) + strlen (fd->name) + 1); data/adios-1.13.1/src/write/adios_mpi_lustre.c:612:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name = malloc (strlen (method->base_path) + strlen (fd->name) + 1); data/adios-1.13.1/src/write/adios_nc4.c:478:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rc = nc_put_att_text(ncid, varid, attname, strlen((char *)patt->value), (const char *)patt->value); data/adios-1.13.1/src/write/adios_nc4.c:970:77: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Func_Timer("defdim", rc = nc_def_dim(ncid, str_var_dimname, strlen((char *)pvar->data)+1, &str_var_dimid);); data/adios-1.13.1/src/write/adios_nc4.c:1388:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name = malloc(strlen(method->base_path) + strlen(fd->name) + 1); data/adios-1.13.1/src/write/adios_nc4.c:1388:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name = malloc(strlen(method->base_path) + strlen(fd->name) + 1); data/adios-1.13.1/src/write/adios_nc4.c:1744:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen ((char *) val); data/adios-1.13.1/src/write/adios_nc4.c:1790:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < strlen(new_path); i++) { data/adios-1.13.1/src/write/adios_nc4.c:1800:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fullname [strlen(fullname)] = '\0'; data/adios-1.13.1/src/write/adios_nc4.c:1807:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fullname [strlen(fullname)] = '\0'; data/adios-1.13.1/src/write/adios_phdf5.c:169:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name = malloc (strlen (method->base_path) + strlen (fd->name) + 1); data/adios-1.13.1/src/write/adios_phdf5.c:169:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name = malloc (strlen (method->base_path) + strlen (fd->name) + 1); data/adios-1.13.1/src/write/adios_phdf5.c:460:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). H5Tset_size ( h5_type_id, (strlen((char *)patt->value)+1)); data/adios-1.13.1/src/write/adios_phdf5.c:1021:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen ((char *) val); data/adios-1.13.1/src/write/adios_phdf5.c:1085:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmpstr= (char *)malloc(strlen(path)+1); data/adios-1.13.1/src/write/adios_phdf5.c:1090:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(pch); data/adios-1.13.1/src/write/adios_phdf5.c:1099:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(path); data/adios-1.13.1/src/write/adios_posix.c:227:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name_with_rank = malloc (strlen (n) + strlen (rank_string) + 2); data/adios-1.13.1/src/write/adios_posix.c:227:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name_with_rank = malloc (strlen (n) + strlen (rank_string) + 2); data/adios-1.13.1/src/write/adios_posix.c:231:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). subfile_name = malloc (strlen (fd->name) data/adios-1.13.1/src/write/adios_posix.c:233:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen (method->base_path) data/adios-1.13.1/src/write/adios_posix.c:234:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen (name_with_rank) data/adios-1.13.1/src/write/adios_posix.c:244:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mdfile_name = malloc (strlen (method->base_path) data/adios-1.13.1/src/write/adios_posix.c:245:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen (fd->name) data/adios-1.13.1/src/write/adios_posix.c:260:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). subfile_name = malloc (strlen (method->base_path) + strlen (fd->name) + 1); data/adios-1.13.1/src/write/adios_posix.c:260:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). subfile_name = malloc (strlen (method->base_path) + strlen (fd->name) + 1); data/adios-1.13.1/src/write/adios_posix.c:328:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * dir_name = malloc (strlen (fd->name) + 4 + 1); data/adios-1.13.1/src/write/adios_posix.c:407:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * dir_name = malloc (strlen (fd->name) + 4 + 1); data/adios-1.13.1/src/write/adios_var_merge.c:682:8: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(file_mode,"r"); data/adios-1.13.1/src/write/adios_var_merge.c:685:8: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(file_mode,"w"); data/adios-1.13.1/src/write/adios_var_merge.c:688:8: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(file_mode,"a"); data/adios-1.13.1/src/write/adios_var_merge.c:691:8: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(file_mode,"u"); data/adios-1.13.1/src/write/adios_var_merge.c:758:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len=5+strlen(group_name); //new groupname= tg_groupname data/adios-1.13.1/src/write/adios_var_merge.c:772:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vars->name=(char *)malloc(strlen(v->name)+1); data/adios-1.13.1/src/write/adios_var_merge.c:775:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vars->path=(char *)malloc(strlen(v->path)+1); data/adios-1.13.1/tests/C/flexpath_tests/maya_noxml/writer.c:121:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *offsets = malloc(strlen(fullname) + strlen("patch_id,0,0,0") + 4); data/adios-1.13.1/tests/C/flexpath_tests/maya_noxml/writer.c:121:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *offsets = malloc(strlen(fullname) + strlen("patch_id,0,0,0") + 4); data/adios-1.13.1/tests/C/flexpath_tests/maya_noxml/writer.c:123:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *dimensions = malloc(strlen(fullname)*3 + strlen("shape_dim_x,shape_dim_y,shape_dim_z") + 12); data/adios-1.13.1/tests/C/flexpath_tests/maya_noxml/writer.c:123:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *dimensions = malloc(strlen(fullname)*3 + strlen("shape_dim_x,shape_dim_y,shape_dim_z") + 12); data/adios-1.13.1/tests/C/flexpath_tests/maya_noxml/writer.c:126:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *single_offset = malloc(strlen(fullname) + strlen("/patch_id") + 1); data/adios-1.13.1/tests/C/flexpath_tests/maya_noxml/writer.c:126:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *single_offset = malloc(strlen(fullname) + strlen("/patch_id") + 1); data/adios-1.13.1/tests/suite/programs/build_standard_dataset.c:181:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char xml_filename[strlen(filename_prefix) + strlen(".xml") + 1]; data/adios-1.13.1/tests/suite/programs/build_standard_dataset.c:181:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char xml_filename[strlen(filename_prefix) + strlen(".xml") + 1]; data/adios-1.13.1/tests/suite/programs/build_standard_dataset.c:182:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char bp_filename[strlen(filename_prefix) + strlen(".bp") + 1]; data/adios-1.13.1/tests/suite/programs/build_standard_dataset.c:182:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char bp_filename[strlen(filename_prefix) + strlen(".bp") + 1]; data/adios-1.13.1/tests/suite/programs/write_read.c:438:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). groupsize += s + strlen(scalar_string); // scalars data/adios-1.13.1/utils/bp2ascii/bp2ascii.c:143:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(b->f,b->buff,8); data/adios-1.13.1/utils/bp2ascii/bp2ascii.c:146:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (b->f,b->buff+8, var_len); data/adios-1.13.1/utils/bp2bp/bp2bp.c:172:13: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(lustre_pars, ""); data/adios-1.13.1/utils/bp2bp/bp2bp.c:203:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). adios_groupsize += strlen(v->value); data/adios-1.13.1/utils/bp2bp/bp2bp.c:230:17: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(lbounds,""); data/adios-1.13.1/utils/bp2bp/bp2bp.c:282:25: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(gbounds,""); data/adios-1.13.1/utils/bp2bp/bp2bp.c:283:25: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(lbounds,""); data/adios-1.13.1/utils/bp2bp/bp2bp.c:284:25: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(offs,""); data/adios-1.13.1/utils/bp2bp/bp2bp.c:320:29: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(lbounds,""); data/adios-1.13.1/utils/bp2bp/bp2bp.c:321:29: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(offs,""); data/adios-1.13.1/utils/bp2bp/bp2bp.c:1016:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (work[strlen(work)-1] == '/' && strlen(work)>1) data/adios-1.13.1/utils/bp2bp/bp2bp.c:1016:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (work[strlen(work)-1] == '/' && strlen(work)>1) data/adios-1.13.1/utils/bp2bp/bp2bp.c:1017:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). work[strlen(work)-1] = '\0'; data/adios-1.13.1/utils/bp2h5/bp2h5.c:165:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (v->type==adios_string) H5Tset_size(h5_type_id,strlen(v->value)); data/adios-1.13.1/utils/bp2h5/bp2h5.c:194:13: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(fname,"/"); data/adios-1.13.1/utils/bp2h5/bp2h5.c:201:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (atype==adios_string) H5Tset_size(h5_type_id,strlen(adata)); data/adios-1.13.1/utils/bp2h5/bp2h5.c:307:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmpstr= (char *)malloc(1*(strlen(str)+1)); data/adios-1.13.1/utils/bp2h5/bp2h5.c:314:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(pch); data/adios-1.13.1/utils/bp2h5/bp2h5.c:394:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). elemsize = strlen(vi->value)+1; data/adios-1.13.1/utils/bp2ncd/bp2ncd.c:44:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for ( i = 0; i < strlen (new_path); i++) { data/adios-1.13.1/utils/bp2ncd/bp2ncd.c:54:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fullname [strlen(fullname)] = '\0'; data/adios-1.13.1/utils/bp2ncd/bp2ncd.c:62:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fullname [strlen(fullname)] = '\0'; data/adios-1.13.1/utils/bp2ncd/bp2ncd.c:181:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). retval=nc_put_att_text(ncid,valid,fullname, strlen(value),value); data/adios-1.13.1/utils/bp2ncd/bp2ncd.c:675:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int size = strlen(argv[1]); data/adios-1.13.1/utils/bpdiff/bpdiff.c:87:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(infilename1, argv[1], sizeof(infilename1)); data/adios-1.13.1/utils/bpdiff/bpdiff.c:88:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(infilename2, argv[2], sizeof(infilename2)); data/adios-1.13.1/utils/bpdiff/utils.c:131:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (work[strlen(work)-1] == '/' && strlen(work)>1) data/adios-1.13.1/utils/bpdiff/utils.c:131:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (work[strlen(work)-1] == '/' && strlen(work)>1) data/adios-1.13.1/utils/bpdiff/utils.c:132:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). work[strlen(work)-1] = '\0'; data/adios-1.13.1/utils/bpls/bpls.c:523:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(names[n]); data/adios-1.13.1/utils/bpls/bpls.c:543:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(adios_type_to_string(vartype)); data/adios-1.13.1/utils/bpls/bpls.c:1019:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(hist_file, varname, strlen(varname) + 1); data/adios-1.13.1/utils/bpls/bpls.c:1028:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(gnuplot_file, varname, strlen(varname) + 1); data/adios-1.13.1/utils/bpls/bpls.c:1267:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). elemsize = strlen(vi->value)+1; data/adios-1.13.1/utils/bpls/bpls.c:1625:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pmatch[0].rm_eo == strlen(name) // to the very end of the name data/adios-1.13.1/utils/bpls/bpls.c:1661:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pmatch[0].rm_eo == strlen(name) // to the very end of the name data/adios-1.13.1/utils/bpmeta/bpmeta.c:732:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!var->var_path || strlen(var->var_path) == 0) data/adios-1.13.1/utils/bprecover/bprecover.c:243:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int blen = read (fd, buf, N_READ_AHEAD); data/adios-1.13.1/utils/bpsplit/bpappend.c:273:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bytes_read = read( inf, (void *)buf, COPYBUFSIZE); data/adios-1.13.1/utils/bpsplit/bpappend.c:284:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bytes_read = read( inf, (void *)buf, COPYBUFSIZE); data/adios-1.13.1/utils/bpsplit/bpappend.c:468:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bytes_read = read( in_bp->f, (void *)buf, COPYBUFSIZE); data/adios-1.13.1/utils/bpsplit/bpsplit.c:556:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bytes_read = read( in_bp->f, (void *)buf, COPYBUFSIZE); data/adios-1.13.1/utils/skeldump/skeldump.c:510:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(names[n]); data/adios-1.13.1/utils/skeldump/skeldump.c:529:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(adios_type_to_string(vartype)); data/adios-1.13.1/utils/skeldump/skeldump.c:877:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(hist_file, varname, strlen(varname) + 1); data/adios-1.13.1/utils/skeldump/skeldump.c:886:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(gnuplot_file, varname, strlen(varname) + 1); data/adios-1.13.1/utils/skeldump/skeldump.c:1126:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). elemsize = strlen(vi->value)+1; data/adios-1.13.1/utils/skeldump/skeldump.c:1254:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pmatch[0].rm_eo == strlen(name) // to the very end of the name data/adios-1.13.1/utils/skeldump/skeldump.c:1290:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pmatch[0].rm_eo == strlen(name) // to the very end of the name data/adios-1.13.1/wrappers/matlab/adiosreadc.c:83:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(fname) > 0) { data/adios-1.13.1/wrappers/matlab/adiosreadc.c:114:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen(gname)==0 || !strcmp(gname,"/") || !strcmp(gname," ")) { data/adios-1.13.1/wrappers/numpy/adios.cpp:594:87: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s)) data/adios-1.13.1/wrappers/numpy/adios.cpp:714:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). __PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c)); data/adios-1.13.1/wrappers/numpy/adios.cpp:1177:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int strlen; data/adios-1.13.1/wrappers/numpy/adios.cpp:1476:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). PyObject *(*read)(struct __pyx_obj_5adios_var *, int __pyx_skip_dispatch, struct __pyx_opt_args_5adios_3var_read *__pyx_optional_args); data/adios-1.13.1/wrappers/numpy/adios.cpp:12318:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). __pyx_v_strlen = __pyx_optional_args->strlen; data/adios-1.13.1/wrappers/numpy/adios.cpp:23202:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). __pyx_t_8 = strlen(((char *)__pyx_v_self->vp->value)); data/adios-1.13.1/wrappers/numpy/adios.cpp:26529:41: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). __pyx_t_1 = __pyx_vtabptr_5adios_var->read(__pyx_v_self, 1, &__pyx_t_2); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 1488, __pyx_L1_error) data/adios-1.13.1/wrappers/numpy/adios.cpp:28012:85: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). __pyx_t_7 = ((struct __pyx_vtabstruct_5adios_var *)__pyx_v_self->__pyx_vtab)->read(__pyx_v_self, 0, &__pyx_t_9); if (unlikely(!__pyx_t_7)) __PYX_ERR(0, 1661, __pyx_L1_error) data/adios-1.13.1/wrappers/numpy/adios.cpp:28342:88: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). __pyx_t_13 = ((struct __pyx_vtabstruct_5adios_var *)__pyx_v_self->__pyx_vtab)->read(__pyx_v_self, 0, &__pyx_t_9); if (unlikely(!__pyx_t_13)) __PYX_ERR(0, 1680, __pyx_L1_error) data/adios-1.13.1/wrappers/numpy/adios.cpp:58311:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str)); data/adios-1.13.1/wrappers/numpy/adios_mpi.cpp:596:87: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s)) data/adios-1.13.1/wrappers/numpy/adios_mpi.cpp:716:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). __PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c)); data/adios-1.13.1/wrappers/numpy/adios_mpi.cpp:1199:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int strlen; data/adios-1.13.1/wrappers/numpy/adios_mpi.cpp:1792:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). PyObject *(*read)(struct __pyx_obj_9adios_mpi_var *, int __pyx_skip_dispatch, struct __pyx_opt_args_9adios_mpi_3var_read *__pyx_optional_args); data/adios-1.13.1/wrappers/numpy/adios_mpi.cpp:12726:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). __pyx_v_strlen = __pyx_optional_args->strlen; data/adios-1.13.1/wrappers/numpy/adios_mpi.cpp:23634:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). __pyx_t_8 = strlen(((char *)__pyx_v_self->vp->value)); data/adios-1.13.1/wrappers/numpy/adios_mpi.cpp:26961:45: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). __pyx_t_1 = __pyx_vtabptr_9adios_mpi_var->read(__pyx_v_self, 1, &__pyx_t_2); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 1487, __pyx_L1_error) data/adios-1.13.1/wrappers/numpy/adios_mpi.cpp:28444:89: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). __pyx_t_7 = ((struct __pyx_vtabstruct_9adios_mpi_var *)__pyx_v_self->__pyx_vtab)->read(__pyx_v_self, 0, &__pyx_t_9); if (unlikely(!__pyx_t_7)) __PYX_ERR(0, 1660, __pyx_L1_error) data/adios-1.13.1/wrappers/numpy/adios_mpi.cpp:28774:92: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). __pyx_t_13 = ((struct __pyx_vtabstruct_9adios_mpi_var *)__pyx_v_self->__pyx_vtab)->read(__pyx_v_self, 0, &__pyx_t_9); if (unlikely(!__pyx_t_13)) __PYX_ERR(0, 1679, __pyx_L1_error) data/adios-1.13.1/wrappers/numpy/adios_mpi.cpp:58735:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str)); ANALYSIS SUMMARY: Hits = 2977 Lines analyzed = 302172 in approximately 9.22 seconds (32774 lines/second) Physical Source Lines of Code (SLOC) = 215712 Hits@level = [0] 3216 [1] 633 [2] 1675 [3] 34 [4] 634 [5] 1 Hits@level+ = [0+] 6193 [1+] 2977 [2+] 2344 [3+] 669 [4+] 635 [5+] 1 Hits/KSLOC@level+ = [0+] 28.7096 [1+] 13.8008 [2+] 10.8663 [3+] 3.10136 [4+] 2.94374 [5+] 0.00463581 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.