Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/autoclass-3.3.6.dfsg.1/data/tests.c
Examining data/autoclass-3.3.6.dfsg.1/prog/globals.h
Examining data/autoclass-3.3.6.dfsg.1/prog/autoclass.make.alpha.cc
Examining data/autoclass-3.3.6.dfsg.1/prog/globals.c
Examining data/autoclass-3.3.6.dfsg.1/prog/model-update.c
Examining data/autoclass-3.3.6.dfsg.1/prog/intf-sigma-contours.c
Examining data/autoclass-3.3.6.dfsg.1/prog/init.c
Examining data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c
Examining data/autoclass-3.3.6.dfsg.1/prog/statistics.c
Examining data/autoclass-3.3.6.dfsg.1/prog/intf-extensions.c
Examining data/autoclass-3.3.6.dfsg.1/prog/struct-model.c
Examining data/autoclass-3.3.6.dfsg.1/prog/autoclass.make.solaris.cc
Examining data/autoclass-3.3.6.dfsg.1/prog/autoclass.h
Examining data/autoclass-3.3.6.dfsg.1/prog/minmax.h
Examining data/autoclass-3.3.6.dfsg.1/prog/search-converge.c
Examining data/autoclass-3.3.6.dfsg.1/prog/struct-clsf.c
Examining data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c
Examining data/autoclass-3.3.6.dfsg.1/prog/model-single-multinomial.c
Examining data/autoclass-3.3.6.dfsg.1/prog/params.h
Examining data/autoclass-3.3.6.dfsg.1/prog/model-single-normal-cn.c
Examining data/autoclass-3.3.6.dfsg.1/prog/search-control.c
Examining data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c
Examining data/autoclass-3.3.6.dfsg.1/prog/model-expander-3.c
Examining data/autoclass-3.3.6.dfsg.1/prog/getparams.c
Examining data/autoclass-3.3.6.dfsg.1/prog/getparams.h
Examining data/autoclass-3.3.6.dfsg.1/prog/matrix-utilities.c
Examining data/autoclass-3.3.6.dfsg.1/prog/model-transforms.c
Examining data/autoclass-3.3.6.dfsg.1/prog/model-multi-normal-cn.c
Examining data/autoclass-3.3.6.dfsg.1/prog/utils.c
Examining data/autoclass-3.3.6.dfsg.1/prog/io-results-bin.c
Examining data/autoclass-3.3.6.dfsg.1/prog/struct-data.c
Examining data/autoclass-3.3.6.dfsg.1/prog/autoclass.make.hp.cc
Examining data/autoclass-3.3.6.dfsg.1/prog/struct-matrix.c
Examining data/autoclass-3.3.6.dfsg.1/prog/intf-influence-values.c
Examining data/autoclass-3.3.6.dfsg.1/prog/autoclass.c
Examining data/autoclass-3.3.6.dfsg.1/prog/utils-math.c
Examining data/autoclass-3.3.6.dfsg.1/prog/search-basic.c
Examining data/autoclass-3.3.6.dfsg.1/prog/io-read-model.c
Examining data/autoclass-3.3.6.dfsg.1/prog/struct-class.c
Examining data/autoclass-3.3.6.dfsg.1/prog/predictions.c
Examining data/autoclass-3.3.6.dfsg.1/prog/io-results.c
Examining data/autoclass-3.3.6.dfsg.1/prog/model-single-normal-cm.c
Examining data/autoclass-3.3.6.dfsg.1/prog/prints.c
Examining data/autoclass-3.3.6.dfsg.1/prog/fcntlcom-ac.h
Examining data/autoclass-3.3.6.dfsg.1/sample/read.me.c
Examining data/autoclass-3.3.6.dfsg.1/debian/simple.c
FINAL RESULTS:
data/autoclass-3.3.6.dfsg.1/prog/getparams.c:134:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(bp, "%s", input_string);
data/autoclass-3.3.6.dfsg.1/prog/getparams.c:150:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( (char *) pp->paramptr_overridden, string_char_paramptr);
data/autoclass-3.3.6.dfsg.1/prog/getparams.c:178:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(bp, "%s", input_string);
data/autoclass-3.3.6.dfsg.1/prog/getparams.c:189:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(bp, "%s", input_string);
data/autoclass-3.3.6.dfsg.1/prog/getparams.c:200:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(bp, "%s", input_string);
data/autoclass-3.3.6.dfsg.1/prog/getparams.c:243:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(bp, "%s", input_string);
data/autoclass-3.3.6.dfsg.1/prog/getparams.c:288:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( params[nparams].paramname, name);
data/autoclass-3.3.6.dfsg.1/prog/init.c:57:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( G_absolute_pathname, slash);
data/autoclass-3.3.6.dfsg.1/prog/init.c:61:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( G_absolute_pathname, slash);
data/autoclass-3.3.6.dfsg.1/prog/intf-extensions.c:68:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( clsf->reports->current_results, results_file_ptr);
data/autoclass-3.3.6.dfsg.1/prog/intf-extensions.c:191:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( att_model_term_type_array[i_att], integer_p ?
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:414:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( influence_report_pathname, influ_vals_file_ptr);
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:428:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( influence_report_pathname, clsf_num_string);
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:529:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( xref_case_report_pathname, xref_case_file_ptr);
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:538:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( xref_case_report_pathname, clsf_num_string);
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:579:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( xref_class_report_pathname, xref_class_file_ptr);
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:588:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( xref_class_report_pathname, clsf_num_string);
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:735:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( discrete_attribute_data[n_discrete_att - 1],
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:1104:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf( xref_report_fp, divider_format, blank);
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:1111:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf( xref_report_fp, dashed_line);
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:1277:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( report_attribute_strings[i]->att_dscrp, att_dscrp);
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:1311:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( (*attribute_formats_ptr)[i], str);
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:1391:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf( xref_class_report_fp, (print_atts_p == TRUE) ? "\n%6d" : "\n%11d",
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:1396:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf( xref_class_report_fp, (*attribute_formats_ptr)[i],
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:1406:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf( xref_class_report_fp, (*attribute_formats_ptr)[i], question_mark);
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:1411:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf( xref_class_report_fp, (*attribute_formats_ptr)[i],
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:1421:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf( xref_class_report_fp,
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:1568:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf( influence_report_fp, header, (comment_data_headers_p == TRUE) ? "#" : "",
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:1576:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf( influence_report_fp, header, "");
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:1731:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( a_term_type, rpt_att_model_term_type( clsf, clsf_class_number, n_att));
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:1753:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( term_types[num_term_types], a_term_type);
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:1769:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(title_line_2, temp);
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:1902:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf( influence_report_fp, dashes);
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:1903:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf( influence_report_fp, dashes);
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:1937:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf( influence_report_fp, dashes);
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:1938:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf( influence_report_fp, dashes);
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:1972:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf( influence_report_fp, output_title,
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:1984:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf( influence_report_fp, output_title,
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:2032:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf( influence_report_fp, output_title,
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:2043:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf( influence_report_fp, output_title,
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:2090:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf( influence_report_fp, title_line_1);
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:2094:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf( influence_report_fp, title_line_2);
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:2350:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( model_term_type_symbol, (eqstring( print_string, "ignore"))
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:2357:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( strcat( strncat( temp, description, line_length),
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:2357:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( strcat( strncat( temp, description, line_length),
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:2467:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( strcat( discrete_string_name, (name_length < name_max) ? " " : ""), temp);
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:2467:15: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( strcat( discrete_string_name, (name_length < name_max) ? " " : ""), temp);
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:2486:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( formatted_p_p_star_list[list_index].discrete_string_name, discrete_string_name);
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:2512:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( e_format_string, format_string_1, header,
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:2524:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( e_format_string, format_string_2,
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:2618:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( e_format_string, format_string_1,
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:2630:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( e_format_string, format_string_2,
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:2838:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( suffix_string, e_format_string);
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:2862:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( suffix_string, e_format_string + char_cnt + 1);
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:2864:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( (char *) filtered_numeric_string, suffix_string);
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:2868:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( e_format_string, (char *) filtered_numeric_string);
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:2871:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( (char *) filtered_numeric_string, e_format_string);
data/autoclass-3.3.6.dfsg.1/prog/intf-sigma-contours.c:187:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( e_format_string, format_string,
data/autoclass-3.3.6.dfsg.1/prog/intf-sigma-contours.c:304:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( att_loc_string, model->att_locs[att_index]);
data/autoclass-3.3.6.dfsg.1/prog/intf-sigma-contours.c:313:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( att_loc_string, ++str_index);
data/autoclass-3.3.6.dfsg.1/prog/intf-sigma-contours.c:315:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( att_loc_string, model->att_locs[*trans_att_index]);
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:130:3: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(header_file_fp, "%s %d\n", def_name_string, &num);
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:133:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(header_file_fp, "%s", def_name_string);
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:291:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(d_base->data_file, data_file_ptr);
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:292:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(d_base->header_file, header_file_ptr);
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:413:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(msg, warning_msg);
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:436:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(msg, warning_msg);
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:441:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( msg, warning_msg);
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:449:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( msg, warning_msg);
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:450:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( msg, errors->model_expander_warnings[i]);
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:455:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( msg, warning_msg);
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:458:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( msg, warning_msg);
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:490:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( msg, str);
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:491:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( msg, errors->model_expander_errors[i]);
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:1161:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(att->type, type_ptr);
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:1162:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(att->sub_type, sub_type_ptr);
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:1171:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(att->dscrp, dscrp_ptr);
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:1552:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(invalid_error->value, value);
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:1594:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(attribute->translations[val], value);
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:1669:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(line_tokens[length - 1], form);
data/autoclass-3.3.6.dfsg.1/prog/io-read-model.c:242:7: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(stream, "%s", temp);
data/autoclass-3.3.6.dfsg.1/prog/io-read-model.c:252:7: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(stream, "%s", temp); /* all we had was paren so get next */
data/autoclass-3.3.6.dfsg.1/prog/io-read-model.c:263:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(list[*num - 1], temp);
data/autoclass-3.3.6.dfsg.1/prog/io-read-model.c:273:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(list[*num - 1], temp);
data/autoclass-3.3.6.dfsg.1/prog/io-read-model.c:331:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(model->model_file, source);
data/autoclass-3.3.6.dfsg.1/prog/io-read-model.c:406:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(set_type, model_group[i_group][0]);
data/autoclass-3.3.6.dfsg.1/prog/io-read-model.c:472:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(default_set_type, set_type);
data/autoclass-3.3.6.dfsg.1/prog/io-read-model.c:558:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(model->terms[num]->type, model_type);
data/autoclass-3.3.6.dfsg.1/prog/io-read-model.c:646:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(model->terms[num]->type, model_type);
data/autoclass-3.3.6.dfsg.1/prog/io-read-model.c:734:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(model->terms[num]->type, model_type);
data/autoclass-3.3.6.dfsg.1/prog/io-results-bin.c:89:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( str, "ac_version %s", G_ac_version);
data/autoclass-3.3.6.dfsg.1/prog/io-results-bin.c:125:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( model_num_string, "%s %d", model_string, i);
data/autoclass-3.3.6.dfsg.1/prog/io-results-bin.c:200:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( props_string, "%s %s %d", (char *) att_info->props[i][0],
data/autoclass-3.3.6.dfsg.1/prog/io-results-bin.c:205:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( props_string, "%s %s %f", (char *) att_info->props[i][0],
data/autoclass-3.3.6.dfsg.1/prog/io-results-bin.c:210:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( props_string, "%s %s %s", (char *) att_info->props[i][0],
data/autoclass-3.3.6.dfsg.1/prog/io-results-bin.c:477:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf( line, "%s %s", token1, token2);
data/autoclass-3.3.6.dfsg.1/prog/io-results-bin.c:554:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf( line, "%s", token1);
data/autoclass-3.3.6.dfsg.1/prog/io-results-bin.c:576:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf( line, "%s", token1);
data/autoclass-3.3.6.dfsg.1/prog/io-results-bin.c:723:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf( line, "%s %s %s", token1, token2, token3);
data/autoclass-3.3.6.dfsg.1/prog/io-results-bin.c:725:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( token_ptr, token1);
data/autoclass-3.3.6.dfsg.1/prog/io-results-bin.c:738:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( string_value, token3);
data/autoclass-3.3.6.dfsg.1/prog/io-results-bin.c:759:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( att->warnings_and_errors->unspecified_dummy_warning, token1);
data/autoclass-3.3.6.dfsg.1/prog/io-results-bin.c:767:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( att->warnings_and_errors->single_valued_warning, token2);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:315:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system( str);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:318:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system( str);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:518:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( line, warnings_and_errors->model_expander_warnings[i]);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:528:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( line, warnings_and_errors->model_expander_errors[i]);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1026:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( file, file_pathname);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1031:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( binary_file, file_pathname);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1038:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( file, file_pathname);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1043:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( binary_file, file_pathname);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1071:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( *found_file_ptr, binary_file);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1080:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( *found_file_ptr, file);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1145:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( file, file_pathname);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1150:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( binary_file, file_pathname);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1167:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( *found_file_ptr, file);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1177:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( *found_file_ptr, binary_file);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1286:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf( line, "%s %s", token1, token2);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1350:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf( line, "%s %s", token1, token2);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1365:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf( line, "%s", token1);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1373:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf( line, "%s", token1);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1393:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf( line, "%s", token1);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1401:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf( line, "%s", token1);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1418:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf( line, "%s", token1);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1462:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf( line, "%s\n", token);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1469:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf( line, "%s %s", data_file, header_file);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1476:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(d_base->data_file, data_file);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1477:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(d_base->header_file, header_file);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1515:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf( line, "%s %d", token1, &file_model_index);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1524:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf( line, "%s %d", model->id, &model->file_index);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1527:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf( line, "%s", model->model_file);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1531:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf( line, "%s %s %d", model->data_file, model->header_file,
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1571:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf( line, "%s %d", token1, &file_n_class);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1618:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf( line, "%s %d", token1, &file_model_file_index);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1656:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf( line, "%s %d", token1, &file_n_att);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1670:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( att->type, token_list[0]);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1671:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( att->sub_type, token_list[1]);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1672:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( att->dscrp, token_list[2]);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1731:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf( line, "%d %s", &int_token, token2);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1733:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( att->translations[i], token2);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1745:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf( line, "%s %s %s", token1, token2, token3);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1747:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( token_ptr, token1);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1760:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( string_value, token3);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1778:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf( line, "%s %s %d %d", token1, token2,
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1784:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( att->warnings_and_errors->unspecified_dummy_warning, token1);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1788:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( att->warnings_and_errors->single_valued_warning, token2);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1797:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( att->warnings_and_errors->model_expander_warnings[i], line);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1806:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( att->warnings_and_errors->model_expander_errors[i], line);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1828:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf( line, "%s %d", token1, &file_n_parm);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1958:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf( line, "%s", token1);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1968:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf( line, "%s", token1);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1980:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf( line, "%s", token1);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1990:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf( line, "%s", token1);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:2002:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf( line, "%s", token1);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:2029:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf( line, "%s", token1);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:2060:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf( line, "%s", token1);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:2070:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf( line, "%s", token1);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:2080:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf( line, "%s", token1);
data/autoclass-3.3.6.dfsg.1/prog/model-expander-3.c:158:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(term_type, term->type); /* The type of term set */
data/autoclass-3.3.6.dfsg.1/prog/model-expander-3.c:174:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(att_type, att->type); /* One of 'real, 'discrete & etc. */
data/autoclass-3.3.6.dfsg.1/prog/model-expander-3.c:177:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "n_%s", att_type); /* this statement added 3/2/JTP*/
data/autoclass-3.3.6.dfsg.1/prog/model-expander-3.c:183:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(att_sub_type, att->sub_type);
data/autoclass-3.3.6.dfsg.1/prog/model-expander-3.c:200:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(att_sub_type, att_info[att_index]->sub_type);
data/autoclass-3.3.6.dfsg.1/prog/model-expander-3.c:203:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "n_%s", att_sub_type);
data/autoclass-3.3.6.dfsg.1/prog/model-expander-3.c:280:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(model->att_ignore_ids[new_i], model->att_ignore_ids[old_i]);
data/autoclass-3.3.6.dfsg.1/prog/model-transforms.c:39:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( str, short_str);
data/autoclass-3.3.6.dfsg.1/prog/model-transforms.c:106:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(att_type, att->type);
data/autoclass-3.3.6.dfsg.1/prog/model-transforms.c:107:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(att_subtype, att->sub_type);
data/autoclass-3.3.6.dfsg.1/prog/model-transforms.c:271:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_att->type, att->type);
data/autoclass-3.3.6.dfsg.1/prog/model-transforms.c:346:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_att->type, att->type);
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:276:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "\n----------- SEARCH STATUS as of %s -----------\n",
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:460:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s%s",(saved_p) ? " *SAVED*":"", (new_line_p) ? "\n" : "");
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:1340:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system( str);
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:1344:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system( str);
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:1539:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf( line, "%s", token);
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:1561:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf( line, "%s", token);
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:1623:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf( line, "%s %d", token, &file_try_index);
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:1638:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf( line, "%s %d %s %d", token, &file_try_index, dup_token, &dup_file_try_index);
data/autoclass-3.3.6.dfsg.1/prog/search-control.c:391:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( results_file_ptr, results_file);
data/autoclass-3.3.6.dfsg.1/prog/search-control.c:397:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( results_file_ptr, results_file);
data/autoclass-3.3.6.dfsg.1/prog/search-control.c:514:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( results_file_ptr, results_file);
data/autoclass-3.3.6.dfsg.1/prog/search-control.c:628:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, " %s%d->%d(%d) ", "best", latest_try->j_in, latest_try->j_out, search->n);
data/autoclass-3.3.6.dfsg.1/prog/search-control.c:630:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, " %s%d->%d(%d) ", "dup", latest_try->j_in, latest_try->j_out, search->n);
data/autoclass-3.3.6.dfsg.1/prog/search-control.c:656:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(n_classes_explain, temp_str);
data/autoclass-3.3.6.dfsg.1/prog/struct-data.c:297:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( transform, att_i->sub_type);
data/autoclass-3.3.6.dfsg.1/prog/utils.c:135:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(time_string," %d day%s", days, (days > 1) ? "s" : "");
data/autoclass-3.3.6.dfsg.1/prog/utils.c:137:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(temp_string," %d hour%s", hours, (hours > 1) ? "s" : "");
data/autoclass-3.3.6.dfsg.1/prog/utils.c:138:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(time_string, temp_string);
data/autoclass-3.3.6.dfsg.1/prog/utils.c:141:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(temp_string," %d minute%s", minutes, (minutes > 1) ? "s" : "");
data/autoclass-3.3.6.dfsg.1/prog/utils.c:142:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(time_string, temp_string);
data/autoclass-3.3.6.dfsg.1/prog/utils.c:145:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(temp_string," %d second%s", seconds, (seconds > 1) ? "s" : "");
data/autoclass-3.3.6.dfsg.1/prog/utils.c:146:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(time_string, temp_string);
data/autoclass-3.3.6.dfsg.1/prog/utils.c:237:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( msg_string, " [checkpt clsf (j=%d, cycle=%d) at %s] ", clsf->n_classes,
data/autoclass-3.3.6.dfsg.1/prog/utils.c:502:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf( line, "%s", answer);
data/autoclass-3.3.6.dfsg.1/prog/utils.c:676:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(t1, "%s", (char *) G_plist[i][0]);
data/autoclass-3.3.6.dfsg.1/prog/utils.c:677:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(t2, "%s", (char *) G_plist[i][1]);
data/autoclass-3.3.6.dfsg.1/prog/utils.c:704:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(G_plist[n][0], target);
data/autoclass-3.3.6.dfsg.1/prog/utils.c:707:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(G_plist[n][1], pname);
data/autoclass-3.3.6.dfsg.1/prog/utils.c:1157:16: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
return_cnt = vfprintf( stream, format, arg_addr);
data/autoclass-3.3.6.dfsg.1/prog/utils.c:1190:22: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
return_cnt = (int) vsprintf( str, format, arg_addr);
data/autoclass-3.3.6.dfsg.1/data/tests.c:127:66: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
;;; BLOCK-SET-CLSF TESTS (.s-params files configured for **non**-random trials)
data/autoclass-3.3.6.dfsg.1/prog/autoclass.h:15:15: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
extern double drand48(void);
data/autoclass-3.3.6.dfsg.1/prog/autoclass.h:16:15: [3] (random) erand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
extern double erand48(unsigned short *);
data/autoclass-3.3.6.dfsg.1/prog/autoclass.h:17:13: [3] (random) jrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
extern long jrand48(unsigned short *);
data/autoclass-3.3.6.dfsg.1/prog/autoclass.h:18:13: [3] (random) lcong48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
extern void lcong48(unsigned short *);
data/autoclass-3.3.6.dfsg.1/prog/autoclass.h:19:13: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
extern long lrand48(void);
data/autoclass-3.3.6.dfsg.1/prog/autoclass.h:20:13: [3] (random) mrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
extern long mrand48(void);
data/autoclass-3.3.6.dfsg.1/prog/autoclass.h:21:13: [3] (random) nrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
extern long nrand48(unsigned short *);
data/autoclass-3.3.6.dfsg.1/prog/autoclass.h:22:24: [3] (random) seed48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
extern unsigned short *seed48(unsigned short *);
data/autoclass-3.3.6.dfsg.1/prog/autoclass.h:48:17: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define srand48 srand
data/autoclass-3.3.6.dfsg.1/prog/autoclass.h:605:8: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
double drand48();
data/autoclass-3.3.6.dfsg.1/prog/autoclass.h:607:6: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
long lrand48();
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:1065:28: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
diff += (min( (double) lrand48( ), G_rand_base_normalizer) / normalizer) -
data/autoclass-3.3.6.dfsg.1/prog/utils.c:429:33: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
temp = (int) (min( (double) lrand48( ), G_rand_base_normalizer) / normalizer);
data/autoclass-3.3.6.dfsg.1/prog/utils.c:441:6: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
long lrand48() {
data/autoclass-3.3.6.dfsg.1/prog/utils.c:464:32: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
i = (int) (min( (double) lrand48( ), G_rand_base_normalizer) / normalizer);
data/autoclass-3.3.6.dfsg.1/prog/autoclass.h:205:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char fxlstr[STRLIMIT];
data/autoclass-3.3.6.dfsg.1/prog/autoclass.h:221:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char shortstr[SHORT_STRING_LENGTH];
data/autoclass-3.3.6.dfsg.1/prog/autoclass.h:222:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char very_long_str[VERY_LONG_STRING_LENGTH];
data/autoclass-3.3.6.dfsg.1/prog/getparams.c:93:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[LINLIM], *bp;
data/autoclass-3.3.6.dfsg.1/prog/getparams.h:28:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char paramname[PARAMNAMLEN];
data/autoclass-3.3.6.dfsg.1/prog/globals.c:31:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char G_absolute_pathname[MAXPATHLEN];
data/autoclass-3.3.6.dfsg.1/prog/globals.c:40:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char G_data_file_format[10] = ""; /* "binary" or "ascii" */
data/autoclass-3.3.6.dfsg.1/prog/init.c:42:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(G_transforms[0] , "log_transform");
data/autoclass-3.3.6.dfsg.1/prog/init.c:43:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( G_transforms[1] , "log_odds_transform");
data/autoclass-3.3.6.dfsg.1/prog/init.c:45:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( G_att_type_data[0] , "dummy");
data/autoclass-3.3.6.dfsg.1/prog/init.c:46:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( G_att_type_data[1] , "none");
data/autoclass-3.3.6.dfsg.1/prog/init.c:47:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( G_att_type_data[2] , "discrete");
data/autoclass-3.3.6.dfsg.1/prog/init.c:48:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( G_att_type_data[3] , "real");
data/autoclass-3.3.6.dfsg.1/prog/init.c:49:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( G_att_type_data[4] , "real_and_error");
data/autoclass-3.3.6.dfsg.1/prog/init.c:56:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( G_absolute_pathname, "<current working directory>");
data/autoclass-3.3.6.dfsg.1/prog/init.c:64:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen( "/usr/ucb/hostname", "r");
data/autoclass-3.3.6.dfsg.1/prog/init.c:92:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t1[0][0], "discrete");
data/autoclass-3.3.6.dfsg.1/prog/init.c:97:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t1temp[0][0], "nominal");
data/autoclass-3.3.6.dfsg.1/prog/init.c:101:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t1temp[1][0], "ordered");
data/autoclass-3.3.6.dfsg.1/prog/init.c:105:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t1temp[2][0], "circular");
data/autoclass-3.3.6.dfsg.1/prog/init.c:110:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t1[1][0], "n_discrete");
data/autoclass-3.3.6.dfsg.1/prog/init.c:120:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
t2 = (char **) malloc(i2[0] * sizeof(char *));
data/autoclass-3.3.6.dfsg.1/prog/init.c:122:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t2[0], "multi_multinomial_d");
data/autoclass-3.3.6.dfsg.1/prog/init.c:124:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t2[1], "multi_multinomial_s");
data/autoclass-3.3.6.dfsg.1/prog/init.c:126:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t2[2], "multi_multinomial_choose");
data/autoclass-3.3.6.dfsg.1/prog/init.c:142:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t1[0][0], "discrete");
data/autoclass-3.3.6.dfsg.1/prog/init.c:147:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t1temp[0][0], "nominal");
data/autoclass-3.3.6.dfsg.1/prog/init.c:151:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t1temp[1][0], "ordered");
data/autoclass-3.3.6.dfsg.1/prog/init.c:155:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t1temp[2][0], "circular");
data/autoclass-3.3.6.dfsg.1/prog/init.c:160:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t1[1][0], "n_discrete");
data/autoclass-3.3.6.dfsg.1/prog/init.c:170:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
t2 = (char **) malloc(i2[0] * sizeof(char *));
data/autoclass-3.3.6.dfsg.1/prog/init.c:172:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t2[0], "multi_multinomial_s");
data/autoclass-3.3.6.dfsg.1/prog/init.c:174:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t2[1], "multi_multinomial_d");
data/autoclass-3.3.6.dfsg.1/prog/init.c:176:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t2[2], "multi_multinomial_choose");
data/autoclass-3.3.6.dfsg.1/prog/init.c:192:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t1[0][0], "real");
data/autoclass-3.3.6.dfsg.1/prog/init.c:197:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t1temp[0][0], "location");
data/autoclass-3.3.6.dfsg.1/prog/init.c:201:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t1temp[1][0], "scalar");
data/autoclass-3.3.6.dfsg.1/prog/init.c:206:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t1temptemp[0][0], "transform");
data/autoclass-3.3.6.dfsg.1/prog/init.c:208:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t1temptemp[0][1], "log_transform");
data/autoclass-3.3.6.dfsg.1/prog/init.c:212:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t1[1][0], "n_real");
data/autoclass-3.3.6.dfsg.1/prog/init.c:216:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t1temp[2][0], "n_scalar");
data/autoclass-3.3.6.dfsg.1/prog/init.c:227:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
t2 = (char **) malloc(i2[0] * sizeof(char *));
data/autoclass-3.3.6.dfsg.1/prog/init.c:229:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t2[0], "multi_normal_cn");
data/autoclass-3.3.6.dfsg.1/prog/init.c:245:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t1[0][0], "discrete");
data/autoclass-3.3.6.dfsg.1/prog/init.c:250:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t1temp[0][0], "nominal");
data/autoclass-3.3.6.dfsg.1/prog/init.c:254:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t1temp[1][0], "ordered");
data/autoclass-3.3.6.dfsg.1/prog/init.c:258:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t1temp[2][0], "circular");
data/autoclass-3.3.6.dfsg.1/prog/init.c:263:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t1[1][0], "n_discrete");
data/autoclass-3.3.6.dfsg.1/prog/init.c:271:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
t2 = (char **) malloc(i2[0] * sizeof(char *));
data/autoclass-3.3.6.dfsg.1/prog/init.c:273:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t2[0], "multi_multinomial_d");
data/autoclass-3.3.6.dfsg.1/prog/init.c:275:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t2[1], "multi_multinomial_s");
data/autoclass-3.3.6.dfsg.1/prog/init.c:277:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t2[2], "multi_multinomial_choose");
data/autoclass-3.3.6.dfsg.1/prog/init.c:293:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t1[0][0], "real");
data/autoclass-3.3.6.dfsg.1/prog/init.c:298:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t1temp[0][0], "location");
data/autoclass-3.3.6.dfsg.1/prog/init.c:302:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t1temp[1][0], "scalar");
data/autoclass-3.3.6.dfsg.1/prog/init.c:307:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t1temptemp[0][0], "transform");
data/autoclass-3.3.6.dfsg.1/prog/init.c:309:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t1temptemp[0][1], "log_transform");
data/autoclass-3.3.6.dfsg.1/prog/init.c:312:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t1temp[2][0], "n_scalar");
data/autoclass-3.3.6.dfsg.1/prog/init.c:319:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t1[1][0], "n_real");
data/autoclass-3.3.6.dfsg.1/prog/init.c:327:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
t2 = (char **) malloc(i2[0] * sizeof(char *));
data/autoclass-3.3.6.dfsg.1/prog/init.c:329:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t2[0], "multi_normal_cn");
data/autoclass-3.3.6.dfsg.1/prog/init.c:345:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t1[0][0], "real");
data/autoclass-3.3.6.dfsg.1/prog/init.c:350:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t1temp[0][0], "location");
data/autoclass-3.3.6.dfsg.1/prog/init.c:354:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t1temp[1][0], "scalar");
data/autoclass-3.3.6.dfsg.1/prog/init.c:359:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t1temptemp[0][0], "transform");
data/autoclass-3.3.6.dfsg.1/prog/init.c:361:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t1temptemp[0][1], "log_transform");
data/autoclass-3.3.6.dfsg.1/prog/init.c:364:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t1temp[2][0], "n_scalar");
data/autoclass-3.3.6.dfsg.1/prog/init.c:371:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t1[1][0], "n_real");
data/autoclass-3.3.6.dfsg.1/prog/init.c:389:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(types[0][0], "real");
data/autoclass-3.3.6.dfsg.1/prog/init.c:391:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(types[0][1], "location");
data/autoclass-3.3.6.dfsg.1/prog/init.c:393:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(types[0][2], "scalar");
data/autoclass-3.3.6.dfsg.1/prog/intf-influence-values.c:230:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return ( atoi( class->model->att_locs[n_att]));
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:161:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
reports_params_file_fp = fopen( reports_params_file_ptr, "r");
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:221:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
log_file_fp = fopen( log_file_ptr, "a");
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:230:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( autoclass_mode, "-PREDICT");
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:232:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( autoclass_mode, "-REPORTS");
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:250:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
search_file_fp = fopen( search_file_ptr, "r");
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:406:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clsf_num_string[4];
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:419:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( influence_report_pathname, "o-");
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:421:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( influence_report_pathname, "no-");
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:424:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( influence_report_pathname, "text-");
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:426:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( influence_report_pathname, "data-");
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:427:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( clsf_num_string, "%d", clsf_num);
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:434:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
influence_report_fp = fopen( influence_report_pathname, "w");
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:522:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clsf_num_string[4];
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:534:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( xref_case_report_pathname, "text-");
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:536:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( xref_case_report_pathname, "data-");
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:537:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( clsf_num_string, "%d", clsf_num);
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:539:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
xref_case_report_fp = fopen( xref_case_report_pathname, "w");
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:572:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clsf_num_string[4];
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:584:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( xref_class_report_pathname, "text-");
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:586:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( xref_class_report_pathname, "data-");
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:587:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( clsf_num_string, "%d", clsf_num);
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:590:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
xref_class_report_fp = fopen( xref_class_report_pathname, "w");
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:1063:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dashed_line[92] = "------------------------------------------------------------"
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:1103:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( divider_format, "%%%dc", blank_cnt);
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:1292:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( str, " %%-%ds", report_attribute_strings[i]->dscrp_length);
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:1294:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( str, " %%-%dg", report_attribute_strings[i]->dscrp_length);
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:1385:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( prob_tab_format, "\n%%%dc", prob_tab);
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:1386:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( prob_tab_format, "%2d %5.3f");
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:1451:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char class_number_type[5] = "clsf";
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:1503:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char class_number_type[5] = "clsf";
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:1690:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title_line_1[2*STRLIMIT] = "", title_line_2[3*STRLIMIT] = "", *att_type;
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:1768:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
term_types[i], (char *) get( term_types[i], "print_string"));
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:2322:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char header[60], header_continued[60];
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:2328:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *type, type_letter[2], *description, model_term_type_symbol[] = " ";
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:2444:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char header_prefix[60];
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:2598:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char header_prefix[60];
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:2830:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *filtered_numeric_string[STRLIMIT];
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:90:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( str, "\nDo you want to EXIT - {y/n}? ");
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:184:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output_msg_type[8] = ":read";
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:194:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( output_msg_type, ":expand");
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:306:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
data_file_fp = fopen( data_file_ptr, "rb");
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:308:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
data_file_fp = fopen( data_file_ptr, "r");
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:442:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( msg,
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:735:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char **instance, db2_bin_header[10] = "";
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:739:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment_chars[4], caller[] = "read_data";
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:926:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( att_info[att_num]->warnings_and_errors->unspecified_dummy_warning, "true");
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:1638:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char form[VERY_LONG_TOKEN_LENGTH];
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:1639:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datum_string[VERY_LONG_STRING_LENGTH];
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:1709:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s2, "eof");
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:1713:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s2, "eof");
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:1724:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s2, "comment");
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:1758:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s2, "eof");
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:1877:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(att->warnings_and_errors->single_valued_warning, "true");
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:1976:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(att->warnings_and_errors->single_valued_warning, "true");
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:2092:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[VERY_LONG_TOKEN_LENGTH];
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:2138:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( output_msg_type, ":expand");
data/autoclass-3.3.6.dfsg.1/prog/io-read-model.c:229:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[255], /* arbitrarilyh chose 255 but no check done*/
data/autoclass-3.3.6.dfsg.1/prog/io-read-model.c:443:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model->att_locs[n_att], "ignore");
data/autoclass-3.3.6.dfsg.1/prog/io-read-model.c:444:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model->att_ignore_ids[n_att], "ignore_model");
data/autoclass-3.3.6.dfsg.1/prog/io-read-model.c:794:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(locs[i], "ignore");
data/autoclass-3.3.6.dfsg.1/prog/io-read-model.c:797:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(att_ignore_ids[i], "transformed-attribute-ignored");
data/autoclass-3.3.6.dfsg.1/prog/io-read-model.c:800:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(att_ignore_ids[i], "att_type_not_specified");
data/autoclass-3.3.6.dfsg.1/prog/io-read-model.c:802:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(att_ignore_ids[i], "att_type_is_dummy");
data/autoclass-3.3.6.dfsg.1/prog/io-read-model.c:804:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(att_ignore_ids[i], "model_term_not_specified");
data/autoclass-3.3.6.dfsg.1/prog/io-results-bin.c:80:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( str, "# ordered sequence of clsf_DS's: 0 -> %d", num - 1);
data/autoclass-3.3.6.dfsg.1/prog/io-results-bin.c:84:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( str, "# clsf_DS %d: log_a_x_h = %.7e", i,
data/autoclass-3.3.6.dfsg.1/prog/io-results-bin.c:437:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
safe_fwrite( results_fp, (char *) classes[i], sizeof( struct class), CLASS_TYPE,
data/autoclass-3.3.6.dfsg.1/prog/io-results-bin.c:728:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*int_value = atoi( token3);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:271:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( ext_type, "results_bin");
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:272:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( temp_ext_type, "results_tmp_bin");
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:275:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( ext_type, "results");
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:276:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( temp_ext_type, "results_tmp");
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:281:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( ext_type, "checkpoint_bin");
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:282:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( temp_ext_type, "checkpoint_tmp_bin");
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:285:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( ext_type, "checkpoint");
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:286:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( temp_ext_type, "checkpoint_tmp");
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:300:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
save_file_fp = fopen( temp_save_file, (save_compact_p) ? "wb" : "w");
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:303:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
save_file_fp = fopen( save_file, (save_compact_p) ? "wb" : "w");
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:312:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((save_file_fp = fopen( save_file, "r")) != NULL) {
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:967:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_fp = fopen( *file_ptr, "r");
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1027:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (user_extension, "ascii");
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1032:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (user_extension, "binary");
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1039:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (user_extension, "ascii");
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1044:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (user_extension, "binary");
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1068:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
binary_file_fp = fopen( binary_file, "rb");
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1077:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_fp = fopen( file, "r");
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1146:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (user_extension, "ascii");
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1151:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (user_extension, "binary");
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1163:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_fp = fopen( file, "r");
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1166:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( G_data_file_format, "ascii");
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1173:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
binary_file_fp = fopen( binary_file, "rb");
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1176:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( G_data_file_format, "binary");
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1227:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
results_file_fp = fopen( results_file_ptr, "rb");
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1233:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
results_file_fp = fopen( results_file_ptr, "r");
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1242:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
results_file_fp = fopen( results_file_ptr, "rb");
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1248:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
results_file_fp = fopen( results_file_ptr, "r");
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1750:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*int_value = atoi( token3);
data/autoclass-3.3.6.dfsg.1/prog/model-expander-3.c:278:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(model->att_locs[old_i], "TRANSFORMED->%d", new_i);
data/autoclass-3.3.6.dfsg.1/prog/model-expander-3.c:279:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(model->att_locs[new_i], "%d", n_term);
data/autoclass-3.3.6.dfsg.1/prog/model-single-normal-cm.c:78:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(att->warnings_and_errors->model_expander_errors[n],
data/autoclass-3.3.6.dfsg.1/prog/model-single-normal-cm.c:143:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(att->warnings_and_errors->model_expander_warnings[n],
data/autoclass-3.3.6.dfsg.1/prog/model-single-normal-cn.c:72:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(att->warnings_and_errors->model_expander_errors[n],
data/autoclass-3.3.6.dfsg.1/prog/model-single-normal-cn.c:139:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(att->warnings_and_errors->model_expander_errors[n],
data/autoclass-3.3.6.dfsg.1/prog/model-transforms.c:38:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(short_str, "%d ", att_list[i]);
data/autoclass-3.3.6.dfsg.1/prog/model-transforms.c:272:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(new_att->sub_type, "log_transform");
data/autoclass-3.3.6.dfsg.1/prog/model-transforms.c:347:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(new_att->sub_type, "log_odds_transform_c");
data/autoclass-3.3.6.dfsg.1/prog/predictions.c:48:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
header_file_fp = fopen( header_file_ptr, "r");
data/autoclass-3.3.6.dfsg.1/prog/predictions.c:50:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
model_file_fp = fopen( model_file_ptr, "r");
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:135:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "\nWELCOME TO AUTOCLASS.\n");
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:137:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, " 1) Each time I have finished a new 'trial', or attempt to find a good\n");
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:139:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, " classification, I will print the number of classes that trial\n");
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:141:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, " started and ended with, such as 9->7.\n");
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:143:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, " 2) If that trial results in a duplicate of a previous run, I will print\n");
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:145:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, " 'dup' first.\n");
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:147:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, " 3) If that trial results in a classification better than any previous, \n");
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:149:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, " I will print 'best' first.\n");
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:155:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, " classification has been found which is better than any previous ones,\n");
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:157:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, " I will report on that classification and on the status of the search\n"
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:160:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, " 5) This report will include an estimate of the time it will take to find\n");
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:162:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, " another even better classification, and how much better that will be.\n");
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:164:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, " In addition, I will estimate a lower bound on how long it might take to\n");
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:166:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, " find the very best classification, and how much better that might be.\n");
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:174:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( str, " 7) Since interactive_p = false, I will continue searching\n ");
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:176:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( str, " 7) To quit searching, type a 'q', hit <return>, and wait. Otherwise I'll\n"
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:182:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "until I complete trial number (%d).\n", max_n_tries);
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:184:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "forever.\n");
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:265:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str,
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:273:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "(Also found %d other better than last report.)\n", n_not_reported);
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:289:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "times more probable.\n");
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:296:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "times more probable.\n");
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:304:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "to");
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:307:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "times more probable.\n");
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:331:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "Overhead time is %.1f %% of total search time\n", (time_overhead * 100.0));
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:457:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, " DUPS %d", try->n_duplicates);
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:525:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( str, "[reconverge \"chkpt\" j_in=%d] ", j_in);
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:535:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( str, "[reconverge \"results\" j_in=%d] ", j_in);
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:539:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( str, "[j_in=%d] ", j_in);
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:648:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, " [c: cycles %d]", n_cycles);
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:734:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, " [cs-3: cycles %d]", count);
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:827:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, " [cs-3a: cycles %d]", count);
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:957:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, " [cs-4: cycles %d]", count);
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:1327:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
search_file_fp = fopen( temp_search_file, "w");
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:1330:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
search_file_fp = fopen( search_file_ptr, "w");
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:1337:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((search_file_fp = fopen( search_file_ptr, "r")) != NULL) {
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:1382:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(id, "search_try_DS %d", i);
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:1416:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( dup_id, "search_try_DS %d dup_try_DS %d", try_index, dup_index);
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:1784:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( str, "It has %d CLASSES with WEIGHTS", clsf->n_classes);
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:1791:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( str, " %d", *(temp_num_ptr + i));
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:1813:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, " exp(%.1f) ", log_number);
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:1816:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "[= %.1e] ", safe_exp( log_number));
data/autoclass-3.3.6.dfsg.1/prog/search-control.c:193:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_str[5], caller[] = "autoclass_search";
data/autoclass-3.3.6.dfsg.1/prog/search-control.c:261:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
search_params_file_fp = fopen(search_params_file_ptr, "r");
data/autoclass-3.3.6.dfsg.1/prog/search-control.c:316:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( str, "Do you want to continue {y/n} ");
data/autoclass-3.3.6.dfsg.1/prog/search-control.c:335:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
header_file_fp = fopen( header_file_ptr, "r");
data/autoclass-3.3.6.dfsg.1/prog/search-control.c:337:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
model_file_fp = fopen( model_file_ptr, "r");
data/autoclass-3.3.6.dfsg.1/prog/search-control.c:339:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
log_file_fp = fopen( log_file_ptr, "a");
data/autoclass-3.3.6.dfsg.1/prog/search-control.c:408:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( str, "Do you want to continue {y/n} ");
data/autoclass-3.3.6.dfsg.1/prog/search-control.c:433:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
search_file_fp = fopen( search_file_ptr, "r");
data/autoclass-3.3.6.dfsg.1/prog/search-control.c:595:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
log_file_fp = fopen( log_file_ptr, "a");
data/autoclass-3.3.6.dfsg.1/prog/search-control.c:632:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, " %d->%d(%d) ", latest_try->j_in, latest_try->j_out, search->n);
data/autoclass-3.3.6.dfsg.1/prog/search-control.c:651:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(n_classes_explain, "as fixed at %d", fixed_j);
data/autoclass-3.3.6.dfsg.1/prog/search-control.c:653:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(n_classes_explain, "off of list: (");
data/autoclass-3.3.6.dfsg.1/prog/search-control.c:655:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp_str, " %d", start_j_list[i]);
data/autoclass-3.3.6.dfsg.1/prog/search-control.c:658:11: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(n_classes_explain, " )");
data/autoclass-3.3.6.dfsg.1/prog/search-control.c:731:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(stop_reason, "you asked me to");
data/autoclass-3.3.6.dfsg.1/prog/search-control.c:733:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(stop_reason, "max duration has expired");
data/autoclass-3.3.6.dfsg.1/prog/search-control.c:735:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(stop_reason, "max number of tries reached");
data/autoclass-3.3.6.dfsg.1/prog/struct-data.c:212:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
header_file_fp = fopen( header_file, "r");
data/autoclass-3.3.6.dfsg.1/prog/struct-model.c:79:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
model_file_fp = fopen( model_file, "r");
data/autoclass-3.3.6.dfsg.1/prog/utils-math.c:85:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num = atoi(string_num);
data/autoclass-3.3.6.dfsg.1/prog/utils.c:111:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char time_string[50];
data/autoclass-3.3.6.dfsg.1/prog/utils.c:112:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_string[20];
data/autoclass-3.3.6.dfsg.1/prog/utils.c:149:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(time_string," 0 seconds");
data/autoclass-3.3.6.dfsg.1/prog/utils.c:673:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t1[STRLIMIT], t2[STRLIMIT];
data/autoclass-3.3.6.dfsg.1/prog/utils.c:676:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sprintf(t1, "%s", (char *) G_plist[i][0]);
data/autoclass-3.3.6.dfsg.1/prog/utils.c:677:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sprintf(t2, "%s", (char *) G_plist[i][1]);
data/autoclass-3.3.6.dfsg.1/prog/utils.c:984:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( str, "%d", *i_list);
data/autoclass-3.3.6.dfsg.1/prog/getparams.c:239:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(bp) == 0) || (strlen(bp) == strspn(bp, " "))) {
data/autoclass-3.3.6.dfsg.1/prog/getparams.c:239:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(bp) == 0) || (strlen(bp) == strspn(bp, " "))) {
data/autoclass-3.3.6.dfsg.1/prog/getparams.c:283:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(name) >= PARAMNAMLEN)
data/autoclass-3.3.6.dfsg.1/prog/init.c:51:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy( G_checkpoint_file, "");
data/autoclass-3.3.6.dfsg.1/prog/init.c:54:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy( G_absolute_pathname, "");
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:416:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
trunc_index = (int) strlen( influence_report_pathname) - num_chars_to_trunc;
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:531:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
trunc_index = (int) strlen( xref_case_report_pathname) - num_chars_to_trunc;
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:581:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
trunc_index = (int) strlen( xref_class_report_pathname) - num_chars_to_trunc;
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:1100:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
diff = report_att_string->dscrp_length - strlen( report_att_string->att_dscrp);
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:1274:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dscrp_length = strlen( att_dscrp);
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:1283:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen( translations[n_trans]) >
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:1285:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
report_attribute_strings[i]->dscrp_length = strlen( translations[n_trans]);
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:1404:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*attribute_formats_ptr)[i][strlen( (*attribute_formats_ptr)[i]) -1] =
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:1409:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*attribute_formats_ptr)[i][strlen( (*attribute_formats_ptr)[i]) -1] =
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:1579:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy( str, "");
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:1584:15: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat( str, output[n_att].att_dscrp_ptr, 55));
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:2337:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy( type_letter, "D");
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:2339:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy( type_letter, "I");
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:2341:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy( type_letter, "R");
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:2347:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
descrp_length = strlen( description);
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:2357:19: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strcat( strcat( strncat( temp, description, line_length),
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:2454:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( discrete_string_name,
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:2459:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_length = strlen( discrete_string_name);
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:2508:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(header_prefix, header, 14);
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:2510:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(header, " ");
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:2520:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((i == 1) && ((int) strlen( description) > line_length))
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:2600:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (((int) strlen( description) > line_length) ||
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:2614:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(header_prefix, header, 14);
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:2616:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(header, " ");
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:2628:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen( description) <= line_length)
data/autoclass-3.3.6.dfsg.1/prog/intf-reports.c:2860:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( (char *) filtered_numeric_string, e_format_string, char_cnt);
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:277:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(errors->unspecified_dummy_warning, "");
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:278:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(errors->single_valued_warning, "");
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:406:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(errors->unspecified_dummy_warning) != 0)
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:452:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(errors->single_valued_warning) != 0) {
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:460:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen( msg) > (msg_length - 1)) {
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:462:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
caller, (int) strlen( msg), (msg_length - 1));
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:483:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(msg, "");
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:487:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg_length = strlen( msg) + strlen( str) +
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:487:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg_length = strlen( msg) + strlen( str) +
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:488:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( errors->model_expander_errors[i]) + 1;
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:493:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen( msg) > (msg_length - 1)) {
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:495:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
caller, (int) strlen( msg), (msg_length - 1));
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:629:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(errors->unspecified_dummy_warning) != 0)
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:637:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(errors->single_valued_warning) != 0)
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:643:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (((int) strlen(warning_msgs) > 0) || ((int) strlen(error_msgs) > 0)) {
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:643:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (((int) strlen(warning_msgs) > 0) || ((int) strlen(error_msgs) > 0)) {
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:656:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(warning_msgs) > 0)
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:658:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(error_msgs) > 0)
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:1163:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen( dscrp_ptr) >= SHORT_STRING_LENGTH) {
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:1231:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(weds->unspecified_dummy_warning, "");
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:1232:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(weds->single_valued_warning, "");
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:1535:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(value) == 1) && (value[0] == d_base->unknown_token))
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:1593:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
attribute->translations[val] = (char *) malloc( strlen( value) + 1);
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:1645:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(form, "");
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:1668:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(char *) malloc((strlen(form) + 1) * sizeof(char));
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:1670:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(form, "");
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:1705:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i = 0, str_len = strlen(s1), n_char, comment_p = FALSE, in_string_p = FALSE;
data/autoclass-3.3.6.dfsg.1/prog/io-read-data.c:1774:39: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (i=0; i<(string_limit-1) && ((c=fgetc(stream)) != EOF) && (c != '\n'); i++)
data/autoclass-3.3.6.dfsg.1/prog/io-read-model.c:196:18: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ( ((c = fgetc(stream)) != EOF) && (c !='(' ));
data/autoclass-3.3.6.dfsg.1/prog/io-read-model.c:215:18: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ( ((c = fgetc(stream)) != EOF) && ( c !=')' ) );
data/autoclass-3.3.6.dfsg.1/prog/io-read-model.c:235:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ( (c=fgetc(stream)) != EOF && c != '(' );
data/autoclass-3.3.6.dfsg.1/prog/io-read-model.c:248:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(list[*num - 1], "(");
data/autoclass-3.3.6.dfsg.1/prog/io-read-model.c:249:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(temp) > 1) /* has number too*/
data/autoclass-3.3.6.dfsg.1/prog/io-read-model.c:262:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list[*num - 1] = (char *) malloc((strlen(temp)+1) * sizeof(char));
data/autoclass-3.3.6.dfsg.1/prog/io-read-model.c:265:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(temp, ")" );
data/autoclass-3.3.6.dfsg.1/prog/io-read-model.c:272:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list[*num - 1] = (char *) malloc((strlen(temp)+1) * sizeof(char));
data/autoclass-3.3.6.dfsg.1/prog/io-read-model.c:278:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while( (c=fgetc(stream)) != EOF && c != '\n' && c != ')' );
data/autoclass-3.3.6.dfsg.1/prog/io-read-model.c:347:10: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy( model->data_file, "");
data/autoclass-3.3.6.dfsg.1/prog/io-read-model.c:348:10: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy( model->header_file, "");
data/autoclass-3.3.6.dfsg.1/prog/io-results-bin.c:81:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
safe_fwrite( results_fp, str, strlen( str), CHAR_TYPE, caller);
data/autoclass-3.3.6.dfsg.1/prog/io-results-bin.c:86:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
safe_fwrite( results_fp, str, strlen( str), CHAR_TYPE, caller);
data/autoclass-3.3.6.dfsg.1/prog/io-results-bin.c:90:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
safe_fwrite( results_fp, str, strlen( str), CHAR_TYPE, caller);
data/autoclass-3.3.6.dfsg.1/prog/io-results-bin.c:118:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
safe_fwrite( results_fp, db_string, strlen( db_string), CHAR_TYPE, caller);
data/autoclass-3.3.6.dfsg.1/prog/io-results-bin.c:126:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
safe_fwrite( results_fp, model_num_string, strlen( model_num_string),
data/autoclass-3.3.6.dfsg.1/prog/io-results-bin.c:195:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( att_info->translations[i]), CHAR_TYPE, caller);
data/autoclass-3.3.6.dfsg.1/prog/io-results-bin.c:202:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
safe_fwrite( results_fp, props_string, strlen( props_string), CHAR_TYPE, caller);
data/autoclass-3.3.6.dfsg.1/prog/io-results-bin.c:207:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
safe_fwrite( results_fp, props_string, strlen( props_string), CHAR_TYPE, caller);
data/autoclass-3.3.6.dfsg.1/prog/io-results-bin.c:212:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
safe_fwrite( results_fp, props_string, strlen( props_string), CHAR_TYPE, caller);
data/autoclass-3.3.6.dfsg.1/prog/io-results-bin.c:228:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
? 4 : strlen( warnings_and_errors->unspecified_dummy_warning),
data/autoclass-3.3.6.dfsg.1/prog/io-results-bin.c:234:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
? 4 : strlen( warnings_and_errors->single_valued_warning),
data/autoclass-3.3.6.dfsg.1/prog/io-results-bin.c:239:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( warnings_and_errors->model_expander_warnings[i]),
data/autoclass-3.3.6.dfsg.1/prog/io-results-bin.c:243:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( warnings_and_errors->model_expander_errors[i]),
data/autoclass-3.3.6.dfsg.1/prog/io-results-bin.c:480:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
token_length = strlen( token2);
data/autoclass-3.3.6.dfsg.1/prog/io-results-bin.c:757:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy( att->warnings_and_errors->unspecified_dummy_warning, "");
data/autoclass-3.3.6.dfsg.1/prog/io-results-bin.c:765:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy( att->warnings_and_errors->single_valued_warning, "");
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:519:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j=0; j < strlen( line); j++) {
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:529:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j=0; j < strlen( line); j++) {
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:952:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen( file_arg) > (STRLIMIT - 1)) {
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:963:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat( *file_ptr, file_arg, strlen( file_arg) - strlen( file_arg_ext));
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:963:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat( *file_ptr, file_arg, strlen( file_arg) - strlen( file_arg_ext));
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:963:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat( *file_ptr, file_arg, strlen( file_arg) - strlen( file_arg_ext));
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:964:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat( *file_ptr, file_ext, strlen( file_ext));
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:964:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat( *file_ptr, file_ext, strlen( file_ext));
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1008:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen( file_pathname) > (STRLIMIT - 1)) {
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1022:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
file_arg_ext_length = (int) strlen( file_arg_ext);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1025:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(file_arg_ext_length == (int) strlen( RESULTS_FILE_TYPE))) {
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1030:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(file_arg_ext_length == (int) strlen( RESULTS_BINARY_FILE_TYPE))) {
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1037:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(file_arg_ext_length == (int) strlen( CHECKPOINT_FILE_TYPE))) {
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1042:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(file_arg_ext_length == (int) strlen( CHECKPOINT_BINARY_FILE_TYPE))) {
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1053:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat( file, file_pathname, strlen( file_pathname) - file_arg_ext_length);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1053:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat( file, file_pathname, strlen( file_pathname) - file_arg_ext_length);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1054:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat( binary_file, file_pathname, strlen( file_pathname) - file_arg_ext_length);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1054:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat( binary_file, file_pathname, strlen( file_pathname) - file_arg_ext_length);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1056:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat( file, RESULTS_FILE_TYPE, strlen( RESULTS_FILE_TYPE));
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1056:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat( file, RESULTS_FILE_TYPE, strlen( RESULTS_FILE_TYPE));
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1057:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat( binary_file, RESULTS_BINARY_FILE_TYPE, strlen( RESULTS_BINARY_FILE_TYPE));
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1057:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat( binary_file, RESULTS_BINARY_FILE_TYPE, strlen( RESULTS_BINARY_FILE_TYPE));
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1060:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat( file, CHECKPOINT_FILE_TYPE, strlen( CHECKPOINT_FILE_TYPE));
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1060:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat( file, CHECKPOINT_FILE_TYPE, strlen( CHECKPOINT_FILE_TYPE));
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1061:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat( binary_file, CHECKPOINT_BINARY_FILE_TYPE, strlen( CHECKPOINT_BINARY_FILE_TYPE));
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1061:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat( binary_file, CHECKPOINT_BINARY_FILE_TYPE, strlen( CHECKPOINT_BINARY_FILE_TYPE));
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1127:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen( file_pathname) > (STRLIMIT - 1)) {
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1142:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
file_arg_ext_length = (int) strlen( file_arg_ext);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1144:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(file_arg_ext_length == (int) strlen( DATA_FILE_TYPE))) {
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1149:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(file_arg_ext_length == (int) strlen( DATA_BINARY_FILE_TYPE))) {
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1154:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat( file, file_pathname, strlen( file_pathname) - file_arg_ext_length);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1154:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat( file, file_pathname, strlen( file_pathname) - file_arg_ext_length);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1155:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat( binary_file, file_pathname, strlen( file_pathname) - file_arg_ext_length);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1155:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat( binary_file, file_pathname, strlen( file_pathname) - file_arg_ext_length);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1156:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat( file, DATA_FILE_TYPE, strlen( DATA_FILE_TYPE));
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1156:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat( file, DATA_FILE_TYPE, strlen( DATA_FILE_TYPE));
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1157:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat( binary_file, DATA_BINARY_FILE_TYPE, strlen( DATA_BINARY_FILE_TYPE));
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1157:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat( binary_file, DATA_BINARY_FILE_TYPE, strlen( DATA_BINARY_FILE_TYPE));
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1226:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((int) strlen( file_ext_addr) == (int) strlen( RESULTS_BINARY_FILE_TYPE))) {
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1226:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((int) strlen( file_ext_addr) == (int) strlen( RESULTS_BINARY_FILE_TYPE))) {
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1241:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((int) strlen( file_ext_addr) == (int) strlen( CHECKPOINT_BINARY_FILE_TYPE))) {
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1241:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((int) strlen( file_ext_addr) == (int) strlen( CHECKPOINT_BINARY_FILE_TYPE))) {
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1292:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
token_length = strlen( token2);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1732:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
att->translations[i] = (char *) malloc( strlen( token2) + 1);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1746:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
token_ptr = (char *) malloc( strlen( token1) + 1);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1759:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string_value = (char *) malloc( strlen( token3) + 1);
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1782:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy( att->warnings_and_errors->unspecified_dummy_warning, "");
data/autoclass-3.3.6.dfsg.1/prog/io-results.c:1786:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy( att->warnings_and_errors->single_valued_warning, "");
data/autoclass-3.3.6.dfsg.1/prog/model-transforms.c:41:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( str, "\n");
data/autoclass-3.3.6.dfsg.1/prog/search-control-2.c:341:4: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(str, "\n");
data/autoclass-3.3.6.dfsg.1/prog/search-control.c:725:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy( reconverge_type, "");
data/autoclass-3.3.6.dfsg.1/prog/search-control.c:737:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(stop_reason, "");
data/autoclass-3.3.6.dfsg.1/prog/search-control.c:741:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy( reconverge_type, "");
data/autoclass-3.3.6.dfsg.1/prog/struct-data.c:151:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(temp->data_file, "");
data/autoclass-3.3.6.dfsg.1/prog/struct-data.c:152:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(temp->header_file, "");
data/autoclass-3.3.6.dfsg.1/prog/utils-math.c:70:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string_length = strlen(string_num);
data/autoclass-3.3.6.dfsg.1/prog/utils-math.c:100:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string_length = strlen(string_num);
data/autoclass-3.3.6.dfsg.1/prog/utils.c:95:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
date_time_string_ptr[strlen(date_time_string_ptr) - 1] = '\0';
data/autoclass-3.3.6.dfsg.1/prog/utils.c:570:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(stdin);
data/autoclass-3.3.6.dfsg.1/prog/utils.c:644:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, l1 = strlen(str), l2 = strlen(substr);
data/autoclass-3.3.6.dfsg.1/prog/utils.c:644:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, l1 = strlen(str), l2 = strlen(substr);
data/autoclass-3.3.6.dfsg.1/prog/utils.c:894:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(stream);
data/autoclass-3.3.6.dfsg.1/prog/utils.c:902:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(stream);
data/autoclass-3.3.6.dfsg.1/prog/utils.c:919:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (((c = fgetc(stream)) != '\n') && (c != '\r') &&
data/autoclass-3.3.6.dfsg.1/prog/utils.c:935:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(stream);
data/autoclass-3.3.6.dfsg.1/prog/utils.c:937:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(stream);
data/autoclass-3.3.6.dfsg.1/prog/utils.c:939:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(stream);
data/autoclass-3.3.6.dfsg.1/prog/utils.c:958:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, length = strlen(str);
ANALYSIS SUMMARY:
Hits = 619
Lines analyzed = 24546 in approximately 0.86 seconds (28452 lines/second)
Physical Source Lines of Code (SLOC) = 16803
Hits@level = [0] 660 [1] 154 [2] 249 [3] 16 [4] 200 [5] 0
Hits@level+ = [0+] 1279 [1+] 619 [2+] 465 [3+] 216 [4+] 200 [5+] 0
Hits/KSLOC@level+ = [0+] 76.1174 [1+] 36.8387 [2+] 27.6736 [3+] 12.8548 [4+] 11.9026 [5+] 0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.