Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/blimps-3.9+ds/blimps/LAMA.h
Examining data/blimps-3.9+ds/blimps/blimps-mem.h
Examining data/blimps-3.9+ds/blimps/blimps.h
Examining data/blimps-3.9+ds/blimps/blkvblk.h
Examining data/blimps-3.9+ds/blimps/blockmap.h
Examining data/blimps-3.9+ds/blimps/codehop.h
Examining data/blimps-3.9+ds/blimps/config.h
Examining data/blimps-3.9+ds/blimps/lists.h
Examining data/blimps-3.9+ds/blimps/p2c.h
Examining data/blimps-3.9+ds/blimps/scores.h
Examining data/blimps-3.9+ds/blimps/scoring.h
Examining data/blimps-3.9+ds/blimps/tree.h
Examining data/blimps-3.9+ds/blimps/blimps-mem.c
Examining data/blimps-3.9+ds/blimps/blimps.c
Examining data/blimps-3.9+ds/blimps/blk_to_PSSM.c
Examining data/blimps-3.9+ds/blimps/cluster.c
Examining data/blimps-3.9+ds/blimps/codehop.c
Examining data/blimps-3.9+ds/blimps/config.c
Examining data/blimps-3.9+ds/blimps/convert.c
Examining data/blimps-3.9+ds/blimps/files.c
Examining data/blimps-3.9+ds/blimps/gcode.c
Examining data/blimps-3.9+ds/blimps/frequency.c
Examining data/blimps-3.9+ds/blimps/lists.c
Examining data/blimps-3.9+ds/blimps/makeblockmap.c
Examining data/blimps-3.9+ds/blimps/makelis.c
Examining data/blimps-3.9+ds/blimps/matrix.c
Examining data/blimps-3.9+ds/blimps/memory.c
Examining data/blimps-3.9+ds/blimps/options.c
Examining data/blimps-3.9+ds/blimps/p2clib.c
Examining data/blimps-3.9+ds/blimps/pattern.c
Examining data/blimps-3.9+ds/blimps/scores.c
Examining data/blimps-3.9+ds/blimps/scoring.c
Examining data/blimps-3.9+ds/blimps/show_aligned_blocks.c
Examining data/blimps-3.9+ds/blimps/sl.c
Examining data/blimps-3.9+ds/blimps/strutil.c
Examining data/blimps-3.9+ds/blimps/addseqs.c
Examining data/blimps-3.9+ds/blimps/biassed_blocks_finder.c
Examining data/blimps-3.9+ds/blimps/blalign.c
Examining data/blimps-3.9+ds/blimps/bldist.c
Examining data/blimps-3.9+ds/blimps/blDR.c
Examining data/blimps-3.9+ds/blimps/blexplode.c
Examining data/blimps-3.9+ds/blimps/blk2DR.c
Examining data/blimps-3.9+ds/blimps/blk2GC.c
Examining data/blimps-3.9+ds/blimps/blk2lis.c
Examining data/blimps-3.9+ds/blimps/blk2mot.c
Examining data/blimps-3.9+ds/blimps/blk2pssm.c
Examining data/blimps-3.9+ds/blimps/blk2slx.c
Examining data/blimps-3.9+ds/blimps/blklis.c
Examining data/blimps-3.9+ds/blimps/blkprob.c
Examining data/blimps-3.9+ds/blimps/blocks.c
Examining data/blimps-3.9+ds/blimps/blocks_search.c
Examining data/blimps-3.9+ds/blimps/block_vis.c
Examining data/blimps-3.9+ds/blimps/blpssm.c
Examining data/blimps-3.9+ds/blimps/blweight.c
Examining data/blimps-3.9+ds/blimps/cobbler.c
Examining data/blimps-3.9+ds/blimps/coduse.c
Examining data/blimps-3.9+ds/blimps/email.c
Examining data/blimps-3.9+ds/blimps/fastaseqs.c
Examining data/blimps-3.9+ds/blimps/find_biassed_blocks.c
Examining data/blimps-3.9+ds/blimps/format_block.c
Examining data/blimps-3.9+ds/blimps/htmlize-codehop.c
Examining data/blimps-3.9+ds/blimps/htmlize-LAMA.c
Examining data/blimps-3.9+ds/blimps/interpro.c
Examining data/blimps-3.9+ds/blimps/LAMA.c
Examining data/blimps-3.9+ds/blimps/LAMA_search.c
Examining data/blimps-3.9+ds/blimps/lisblk.c
Examining data/blimps-3.9+ds/blimps/mablock.c
Examining data/blimps-3.9+ds/blimps/makelogob.c
Examining data/blimps-3.9+ds/blimps/matrix_logob.c
Examining data/blimps-3.9+ds/blimps/narrow.c
Examining data/blimps-3.9+ds/blimps/oligo_melt.c
Examining data/blimps-3.9+ds/blimps/papssm.c
Examining data/blimps-3.9+ds/blimps/prints2blocks.c
Examining data/blimps-3.9+ds/blimps/protomat.c
Examining data/blimps-3.9+ds/blimps/protxblk.c
Examining data/blimps-3.9+ds/blimps/pssmBL.c
Examining data/blimps-3.9+ds/blimps/pssmdist.c
Examining data/blimps-3.9+ds/blimps/rank_matrix.c
Examining data/blimps-3.9+ds/blimps/readchk.c
Examining data/blimps-3.9+ds/blimps/readmast.c
Examining data/blimps-3.9+ds/blimps/retblock.c
Examining data/blimps-3.9+ds/blimps/sequences.c
Examining data/blimps-3.9+ds/blimps/sortblk.c
Examining data/blimps-3.9+ds/blimps/translate.c
Examining data/blimps-3.9+ds/blimps/util.c
Examining data/blimps-3.9+ds/blimps/version.c
Examining data/blimps-3.9+ds/blimps/errors.c
Examining data/blimps-3.9+ds/include/aabet.h
Examining data/blimps-3.9+ds/include/alphabet.h
Examining data/blimps-3.9+ds/include/blastapp.h
Examining data/blimps-3.9+ds/include/blocks.h
Examining data/blimps-3.9+ds/include/blocksprogs.h
Examining data/blimps-3.9+ds/include/convert.h
Examining data/blimps-3.9+ds/include/files.h
Examining data/blimps-3.9+ds/include/frequency.h
Examining data/blimps-3.9+ds/include/gcode.h
Examining data/blimps-3.9+ds/include/global.h
Examining data/blimps-3.9+ds/include/license.h
Examining data/blimps-3.9+ds/include/matrix.h
Examining data/blimps-3.9+ds/include/memory.h
Examining data/blimps-3.9+ds/include/ntbet.h
Examining data/blimps-3.9+ds/include/options.h
Examining data/blimps-3.9+ds/include/output.h
Examining data/blimps-3.9+ds/include/pattern.h
Examining data/blimps-3.9+ds/include/residues.h
Examining data/blimps-3.9+ds/include/sequences.h
Examining data/blimps-3.9+ds/include/skiplist.h
Examining data/blimps-3.9+ds/include/strutil.h
Examining data/blimps-3.9+ds/include/version.h
Examining data/blimps-3.9+ds/include/protomat.h
Examining data/blimps-3.9+ds/include/errors.h
Examining data/blimps-3.9+ds/protomat/blastdat.c
Examining data/blimps-3.9+ds/protomat/getseq.c
Examining data/blimps-3.9+ds/protomat/lislis.c
Examining data/blimps-3.9+ds/protomat/motifj.c
Examining data/blimps-3.9+ds/protomat/motomat.c
Examining data/blimps-3.9+ds/protomat/motomat2.c
Examining data/blimps-3.9+ds/protomat/multimat.c
Examining data/blimps-3.9+ds/protomat/protomot.c
Examining data/blimps-3.9+ds/protomat/universa.c
Examining data/blimps-3.9+ds/protomat/blksort.c
Examining data/blimps-3.9+ds/protomat/getblock.c
Examining data/blimps-3.9+ds/protomat/motifj.h
Examining data/blimps-3.9+ds/protomat/motmisc.c
Examining data/blimps-3.9+ds/protomat/blosum.c
Examining data/blimps-3.9+ds/protomat/uextract.c
FINAL RESULTS:
data/blimps-3.9+ds/protomat/blastdat.c:61:7: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(homfile);
data/blimps-3.9+ds/protomat/blastdat.c:79:7: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(lisfile);
data/blimps-3.9+ds/protomat/blksort.c:242:13: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(homfile);
data/blimps-3.9+ds/protomat/blksort.c:251:13: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(datfile);
data/blimps-3.9+ds/protomat/getblock.c:132:7: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(blkfile);
data/blimps-3.9+ds/protomat/getseq.c:70:7: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(seqname);
data/blimps-3.9+ds/protomat/getseq.c:83:7: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(infile);
data/blimps-3.9+ds/protomat/getseq.c:98:7: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(foutname);
data/blimps-3.9+ds/protomat/lislis.c:45:7: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(lisfile);
data/blimps-3.9+ds/protomat/lislis.c:61:7: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(lis2file);
data/blimps-3.9+ds/protomat/motifj.c:194:6: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(intemp);
data/blimps-3.9+ds/protomat/motifj.c:331:6: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(intemp); Signif = atoi(intemp);
data/blimps-3.9+ds/protomat/motifj.c:346:6: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(intemp); Dups = atoi(intemp);
data/blimps-3.9+ds/protomat/motifj.c:358:6: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(intemp);
data/blimps-3.9+ds/protomat/motifj.c:370:6: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(intemp);
data/blimps-3.9+ds/protomat/motifj.c:560:6: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(chsig); total_motifs = atoi(chsig);
data/blimps-3.9+ds/protomat/motifj.c:567:26: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
prevsig = Signif; gets(intemp); Signif = atoi(intemp);
data/blimps-3.9+ds/protomat/motifj.c:571:24: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
prevdup = Dups; gets(intemp); Dups = atoi(intemp);
data/blimps-3.9+ds/protomat/motifj.c:621:6: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(chsig);
data/blimps-3.9+ds/protomat/motifj.c:624:6: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(chsig);
data/blimps-3.9+ds/protomat/motifj.c:672:6: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(chsig); n = atoi(chsig);
data/blimps-3.9+ds/protomat/motifj.c:1346:6: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(shuffle);
data/blimps-3.9+ds/protomat/motomat.c:169:7: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(Mot_Filename);
data/blimps-3.9+ds/protomat/motomat.c:435:5: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(ctemp);
data/blimps-3.9+ds/protomat/motomat.c:443:5: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(ctemp);
data/blimps-3.9+ds/protomat/motomat.c:521:7: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(ctemp);
data/blimps-3.9+ds/protomat/multimat.c:177:7: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(ctemp);
data/blimps-3.9+ds/protomat/multimat.c:187:7: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(datfile);
data/blimps-3.9+ds/protomat/multimat.c:205:7: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(lisfile);
data/blimps-3.9+ds/protomat/multimat.c:248:3: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(homfile[nhom++]);
data/blimps-3.9+ds/protomat/protomot.c:84:7: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(infile);
data/blimps-3.9+ds/protomat/protomot.c:99:7: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(PatName);
data/blimps-3.9+ds/protomat/protomot.c:118:7: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(Prefix);
data/blimps-3.9+ds/protomat/protomot.c:128:7: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(swiss);
data/blimps-3.9+ds/protomat/protomot.c:144:7: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(Pros);
data/blimps-3.9+ds/protomat/universa.c:63:7: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(infile);
data/blimps-3.9+ds/protomat/universa.c:77:7: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(outfile);
data/blimps-3.9+ds/blimps/LAMA.c:167:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ctemp, "%s/docs/%s", blimps_dir, AA_FREQUENCY_FNAME);
data/blimps-3.9+ds/blimps/LAMA.c:309:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line,
data/blimps-3.9+ds/blimps/LAMA.c:373:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bdbname[0], argv[1]);
data/blimps-3.9+ds/blimps/LAMA.c:414:24: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (*inpfiles == 1) strcpy(bdbname[1],bdbname[0]) ;
data/blimps-3.9+ds/blimps/LAMA.c:425:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outname, argv[2]);
data/blimps-3.9+ds/blimps/LAMA.c:592:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(scorePrpo->matrix0_number, matrix0->number) ;
data/blimps-3.9+ds/blimps/LAMA.c:593:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(scorePrpo->matrix1_number, matrix1->number) ;
data/blimps-3.9+ds/blimps/LAMA.c:1656:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(entry_name, ptr) ;
data/blimps-3.9+ds/blimps/LAMA.c:1658:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpbuf, "%s%s;", word, entry_name) ; /* block->ac is only SMALL_BUFF_LENGTH */
data/blimps-3.9+ds/blimps/LAMA.c:1663:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpbuf, "%s; ProDom_mul", entry_name) ;
data/blimps-3.9+ds/blimps/LAMA.c:1760:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(word, ptr) ;
data/blimps-3.9+ds/blimps/LAMA.c:1951:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(block->ac, word) ;
data/blimps-3.9+ds/blimps/LAMA_search.c:137:20: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (ptr != NULL) sprintf(email_addr, "%s", ptr);
data/blimps-3.9+ds/blimps/LAMA_search.c:138:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf(email_addr, "%s", BLOCKS_EMAIL);
data/blimps-3.9+ds/blimps/LAMA_search.c:143:21: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
curr_year_month = popen("date '+%y%m'", "r");
data/blimps-3.9+ds/blimps/LAMA_search.c:144:13: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
logdate = popen("date \"+%y%m%d\"", "r");
data/blimps-3.9+ds/blimps/LAMA_search.c:146:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(LAMA, "%s/LAMA", BIN_SUBDIR);
data/blimps-3.9+ds/blimps/LAMA_search.c:147:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(add_queue_entry, "%s/add_queue_entry.pl", BIN_SUBDIR);
data/blimps-3.9+ds/blimps/LAMA_search.c:148:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(LAMA_queue, "%s/LAMA_queue", BIN_SUBDIR);
data/blimps-3.9+ds/blimps/LAMA_search.c:149:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(extblock_stdout, "%s/extblock_stdout", BIN_SUBDIR);
data/blimps-3.9+ds/blimps/LAMA_search.c:150:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(blocksdbase, "%s/blocks.dat", BLOCKS_SUBDIR);
data/blimps-3.9+ds/blimps/LAMA_search.c:151:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(printsdbase, "%s/prints.dat", PRINTS_SUBDIR);
data/blimps-3.9+ds/blimps/LAMA_search.c:152:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(blplusdbase, "%s/blocks.dat", BLPLUS_SUBDIR);
data/blimps-3.9+ds/blimps/LAMA_search.c:154:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(targetdbase, "%s/%d_tmp.dat", TMP_SUBDIR, pid);
data/blimps-3.9+ds/blimps/LAMA_search.c:155:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Qblock_file, "%s/%d_tmp.blk", TMP_SUBDIR, pid);
data/blimps-3.9+ds/blimps/LAMA_search.c:158:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(log_dir, "%s/%s", LOG_SUBDIR, buf);
data/blimps-3.9+ds/blimps/LAMA_search.c:161:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(log_file, "%s/%s", log_dir, buf);
data/blimps-3.9+ds/blimps/LAMA_search.c:162:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mail_file, "%s/%d.mail", TMP_SUBDIR, pid);
data/blimps-3.9+ds/blimps/LAMA_search.c:163:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(LAMA_output, "%s/%d.out", TMP_SUBDIR, pid);
data/blimps-3.9+ds/blimps/LAMA_search.c:271:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "rm -f %s/%d.*", TMP_SUBDIR, pid);
data/blimps-3.9+ds/blimps/LAMA_search.c:272:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(buf);
data/blimps-3.9+ds/blimps/LAMA_search.c:293:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(error_file, "%s/%d.LAMA_Qblock_errors", TMP_SUBDIR, pid);
data/blimps-3.9+ds/blimps/LAMA_search.c:446:9: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
dfp = popen("date", "r");
data/blimps-3.9+ds/blimps/LAMA_search.c:450:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "/usr/bin/nice -5 %s %s,%s %s 0 %d 0 %f > /dev/null 2>&1",
data/blimps-3.9+ds/blimps/LAMA_search.c:454:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(buf)) {
data/blimps-3.9+ds/blimps/LAMA_search.c:466:9: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
dfp = popen("date", "r");
data/blimps-3.9+ds/blimps/LAMA_search.c:528:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/htmlize-blimps.pl %s | %s/htmlize-LAMA %s %s - -",
data/blimps-3.9+ds/blimps/LAMA_search.c:532:14: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (!(fp = popen(buf, "r"))) printf("Error opening pipe\n") ;
data/blimps-3.9+ds/blimps/LAMA_search.c:569:9: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
dfp = popen("date", "r");
data/blimps-3.9+ds/blimps/LAMA_search.c:575:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s %s \"/usr/bin/nice -10 %s %s,%s %s 0 %d 0 %f > /dev/null 2>&1\"", add_queue_entry, LAMA_queue, LAMA, Qblock_file, database, LAMA_output, Debug_Level, Score_Cutoff_Level);
data/blimps-3.9+ds/blimps/LAMA_search.c:576:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(buf);
data/blimps-3.9+ds/blimps/LAMA_search.c:582:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s %s '(cat %s) | /usr/bin/mailx -s \"LAMA Results\" -r \"blocks@fhcrc.org\" %s'", add_queue_entry, LAMA_queue, LAMA_output, Address_Ptr->val);
data/blimps-3.9+ds/blimps/LAMA_search.c:583:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(buf);
data/blimps-3.9+ds/blimps/LAMA_search.c:588:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s %s 'rm -f %s/%d.*'", add_queue_entry, LAMA_queue,
data/blimps-3.9+ds/blimps/LAMA_search.c:590:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(buf);
data/blimps-3.9+ds/blimps/LAMA_search.c:647:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cyrcaOutputFile, "%s/%s", TMP_SUBDIR, fname);
data/blimps-3.9+ds/blimps/LAMA_search.c:648:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s %s %s %s",
data/blimps-3.9+ds/blimps/LAMA_search.c:651:16: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
returnCode = system(buf);
data/blimps-3.9+ds/blimps/LAMA_search.c:692:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("umask 006");
data/blimps-3.9+ds/blimps/addseqs.c:149:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(infile, argv[1]);
data/blimps-3.9+ds/blimps/addseqs.c:163:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seqsfile, argv[2]);
data/blimps-3.9+ds/blimps/addseqs.c:176:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outfile, argv[3]);
data/blimps-3.9+ds/blimps/addseqs.c:209:28: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (blimps_dir != NULL) sprintf(frqname, "%s/docs/", blimps_dir);
data/blimps-3.9+ds/blimps/addseqs.c:214:28: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (blimps_dir != NULL) sprintf(qijname, "%s/docs/", blimps_dir);
data/blimps-3.9+ds/blimps/addseqs.c:336:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (simionly) strcpy(siminame, sequence->name);
data/blimps-3.9+ds/blimps/addseqs.c:417:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(blist->block->sequences[newseq].name, seq->name);
data/blimps-3.9+ds/blimps/addseqs.c:418:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(blist->block->sequences[newseq].info, seq->info);
data/blimps-3.9+ds/blimps/addseqs.c:605:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, block->ac);
data/blimps-3.9+ds/blimps/addseqs.c:897:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(blist->block->ac, "%s; distance from previous block=(%d,%d)",
data/blimps-3.9+ds/blimps/addseqs.c:1190:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp1, name1);
data/blimps-3.9+ds/blimps/addseqs.c:1191:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp2, name2);
data/blimps-3.9+ds/blimps/addseqs.c:1199:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(parts[n2], ptr2);
data/blimps-3.9+ds/blimps/addseqs.c:1224:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
{ strcpy(name2, name1); }
data/blimps-3.9+ds/blimps/biassed_blocks_finder.c:64:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(find_biassed_blocks, "%s/find_biassed_blocks", BIN_SUBDIR);
data/blimps-3.9+ds/blimps/biassed_blocks_finder.c:65:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(program_output, "%s/%d.biassed_blocks_out", TMP_SUBDIR, pid);
data/blimps-3.9+ds/blimps/biassed_blocks_finder.c:67:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Block_file, "%s/%d.blk", TMP_SUBDIR, pid);
data/blimps-3.9+ds/blimps/biassed_blocks_finder.c:69:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_dir, "%s", TMP_SUBDIR);
data/blimps-3.9+ds/blimps/biassed_blocks_finder.c:119:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "rm -f %s/%d*temp", TMP_SUBDIR, pid);
data/blimps-3.9+ds/blimps/biassed_blocks_finder.c:120:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(buf);
data/blimps-3.9+ds/blimps/biassed_blocks_finder.c:141:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(error_file, "%s/%d.block_errors", TMP_SUBDIR, pid);
data/blimps-3.9+ds/blimps/biassed_blocks_finder.c:221:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s %s %f %f %d > %s 2>&1",
data/blimps-3.9+ds/blimps/biassed_blocks_finder.c:226:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(buf)) {
data/blimps-3.9+ds/blimps/biassed_blocks_finder.c:295:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("umask 006");
data/blimps-3.9+ds/blimps/blDR.c:55:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (argc > 1) strcpy(bdbname, argv[1]);
data/blimps-3.9+ds/blimps/blDR.c:67:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (argc > 2) strcpy(sdbname, argv[2]);
data/blimps-3.9+ds/blimps/blDR.c:80:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (argc > 3) strcpy(outname, argv[3]);
data/blimps-3.9+ds/blimps/blDR.c:101:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new->name, seq->name);
data/blimps-3.9+ds/blimps/blDR.c:113:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, block->ac); ctemp[7] = '\0';
data/blimps-3.9+ds/blimps/blDR.c:117:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lastac, ctemp);
data/blimps-3.9+ds/blimps/blDR.c:151:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, block->ac); ctemp[7] = '\0';
data/blimps-3.9+ds/blimps/blDR.c:162:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, db->name);
data/blimps-3.9+ds/blimps/blDR.c:169:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(block->sequences[s].name, db->name);
data/blimps-3.9+ds/blimps/blalign.c:118:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bdbname, argv[1]);
data/blimps-3.9+ds/blimps/blalign.c:159:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(save_family, block->family);
data/blimps-3.9+ds/blimps/blalign.c:208:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur->fam, block->family);
data/blimps-3.9+ds/blimps/blalign.c:437:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(out[seq].line, ctemp);
data/blimps-3.9+ds/blimps/blalign.c:441:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(out[seq].line, ctemp);
data/blimps-3.9+ds/blimps/blalign.c:507:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(header, b->number);
data/blimps-3.9+ds/blimps/blalign.c:509:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(header, ctemp);
data/blimps-3.9+ds/blimps/blalign.c:531:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(out[seq].line, ctemp);
data/blimps-3.9+ds/blimps/blalign.c:534:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(out[seq].line, ctemp);
data/blimps-3.9+ds/blimps/blalign.c:538:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(out[seq].line, ctemp);
data/blimps-3.9+ds/blimps/blalign.c:678:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(out[seq].line, ctemp);
data/blimps-3.9+ds/blimps/blalign.c:693:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ctemp, "%-s/%d",
data/blimps-3.9+ds/blimps/blalign.c:733:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bgiant->id, fb->id);
data/blimps-3.9+ds/blimps/blalign.c:734:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bgiant->ac, fb->ac);
data/blimps-3.9+ds/blimps/blalign.c:735:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bgiant->number, fb->number);
data/blimps-3.9+ds/blimps/blalign.c:736:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bgiant->de, fb->de);
data/blimps-3.9+ds/blimps/blalign.c:737:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bgiant->bl, fb->bl);
data/blimps-3.9+ds/blimps/blalign.c:743:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bgiant->sequences[seq].name, fb->sequences[seq].name);
data/blimps-3.9+ds/blimps/blalign.c:744:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bgiant->sequences[seq].info, fb->sequences[seq].info);
data/blimps-3.9+ds/blimps/blalign.c:863:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(out[seq].line, ctemp);
data/blimps-3.9+ds/blimps/bldist.c:69:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (argc > 1) { strcpy(bdbname, argv[1]); }
data/blimps-3.9+ds/blimps/bldist.c:93:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (argc > 2) { strcpy(sijname, argv[2]); }
data/blimps-3.9+ds/blimps/bldist.c:104:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ctemp, "%s/docs/%s", blimps_dir, sijname);
data/blimps-3.9+ds/blimps/bldist.c:108:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ctemp, "%s/docs/default.iij", blimps_dir);
data/blimps-3.9+ds/blimps/bldist.c:115:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
{ strcpy(sijname, ctemp); }
data/blimps-3.9+ds/blimps/bldist.c:126:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (argc > 3) { strcpy(outname, argv[3]); }
data/blimps-3.9+ds/blimps/bldist.c:139:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (argc > 4) { strcpy(ctemp, argv[4]); }
data/blimps-3.9+ds/blimps/blexplode.c:28:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bdbname, argv[1]);
data/blimps-3.9+ds/blimps/blexplode.c:42:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (argc > 2) strcpy(prefix, argv[2]);
data/blimps-3.9+ds/blimps/blexplode.c:50:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(conname,"%s/%s", prefix, block->number);
data/blimps-3.9+ds/blimps/blexplode.c:62:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
{ strcpy(conname, block->number); }
data/blimps-3.9+ds/blimps/blimps.c:258:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps.c:280:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps.c:415:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps.c:505:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps.c:537:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps.c:558:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps.c:588:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps.c:642:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps.c:663:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps.c:790:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps.c:929:29: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (blimps_dir != NULL) sprintf(Buffer, "%s/docs/", blimps_dir);
data/blimps-3.9+ds/blimps/blimps.c:936:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(Buffer, LOCAL_CODON_FREQUENCY_FILE);
data/blimps-3.9+ds/blimps/blimps.c:939:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(Buffer, LOCAL_AMINO_FREQUENCY_FILE);
data/blimps-3.9+ds/blimps/blimps.c:944:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Buffer, get_current_file_name(FREQUENCY_FILE));
data/blimps-3.9+ds/blimps/blimps.c:947:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer, "Using frequencies from %s.\n", Buffer);
data/blimps-3.9+ds/blimps/blimps.c:959:30: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (blimps_dir != NULL) sprintf(Buffer, "%s/docs/", blimps_dir);
data/blimps-3.9+ds/blimps/blimps.c:961:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(Buffer, LOCAL_QIJ_FILE);
data/blimps-3.9+ds/blimps/blimps.c:975:27: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (qargc > 1) strcpy(Buffer, qargv[1]);
data/blimps-3.9+ds/blimps/blimps.c:980:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps.c:987:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps.c:1002:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps.c:1014:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps.c:1031:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blk2DR.c:30:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bdbname, argv[1]);
data/blimps-3.9+ds/blimps/blk2DR.c:43:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outname, bdbname);
data/blimps-3.9+ds/blimps/blk2DR.c:57:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prevfam, block->family);
data/blimps-3.9+ds/blimps/blk2DR.c:79:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, block->sequences[s].name);
data/blimps-3.9+ds/blimps/blk2GC.c:29:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bdbname, argv[1]);
data/blimps-3.9+ds/blimps/blk2GC.c:48:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prevfam, block->family);
data/blimps-3.9+ds/blimps/blk2GC.c:68:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, block->sequences[s].name);
data/blimps-3.9+ds/blimps/blk2lis.c:29:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bdbname, argv[1]);
data/blimps-3.9+ds/blimps/blk2lis.c:49:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prevfam, block->family);
data/blimps-3.9+ds/blimps/blk2lis.c:66:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outname, block->family);
data/blimps-3.9+ds/blimps/blk2mot.c:70:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seqfile, argv[1]);
data/blimps-3.9+ds/blimps/blk2mot.c:91:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(blkfile, argv[2]);
data/blimps-3.9+ds/blimps/blk2mot.c:107:27: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (line[0] == '>') strcpy(info->Title, line);
data/blimps-3.9+ds/blimps/blk2mot.c:125:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(motfile, argv[3]);
data/blimps-3.9+ds/blimps/blk2mot.c:160:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Seqname[ns], ptr);
data/blimps-3.9+ds/blimps/blk2mot.c:206:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, bltemp);
data/blimps-3.9+ds/blimps/blk2mot.c:276:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, bltemp);
data/blimps-3.9+ds/blimps/blk2mot.c:296:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, bltemp);
data/blimps-3.9+ds/blimps/blk2mot.c:305:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, bltemp);
data/blimps-3.9+ds/blimps/blk2mot.c:314:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, bltemp);
data/blimps-3.9+ds/blimps/blk2mot.c:323:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, bltemp);
data/blimps-3.9+ds/blimps/blk2mot.c:332:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, bltemp);
data/blimps-3.9+ds/blimps/blk2mot.c:341:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, bltemp);
data/blimps-3.9+ds/blimps/blk2pssm.c:87:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bdbname, argv[1]);
data/blimps-3.9+ds/blimps/blk2pssm.c:100:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(conname, argv[2]);
data/blimps-3.9+ds/blimps/blk2pssm.c:115:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (argc > 3) { strcpy(ctemp, argv[3]); }
data/blimps-3.9+ds/blimps/blk2slx.c:34:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bdbname, argv[1]);
data/blimps-3.9+ds/blimps/blk2slx.c:47:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(conname, argv[2]);
data/blimps-3.9+ds/blimps/blk_to_PSSM.c:117:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(frqname, "%s/docs/%s", blimps_dir, "default.amino.frq");
data/blimps-3.9+ds/blimps/blk_to_PSSM.c:118:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf(frqname, "%s", AA_FREQUENCY_FNAME_DFLT) ;
data/blimps-3.9+ds/blimps/blk_to_PSSM.c:122:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, USAGE, argv[0]) ;
data/blimps-3.9+ds/blimps/blk_to_PSSM.c:123:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, DEFAULTS, bdbname, outfname, pssm_type
data/blimps-3.9+ds/blimps/blk_to_PSSM.c:126:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, COMMENTS, AA_ALPHABET_FULL, NT_ALPHABET_FULL,
data/blimps-3.9+ds/blimps/blk_to_PSSM.c:128:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, GET_HELP) ;
data/blimps-3.9+ds/blimps/blk_to_PSSM.c:151:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp, " %s ", alphabet_type) ;
data/blimps-3.9+ds/blimps/blk_to_PSSM.c:156:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(alphabet_type,ALPHABET_TYPE_DFLT) ;
data/blimps-3.9+ds/blimps/blk_to_PSSM.c:212:27: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (blimps_dir != NULL) sprintf(qijname, "%s/docs/", blimps_dir);
data/blimps-3.9+ds/blimps/blk_to_PSSM.c:385:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(inpfname,argv[i1]) ;
data/blimps-3.9+ds/blimps/blk_to_PSSM.c:390:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outfname,argv[i1]) ;
data/blimps-3.9+ds/blimps/blk_to_PSSM.c:408:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(frqname,chr_ptr) ;
data/blimps-3.9+ds/blimps/blk_to_PSSM.c:420:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(alphabet_type,chr_ptr) ;
data/blimps-3.9+ds/blimps/blklis.c:33:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(infile, argv[1]);
data/blimps-3.9+ds/blimps/blklis.c:45:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outfile, argv[2]);
data/blimps-3.9+ds/blimps/blklis.c:61:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ac, block->number); ac[7] = '\0';
data/blimps-3.9+ds/blimps/blklis.c:62:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(id, block->id); ptr = strtok(id, ";");
data/blimps-3.9+ds/blimps/blkprob.c:323:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (argc > 1) strcpy(ctemp, argv[1]);
data/blimps-3.9+ds/blimps/blkprob.c:343:26: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (ndb > 0) strcpy(datfile, flist->next->datname);
data/blimps-3.9+ds/blimps/blkprob.c:352:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(homfile, argv[2]);
data/blimps-3.9+ds/blimps/blkprob.c:361:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(datfile, argv[3]);
data/blimps-3.9+ds/blimps/blkprob.c:370:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newdat->datname, datfile);
data/blimps-3.9+ds/blimps/blkprob.c:408:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(StpFile, argv[i+1]);
data/blimps-3.9+ds/blimps/blkprob.c:532:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(keyword,ptr);
data/blimps-3.9+ds/blimps/blkprob.c:538:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(homfile, ptr);
data/blimps-3.9+ds/blimps/blkprob.c:543:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newdat->datname, ptr);
data/blimps-3.9+ds/blimps/blkprob.c:568:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(fname, "%sblkprob.stp", DatDir); }
data/blimps-3.9+ds/blimps/blkprob.c:682:34: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (ptr1 != NULL) strcpy(db, ptr1);
data/blimps-3.9+ds/blimps/blkprob.c:795:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%sblksort.stn", DatDir);
data/blimps-3.9+ds/blimps/blkprob.c:831:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%srepeats.dat", DatDir);
data/blimps-3.9+ds/blimps/blkprob.c:842:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s %d", Repeats[nrep].ac, &Repeats[nrep].num);
data/blimps-3.9+ds/blimps/blkprob.c:864:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%sblksort.bias", DatDir);
data/blimps-3.9+ds/blimps/blkprob.c:875:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s %d", Bias[nbias].ac, &Bias[nbias].num);
data/blimps-3.9+ds/blimps/blkprob.c:915:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Results[NResult].ac, save_ac);
data/blimps-3.9+ds/blimps/blkprob.c:922:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Results[NResult].fam, save_ac);
data/blimps-3.9+ds/blimps/blkprob.c:968:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(save_fam, Results[0].fam); save_rank = 0;
data/blimps-3.9+ds/blimps/blkprob.c:981:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(save_fam, Results[i].fam); save_rank = i;
data/blimps-3.9+ds/blimps/blkprob.c:1036:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hits[nhit].fam, Results[ires].fam);
data/blimps-3.9+ds/blimps/blkprob.c:1117:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hits[ihit].de, bcur->block->de);
data/blimps-3.9+ds/blimps/blkprob.c:1397:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_list->fam, fam);
data/blimps-3.9+ds/blimps/blkprob.c:1421:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fcur->prevfam, fam);
data/blimps-3.9+ds/blimps/blkprob.c:1554:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pline, hits[ihit].de);
data/blimps-3.9+ds/blimps/blkprob.c:2111:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(repline+repspot, Results[t].aa);
data/blimps-3.9+ds/blimps/blkprob.c:2119:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(saveac, block->ac);
data/blimps-3.9+ds/blimps/blkprob.c:2526:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(blist->binfo->closest_name, block->sequences[maxs1].name);
data/blimps-3.9+ds/blimps/blkprob.c:3019:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur->fam, block->family);
data/blimps-3.9+ds/blimps/blkprob.c:3073:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new->ac, block->number);
data/blimps-3.9+ds/blimps/block_vis.c:134:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, HELPTEXT, program, program) ;
data/blimps-3.9+ds/blimps/block_vis.c:413:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(buffer, ">%s %d %d %d %s", current_map->block_family,
data/blimps-3.9+ds/blimps/block_vis.c:420:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(buffer, "%s %s %d %d %d %s", junk, current_map->block_family,
data/blimps-3.9+ds/blimps/block_vis.c:430:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(current_map->description, buffer);
data/blimps-3.9+ds/blimps/block_vis.c:451:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(buffer, "%s %d %d", current_seq->seq_name, ¤t_seq->seq_len,
data/blimps-3.9+ds/blimps/block_vis.c:735:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(rofilename, "%s.reout", ifilename);
data/blimps-3.9+ds/blimps/blocks.c:206:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer, "%s\n", Buffer);
data/blimps-3.9+ds/blimps/blocks.c:237:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(block->family, block->number);
data/blimps-3.9+ds/blimps/blocks.c:247:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Buffer, block->ac); /* Buffer's been destroyed */
data/blimps-3.9+ds/blimps/blocks.c:261:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer, "%s\n", Buffer);
data/blimps-3.9+ds/blimps/blocks.c:293:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer, "%s\n", Buffer);
data/blimps-3.9+ds/blimps/blocks.c:327:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(buf3, "%s", block->motif);
data/blimps-3.9+ds/blimps/blocks.c:337:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer, "No width field for block %s", block->number);
data/blimps-3.9+ds/blimps/blocks.c:365:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer, "%s\n", Buffer);
data/blimps-3.9+ds/blimps/blocks.c:507:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blocks.c:546:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer, "Error reading sequence %s in block %s,",
data/blimps-3.9+ds/blimps/blocks.c:568:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer, "Error reading sequence %s in block %s,",
data/blimps-3.9+ds/blimps/blocks.c:601:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blocks.c:655:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blocks.c:695:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blocks.c:765:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blocks.c:970:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bltemp, block->bl);
data/blimps-3.9+ds/blimps/blocks.c:979:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(block->bl, bltemp);
data/blimps-3.9+ds/blimps/blocks.c:986:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bltemp, block->clusters[i].sequences[j].name);
data/blimps-3.9+ds/blimps/blocks.c:1225:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(Buffer, "%s (%d) %s %s",
data/blimps-3.9+ds/blimps/blocks.c:1234:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer, "Error in block %s: seq %s\n",
data/blimps-3.9+ds/blimps/blocks.c:1240:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_block->sequences[iseq].info, new_block->sequences[iseq].name);
data/blimps-3.9+ds/blimps/blocks_search.c:153:20: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (ptr != NULL) sprintf(email_addr, "%s", ptr);
data/blimps-3.9+ds/blimps/blocks_search.c:154:20: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf(email_addr, "%s", BLOCKS_EMAIL);
data/blimps-3.9+ds/blimps/blocks_search.c:160:21: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
curr_year_month = popen("date '+\%y\%m'", "r");
data/blimps-3.9+ds/blimps/blocks_search.c:161:13: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
logdate = popen("date \"+\%y\%m\%d\"", "r");
data/blimps-3.9+ds/blimps/blocks_search.c:163:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(blimps, "%s/blimps", BIN_SUBDIR);
data/blimps-3.9+ds/blimps/blocks_search.c:164:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(blksort, "%s/blksort", BIN_SUBDIR);
data/blimps-3.9+ds/blimps/blocks_search.c:165:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(blkprob, "%s/blkprob", BIN_SUBDIR);
data/blimps-3.9+ds/blimps/blocks_search.c:170:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(database, "%s/blocks.dat", BLOCKS_SUBDIR);
data/blimps-3.9+ds/blimps/blocks_search.c:171:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(printsbase, "%s/prints.dat", PRINTS_SUBDIR);
data/blimps-3.9+ds/blimps/blocks_search.c:172:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(plusbase, "%s/blocks.dat", PLUS_SUBDIR);
data/blimps-3.9+ds/blimps/blocks_search.c:173:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(minusbase, "%s/blocks.dat", MINUS_SUBDIR);
data/blimps-3.9+ds/blimps/blocks_search.c:174:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(qij, "%s/default.qij", DOCS_SUBDIR);
data/blimps-3.9+ds/blimps/blocks_search.c:175:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(frq, "%s/default.amino.frq", DOCS_SUBDIR);
data/blimps-3.9+ds/blimps/blocks_search.c:176:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(seq_file, "%s/%d.seq", TMP_SUBDIR, pid);
data/blimps-3.9+ds/blimps/blocks_search.c:177:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cs_file, "%s/%d.cs", TMP_SUBDIR, pid);
data/blimps-3.9+ds/blimps/blocks_search.c:178:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(csh_file, "%s/%d.csh", TMP_SUBDIR, pid);
data/blimps-3.9+ds/blimps/blocks_search.c:181:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(log_dir, "%s/%s", LOG_SUBDIR, buf);
data/blimps-3.9+ds/blimps/blocks_search.c:184:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(log_file, "%s/%s", log_dir, buf);
data/blimps-3.9+ds/blimps/blocks_search.c:185:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mail_file, "%s/%d.mail", TMP_SUBDIR, pid);
data/blimps-3.9+ds/blimps/blocks_search.c:186:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_dir, "%s", TMP_SUBDIR);
data/blimps-3.9+ds/blimps/blocks_search.c:187:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(blimps_output, "%s/%d.out", TMP_SUBDIR, pid);
data/blimps-3.9+ds/blimps/blocks_search.c:188:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(blksort_output, "%s/%d.blk", TMP_SUBDIR, pid);
data/blimps-3.9+ds/blimps/blocks_search.c:189:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(html_output, "%s/%d.html", TMP_SUBDIR, pid);
data/blimps-3.9+ds/blimps/blocks_search.c:309:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
{ strcpy(type, entries[i].val); }
data/blimps-3.9+ds/blimps/blocks_search.c:311:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
{ strcpy(strands, entries[i].val); }
data/blimps-3.9+ds/blimps/blocks_search.c:313:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
{ strcpy(gecode, entries[i].val); }
data/blimps-3.9+ds/blimps/blocks_search.c:315:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
{ strcpy(histo, entries[i].val); }
data/blimps-3.9+ds/blimps/blocks_search.c:317:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
{ strcpy(Expect, entries[i].val); }
data/blimps-3.9+ds/blimps/blocks_search.c:368:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "chmod -f 660 %s", cs_file); /* no general read */
data/blimps-3.9+ds/blimps/blocks_search.c:387:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(buf, "%s Block Search Results", Title_Ptr->val); }
data/blimps-3.9+ds/blimps/blocks_search.c:425:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "chmod a+x %s", csh_file);
data/blimps-3.9+ds/blimps/blocks_search.c:426:4: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(buf);
data/blimps-3.9+ds/blimps/blocks_search.c:475:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "chmod -f 660 %s", seq_file);
data/blimps-3.9+ds/blimps/blocks_search.c:499:9: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
dfp = popen("date", "r");
data/blimps-3.9+ds/blimps/blocks_search.c:504:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s %s > /dev/null 2>&1", blimps, cs_file);
data/blimps-3.9+ds/blimps/blocks_search.c:505:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(buf) && !Mail_Flag)
data/blimps-3.9+ds/blimps/blocks_search.c:515:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s %s -mast -E %s %s > %s 2>&1",
data/blimps-3.9+ds/blimps/blocks_search.c:517:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(buf) && !Mail_Flag)
data/blimps-3.9+ds/blimps/blocks_search.c:526:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s %s > %s 2>&1", blksort, cs_file, blksort_output);
data/blimps-3.9+ds/blimps/blocks_search.c:527:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(buf) && !Mail_Flag)
data/blimps-3.9+ds/blimps/blocks_search.c:535:9: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
dfp = popen("date", "r");
data/blimps-3.9+ds/blimps/blocks_search.c:551:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/htmlize-blimps.pl %s", BIN_SUBDIR, blimps_output);
data/blimps-3.9+ds/blimps/blocks_search.c:554:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/htmlize-blkprob.pl %s", BIN_SUBDIR, blksort_output);
data/blimps-3.9+ds/blimps/blocks_search.c:557:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/htmlize-blksort.pl %s", BIN_SUBDIR, blksort_output);
data/blimps-3.9+ds/blimps/blocks_search.c:560:14: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (!(fp = popen(buf, "r"))) {
data/blimps-3.9+ds/blimps/blocks_search.c:610:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("umask 006");
data/blimps-3.9+ds/blimps/blocks_search.c:633:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/add_queue_entry.pl BLOCKS_queue %s",
data/blimps-3.9+ds/blimps/blocks_search.c:635:6: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(buf);
data/blimps-3.9+ds/blimps/blocks_search.c:644:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s", csh_file);
data/blimps-3.9+ds/blimps/blocks_search.c:645:6: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(buf);
data/blimps-3.9+ds/blimps/blpssm.c:240:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfname, argv[1]);
data/blimps-3.9+ds/blimps/blpssm.c:379:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(keyword,ptr);
data/blimps-3.9+ds/blimps/blpssm.c:385:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(blname, ptr);
data/blimps-3.9+ds/blimps/blpssm.c:391:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(exname, ptr);
data/blimps-3.9+ds/blimps/blpssm.c:397:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ouname, ptr);
data/blimps-3.9+ds/blimps/blpssm.c:403:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(frname, ptr);
data/blimps-3.9+ds/blimps/blpssm.c:412:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(alname, ptr);
data/blimps-3.9+ds/blimps/blpssm.c:428:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(alname, ptr);
data/blimps-3.9+ds/blimps/blpssm.c:445:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Steve[nsteve]->qijname, ptr);
data/blimps-3.9+ds/blimps/blpssm.c:450:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(grname, ptr);
data/blimps-3.9+ds/blimps/blpssm.c:456:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(gqname, ptr);
data/blimps-3.9+ds/blimps/blpssm.c:462:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(diname, ptr);
data/blimps-3.9+ds/blimps/blpssm.c:468:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(clname, ptr);
data/blimps-3.9+ds/blimps/blpssm.c:517:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(paname, ptr);
data/blimps-3.9+ds/blimps/blpssm.c:628:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fname, Steve[i]->qijname);
data/blimps-3.9+ds/blimps/blpssm.c:1307:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, block->id);
data/blimps-3.9+ds/blimps/blpssm.c:1309:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(matrix->id, ctemp);
data/blimps-3.9+ds/blimps/blpssm.c:1310:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(matrix->ac, block->ac);
data/blimps-3.9+ds/blimps/blpssm.c:1311:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(matrix->de, block->de);
data/blimps-3.9+ds/blimps/blpssm.c:1312:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(matrix->ma, block->bl);
data/blimps-3.9+ds/blimps/blpssm.c:1313:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(matrix->number, block->number);
data/blimps-3.9+ds/blimps/blpssm.c:1314:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(matrix->motif, block->motif);
data/blimps-3.9+ds/blimps/blpssm.c:1324:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, matrix->ma);
data/blimps-3.9+ds/blimps/blpssm.c:1326:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(matrix->ma, "%s seqs=%d",
data/blimps-3.9+ds/blimps/blpssm.c:1779:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(line) != 0)
data/blimps-3.9+ds/blimps/blpssm.c:1996:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pattern, matrix->id);
data/blimps-3.9+ds/blimps/blpssm.c:2019:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pattern, ctemp); /* this is i = pos */
data/blimps-3.9+ds/blimps/blpssm.c:2031:18: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pattern, ctemp);
data/blimps-3.9+ds/blimps/blweight.c:119:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bdbname, argv[1]);
data/blimps-3.9+ds/blimps/blweight.c:132:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(conname, argv[2]);
data/blimps-3.9+ds/blimps/blweight.c:148:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, argv[3]);
data/blimps-3.9+ds/blimps/blweight.c:187:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, argv[4]);
data/blimps-3.9+ds/blimps/blweight.c:697:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newblock->id, block->id);
data/blimps-3.9+ds/blimps/blweight.c:698:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newblock->ac, block->ac);
data/blimps-3.9+ds/blimps/blweight.c:699:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newblock->number, block->number);
data/blimps-3.9+ds/blimps/blweight.c:700:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newblock->de, block->de);
data/blimps-3.9+ds/blimps/blweight.c:701:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newblock->bl, block->bl);
data/blimps-3.9+ds/blimps/blweight.c:810:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bltemp, block->bl);
data/blimps-3.9+ds/blimps/blweight.c:819:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(block->bl, bltemp);
data/blimps-3.9+ds/blimps/cluster.c:113:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newblock->id, block->id);
data/blimps-3.9+ds/blimps/cluster.c:114:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newblock->ac, block->ac);
data/blimps-3.9+ds/blimps/cluster.c:115:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newblock->number, block->number);
data/blimps-3.9+ds/blimps/cluster.c:116:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newblock->de, block->de);
data/blimps-3.9+ds/blimps/cluster.c:117:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newblock->bl, block->bl);
data/blimps-3.9+ds/blimps/cobbler.c:255:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfname, argv[1]);
data/blimps-3.9+ds/blimps/cobbler.c:281:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(save_family, block->family);
data/blimps-3.9+ds/blimps/cobbler.c:347:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(keyword,ptr);
data/blimps-3.9+ds/blimps/cobbler.c:357:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(blname, ptr);
data/blimps-3.9+ds/blimps/cobbler.c:363:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ouname, ptr);
data/blimps-3.9+ds/blimps/cobbler.c:370:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mlname, ptr);
data/blimps-3.9+ds/blimps/cobbler.c:377:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(llname, ptr);
data/blimps-3.9+ds/blimps/cobbler.c:384:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sqname, ptr);
data/blimps-3.9+ds/blimps/cobbler.c:390:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dbname, ptr);
data/blimps-3.9+ds/blimps/cobbler.c:396:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(frname, ptr);
data/blimps-3.9+ds/blimps/cobbler.c:408:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(suname, ptr);
data/blimps-3.9+ds/blimps/cobbler.c:416:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(maname, ptr);
data/blimps-3.9+ds/blimps/cobbler.c:424:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, ptr);
data/blimps-3.9+ds/blimps/cobbler.c:431:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qmname, ptr);
data/blimps-3.9+ds/blimps/cobbler.c:453:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(suname, "%s/docs/default.iij", blimps_dir);
data/blimps-3.9+ds/blimps/cobbler.c:462:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(frname, "%s/docs/default.amino.frq", blimps_dir);
data/blimps-3.9+ds/blimps/cobbler.c:468:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(qmname, "%s/docs/default.qij", blimps_dir);
data/blimps-3.9+ds/blimps/cobbler.c:476:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, ouname); strcat(ctemp, ".prf");
data/blimps-3.9+ds/blimps/cobbler.c:1005:23: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (seq != NULL) { strcpy(seqname, seq->name); }
data/blimps-3.9+ds/blimps/cobbler.c:1006:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else { strcpy(seqname, blist->next->block->sequences[blist->minseq].name); }
data/blimps-3.9+ds/blimps/cobbler.c:1062:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fam, blist->next->block->family);
data/blimps-3.9+ds/blimps/cobbler.c:1068:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pssm->number, fam);
data/blimps-3.9+ds/blimps/cobbler.c:1069:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pssm->ac, pssm->number);
data/blimps-3.9+ds/blimps/cobbler.c:1070:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pssm->de, "%s %s from %d to %d with embedded PSSM",
data/blimps-3.9+ds/blimps/cobbler.c:1289:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, seq->name);
data/blimps-3.9+ds/blimps/cobbler.c:1484:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, block->ac);
data/blimps-3.9+ds/blimps/cobbler.c:1849:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(seqname, "%s %s", fam, name);
data/blimps-3.9+ds/blimps/cobbler.c:1850:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seq->name, seqname);
data/blimps-3.9+ds/blimps/codehop.c:177:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, USAGE, argv[0]) ;
data/blimps-3.9+ds/blimps/codehop.c:178:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, DEFAULTS, inpfname, outfname, "first_in_input",
data/blimps-3.9+ds/blimps/codehop.c:182:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, COMMENTS) ;
data/blimps-3.9+ds/blimps/codehop.c:264:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Frqname, "%s/docs/%s", blimps_dir, "default.amino.frq");
data/blimps-3.9+ds/blimps/codehop.c:265:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(IDname, "%s/docs/%s", blimps_dir, "identity.frq");
data/blimps-3.9+ds/blimps/codehop.c:269:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Frqname, "%s", AA_FREQUENCY_FNAME) ;
data/blimps-3.9+ds/blimps/codehop.c:270:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(IDname, "%s", ID_FREQUENCY_FNAME) ;
data/blimps-3.9+ds/blimps/codehop.c:275:27: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (blimps_dir != NULL) sprintf(qijname, "%s/docs/", blimps_dir);
data/blimps-3.9+ds/blimps/codehop.c:297:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, codon_usage_file);
data/blimps-3.9+ds/blimps/codehop.c:298:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(codon_usage_file, "%s/docs/%s", blimps_dir, tmp);
data/blimps-3.9+ds/blimps/codehop.c:304:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(codon_usage_file, CODON_USAGE_FILE_DFLT);
data/blimps-3.9+ds/blimps/codehop.c:309:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, codon_usage_file);
data/blimps-3.9+ds/blimps/codehop.c:310:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(codon_usage_file, "%s/docs/%s", blimps_dir, tmp);
data/blimps-3.9+ds/blimps/codehop.c:322:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(codon_usage_file, CODON_USAGE_FILE_DFLT);
data/blimps-3.9+ds/blimps/codehop.c:406:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(inpfname,argv[i1]) ;
data/blimps-3.9+ds/blimps/codehop.c:411:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outfname,argv[i1]) ;
data/blimps-3.9+ds/blimps/codehop.c:432:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(codon_usage_fname,chr_ptr) ;
data/blimps-3.9+ds/blimps/codehop.c:440:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fam_name,chr_ptr) ;
data/blimps-3.9+ds/blimps/coduse.c:64:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (argc > 1) strcpy(infile, argv[1]);
data/blimps-3.9+ds/blimps/coduse.c:77:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (argc > 2) strcpy(organism, argv[2]);
data/blimps-3.9+ds/blimps/coduse.c:94:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (argc > 3) strcpy(outfile, argv[3]);
data/blimps-3.9+ds/blimps/coduse.c:113:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(organism, line);
data/blimps-3.9+ds/blimps/config.c:64:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/config.c:259:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/config.c:426:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/config.c:910:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer, "Unable to read sequence file: %s ",
data/blimps-3.9+ds/blimps/convert.c:119:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(matrix->ac, block->ac);
data/blimps-3.9+ds/blimps/convert.c:123:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(matrix->number, block->number);
data/blimps-3.9+ds/blimps/convert.c:194:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(ErrorBuffer, /* ^^^^----------------vvvvvvvvvvvvvvvvvvv */
data/blimps-3.9+ds/blimps/convert.c:919:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sijname, "%s/docs/default.sij", blimps_dir);
data/blimps-3.9+ds/blimps/convert.c:1089:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer, "pb_weights:%d ignored for %s\n",
data/blimps-3.9+ds/blimps/convert.c:1502:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(diriname, "%s/docs/default.diri", blimps_dir);
data/blimps-3.9+ds/blimps/convert.c:1503:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(rankname, "%s/docs/default.rank", blimps_dir);
data/blimps-3.9+ds/blimps/convert.c:1521:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer, "SIFT_pssm(): Cannot open %s\n", rankname);
data/blimps-3.9+ds/blimps/convert.c:1640:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ErrorBuffer, "dirichlet(): Cannot open dirichlet file %s\n",
data/blimps-3.9+ds/blimps/email.c:34:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, argv[1]);
data/blimps-3.9+ds/blimps/email.c:72:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ctemp, "/usr/bin/mailx -s %s %s < %s",
data/blimps-3.9+ds/blimps/email.c:76:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(ctemp);
data/blimps-3.9+ds/blimps/email.c:81:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ctemp, "rm %s", outname);
data/blimps-3.9+ds/blimps/email.c:82:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(ctemp);
data/blimps-3.9+ds/blimps/fastaseqs.c:38:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(infile, argv[1]);
data/blimps-3.9+ds/blimps/fastaseqs.c:51:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outfile, argv[2]);
data/blimps-3.9+ds/blimps/files.c:133:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/files.c:157:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer, "Already have a frequency file: %s",
data/blimps-3.9+ds/blimps/files.c:160:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer, "The file %s will be ignored.\n", file_name);
data/blimps-3.9+ds/blimps/files.c:226:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer, "Unable to open block file: %s\n",
data/blimps-3.9+ds/blimps/files.c:232:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer, "Unable to open matrix file: %s\n",
data/blimps-3.9+ds/blimps/files.c:238:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer, "Unable to open database file: %s\n",
data/blimps-3.9+ds/blimps/files.c:244:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer, "Unable to open frequency file: %s\n",
data/blimps-3.9+ds/blimps/files.c:250:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer, "Unable to read sequence file: %s\n",
data/blimps-3.9+ds/blimps/files.c:256:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer, "Unable to read pattern file: %s\n",
data/blimps-3.9+ds/blimps/files.c:308:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer, "Unable to read sequence file: %s ",
data/blimps-3.9+ds/blimps/files.c:322:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer, "Unable to open block file: %s\n",
data/blimps-3.9+ds/blimps/files.c:328:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer, "Unable to open matrix file: %s\n",
data/blimps-3.9+ds/blimps/files.c:334:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer, "Unable to open database file: %s\n",
data/blimps-3.9+ds/blimps/files.c:340:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer, "Unable to open frequency file: %s\n",
data/blimps-3.9+ds/blimps/files.c:346:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer, "Unable to read sequence file: %s",
data/blimps-3.9+ds/blimps/files.c:352:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer, "Unable to read pattern file: %s",
data/blimps-3.9+ds/blimps/find_biassed_blocks.c:124:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outname,"%s.biassed_blocks", bdbname) ;
data/blimps-3.9+ds/blimps/find_biassed_blocks.c:159:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ctemp, "%s/docs/%s", blimps_dir, AA_FREQUENCY_FNAME);
data/blimps-3.9+ds/blimps/find_biassed_blocks.c:214:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, "%-10s %2d %4d %4d %3d %4d %3d %4d %3d",
data/blimps-3.9+ds/blimps/find_biassed_blocks.c:259:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line,"%d biassed blocks found in the %d blocks from file %s.",
data/blimps-3.9+ds/blimps/find_biassed_blocks.c:289:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (argc > 1) strcpy(bdbname, argv[1]);
data/blimps-3.9+ds/blimps/find_biassed_blocks.c:635:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(entry_name, ptr) ;
data/blimps-3.9+ds/blimps/find_biassed_blocks.c:637:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(block->ac, "%s%s;", word, entry_name) ;
data/blimps-3.9+ds/blimps/find_biassed_blocks.c:638:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(block->number, "%s%s", word, entry_name) ;
data/blimps-3.9+ds/blimps/find_biassed_blocks.c:641:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(block->id, "%s; ProDom_mul", entry_name) ;
data/blimps-3.9+ds/blimps/find_biassed_blocks.c:737:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(word, ptr) ;
data/blimps-3.9+ds/blimps/find_biassed_blocks.c:928:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(block->ac, word) ;
data/blimps-3.9+ds/blimps/format_block.c:103:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(home_dir, "%s", ptr);
data/blimps-3.9+ds/blimps/format_block.c:108:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(home_dir, "%s", BTEST_HOME);
data/blimps-3.9+ds/blimps/format_block.c:112:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(home_dir, "%s", BLOCKS_HOME);
data/blimps-3.9+ds/blimps/format_block.c:117:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(0);
data/blimps-3.9+ds/blimps/format_block.c:123:21: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
curr_year_month = popen("date '+%y%m'", "r");
data/blimps-3.9+ds/blimps/format_block.c:124:13: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
logdate = popen("date \"+%y%m%d\"", "r");
data/blimps-3.9+ds/blimps/format_block.c:126:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(extblock_stdout, "%s%s/extblock_stdout", home_dir, BIN_SUBDIR);
data/blimps-3.9+ds/blimps/format_block.c:127:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Blweight, "%s%s/blweight", home_dir, BIN_SUBDIR);
data/blimps-3.9+ds/blimps/format_block.c:128:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Block_fileNW, "%s%s/%d.blk.NW.temp", home_dir, TMP_SUBDIR, pid);
data/blimps-3.9+ds/blimps/format_block.c:129:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Block_file, "%s%s/%d.blk", home_dir, TMP_SUBDIR, pid);
data/blimps-3.9+ds/blimps/format_block.c:134:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(log_dir, "%s%s/%s", home_dir, LOG_SUBDIR, buf);
data/blimps-3.9+ds/blimps/format_block.c:137:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_dir, "%s%s", home_dir, TMP_SUBDIR);
data/blimps-3.9+ds/blimps/format_block.c:240:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "rm -f %s%s/%d*temp", home_dir, TMP_SUBDIR, pid);
data/blimps-3.9+ds/blimps/format_block.c:241:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(buf);
data/blimps-3.9+ds/blimps/format_block.c:260:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/format_block.c:476:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(block->sequences[block->num_sequences].name,
data/blimps-3.9+ds/blimps/format_block.c:591:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(block->sequences[i].name, "%s%d", UNKNOWN_SEQ_NAME, i+1) ;
data/blimps-3.9+ds/blimps/format_block.c:735:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
{ strcpy(block->number,AC_Ptr->val) ; }
data/blimps-3.9+ds/blimps/format_block.c:747:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(block->ac,block->number) ;
data/blimps-3.9+ds/blimps/format_block.c:757:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(block->ac, "%s; distance from previous block = (%d",
data/blimps-3.9+ds/blimps/format_block.c:769:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(block->ac, "%s,%d)",
data/blimps-3.9+ds/blimps/format_block.c:782:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(block->bl, "%s; width=%d; seqs=%d;",
data/blimps-3.9+ds/blimps/format_block.c:802:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s %s %s %s %s > /dev/null",
data/blimps-3.9+ds/blimps/format_block.c:805:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(buf))
data/blimps-3.9+ds/blimps/format_block.c:907:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("umask 006");
data/blimps-3.9+ds/blimps/frequency.c:69:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer, "load_frequencies: Unable to open frequency file: %s",
data/blimps-3.9+ds/blimps/frequency.c:271:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(frqname, "%s/docs/default.amino.frq", blimps_dir);
data/blimps-3.9+ds/blimps/frequency.c:272:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(qijname, "%s/docs/default.qij", blimps_dir);
data/blimps-3.9+ds/blimps/htmlize-LAMA.c:138:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(help_icon, HELP_ICON) ;
data/blimps-3.9+ds/blimps/htmlize-LAMA.c:139:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(logos_icon, LOGOS_ICON) ;
data/blimps-3.9+ds/blimps/htmlize-LAMA.c:140:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(alignment_icon, ALIGNMENT_ICON) ;
data/blimps-3.9+ds/blimps/htmlize-LAMA.c:153:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(prcssdline, "%s %d %*c %*d %*s %s %d %*c %*d %*c%d ",
data/blimps-3.9+ds/blimps/htmlize-codehop.c:62:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, argv[1]);
data/blimps-3.9+ds/blimps/htmlize-codehop.c:89:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bfor->name, ptr);
data/blimps-3.9+ds/blimps/htmlize-codehop.c:91:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bfor->line, line);
data/blimps-3.9+ds/blimps/htmlize-codehop.c:103:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(brev->name, ptr);
data/blimps-3.9+ds/blimps/htmlize-codehop.c:104:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(brev->line, bfor->line);
data/blimps-3.9+ds/blimps/htmlize-codehop.c:114:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(onew->line, line);
data/blimps-3.9+ds/blimps/htmlize-codehop.c:227:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(stemp, line);
data/blimps-3.9+ds/blimps/interpro.c:93:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(iprfile, argv[1]);
data/blimps-3.9+ds/blimps/interpro.c:107:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(iprname, argv[2]);
data/blimps-3.9+ds/blimps/interpro.c:125:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(xreffile, iprfile);
data/blimps-3.9+ds/blimps/interpro.c:173:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ac, ptr);
data/blimps-3.9+ds/blimps/interpro.c:185:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s.lis", ac);
data/blimps-3.9+ds/blimps/interpro.c:197:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(de, ac);
data/blimps-3.9+ds/blimps/interpro.c:202:38: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (ptr != NULL) { strcpy(de, ptr); }
data/blimps-3.9+ds/blimps/interpro.c:235:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, line);
data/blimps-3.9+ds/blimps/interpro.c:241:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(db[ndb], ptr1);
data/blimps-3.9+ds/blimps/interpro.c:243:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(line, ctemp);
data/blimps-3.9+ds/blimps/interpro.c:249:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dbkey[ndb], ptr1);
data/blimps-3.9+ds/blimps/interpro.c:256:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(id, ptr1);
data/blimps-3.9+ds/blimps/interpro.c:268:22: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, line);
data/blimps-3.9+ds/blimps/interpro.c:274:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(status, ptr1);
data/blimps-3.9+ds/blimps/interpro.c:292:34: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(did->ps, status);
data/blimps-3.9+ds/blimps/interpro.c:293:34: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(did->info, "%s", dbkey[ndb]);
data/blimps-3.9+ds/blimps/interpro.c:300:34: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp1, did->info);
data/blimps-3.9+ds/blimps/interpro.c:303:37: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ctemp1, " %s", dbkey[ndb]);
data/blimps-3.9+ds/blimps/interpro.c:304:37: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(did->info, ctemp1);
data/blimps-3.9+ds/blimps/interpro.c:422:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new->entry, seqname);
data/blimps-3.9+ds/blimps/interpro.c:483:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s %d", Repeats[nrep].ac, &Repeats[nrep].num);
data/blimps-3.9+ds/blimps/lisblk.c:52:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lisfile, argv[1]);
data/blimps-3.9+ds/blimps/lisblk.c:68:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(blkfile, argv[2]);
data/blimps-3.9+ds/blimps/mablock.c:127:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bdbname, argv[1]);
data/blimps-3.9+ds/blimps/mablock.c:139:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, bdbname);
data/blimps-3.9+ds/blimps/mablock.c:141:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (ptr != NULL) strcpy(Block_AC, ptr);
data/blimps-3.9+ds/blimps/mablock.c:142:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(Block_AC, bdbname);
data/blimps-3.9+ds/blimps/mablock.c:152:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Block_ID, "%s; BLOCK", Block_AC);
data/blimps-3.9+ds/blimps/mablock.c:153:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Block_DE, bdbname);
data/blimps-3.9+ds/blimps/mablock.c:157:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(OutName, argv[2]);
data/blimps-3.9+ds/blimps/mablock.c:163:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, OutName); strcat(ctemp, ".blks");
data/blimps-3.9+ds/blimps/mablock.c:169:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, OutName); strcat(ctemp, ".seqs");
data/blimps-3.9+ds/blimps/mablock.c:177:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (argc > 3) { strcpy(outtype, argv[3]); }
data/blimps-3.9+ds/blimps/mablock.c:420:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_name, "%s.%d", OutName, my_pid);
data/blimps-3.9+ds/blimps/mablock.c:503:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, "\\rm %s", tmp_name);
data/blimps-3.9+ds/blimps/mablock.c:504:4: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(line);
data/blimps-3.9+ds/blimps/mablock.c:638:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, "\\rm %s", tmp_name);
data/blimps-3.9+ds/blimps/mablock.c:639:4: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(line);
data/blimps-3.9+ds/blimps/mablock.c:656:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(block->sequences[s].name, seqs[s]->name);
data/blimps-3.9+ds/blimps/mablock.c:711:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(block->id, Block_ID);
data/blimps-3.9+ds/blimps/mablock.c:712:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(block->de, Block_DE);
data/blimps-3.9+ds/blimps/mablock.c:716:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, Block_AC);
data/blimps-3.9+ds/blimps/mablock.c:762:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(block->ac, "%s; distance from previous block=(%d,%d)",
data/blimps-3.9+ds/blimps/mablock.c:873:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, seqs[s]->name);
data/blimps-3.9+ds/blimps/mablock.c:874:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seqs[s]->name, ctemp+3);
data/blimps-3.9+ds/blimps/mablock.c:889:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, seqs[s]->name);
data/blimps-3.9+ds/blimps/mablock.c:893:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(seqs[s]->name, "%s%d", ctemp, s);
data/blimps-3.9+ds/blimps/makeblockmap.c:96:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, USAGE, argv[0]) ;
data/blimps-3.9+ds/blimps/makeblockmap.c:97:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, DEFAULTS, bdbname, outname, src_fam_name) ;
data/blimps-3.9+ds/blimps/makeblockmap.c:98:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, COMMENTS);
data/blimps-3.9+ds/blimps/makeblockmap.c:99:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, GET_HELP) ;
data/blimps-3.9+ds/blimps/makeblockmap.c:364:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(map->block_family, "%s", block_fam[0]->family) ;
data/blimps-3.9+ds/blimps/makeblockmap.c:659:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(inpfname,argv[i1]) ;
data/blimps-3.9+ds/blimps/makeblockmap.c:664:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outfname,argv[i1]) ;
data/blimps-3.9+ds/blimps/makeblockmap.c:678:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fam_name,chr_ptr) ;
data/blimps-3.9+ds/blimps/makeblockmap.c:682:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lisname,chr_ptr) ;
data/blimps-3.9+ds/blimps/makelis.c:101:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrFile, "%s.err", argv[1]);
data/blimps-3.9+ds/blimps/makelis.c:153:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Buffer, "%s.in", argv[1]);
data/blimps-3.9+ds/blimps/makelis.c:167:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(SubjectLine, &Buffer[ACLEN]);
data/blimps-3.9+ds/blimps/makelis.c:171:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(SubjectLine, "%19s...", SubjectLine);
data/blimps-3.9+ds/blimps/makelis.c:191:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(LisFile, "%s.lis", argv[1]);
data/blimps-3.9+ds/blimps/makelis.c:192:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(LenFile, "%s.seqlen", argv[1]);
data/blimps-3.9+ds/blimps/makelis.c:193:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ProFile, "%s.pros", argv[1]);
data/blimps-3.9+ds/blimps/makelis.c:194:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrFile, "%s.warn", argv[1]);
data/blimps-3.9+ds/blimps/makelis.c:204:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(SequenceFile, "%s.in", argv[1]);
data/blimps-3.9+ds/blimps/makelis.c:236:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(seqname, "%s_%d", Process, Count);
data/blimps-3.9+ds/blimps/makelis.c:331:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer, "Unable to read sequence file: %s ",
data/blimps-3.9+ds/blimps/makelis.c:358:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, seq->name);
data/blimps-3.9+ds/blimps/makelis.c:359:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seq->name, ctemp+3);
data/blimps-3.9+ds/blimps/makelis.c:366:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, seq->name);
data/blimps-3.9+ds/blimps/makelis.c:367:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seq->name, ctemp+itemp);
data/blimps-3.9+ds/blimps/makelis.c:377:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, seq->info);
data/blimps-3.9+ds/blimps/makelis.c:378:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seq->info, ctemp+itemp);
data/blimps-3.9+ds/blimps/makelis.c:385:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(DELine, "%s family", seq->info);
data/blimps-3.9+ds/blimps/makelis.c:390:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(DELine, "%s... family", Buffer);
data/blimps-3.9+ds/blimps/makelis.c:403:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seq->name, seq->info);
data/blimps-3.9+ds/blimps/makelis.c:410:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, seq->name);
data/blimps-3.9+ds/blimps/makelis.c:412:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(seq->name, "%s%d", ctemp, nseq);
data/blimps-3.9+ds/blimps/makelogob.c:2794:31: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(logo.name, "."); strcat(logo.name, argv[1]);
data/blimps-3.9+ds/blimps/makelogob.c:2795:33: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(symvec.name, "."); strcat(symvec.name, argv[1]);
data/blimps-3.9+ds/blimps/makelogob.c:2796:36: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(makelogop.name, "."); strcat(makelogop.name, argv[1]);
data/blimps-3.9+ds/blimps/makelogob.c:2797:33: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(colors.name, "."); strcat(colors.name, argv[1]); /*SP*/
data/blimps-3.9+ds/blimps/matrix.c:179:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(buf3, "%s", matrix->motif);
data/blimps-3.9+ds/blimps/matrix.c:192:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer, "No width field for matrix %s", matrix->number);
data/blimps-3.9+ds/blimps/matrix_logob.c:159:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(suffix2, suffix); /* may be different if more than one block */
data/blimps-3.9+ds/blimps/matrix_logob.c:168:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(colors, "colors.%s", suffix);
data/blimps-3.9+ds/blimps/matrix_logob.c:171:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, "cp %s/colors %s", logodir, colors) ;
data/blimps-3.9+ds/blimps/matrix_logob.c:172:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(line) ;
data/blimps-3.9+ds/blimps/matrix_logob.c:178:35: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (stat("wave", &status) < 0) system("touch wave") ;
data/blimps-3.9+ds/blimps/matrix_logob.c:179:36: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (stat("marks", &status) < 0) system("touch marks") ;
data/blimps-3.9+ds/blimps/matrix_logob.c:188:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(blockAC2, blockAC);
data/blimps-3.9+ds/blimps/matrix_logob.c:198:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(suffix2, suffix);
data/blimps-3.9+ds/blimps/matrix_logob.c:202:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(blockAC2, block->number);
data/blimps-3.9+ds/blimps/matrix_logob.c:209:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, "cp \'colors.%s\' \'colors.%s\'", suffix, suffix2);
data/blimps-3.9+ds/blimps/matrix_logob.c:210:14: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(line);
data/blimps-3.9+ds/blimps/matrix_logob.c:214:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(block->id, "%s %*s", blockID) ;
data/blimps-3.9+ds/blimps/matrix_logob.c:236:34: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
{ strcat(symvec, "."); strcat(symvec, suffix2); }
data/blimps-3.9+ds/blimps/matrix_logob.c:253:38: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
{ strcat(makelogop, "."); strcat(makelogop, suffix2); }
data/blimps-3.9+ds/blimps/matrix_logob.c:271:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, "%s/makelogob \'%s\' > /dev/null", logodir, suffix2) ;
data/blimps-3.9+ds/blimps/matrix_logob.c:272:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(line) ;
data/blimps-3.9+ds/blimps/matrix_logob.c:273:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outname, "logo.%s", suffix2);
data/blimps-3.9+ds/blimps/matrix_logob.c:331:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (argc > 1) strcpy(bdbname, argv[1]);
data/blimps-3.9+ds/blimps/matrix_logob.c:347:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (argc > 2) strcpy(blockAC, argv[2]);
data/blimps-3.9+ds/blimps/matrix_logob.c:356:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (argc > 3) strcpy(suffix, argv[3]);
data/blimps-3.9+ds/blimps/matrix_logob.c:597:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, "%s %s %s", PSviewer, PSviewer_opt, outname) ;
data/blimps-3.9+ds/blimps/matrix_logob.c:598:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(line) ;
data/blimps-3.9+ds/blimps/matrix_logob.c:601:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, "%s %s", PSprint, outname) ;
data/blimps-3.9+ds/blimps/matrix_logob.c:602:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(line) ;
data/blimps-3.9+ds/blimps/narrow.c:92:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, argv[1]);
data/blimps-3.9+ds/blimps/narrow.c:103:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(chkname, argv[2]);
data/blimps-3.9+ds/blimps/narrow.c:229:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pssm->de, chkname);
data/blimps-3.9+ds/blimps/narrow.c:290:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(block->de, chkname);
data/blimps-3.9+ds/blimps/narrow.c:306:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ctemp, "%s.mast", chkname);
data/blimps-3.9+ds/blimps/narrow.c:320:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ctemp, "%s.blimps", chkname);
data/blimps-3.9+ds/blimps/narrow.c:354:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(matrix->id, block->id);
data/blimps-3.9+ds/blimps/narrow.c:355:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(matrix->ac, block->ac);
data/blimps-3.9+ds/blimps/narrow.c:356:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(matrix->de, block->de);
data/blimps-3.9+ds/blimps/narrow.c:357:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(matrix->ma, block->bl);
data/blimps-3.9+ds/blimps/oligo_melt.c:74:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (argc > 1) strcpy(fname, argv[1]);
data/blimps-3.9+ds/blimps/p2c.h:203:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
extern Char *strcat PP( (Char *, Const Char *) );
data/blimps-3.9+ds/blimps/p2c.h:206:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
extern Char *strcpy PP( (Char *, Const Char *) );
data/blimps-3.9+ds/blimps/p2clib.c:390:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst, src);
data/blimps-3.9+ds/blimps/p2clib.c:915:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, prefix);
data/blimps-3.9+ds/blimps/papssm.c:249:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfname, argv[1]);
data/blimps-3.9+ds/blimps/papssm.c:388:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(keyword,ptr);
data/blimps-3.9+ds/blimps/papssm.c:394:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(blname, ptr);
data/blimps-3.9+ds/blimps/papssm.c:400:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(exname, ptr);
data/blimps-3.9+ds/blimps/papssm.c:406:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ouname, ptr);
data/blimps-3.9+ds/blimps/papssm.c:412:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(frname, ptr);
data/blimps-3.9+ds/blimps/papssm.c:421:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(alname, ptr);
data/blimps-3.9+ds/blimps/papssm.c:437:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(alname, ptr);
data/blimps-3.9+ds/blimps/papssm.c:454:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Steve[nsteve]->qijname, ptr);
data/blimps-3.9+ds/blimps/papssm.c:459:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(grname, ptr);
data/blimps-3.9+ds/blimps/papssm.c:465:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(gqname, ptr);
data/blimps-3.9+ds/blimps/papssm.c:471:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(diname, ptr);
data/blimps-3.9+ds/blimps/papssm.c:477:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(clname, ptr);
data/blimps-3.9+ds/blimps/papssm.c:526:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(paname, ptr);
data/blimps-3.9+ds/blimps/papssm.c:637:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fname, Steve[i]->qijname);
data/blimps-3.9+ds/blimps/papssm.c:1482:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, block->id);
data/blimps-3.9+ds/blimps/papssm.c:1484:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(matrix->id, ctemp);
data/blimps-3.9+ds/blimps/papssm.c:1485:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(matrix->ac, block->ac);
data/blimps-3.9+ds/blimps/papssm.c:1486:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(matrix->de, block->de);
data/blimps-3.9+ds/blimps/papssm.c:1487:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(matrix->ma, block->bl);
data/blimps-3.9+ds/blimps/papssm.c:1488:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(matrix->number, block->number);
data/blimps-3.9+ds/blimps/papssm.c:1489:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(matrix->motif, block->motif);
data/blimps-3.9+ds/blimps/papssm.c:1499:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, matrix->ma);
data/blimps-3.9+ds/blimps/papssm.c:1501:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(matrix->ma, "%s seqs=%d",
data/blimps-3.9+ds/blimps/papssm.c:2043:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(line) != 0)
data/blimps-3.9+ds/blimps/papssm.c:2260:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pattern, matrix->id);
data/blimps-3.9+ds/blimps/papssm.c:2283:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pattern, ctemp); /* this is i = pos */
data/blimps-3.9+ds/blimps/papssm.c:2295:18: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pattern, ctemp);
data/blimps-3.9+ds/blimps/pattern.c:114:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/pattern.c:565:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pr->residues, (*pat)+1);
data/blimps-3.9+ds/blimps/prints2blocks.c:61:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(inpfname, argv[1]);
data/blimps-3.9+ds/blimps/prints2blocks.c:80:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outfname[0], "%s.dat", inpfname) ;
data/blimps-3.9+ds/blimps/prints2blocks.c:88:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outfname[1], "%s.info", inpfname) ;
data/blimps-3.9+ds/blimps/prints2blocks.c:195:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(entry_name,ptr) ;
data/blimps-3.9+ds/blimps/prints2blocks.c:242:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fam_acc,ptr) ;
data/blimps-3.9+ds/blimps/prints2blocks.c:302:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(block[i1].number, "%s%c", fam_acc, 65+i1) ;
data/blimps-3.9+ds/blimps/prints2blocks.c:304:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(block[i1].number, "%s", fam_acc) ;
data/blimps-3.9+ds/blimps/prints2blocks.c:305:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(block[i1].ac, "%s;", block[i1].number) ;
data/blimps-3.9+ds/blimps/prints2blocks.c:306:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(block[i1].id, "%s; BLOCK", entry_name) ;
data/blimps-3.9+ds/blimps/prints2blocks.c:368:16: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(PR_crssref, ptr) ;
data/blimps-3.9+ds/blimps/prints2blocks.c:639:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(block[i1].ac, word) ;
data/blimps-3.9+ds/blimps/protomat.c:207:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (ptr != NULL) strcpy(filename, ptr);
data/blimps-3.9+ds/blimps/protomat.c:222:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (ptr != NULL) strcpy(chigh, ptr);
data/blimps-3.9+ds/blimps/protomat.c:450:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pros, ptr);
data/blimps-3.9+ds/blimps/protomat.c:456:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tname, pros);
data/blimps-3.9+ds/blimps/protomat.c:458:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mem, "mkdir %s", tname);
data/blimps-3.9+ds/blimps/protomat.c:461:15: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
test=system(mem);
data/blimps-3.9+ds/blimps/protomat.c:597:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(idtemp, id->entry);
data/blimps-3.9+ds/blimps/protomat.c:602:22: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (tot < 10) strcpy(idlist[tot++], ptr);
data/blimps-3.9+ds/blimps/protomat.c:626:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(id->full_entry, ctemp);
data/blimps-3.9+ds/blimps/protxblk.c:36:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bdbname, argv[1]);
data/blimps-3.9+ds/blimps/protxblk.c:49:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(conname, argv[2]);
data/blimps-3.9+ds/blimps/pssmBL.c:28:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pssmname, argv[1]);
data/blimps-3.9+ds/blimps/pssmBL.c:41:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bdbname, argv[2]);
data/blimps-3.9+ds/blimps/pssmBL.c:54:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(conname, argv[3]);
data/blimps-3.9+ds/blimps/pssmBL.c:108:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(line, block->bl);
data/blimps-3.9+ds/blimps/pssmBL.c:110:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(block->bl, "%s; width=%d; seqs=%d; 99.5%%=%d; strength=%d;",
data/blimps-3.9+ds/blimps/pssmdist.c:112:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mname, argv[1]);
data/blimps-3.9+ds/blimps/pssmdist.c:125:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(oname, argv[2]);
data/blimps-3.9+ds/blimps/pssmdist.c:137:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fname, argv[3]);
data/blimps-3.9+ds/blimps/pssmdist.c:153:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, argv[4]);
data/blimps-3.9+ds/blimps/pssmdist.c:164:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, argv[5]);
data/blimps-3.9+ds/blimps/pssmdist.c:177:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (argc > 6) strcpy(outname, argv[6]);
data/blimps-3.9+ds/blimps/pssmdist.c:178:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ctemp, "%s.dat", outname);
data/blimps-3.9+ds/blimps/pssmdist.c:186:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (argc > 7) strcpy(ctemp, argv[7]);
data/blimps-3.9+ds/blimps/pssmdist.c:189:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ctemp, "%s.cum", outname);
data/blimps-3.9+ds/blimps/rank_matrix.c:38:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(matname, argv[1]);
data/blimps-3.9+ds/blimps/rank_matrix.c:99:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sijname, "%s/docs/default.sij", blimps_dir);
data/blimps-3.9+ds/blimps/rank_matrix.c:111:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ErrorBuffer, "construct_rank_matrix(): Cannot open %s\n",
data/blimps-3.9+ds/blimps/readchk.c:19:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(chkname, argv[1]);
data/blimps-3.9+ds/blimps/readchk.c:38:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pssm->de, chkname);
data/blimps-3.9+ds/blimps/readchk.c:42:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seq->info, chkname);
data/blimps-3.9+ds/blimps/readmast.c:25:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(chkname, argv[1]);
data/blimps-3.9+ds/blimps/readmast.c:94:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pssm->de, chkname);
data/blimps-3.9+ds/blimps/retblock.c:49:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bdbname, argv[1]);
data/blimps-3.9+ds/blimps/retblock.c:64:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(acname, argv[2]);
data/blimps-3.9+ds/blimps/retblock.c:97:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outname, block->number);
data/blimps-3.9+ds/blimps/scores.c:81:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/scores.c:187:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/scoring.c:122:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/scoring.c:132:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/sequences.c:345:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp, lbuff);
data/blimps-3.9+ds/blimps/sequences.c:352:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_sequence->name, ptr);
data/blimps-3.9+ds/blimps/sequences.c:361:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp, &lbuff[DbInfo[db].title_offset + strlen(new_sequence->name)]);
data/blimps-3.9+ds/blimps/sequences.c:363:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(title, "%s ", temp);
data/blimps-3.9+ds/blimps/sequences.c:495:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/sequences.c:998:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/sequences.c:1020:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/sequences.c:1047:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/sequences.c:1068:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/sequences.c:1309:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_seq->name, seq->name);
data/blimps-3.9+ds/blimps/sequences.c:1310:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_seq->info, seq->info);
data/blimps-3.9+ds/blimps/show_aligned_blocks.c:54:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bdbname1, argv[1]);
data/blimps-3.9+ds/blimps/show_aligned_blocks.c:63:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(blkname1, argv[2]);
data/blimps-3.9+ds/blimps/show_aligned_blocks.c:75:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bdbname2, argv[4]);
data/blimps-3.9+ds/blimps/show_aligned_blocks.c:84:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(blkname2, argv[5]);
data/blimps-3.9+ds/blimps/sortblk.c:57:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bdbname, argv[1]);
data/blimps-3.9+ds/blimps/sortblk.c:70:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(conname, argv[2]);
data/blimps-3.9+ds/blimps/sortblk.c:110:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newblock->id, block->id);
data/blimps-3.9+ds/blimps/sortblk.c:111:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newblock->ac, block->ac);
data/blimps-3.9+ds/blimps/sortblk.c:112:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newblock->number, block->number);
data/blimps-3.9+ds/blimps/sortblk.c:113:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newblock->de, block->de);
data/blimps-3.9+ds/blimps/sortblk.c:114:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newblock->bl, block->bl);
data/blimps-3.9+ds/blimps/translate.c:28:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sname, argv[1]);
data/blimps-3.9+ds/blimps/translate.c:49:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outname, argv[2]);
data/blimps-3.9+ds/blimps/version.c:171:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(TitleString,
data/blimps-3.9+ds/blimps/version.c:177:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(TitleString,
data/blimps-3.9+ds/include/memory.h:53:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(sprintf(ErrorBuffer, \
data/blimps-3.9+ds/include/memory.h:64:10: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(sprintf(ErrorBuffer, \
data/blimps-3.9+ds/protomat/blastdat.c:57:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (argc > 1) { strcpy(homfile, argv[1]); }
data/blimps-3.9+ds/protomat/blastdat.c:75:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lisfile, argv[2]);
data/blimps-3.9+ds/protomat/blastdat.c:95:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(homfile, HomName); strcat(homfile, ".tns");
data/blimps-3.9+ds/protomat/blastdat.c:107:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(homfile, HomName); strcat(homfile, ".mis");
data/blimps-3.9+ds/protomat/blastdat.c:118:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(homfile, HomName); strcat(homfile, ".fnd");
data/blimps-3.9+ds/protomat/blksort.c:209:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (argc > 1) strcpy(ctemp, argv[1]);
data/blimps-3.9+ds/protomat/blksort.c:229:26: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (ndb > 0) strcpy(datfile, flist->next_flist->datname);
data/blimps-3.9+ds/protomat/blksort.c:238:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(homfile, argv[2]);
data/blimps-3.9+ds/protomat/blksort.c:247:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(datfile, argv[3]);
data/blimps-3.9+ds/protomat/blksort.c:256:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newdat->datname, datfile);
data/blimps-3.9+ds/protomat/blksort.c:328:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(keyword,ptr);
data/blimps-3.9+ds/protomat/blksort.c:334:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(homfile, ptr);
data/blimps-3.9+ds/protomat/blksort.c:339:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newdat->datname, ptr);
data/blimps-3.9+ds/protomat/blksort.c:359:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%sblksort.stp", DatDir);
data/blimps-3.9+ds/protomat/blksort.c:503:34: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (ptr1 != NULL) strcpy(db, ptr1);
data/blimps-3.9+ds/protomat/blksort.c:579:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%sblksort.stn", DatDir);
data/blimps-3.9+ds/protomat/blksort.c:615:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%srepeats.dat", DatDir);
data/blimps-3.9+ds/protomat/blksort.c:626:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s %d", Repeats[nrep].ac, &Repeats[nrep].num);
data/blimps-3.9+ds/protomat/blksort.c:648:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%sblksort.bias", DatDir);
data/blimps-3.9+ds/protomat/blksort.c:659:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s %d", Bias[nbias].ac, &Bias[nbias].num);
data/blimps-3.9+ds/protomat/blksort.c:701:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(results[rank].ac, save_ac);
data/blimps-3.9+ds/protomat/blksort.c:708:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(results[rank].fam, save_ac);
data/blimps-3.9+ds/protomat/blksort.c:739:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(save_fam, results[0].fam); save_rank = 0;
data/blimps-3.9+ds/protomat/blksort.c:752:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(save_fam, results[i].fam); save_rank = i;
data/blimps-3.9+ds/protomat/blksort.c:793:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(save_fam, results[0].fam); save_nresult = 0;
data/blimps-3.9+ds/protomat/blksort.c:856:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (i < nresult) strcpy(save_fam, results[i].fam);
data/blimps-3.9+ds/protomat/blksort.c:956:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, line);
data/blimps-3.9+ds/protomat/blksort.c:958:27: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (ptr != NULL) strcpy(block->ac, ptr);
data/blimps-3.9+ds/protomat/blksort.c:959:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(block->fam, block->ac);
data/blimps-3.9+ds/protomat/blksort.c:1047:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(block->aa[block->nseq], ptr);
data/blimps-3.9+ds/protomat/blksort.c:1127:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ac, results[t].ac);
data/blimps-3.9+ds/protomat/blksort.c:1133:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(block->name[block->nseq], Query);
data/blimps-3.9+ds/protomat/blksort.c:1137:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(block->aa[block->nseq], results[t].aa);
data/blimps-3.9+ds/protomat/blksort.c:1173:16: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pline, block->ac);
data/blimps-3.9+ds/protomat/blksort.c:1262:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(stemp[i].ac, results[i+min_t].ac);
data/blimps-3.9+ds/protomat/blksort.c:1280:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lastac, stemp[i].ac);
data/blimps-3.9+ds/protomat/blksort.c:1342:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lastac, stemp[i].ac);
data/blimps-3.9+ds/protomat/blksort.c:1372:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lastac, stemp[i].ac);
data/blimps-3.9+ds/protomat/blksort.c:1597:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fam, block->fam);
data/blimps-3.9+ds/protomat/blksort.c:1939:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(repline+repspot, results[t].aa);
data/blimps-3.9+ds/protomat/blksort.c:1947:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(saveac, block->ac);
data/blimps-3.9+ds/protomat/blosum.c:124:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (argc > 1) strcpy(datfile, argv[1]);
data/blimps-3.9+ds/protomat/blosum.c:159:23: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (argc > 4) strcpy(ctemp, argv[4]);
data/blimps-3.9+ds/protomat/getblock.c:91:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(BlockFam, argv[1]);
data/blimps-3.9+ds/protomat/getblock.c:127:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(blkfile, argv[2]);
data/blimps-3.9+ds/protomat/getblock.c:134:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(blkfile, defname);
data/blimps-3.9+ds/protomat/getblock.c:148:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cobfile, argv[3]);
data/blimps-3.9+ds/protomat/getblock.c:168:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mapfile, argv[4]);
data/blimps-3.9+ds/protomat/getblock.c:187:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(treefile, argv[5]);
data/blimps-3.9+ds/protomat/getblock.c:206:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(webfile, argv[6]);
data/blimps-3.9+ds/protomat/getblock.c:225:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lnkfile, argv[7]);
data/blimps-3.9+ds/protomat/getblock.c:244:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pdbfile, argv[8]);
data/blimps-3.9+ds/protomat/getblock.c:263:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cyrfile, argv[9]);
data/blimps-3.9+ds/protomat/getblock.c:283:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prosite, argv[10]);
data/blimps-3.9+ds/protomat/getblock.c:339:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(id, line); /* save this line */
data/blimps-3.9+ds/protomat/getblock.c:343:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, &line[dbs[db]->title_offset]);
data/blimps-3.9+ds/protomat/getblock.c:345:34: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (ptr != NULL) strcpy(fam, ptr);
data/blimps-3.9+ds/protomat/getblock.c:559:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(id, line); /* save this line */
data/blimps-3.9+ds/protomat/getblock.c:563:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ac, &line[dbs[db]->title_offset]);
data/blimps-3.9+ds/protomat/getblock.c:604:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ctemp, "{%s}", pdoc);
data/blimps-3.9+ds/protomat/getseq.c:66:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seqname, argv[1]);
data/blimps-3.9+ds/protomat/getseq.c:74:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(id->entry, seqname);
data/blimps-3.9+ds/protomat/getseq.c:79:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(infile, argv[2]);
data/blimps-3.9+ds/protomat/getseq.c:94:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(foutname, argv[3]);
data/blimps-3.9+ds/protomat/lislis.c:41:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lisfile, argv[1]);
data/blimps-3.9+ds/protomat/lislis.c:57:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lis2file, argv[2]);
data/blimps-3.9+ds/protomat/lislis.c:157:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp1, name1);
data/blimps-3.9+ds/protomat/lislis.c:158:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp2, name2);
data/blimps-3.9+ds/protomat/lislis.c:166:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(parts[n2], ptr2);
data/blimps-3.9+ds/protomat/lislis.c:191:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
{ strcpy(name2, name1); }
data/blimps-3.9+ds/protomat/motifj.c:190:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (argc > 2) strcpy(intemp, argv[2]);
data/blimps-3.9+ds/protomat/motifj.c:199:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Batch_Filename, intemp+1);
data/blimps-3.9+ds/protomat/motifj.c:204:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Batch_Filename, intemp);
data/blimps-3.9+ds/protomat/motifj.c:235:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filepath, PROTEIN_SUBDIRECTORY); /* Initialize path */
data/blimps-3.9+ds/protomat/motifj.c:253:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filepath, intemp); strcat(filepath, ".lst");
data/blimps-3.9+ds/protomat/motifj.c:257:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filepath, intemp); strcat(filepath, ".lis");
data/blimps-3.9+ds/protomat/motifj.c:309:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(intemp, ptr);
data/blimps-3.9+ds/protomat/motifj.c:716:31: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
{ strcpy(intemp, "-"); strcat(intemp, Batch_Filename); }
data/blimps-3.9+ds/protomat/motifj.c:717:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(intemp, Batch_Filename);
data/blimps-3.9+ds/protomat/motifj.c:718:7: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp(argv[0], argv[0], "3", intemp,
data/blimps-3.9+ds/protomat/motifj.c:725:7: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp("motomat", "motomat", Mot_Filename, "1", NULL);
data/blimps-3.9+ds/protomat/motifj.c:1256:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filepath, ptr);
data/blimps-3.9+ds/protomat/motifj.c:1265:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seqname, ptr);
data/blimps-3.9+ds/protomat/motifj.c:1266:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, filepath);
data/blimps-3.9+ds/protomat/motifj.c:1267:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ctemp, seqname);
data/blimps-3.9+ds/protomat/motifj.c:1268:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ctemp, PROTEIN_EXTENSION);
data/blimps-3.9+ds/protomat/motifj.c:1297:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Seqname[ns], ptr);
data/blimps-3.9+ds/protomat/motmisc.c:220:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (ptr != NULL) strcpy(filename, ptr);
data/blimps-3.9+ds/protomat/motmisc.c:235:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (ptr != NULL) strcpy(chigh, ptr);
data/blimps-3.9+ds/protomat/motmisc.c:553:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pros, ptr);
data/blimps-3.9+ds/protomat/motmisc.c:559:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tname, pros);
data/blimps-3.9+ds/protomat/motmisc.c:561:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mem, "mkdir %s", tname);
data/blimps-3.9+ds/protomat/motmisc.c:564:15: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
test=system(mem);
data/blimps-3.9+ds/protomat/motmisc.c:719:44: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (fgets(temp, MAXLINE, fin) != NULL) strcat(line, temp);
data/blimps-3.9+ds/protomat/motmisc.c:725:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp, line);
data/blimps-3.9+ds/protomat/motmisc.c:748:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(foutname, pros);
data/blimps-3.9+ds/protomat/motmisc.c:749:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp, id->entry); temp[SNAMELEN-1] = '\0';
data/blimps-3.9+ds/protomat/motmisc.c:750:12: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(foutname, temp);
data/blimps-3.9+ds/protomat/motmisc.c:772:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp, &line[dbs[db]->title_offset]);
data/blimps-3.9+ds/protomat/motmisc.c:780:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(title, ptr);
data/blimps-3.9+ds/protomat/motmisc.c:801:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp, title); strcat(temp, " ");
data/blimps-3.9+ds/protomat/motmisc.c:802:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(temp, &line[dbs[db]->title_offset]);
data/blimps-3.9+ds/protomat/motmisc.c:804:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(title, temp);
data/blimps-3.9+ds/protomat/motmisc.c:815:49: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (ptr[0] == ' ') strcpy(id->pir, ptr+1);
data/blimps-3.9+ds/protomat/motmisc.c:816:35: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(id->pir, ptr);
data/blimps-3.9+ds/protomat/motmisc.c:827:23: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp, title);
data/blimps-3.9+ds/protomat/motmisc.c:838:25: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (out) fprintf(fout, &line[dbs[db]->seq_offset]);
data/blimps-3.9+ds/protomat/motmisc.c:854:45: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (fgets(temp, MAXLINE, fin) != NULL) strcat(line, temp);
data/blimps-3.9+ds/protomat/motmisc.c:890:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(idtemp, id->entry);
data/blimps-3.9+ds/protomat/motmisc.c:895:24: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (tot < 10) { strcpy(idlist[tot++], ptr); }
data/blimps-3.9+ds/protomat/motmisc.c:929:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(id->full_entry, ctemp);
data/blimps-3.9+ds/protomat/motomat.c:159:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Argv0, argv[0]);
data/blimps-3.9+ds/protomat/motomat.c:163:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Mot_Filename, argv[1]);
data/blimps-3.9+ds/protomat/motomat.c:167:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("ls -al *.mot");
data/blimps-3.9+ds/protomat/motomat.c:279:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ACName, Blk_Filename); /* use the filename as AC */
data/blimps-3.9+ds/protomat/motomat.c:286:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ACName, ptr);
data/blimps-3.9+ds/protomat/motomat.c:290:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ID, ptr);
data/blimps-3.9+ds/protomat/motomat.c:294:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(DE, ptr);
data/blimps-3.9+ds/protomat/motomat.c:300:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ACName, title+1);
data/blimps-3.9+ds/protomat/motomat.c:323:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, argv[2]);
data/blimps-3.9+ds/protomat/motomat.c:339:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, argv[3]);
data/blimps-3.9+ds/protomat/motomat.c:411:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ctemp, "%s.blks", Blk_Filename);
data/blimps-3.9+ds/protomat/motomat.c:1644:7: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp(Argv0, Argv0, Mot_Filename, arg2, arg3, arg4, NULL);
data/blimps-3.9+ds/protomat/motomat2.c:935:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(AC, ACName);
data/blimps-3.9+ds/protomat/multimat.c:173:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (argc > 1) strcpy(ctemp, argv[1]);
data/blimps-3.9+ds/protomat/multimat.c:183:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(datfile, argv[2]);
data/blimps-3.9+ds/protomat/multimat.c:201:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lisfile, argv[3]);
data/blimps-3.9+ds/protomat/multimat.c:241:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(homfile[nhom++], argv[i]);
data/blimps-3.9+ds/protomat/multimat.c:285:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(AC, ptr1);
data/blimps-3.9+ds/protomat/multimat.c:412:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp[t].ac, AC);
data/blimps-3.9+ds/protomat/multimat.c:443:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, temp[t].seq_id);
data/blimps-3.9+ds/protomat/multimat.c:498:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(save_id, temp[0].seq_id); save_norm = temp[0].max_norm;
data/blimps-3.9+ds/protomat/multimat.c:513:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(save_id, temp[t].seq_id);
data/blimps-3.9+ds/protomat/multimat.c:564:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(save_id, temp[t].seq_id);
data/blimps-3.9+ds/protomat/multimat.c:583:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(save_id,temp[t].seq_id);
data/blimps-3.9+ds/protomat/multimat.c:905:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, ptr);
data/blimps-3.9+ds/protomat/multimat.c:908:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(block->name[block->nseq], ctemp+i);
data/blimps-3.9+ds/protomat/multimat.c:919:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(block->aa[block->nseq], ptr);
data/blimps-3.9+ds/protomat/multimat.c:991:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ac, results[t].ac);
data/blimps-3.9+ds/protomat/multimat.c:1010:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(block->aa[block->nseq], results[t].aa);
data/blimps-3.9+ds/protomat/multimat.c:1041:16: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pline, block->ac); strcat(pline, " ");
data/blimps-3.9+ds/protomat/multimat.c:1476:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ctemp, "%-20s", block->ac); /* SNAMELEN */
data/blimps-3.9+ds/protomat/multimat.c:1478:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ctemp, "%-20s", block->name[s]); /* SNAMELEN */
data/blimps-3.9+ds/protomat/multimat.c:1480:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ctemp, "%-20s", block->name[block->nseq-1]);
data/blimps-3.9+ds/protomat/multimat.c:1536:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(saveac, block->ac);
data/blimps-3.9+ds/protomat/protomot.c:79:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(infile, argv[1]);
data/blimps-3.9+ds/protomat/protomot.c:86:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(infile, defname);
data/blimps-3.9+ds/protomat/protomot.c:95:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(PatName, argv[2]);
data/blimps-3.9+ds/protomat/protomot.c:111:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(defname, PatName);
data/blimps-3.9+ds/protomat/protomot.c:113:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Prefix, argv[3]);
data/blimps-3.9+ds/protomat/protomot.c:121:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Prefix, defname);
data/blimps-3.9+ds/protomat/protomot.c:124:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(swiss, argv[4]);
data/blimps-3.9+ds/protomat/protomot.c:135:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(defname, Prefix); strcat(defname, "/");
data/blimps-3.9+ds/protomat/protomot.c:138:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Pros, argv[5]);
data/blimps-3.9+ds/protomat/protomot.c:146:34: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if ((int) strlen(Pros) < 2) strcpy(Pros, defname);
data/blimps-3.9+ds/protomat/protomot.c:168:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(defname, Prefix); strcat(defname,".lis");
data/blimps-3.9+ds/protomat/protomot.c:170:7: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp("uextract", "uextract", defname, swiss, NULL);
data/blimps-3.9+ds/protomat/protomot.c:204:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(id, ptr);
data/blimps-3.9+ds/protomat/protomot.c:215:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ac, &line[dbs[db]->title_offset]);
data/blimps-3.9+ds/protomat/protomot.c:218:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(title, ac);
data/blimps-3.9+ds/protomat/protomot.c:220:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(title, id);
data/blimps-3.9+ds/protomat/protomot.c:224:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(title, &line[dbs[db]->title_offset]);
data/blimps-3.9+ds/protomat/protomot.c:230:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(title, &line[dbs[db]->title_offset]);
data/blimps-3.9+ds/protomat/protomot.c:236:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pattern, &line[dbs[db]->title_offset]);
data/blimps-3.9+ds/protomat/protomot.c:241:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(counts, &line[dbs[db]->title_offset]);
data/blimps-3.9+ds/protomat/protomot.c:247:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(repeats, &line[dbs[db]->title_offset]);
data/blimps-3.9+ds/protomat/protomot.c:274:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (NoAC) strcpy(filename, ac);
data/blimps-3.9+ds/protomat/protomot.c:275:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(filename, Prefix);
data/blimps-3.9+ds/protomat/protomot.c:301:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pdbs, &line[dbs[db]->title_offset]);
data/blimps-3.9+ds/protomat/protomot.c:334:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp, ptr);
data/blimps-3.9+ds/protomat/protomot.c:337:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(swiss_key, &temp[len]);
data/blimps-3.9+ds/protomat/protomot.c:385:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tempc, counts);
data/blimps-3.9+ds/protomat/protomot.c:398:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tempc, counts);
data/blimps-3.9+ds/protomat/protomot.c:410:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tempc, repeats);
data/blimps-3.9+ds/protomat/protomot.c:462:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(title, mem);
data/blimps-3.9+ds/protomat/protomot.c:483:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tempc, token);
data/blimps-3.9+ds/protomat/uextract.c:129:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lisfile, argv[1]);
data/blimps-3.9+ds/protomat/uextract.c:143:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(infile, argv[2]);
data/blimps-3.9+ds/protomat/uextract.c:167:26: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
case 'o': strcpy(foutname, argv[arg]+2); break;
data/blimps-3.9+ds/protomat/uextract.c:198:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(stitle, title); ptr = strstr(stitle, "MOTIFJ=[");
data/blimps-3.9+ds/protomat/uextract.c:210:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Pros, stemp); Pros[strlen(stemp)-1] = '\0'; /* get rid of nl */
data/blimps-3.9+ds/protomat/uextract.c:212:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Pros,dir_unix(stemp)); /* create the directory if nec. */
data/blimps-3.9+ds/protomat/uextract.c:295:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(runtype, ptr);
data/blimps-3.9+ds/protomat/uextract.c:297:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(signif, ptr);
data/blimps-3.9+ds/protomat/uextract.c:299:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dups, ptr);
data/blimps-3.9+ds/protomat/uextract.c:304:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(distance, ptr);
data/blimps-3.9+ds/protomat/uextract.c:321:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(title, "%s MOTIFJ=[%s,%s,%s,%s];$\n",
data/blimps-3.9+ds/protomat/uextract.c:352:28: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (fout == NULL) strcpy(stemp, lstname);
data/blimps-3.9+ds/protomat/uextract.c:354:33: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
{ strcpy(stemp, "-"); strcat(stemp, foutname);
data/blimps-3.9+ds/protomat/uextract.c:357:10: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp("motifj", "motifj", runtype, stemp,
data/blimps-3.9+ds/protomat/uextract.c:394:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sid, id->full_entry); maxlen = id->len; save=id;
data/blimps-3.9+ds/protomat/uextract.c:401:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sid1, sid);
data/blimps-3.9+ds/protomat/uextract.c:414:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tid, id->full_entry);
data/blimps-3.9+ds/protomat/uextract.c:429:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sid, id->full_entry); /* Initialize the next set */
data/blimps-3.9+ds/protomat/uextract.c:431:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sid1, tid);
data/blimps-3.9+ds/protomat/uextract.c:436:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sid, id->full_entry); save = id;
data/blimps-3.9+ds/protomat/universa.c:59:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(infile, argv[1]);
data/blimps-3.9+ds/protomat/universa.c:71:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outfile, argv[2]);
data/blimps-3.9+ds/protomat/universa.c:74:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(defname, infile);
data/blimps-3.9+ds/protomat/universa.c:79:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outfile, defname);
data/blimps-3.9+ds/protomat/universa.c:126:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(start, ptr);
data/blimps-3.9+ds/protomat/universa.c:128:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(id, ptr); /* save the id for later */
data/blimps-3.9+ds/protomat/universa.c:136:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(desc, &line[dbs[db]->title_offset]);
data/blimps-3.9+ds/protomat/universa.c:143:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(acc, &line[dbs[db]->title_offset]);
data/blimps-3.9+ds/protomat/universa.c:155:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(temp, ptr);
data/blimps-3.9+ds/protomat/universa.c:159:22: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(acc, temp);
data/blimps-3.9+ds/protomat/universa.c:166:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp, title); strcat(temp, " | ");
data/blimps-3.9+ds/protomat/universa.c:169:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(title, temp);
data/blimps-3.9+ds/protomat/universa.c:177:18: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(title, "%s%s %s\n", start, acc, desc); }
data/blimps-3.9+ds/protomat/universa.c:179:18: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(title, "%s|%s %s\n", acc, start, desc); }
data/blimps-3.9+ds/protomat/universa.c:182:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
{ sprintf(title, "%s %s\n", start, desc); }
data/blimps-3.9+ds/protomat/universa.c:207:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fout, &line[dbs[db]->seq_offset]);
data/blimps-3.9+ds/blimps/LAMA.c:161:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
blimps_dir = getenv("BLIMPS_DIR");
data/blimps-3.9+ds/blimps/LAMA_search.c:136:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ptr = getenv("BLOCKS_EMAIL");
data/blimps-3.9+ds/blimps/LAMA_search.c:183:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
entry_string = getenv("QUERY_STRING");
data/blimps-3.9+ds/blimps/LAMA_search.c:197:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cl = atoi(getenv("CONTENT_LENGTH"));
data/blimps-3.9+ds/blimps/LAMA_search.c:674:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(strcmp(getenv("REQUEST_METHOD"),"POST")) {
data/blimps-3.9+ds/blimps/LAMA_search.c:686:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(strcmp(getenv("CONTENT_TYPE"),"application/x-www-form-urlencoded")) {
data/blimps-3.9+ds/blimps/addseqs.c:207:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
blimps_dir = getenv("BLIMPS_DIR");
data/blimps-3.9+ds/blimps/biassed_blocks_finder.c:60:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
script = getenv("SCRIPT_NAME");
data/blimps-3.9+ds/blimps/biassed_blocks_finder.c:83:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
entry_string = getenv("QUERY_STRING");
data/blimps-3.9+ds/blimps/biassed_blocks_finder.c:95:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cl = atoi(getenv("CONTENT_LENGTH"));
data/blimps-3.9+ds/blimps/biassed_blocks_finder.c:277:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(strcmp(getenv("REQUEST_METHOD"),"POST")) {
data/blimps-3.9+ds/blimps/biassed_blocks_finder.c:289:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(strcmp(getenv("CONTENT_TYPE"),"application/x-www-form-urlencoded")) {
data/blimps-3.9+ds/blimps/bldist.c:92:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
blimps_dir = getenv("BLIMPS_DIR");
data/blimps-3.9+ds/blimps/blimps.c:915:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
blimps_dir = getenv("BLIMPS_DIR");
data/blimps-3.9+ds/blimps/blk_to_PSSM.c:113:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
blimps_dir = getenv("BLIMPS_DIR");
data/blimps-3.9+ds/blimps/blocks_search.c:150:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
script = getenv("SCRIPT_NAME");
data/blimps-3.9+ds/blimps/blocks_search.c:152:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ptr = getenv("BLOCKS_EMAIL");
data/blimps-3.9+ds/blimps/blocks_search.c:249:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cl = atoi(getenv("CONTENT_LENGTH"));
data/blimps-3.9+ds/blimps/blocks_search.c:260:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
query_string = getenv("QUERY_STRING");
data/blimps-3.9+ds/blimps/blocks_search.c:604:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (strcmp(getenv("REQUEST_METHOD"),"POST") == 0 &&
data/blimps-3.9+ds/blimps/blocks_search.c:605:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
strcmp(getenv("CONTENT_TYPE"),"application/x-www-form-urlencoded") == 0)
data/blimps-3.9+ds/blimps/blweight.c:102:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(tv.tv_sec^tv.tv_usec);
data/blimps-3.9+ds/blimps/blweight.c:560:36: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
for (j=0; j<=97; j++) v[j] = random();
data/blimps-3.9+ds/blimps/blweight.c:561:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
y=random();
data/blimps-3.9+ds/blimps/blweight.c:567:14: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
v[j] = random();
data/blimps-3.9+ds/blimps/blweight.c:569:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
else y=random();
data/blimps-3.9+ds/blimps/cobbler.c:244:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(tv.tv_sec^tv.tv_usec);
data/blimps-3.9+ds/blimps/cobbler.c:332:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
blimps_dir = getenv("BLIMPS_DIR");
data/blimps-3.9+ds/blimps/cobbler.c:1409:36: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
for (j=0; j<=97; j++) v[j] = random();
data/blimps-3.9+ds/blimps/cobbler.c:1410:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
y=random();
data/blimps-3.9+ds/blimps/cobbler.c:1416:14: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
v[j] = random();
data/blimps-3.9+ds/blimps/cobbler.c:1418:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
else y=random();
data/blimps-3.9+ds/blimps/codehop.c:163:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
blimps_dir = getenv("BLIMPS_DIR");
data/blimps-3.9+ds/blimps/codehop.c:346:4: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(tv.tv_sec^tv.tv_usec);
data/blimps-3.9+ds/blimps/convert.c:916:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
blimps_dir = getenv("BLIMPS_DIR");
data/blimps-3.9+ds/blimps/convert.c:1499:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
blimps_dir = getenv("BLIMPS_DIR");
data/blimps-3.9+ds/blimps/find_biassed_blocks.c:153:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
blimps_dir = getenv("BLIMPS_DIR");
data/blimps-3.9+ds/blimps/format_block.c:97:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
script = getenv("SCRIPT_NAME");
data/blimps-3.9+ds/blimps/format_block.c:100:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ptr = getenv("BLOCKS_HOME");
data/blimps-3.9+ds/blimps/format_block.c:153:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
entry_string = getenv("QUERY_STRING");
data/blimps-3.9+ds/blimps/format_block.c:165:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cl = atoi(getenv("CONTENT_LENGTH"));
data/blimps-3.9+ds/blimps/format_block.c:889:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(strcmp(getenv("REQUEST_METHOD"),"POST")) {
data/blimps-3.9+ds/blimps/format_block.c:901:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(strcmp(getenv("CONTENT_TYPE"),"application/x-www-form-urlencoded")) {
data/blimps-3.9+ds/blimps/frequency.c:268:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
blimps_dir = getenv("BLIMPS_DIR");
data/blimps-3.9+ds/blimps/htmlize-LAMA.c:53:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
script = getenv("SCRIPT_NAME");
data/blimps-3.9+ds/blimps/p2c.h:287:28: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
# define tmpfile() (fopen(tmpnam(NULL), "w+"))
data/blimps-3.9+ds/blimps/rank_matrix.c:96:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
blimps_dir = getenv("BLIMPS_DIR");
data/blimps-3.9+ds/blimps/sl.c:222:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL) | 0x01); /* seed with an odd number */
data/blimps-3.9+ds/blimps/sortblk.c:41:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(tv.tv_sec^tv.tv_usec);
data/blimps-3.9+ds/include/protomat.h:35:27: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define randomize() srand((unsigned)time(NULL)) /* Seed rand() */
data/blimps-3.9+ds/protomat/motifj.c:1365:18: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(i); /* i is the amino acid index */
data/blimps-3.9+ds/protomat/motifj.h:42:27: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define randomize() srand((unsigned)time(NULL)) /* Seed rand() */
data/blimps-3.9+ds/blimps/LAMA.c:87:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bdbname[2][MAXNAME], outname[MAXNAME] ;
data/blimps-3.9+ds/blimps/LAMA.c:88:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[40], line[MAXLINELEN], db_type[2], significance[9];
data/blimps-3.9+ds/blimps/LAMA.c:90:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[MAXNAME];
data/blimps-3.9+ds/blimps/LAMA.c:100:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(version,"28 Apr 00") ;
data/blimps-3.9+ds/blimps/LAMA.c:145:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line,
data/blimps-3.9+ds/blimps/LAMA.c:153:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line,"\n\
data/blimps-3.9+ds/blimps/LAMA.c:300:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(significance, "%.1e", expected) ;
data/blimps-3.9+ds/blimps/LAMA.c:335:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line,"No hits found above score cutoff %.1f.", Z_cutoff) ;
data/blimps-3.9+ds/blimps/LAMA.c:417:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (bfp[i1]=fopen(bdbname[i1], "r")) == NULL)
data/blimps-3.9+ds/blimps/LAMA.c:432:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (*out=fopen(outname, "w")) == NULL)
data/blimps-3.9+ds/blimps/LAMA.c:440:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc > 3) min_algnmnt_width = atoi(argv[3]) ;
data/blimps-3.9+ds/blimps/LAMA.c:459:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc > 4) dbg_lvl = atoi(argv[4]) ;
data/blimps-3.9+ds/blimps/LAMA.c:464:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc > 5) screen_out = atoi(argv[5]) ;
data/blimps-3.9+ds/blimps/LAMA.c:493:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((*persearches = atoi(argv[7])) <= 0) *persearches = PERSEARCHES ;
data/blimps-3.9+ds/blimps/LAMA.c:943:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[80];
data/blimps-3.9+ds/blimps/LAMA.c:1623:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINELEN], word[MAXLINELEN], entry_name[MAXLINELEN] ;
data/blimps-3.9+ds/blimps/LAMA.c:1624:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[2*MAXLINELEN]; /* Store fully word+entry_name before stripping to SMALL_BUFF_LENGTH */
data/blimps-3.9+ds/blimps/LAMA.c:1701:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
block->num_sequences = atoi(ptr) ;
data/blimps-3.9+ds/blimps/LAMA.c:1785:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
temp = atoi(ptr) ;
data/blimps-3.9+ds/blimps/LAMA.c:1949:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(word, " distance from previous block=(%d,%d)",
data/blimps-3.9+ds/blimps/LAMA.c:1953:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(block->bl, "adapted from ProDom entry; width=%d; seqs=%d;",
data/blimps-3.9+ds/blimps/LAMA.h:16:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char matrix0_number[NUMBER_WIDTH]; /* the first matrix/block number(accession)*/
data/blimps-3.9+ds/blimps/LAMA.h:17:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char matrix1_number[NUMBER_WIDTH]; /* the second matrix/block number(accession)*/
data/blimps-3.9+ds/blimps/LAMA_search.c:90:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char LAMA[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/LAMA_search.c:91:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char LAMA_queue[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/LAMA_search.c:92:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char add_queue_entry[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/LAMA_search.c:93:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extblock_stdout[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/LAMA_search.c:94:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Qblock_file[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/LAMA_search.c:95:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char log_dir[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/LAMA_search.c:96:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char log_file[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/LAMA_search.c:97:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_file[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/LAMA_search.c:98:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char LAMA_output[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/LAMA_search.c:99:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cyrcaOutputFile[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/LAMA_search.c:100:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char database[LARGE_BUFF_LENGTH]; /* searched database of blocks */
data/blimps-3.9+ds/blimps/LAMA_search.c:101:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char blocksdbase[LARGE_BUFF_LENGTH]; /* Blocks Database*/
data/blimps-3.9+ds/blimps/LAMA_search.c:102:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char printsdbase[LARGE_BUFF_LENGTH]; /* Prints blocks db */
data/blimps-3.9+ds/blimps/LAMA_search.c:103:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char blplusdbase[LARGE_BUFF_LENGTH]; /* Blocks+ db */
data/blimps-3.9+ds/blimps/LAMA_search.c:104:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char targetdbase[LARGE_BUFF_LENGTH]; /* user target blocks db */
data/blimps-3.9+ds/blimps/LAMA_search.c:105:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mail_file[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/LAMA_search.c:106:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char email_addr[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/LAMA_search.c:107:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/LAMA_search.c:197:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cl = atoi(getenv("CONTENT_LENGTH"));
data/blimps-3.9+ds/blimps/LAMA_search.c:223:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Debug_Level = atoi(entries[i].val);
data/blimps-3.9+ds/blimps/LAMA_search.c:303:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bfp = fopen(Qblock_file, "w");
data/blimps-3.9+ds/blimps/LAMA_search.c:314:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bfp = fopen(Qblock_file, "r");
data/blimps-3.9+ds/blimps/LAMA_search.c:325:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((efp = fopen(error_file, "r")) != NULL)
data/blimps-3.9+ds/blimps/LAMA_search.c:368:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bfp = fopen(targetdbase, "w");
data/blimps-3.9+ds/blimps/LAMA_search.c:379:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bfp = fopen(targetdbase, "r");
data/blimps-3.9+ds/blimps/LAMA_search.c:389:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((efp = fopen(error_file, "r")) != NULL)
data/blimps-3.9+ds/blimps/LAMA_search.c:442:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datein[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/LAMA_search.c:443:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dateout[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/LAMA_search.c:444:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char db[80];
data/blimps-3.9+ds/blimps/LAMA_search.c:511:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((outf = fopen(LAMA_output, "r")) == NULL)
data/blimps-3.9+ds/blimps/LAMA_search.c:565:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char db[80];
data/blimps-3.9+ds/blimps/LAMA_search.c:566:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datein[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/LAMA_search.c:644:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[20];
data/blimps-3.9+ds/blimps/LAMA_search.c:646:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fname, "%dC.html", pid);
data/blimps-3.9+ds/blimps/addseqs.c:104:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Version[12] = " 1/ 2/06.1"; /* Version number */
data/blimps-3.9+ds/blimps/addseqs.c:121:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frqname[MAXNAME], qijname[MAXNAME], siminame[MAXNAME];
data/blimps-3.9+ds/blimps/addseqs.c:122:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char infile[MAXNAME], outfile[MAXNAME], seqsfile[MAXNAME];
data/blimps-3.9+ds/blimps/addseqs.c:155:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fblk=fopen(infile, "r")) == NULL)
data/blimps-3.9+ds/blimps/addseqs.c:169:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fseq=fopen(seqsfile, "r")) == NULL)
data/blimps-3.9+ds/blimps/addseqs.c:182:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fout=fopen(outfile, "w")) == NULL)
data/blimps-3.9+ds/blimps/addseqs.c:210:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(frqname, "default.amino.frq");
data/blimps-3.9+ds/blimps/addseqs.c:215:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(qijname, "default.qij");
data/blimps-3.9+ds/blimps/addseqs.c:217:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fqij=fopen(qijname, "r")) != NULL) Qij = load_qij(fqij);
data/blimps-3.9+ds/blimps/addseqs.c:377:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fdat=fopen("addseqs.dat", "a")) != NULL)
data/blimps-3.9+ds/blimps/addseqs.c:593:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ptr, ctemp[80];
data/blimps-3.9+ds/blimps/addseqs.c:612:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cur->next->mindist = atoi(ptr);
data/blimps-3.9+ds/blimps/addseqs.c:615:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
{ cur->next->maxdist = atoi(ptr);}
data/blimps-3.9+ds/blimps/addseqs.c:1185:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ptr1, *ptr2, parts[10][12], ctemp1[120], ctemp2[120];
data/blimps-3.9+ds/blimps/biassed_blocks_finder.c:44:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Block_file[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/biassed_blocks_finder.c:45:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char find_biassed_blocks[LARGE_BUFF_LENGTH] ;
data/blimps-3.9+ds/blimps/biassed_blocks_finder.c:46:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char program_output[LARGE_BUFF_LENGTH] ;
data/blimps-3.9+ds/blimps/biassed_blocks_finder.c:47:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_file[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/biassed_blocks_finder.c:48:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_dir[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/biassed_blocks_finder.c:49:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/biassed_blocks_finder.c:95:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cl = atoi(getenv("CONTENT_LENGTH"));
data/blimps-3.9+ds/blimps/biassed_blocks_finder.c:151:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bfp = fopen(Block_file, "w");
data/blimps-3.9+ds/blimps/biassed_blocks_finder.c:162:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bfp = fopen(Block_file, "r");
data/blimps-3.9+ds/blimps/biassed_blocks_finder.c:173:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((efp = fopen(error_file, "r")) != NULL)
data/blimps-3.9+ds/blimps/biassed_blocks_finder.c:251:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((outf = fopen(program_output, "r")) == NULL)
data/blimps-3.9+ds/blimps/blDR.c:25:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXNAME];
data/blimps-3.9+ds/blimps/blDR.c:42:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bdbname[MAXNAME], sdbname[MAXNAME], outname[MAXNAME], ctemp[MAXNAME];
data/blimps-3.9+ds/blimps/blDR.c:43:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lastac[10];
data/blimps-3.9+ds/blimps/blDR.c:61:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (bfp=fopen(bdbname, "r")) == NULL)
data/blimps-3.9+ds/blimps/blDR.c:74:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (sfp=fopen(sdbname, "r")) == NULL)
data/blimps-3.9+ds/blimps/blDR.c:86:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (ofp=fopen(outname, "w")) == NULL)
data/blimps-3.9+ds/blimps/blDR.c:146:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[MAXNAME], *ptr;
data/blimps-3.9+ds/blimps/blalign.c:56:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fam[MAXAC+1]; /* family name */
data/blimps-3.9+ds/blimps/blalign.c:67:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLEN];
data/blimps-3.9+ds/blimps/blalign.c:87:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Version[12] = "12/23/06.1"; /* Version date */
data/blimps-3.9+ds/blimps/blalign.c:102:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bdbname[MAXNAME], save_family[MAXAC+1];
data/blimps-3.9+ds/blimps/blalign.c:124:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (bfp=fopen(bdbname, "r")) == NULL)
data/blimps-3.9+ds/blimps/blalign.c:143:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc > 3) OutWidth = atoi(argv[3]);
data/blimps-3.9+ds/blimps/blalign.c:398:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[OUTMAX];
data/blimps-3.9+ds/blimps/blalign.c:436:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctemp, "%5d ", b->sequences[seq1].position);
data/blimps-3.9+ds/blimps/blalign.c:469:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[OUTMAX], header[OUTMAX];
data/blimps-3.9+ds/blimps/blalign.c:508:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctemp, ", width = %d", b->width);
data/blimps-3.9+ds/blimps/blalign.c:530:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctemp, " (%4d) ", posun);
data/blimps-3.9+ds/blimps/blalign.c:533:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctemp, "%5d ", b->sequences[seq1].position);
data/blimps-3.9+ds/blimps/blalign.c:564:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[OUTMAX], ctemp;
data/blimps-3.9+ds/blimps/blalign.c:627:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[OUTMAX];
data/blimps-3.9+ds/blimps/blalign.c:806:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[OUTMAX];
data/blimps-3.9+ds/blimps/bldist.c:49:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sijname[MAXNAME], bdbname[MAXNAME], outname[MAXNAME], *blimps_dir;
data/blimps-3.9+ds/blimps/bldist.c:50:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[MAXNAME];
data/blimps-3.9+ds/blimps/bldist.c:75:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (ifp=fopen(bdbname, "r")) == NULL)
data/blimps-3.9+ds/blimps/bldist.c:99:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (sfp=fopen(sijname, "r")) == NULL)
data/blimps-3.9+ds/blimps/bldist.c:105:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (sfp=fopen(ctemp, "r")) == NULL)
data/blimps-3.9+ds/blimps/bldist.c:109:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (sfp=fopen(ctemp, "r")) == NULL)
data/blimps-3.9+ds/blimps/bldist.c:132:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (ofp=fopen(outname, "w")) == NULL)
data/blimps-3.9+ds/blimps/blexplode.c:23:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bdbname[MAXNAME], conname[MAXNAME], prefix[MAXNAME];
data/blimps-3.9+ds/blimps/blexplode.c:34:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (bfp=fopen(bdbname, "r")) == NULL)
data/blimps-3.9+ds/blimps/blexplode.c:63:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(conname, ".blk");
data/blimps-3.9+ds/blimps/blexplode.c:64:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (ofp=fopen(conname, "w")) == NULL)
data/blimps-3.9+ds/blimps/blimps-mem.c:93:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps-mem.c:117:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps-mem.c:121:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps-mem.c:139:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps-mem.c:144:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps-mem.c:148:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps-mem.c:155:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps-mem.c:176:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps-mem.c:181:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps-mem.c:185:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps-mem.c:192:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps-mem.c:200:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps-mem.c:204:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps-mem.c:219:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps-mem.c:222:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps-mem.c:225:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps-mem.c:228:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps-mem.c:232:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps-mem.c:235:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps.c:68:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char gcode[64], revgcode[64];
data/blimps-3.9+ds/blimps/blimps.c:86:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prev_number[20];
data/blimps-3.9+ds/blimps/blimps.c:97:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps.c:103:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps.c:244:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps.c:247:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps.c:491:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps.c:494:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps.c:628:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps.c:631:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps.c:951:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer, "Error loading frequencies.\n");
data/blimps-3.9+ds/blimps/blimps.c:966:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps.c:979:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fqij = fopen(Buffer, "r")) == NULL) {
data/blimps-3.9+ds/blimps/blimps.c:996:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps.c:1011:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofp = fopen(OutputFile, "w");
data/blimps-3.9+ds/blimps/blimps.c:1028:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
emfp = fopen(ExportMatrixFile, "w");
data/blimps-3.9+ds/blimps/blimps.c:1035:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps.c:1076:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps.c:1079:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps.c:1082:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blimps.c:1085:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blk2DR.c:25:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bdbname[MAXNAME], prevfam[MAXNAME];
data/blimps-3.9+ds/blimps/blk2DR.c:26:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outname[MAXNAME];
data/blimps-3.9+ds/blimps/blk2DR.c:36:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (bfp=fopen(bdbname, "r")) == NULL)
data/blimps-3.9+ds/blimps/blk2DR.c:44:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outname, ".DR");
data/blimps-3.9+ds/blimps/blk2DR.c:45:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (ofp=fopen(outname, "w")) == NULL)
data/blimps-3.9+ds/blimps/blk2DR.c:74:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[MAXNAME], *ptr;
data/blimps-3.9+ds/blimps/blk2GC.c:25:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bdbname[MAXNAME], prevfam[MAXNAME];
data/blimps-3.9+ds/blimps/blk2GC.c:35:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (bfp=fopen(bdbname, "r")) == NULL)
data/blimps-3.9+ds/blimps/blk2GC.c:64:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[MAXNAME], *ptr;
data/blimps-3.9+ds/blimps/blk2lis.c:25:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bdbname[MAXNAME], prevfam[MAXNAME];;
data/blimps-3.9+ds/blimps/blk2lis.c:35:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (bfp=fopen(bdbname, "r")) == NULL)
data/blimps-3.9+ds/blimps/blk2lis.c:63:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outname[MAXNAME];
data/blimps-3.9+ds/blimps/blk2lis.c:67:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outname, ".lsb");
data/blimps-3.9+ds/blimps/blk2lis.c:68:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (ofp=fopen(outname, "w")) == NULL)
data/blimps-3.9+ds/blimps/blk2mot.c:32:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Title[MAXLINE];
data/blimps-3.9+ds/blimps/blk2mot.c:42:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *Seq[MAXSEQS]; /* sequences */
data/blimps-3.9+ds/blimps/blk2mot.c:43:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Seqname[MAXSEQS][SNAMELEN];
data/blimps-3.9+ds/blimps/blk2mot.c:54:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ptr, seqfile[FNAMELEN], blkfile[FNAMELEN], motfile[FNAMELEN];
data/blimps-3.9+ds/blimps/blk2mot.c:55:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE];
data/blimps-3.9+ds/blimps/blk2mot.c:76:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fseq=fopen(seqfile, "r")) == NULL)
data/blimps-3.9+ds/blimps/blk2mot.c:97:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fblk=fopen(blkfile, "r")) == NULL)
data/blimps-3.9+ds/blimps/blk2mot.c:131:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fmot=fopen(motfile, "wb")) == NULL)
data/blimps-3.9+ds/blimps/blk2mot.c:149:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE], *ptr;
data/blimps-3.9+ds/blimps/blk2mot.c:195:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ptr, *bltemp, ctemp[MAXLINE];
data/blimps-3.9+ds/blimps/blk2mot.c:209:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
info->RunType = atoi(ptr);
data/blimps-3.9+ds/blimps/blk2mot.c:211:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
info->Signif = atoi(ptr);
data/blimps-3.9+ds/blimps/blk2mot.c:213:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
info->Dups = atoi(ptr);
data/blimps-3.9+ds/blimps/blk2mot.c:215:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
info->Distance = atoi(ptr);
data/blimps-3.9+ds/blimps/blk2mot.c:257:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ptr, *bltemp, ctemp[MAXLINE];
data/blimps-3.9+ds/blimps/blk2mot.c:279:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
info->Signif = atoi(ptr);
data/blimps-3.9+ds/blimps/blk2mot.c:281:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
info->Dups = atoi(ptr);
data/blimps-3.9+ds/blimps/blk2mot.c:283:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
info->Distance = atoi(ptr);
data/blimps-3.9+ds/blimps/blk2mot.c:298:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
motif->freq = atoi(ptr);
data/blimps-3.9+ds/blimps/blk2mot.c:307:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
motif->dups = atoi(ptr);
data/blimps-3.9+ds/blimps/blk2mot.c:316:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
motif->mots = atoi(ptr);
data/blimps-3.9+ds/blimps/blk2mot.c:325:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
motif->score = atoi(ptr);
data/blimps-3.9+ds/blimps/blk2mot.c:334:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
motif->distance1 = atoi(ptr);
data/blimps-3.9+ds/blimps/blk2mot.c:343:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
motif->distance2 = atoi(ptr);
data/blimps-3.9+ds/blimps/blk2pssm.c:69:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bdbname[MAXNAME], conname[MAXNAME];
data/blimps-3.9+ds/blimps/blk2pssm.c:71:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[BLK2PSSM_CTEMPLEN];
data/blimps-3.9+ds/blimps/blk2pssm.c:93:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (bfp=fopen(bdbname, "r")) == NULL)
data/blimps-3.9+ds/blimps/blk2pssm.c:106:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (ofp=fopen(conname, "w")) == NULL)
data/blimps-3.9+ds/blimps/blk2pssm.c:137:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
itemp = atoi(argv[4]);
data/blimps-3.9+ds/blimps/blk2slx.c:30:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bdbname[MAXNAME], conname[MAXNAME];
data/blimps-3.9+ds/blimps/blk2slx.c:40:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (bfp=fopen(bdbname, "r")) == NULL)
data/blimps-3.9+ds/blimps/blk2slx.c:53:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (ofp=fopen(conname, "w")) == NULL)
data/blimps-3.9+ds/blimps/blk_to_PSSM.c:102:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bdbname[MAXNAME]=INP_DFLT_FNAME, outfname[MAXNAME]=OUT_DFLT_FNAME ;
data/blimps-3.9+ds/blimps/blk_to_PSSM.c:103:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frqname[MAXNAME]="", qijname[MAXNAME]="";
data/blimps-3.9+ds/blimps/blk_to_PSSM.c:106:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alphabet_type[MAXNAME] = ALPHABET_TYPE_DFLT ;
data/blimps-3.9+ds/blimps/blk_to_PSSM.c:107:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *blimps_dir, tmp[MAXNAME], *alphabet, *aa_alphabet, *nt_alphabet ;
data/blimps-3.9+ds/blimps/blk_to_PSSM.c:136:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp, " %d ", pssm_type) ;
data/blimps-3.9+ds/blimps/blk_to_PSSM.c:196:50: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (strcmp(bdbname,INP_DFLT_FNAME) !=0 && (bfp=fopen(bdbname, "r")) == NULL)
data/blimps-3.9+ds/blimps/blk_to_PSSM.c:204:52: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (strcmp(outfname,OUT_DFLT_FNAME) !=0 && (outf=fopen(outfname, "w")) == NULL)
data/blimps-3.9+ds/blimps/blk_to_PSSM.c:214:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (pssm_type == 30) strcat(qijname, "default.iij"); /*average score*/
data/blimps-3.9+ds/blimps/blk_to_PSSM.c:215:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
else strcat(qijname, "default.qij");
data/blimps-3.9+ds/blimps/blk_to_PSSM.c:218:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fqij=fopen(qijname, "r")) != NULL)
data/blimps-3.9+ds/blimps/blk_to_PSSM.c:404:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*pssm_type = atoi(chr_ptr) ;
data/blimps-3.9+ds/blimps/blklis.c:10:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Version[12] = " 8/24/99.1"; /* Version date */
data/blimps-3.9+ds/blimps/blklis.c:22:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char infile[80], outfile[80], ac[30], id[80], *ptr;
data/blimps-3.9+ds/blimps/blklis.c:39:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fin=fopen(infile, "r")) == NULL)
data/blimps-3.9+ds/blimps/blklis.c:51:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fout=fopen(outfile, "w+")) == NULL)
data/blimps-3.9+ds/blimps/blkprob.c:97:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ac[MAXAC+1]; /* block name, eg. BL00094A */
data/blimps-3.9+ds/blimps/blkprob.c:98:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fam[MAXAC+1]; /* family name, eg. BL00094 */
data/blimps-3.9+ds/blimps/blkprob.c:108:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[25]; /* block description */
data/blimps-3.9+ds/blimps/blkprob.c:109:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aa[MAX_WIDTH]; /* alignment to block */
data/blimps-3.9+ds/blimps/blkprob.c:122:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fam[MAXAC+1]; /* family name part of AC */
data/blimps-3.9+ds/blimps/blkprob.c:123:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char de[MAXLINE];
data/blimps-3.9+ds/blimps/blkprob.c:142:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ac[MAXAC+1]; /* accession number */
data/blimps-3.9+ds/blimps/blkprob.c:149:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char closest_name[SNAMELEN]; /* name of seq closest to query */
data/blimps-3.9+ds/blimps/blkprob.c:151:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char closest_aa[MAX_WIDTH]; /* aas for seq closest to query */
data/blimps-3.9+ds/blimps/blkprob.c:155:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fam[MAXAC+1]; /* family part of AC */
data/blimps-3.9+ds/blimps/blkprob.c:165:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datname[FNAMELEN];
data/blimps-3.9+ds/blimps/blkprob.c:166:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prevfam[MAXAC+1]; /* family name part of AC ??? */
data/blimps-3.9+ds/blimps/blkprob.c:242:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Version[12] = "12/23/06.1";/* Version number */
data/blimps-3.9+ds/blimps/blkprob.c:244:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Query[SNAMELEN]; /* Query sequence name */
data/blimps-3.9+ds/blimps/blkprob.c:245:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Qfilename[FNAMELEN]; /* Query file */
data/blimps-3.9+ds/blimps/blkprob.c:262:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char HomName[FNAMELEN]; /* Search file name for stats file */
data/blimps-3.9+ds/blimps/blkprob.c:264:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char StpFile[80]; /* Name of header file */
data/blimps-3.9+ds/blimps/blkprob.c:267:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ac[MAXAC+1];
data/blimps-3.9+ds/blimps/blkprob.c:275:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char DatDir[FNAMELEN]; /* Directory of database files */
data/blimps-3.9+ds/blimps/blkprob.c:286:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char homfile[FNAMELEN], datfile[FNAMELEN], ctemp[FNAMELEN];
data/blimps-3.9+ds/blimps/blkprob.c:287:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char db[FNAMELEN];
data/blimps-3.9+ds/blimps/blkprob.c:335:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fcf=fopen(ctemp, "r")) == NULL)
data/blimps-3.9+ds/blimps/blkprob.c:348:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
MaxHit = atoi(ctemp);
data/blimps-3.9+ds/blimps/blkprob.c:398:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
MaxHit = atoi(argv[i+1]);
data/blimps-3.9+ds/blimps/blkprob.c:403:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
CutoffScore = atoi(argv[i+1]);
data/blimps-3.9+ds/blimps/blkprob.c:420:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fhom=fopen(homfile, "r")) == NULL)
data/blimps-3.9+ds/blimps/blkprob.c:516:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char homfile[FNAMELEN];
data/blimps-3.9+ds/blimps/blkprob.c:519:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE], keyword[20], *ptr;
data/blimps-3.9+ds/blimps/blkprob.c:558:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[FNAMELEN], line[MAXLINE];
data/blimps-3.9+ds/blimps/blkprob.c:562:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fstp=fopen(StpFile, "r")) == NULL)
data/blimps-3.9+ds/blimps/blkprob.c:570:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
{ strcpy(fname, "blkprob.stp"); }
data/blimps-3.9+ds/blimps/blkprob.c:571:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fstp=fopen(fname, "r")) == NULL)
data/blimps-3.9+ds/blimps/blkprob.c:575:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fname, "blkprob.stp");
data/blimps-3.9+ds/blimps/blkprob.c:576:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fstp=fopen(fname, "r");
data/blimps-3.9+ds/blimps/blkprob.c:603:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char homfile[FNAMELEN];
data/blimps-3.9+ds/blimps/blkprob.c:605:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE], db[FNAMELEN];
data/blimps-3.9+ds/blimps/blkprob.c:655:20: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
QLen = atol(ptr1);
data/blimps-3.9+ds/blimps/blkprob.c:668:41: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (ptr1 != NULL) QLen = atol(ptr1);
data/blimps-3.9+ds/blimps/blkprob.c:695:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (ptr1 != NULL) NBlock = atoi(ptr1);
data/blimps-3.9+ds/blimps/blkprob.c:754:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fcur->fdat=fopen(fcur->datname, "r")) == NULL)
data/blimps-3.9+ds/blimps/blkprob.c:787:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[FNAMELEN], line[MAXLINE];
data/blimps-3.9+ds/blimps/blkprob.c:792:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fstn=fopen("blksort.stn", "r");
data/blimps-3.9+ds/blimps/blkprob.c:796:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fstn=fopen(fname, "r");
data/blimps-3.9+ds/blimps/blkprob.c:822:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE], fname[FNAMELEN];
data/blimps-3.9+ds/blimps/blkprob.c:828:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
frep=fopen("repeats.dat", "r");
data/blimps-3.9+ds/blimps/blkprob.c:832:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
frep=fopen(fname, "r");
data/blimps-3.9+ds/blimps/blkprob.c:856:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE], fname[FNAMELEN];
data/blimps-3.9+ds/blimps/blkprob.c:861:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fbias = fopen("blksort.bias", "r");
data/blimps-3.9+ds/blimps/blkprob.c:865:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fbias = fopen(fname, "r");
data/blimps-3.9+ds/blimps/blkprob.c:894:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE], ctemp[8], save_ac[MAXAC+1];
data/blimps-3.9+ds/blimps/blkprob.c:929:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Results[NResult].strength = atoi(ctemp);
data/blimps-3.9+ds/blimps/blkprob.c:931:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Results[NResult].score = atoi(ctemp);
data/blimps-3.9+ds/blimps/blkprob.c:933:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Results[NResult].frame = atoi(ctemp);
data/blimps-3.9+ds/blimps/blkprob.c:935:29: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Results[NResult].offset = atol(ctemp);
data/blimps-3.9+ds/blimps/blkprob.c:961:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char save_fam[MAXAC+1];
data/blimps-3.9+ds/blimps/blkprob.c:1514:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pline[MAXLINE];
data/blimps-3.9+ds/blimps/blkprob.c:1517:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pline, "blksort.dat");
data/blimps-3.9+ds/blimps/blkprob.c:1518:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (Stats) fstats = fopen(pline, "a");
data/blimps-3.9+ds/blimps/blkprob.c:1774:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbline[MAXMAPLINE], qline[MAXMAPLINE], pline[MAXMAPLINE];
data/blimps-3.9+ds/blimps/blkprob.c:2003:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datline[MAXLINE], homline[MAXLINE], blkline[MAXLINE];
data/blimps-3.9+ds/blimps/blkprob.c:2004:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char barline[MAXLINE], repline[MAXLINE], saveac[MAXAC+1];
data/blimps-3.9+ds/blimps/blkprob.c:2005:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[10];
data/blimps-3.9+ds/blimps/blkprob.c:2011:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(saveac, " ");
data/blimps-3.9+ds/blimps/blkprob.c:2050:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctemp, "%ld", block->closest_offset);
data/blimps-3.9+ds/blimps/blkprob.c:2052:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctemp, "%ld", Results[ block->query_res ].offset + 1);
data/blimps-3.9+ds/blimps/blkprob.c:2061:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctemp, "%d", datmin);
data/blimps-3.9+ds/blimps/blkprob.c:2066:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctemp, "%d", datmax);
data/blimps-3.9+ds/blimps/blkprob.c:2072:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctemp, "%d", homdist);
data/blimps-3.9+ds/blimps/blkprob.c:2108:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctemp, "%d", Results[t].offset+1);
data/blimps-3.9+ds/blimps/blkprob.c:2542:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aatemp[2];
data/blimps-3.9+ds/blimps/blkvblk.h:16:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char matrix0_number[NUMBER_WIDTH]; /* the first matrix/block number(accession)*/
data/blimps-3.9+ds/blimps/blkvblk.h:17:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char matrix1_number[NUMBER_WIDTH]; /* the second matrix/block number(accession)*/
data/blimps-3.9+ds/blimps/blkvblk.h:29:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char matrix0_number[NUMBER_WIDTH]; /* the first matrix/block number(accession) */
data/blimps-3.9+ds/blimps/blkvblk.h:32:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char matrix1_number[NUMBER_WIDTH]; /* the second matrix/block number(accession)*/
data/blimps-3.9+ds/blimps/blkvblk.h:43:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char matrix0_number[NUMBER_WIDTH]; /* the scanning matrix/block number (accession) */
data/blimps-3.9+ds/blimps/blkvblk.h:46:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char matrix1_number[NUMBER_WIDTH]; /* the scanned matrix/block number (accession) */
data/blimps-3.9+ds/blimps/block_vis.c:85:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *o_input_filenames[16];
data/blimps-3.9+ds/blimps/block_vis.c:213:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
o_scale_val = atoi(s);
data/blimps-3.9+ds/blimps/block_vis.c:232:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
o_output_level = atoi(s);
data/blimps-3.9+ds/blimps/block_vis.c:318:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[LINEBUF_LEN];
data/blimps-3.9+ds/blimps/block_vis.c:361:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char junk[LINEBUF_LEN];
data/blimps-3.9+ds/blimps/block_vis.c:724:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rofilename[80];
data/blimps-3.9+ds/blimps/block_vis.c:733:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rofilename, "stdio.reout");
data/blimps-3.9+ds/blimps/block_vis.c:746:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in_file = fopen(ifilename, "rb");
data/blimps-3.9+ds/blimps/block_vis.c:766:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_file = fopen(ofilename, "wb");
data/blimps-3.9+ds/blimps/block_vis.c:781:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
reout_file = fopen(rofilename, "wb");
data/blimps-3.9+ds/blimps/block_vis.c:874:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_filename[80];
data/blimps-3.9+ds/blimps/blockmap.h:13:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_name[SMALL_BUFF_LENGTH] ; /* sequence name */
data/blimps-3.9+ds/blimps/blockmap.h:22:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char block_family[SMALL_BUFF_LENGTH] ; /* the blocks family code */
data/blimps-3.9+ds/blimps/blockmap.h:23:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char description[SMALL_BUFF_LENGTH] ; /* the family description */
data/blimps-3.9+ds/blimps/blockmap.h:24:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[SMALL_BUFF_LENGTH] ; /* the short family description */
data/blimps-3.9+ds/blimps/blocks.c:196:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer, "MATRIX on ID line; not a BLOCK");
data/blimps-3.9+ds/blimps/blocks.c:203:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(block->id, "none; BLOCK");
data/blimps-3.9+ds/blimps/blocks.c:204:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer, "Error in block file format. Invalid ID line:");
data/blimps-3.9+ds/blimps/blocks.c:216:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(block->id, "none; BLOCK");
data/blimps-3.9+ds/blimps/blocks.c:217:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer, "Error in block file format. No ID line.\n");
data/blimps-3.9+ds/blimps/blocks.c:256:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(block->ac, "none; distance from previous block=( , )");
data/blimps-3.9+ds/blimps/blocks.c:259:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer, "Error in block file format. Invalid AC line:");
data/blimps-3.9+ds/blimps/blocks.c:269:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(block->ac, "none; distance from previous block=( , )");
data/blimps-3.9+ds/blimps/blocks.c:271:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer, "Error in block file format. No AC line.\n");
data/blimps-3.9+ds/blimps/blocks.c:290:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(block->de, "none");
data/blimps-3.9+ds/blimps/blocks.c:291:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer, "Error in block file format. Invalid DE line:");
data/blimps-3.9+ds/blimps/blocks.c:302:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(block->de, "none");
data/blimps-3.9+ds/blimps/blocks.c:303:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer, "Error in block file format. No DE line.\n");
data/blimps-3.9+ds/blimps/blocks.c:339:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer, "Setting width to zero\n");
data/blimps-3.9+ds/blimps/blocks.c:363:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer, "Error in block file format. Invalid BL line:");
data/blimps-3.9+ds/blimps/blocks.c:371:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer, "Error in block file format. No BL line.\n");
data/blimps-3.9+ds/blimps/blocks.c:511:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blocks.c:550:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blocks.c:559:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blocks.c:572:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blocks.c:575:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blocks.c:591:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blocks.c:606:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blocks.c:944:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ptr, bltemp[132];
data/blimps-3.9+ds/blimps/blocks.c:947:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/blocks.c:976:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bltemp, " width=%d; seqs=%d; 99.5%%=%d; strength=%d ",
data/blimps-3.9+ds/blimps/blocks.c:1045:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(new->id, "id");
data/blimps-3.9+ds/blimps/blocks.c:1046:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(new->ac, "ac");
data/blimps-3.9+ds/blimps/blocks.c:1047:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(new->de, "de");
data/blimps-3.9+ds/blimps/blocks.c:1048:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(new->bl, " ; width=%d; seqs=%d; ", ncols, nrows);
data/blimps-3.9+ds/blimps/blocks.c:1149:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[80], ctemp2[20];
data/blimps-3.9+ds/blimps/blocks_search.c:99:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Expect[10], Output[10]; /* blksort parameters*/
data/blimps-3.9+ds/blimps/blocks_search.c:100:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char blimps[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/blocks_search.c:101:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char blksort[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/blocks_search.c:102:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char blkprob[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/blocks_search.c:103:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mailprog[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/blocks_search.c:104:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_file[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/blocks_search.c:105:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cs_file[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/blocks_search.c:106:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char csh_file[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/blocks_search.c:107:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char log_dir[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/blocks_search.c:108:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char log_file[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/blocks_search.c:109:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char blimps_output[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/blocks_search.c:110:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char blksort_output[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/blocks_search.c:111:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char html_output[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/blocks_search.c:112:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char database[LARGE_BUFF_LENGTH]; /* database of blocks */
data/blimps-3.9+ds/blimps/blocks_search.c:113:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char printsbase[LARGE_BUFF_LENGTH]; /* Prints blocks db */
data/blimps-3.9+ds/blimps/blocks_search.c:114:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char plusbase[LARGE_BUFF_LENGTH]; /* Blocks+ blocks db */
data/blimps-3.9+ds/blimps/blocks_search.c:115:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char minusbase[LARGE_BUFF_LENGTH]; /* Blocks+ blocks db -biased */
data/blimps-3.9+ds/blimps/blocks_search.c:116:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qij[LARGE_BUFF_LENGTH]; /* for pseudo counts */
data/blimps-3.9+ds/blimps/blocks_search.c:117:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frq[LARGE_BUFF_LENGTH]; /* for amino counts */
data/blimps-3.9+ds/blimps/blocks_search.c:118:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_dir[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/blocks_search.c:119:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mail_file[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/blocks_search.c:120:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char email_addr[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/blocks_search.c:121:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/blocks_search.c:169:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mailprog, "/usr/bin/mailx");
data/blimps-3.9+ds/blimps/blocks_search.c:233:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strands[80], gecode[80], histo[80], type[80]; /* Blimps parameters */
data/blimps-3.9+ds/blimps/blocks_search.c:236:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(type, "auto");
data/blimps-3.9+ds/blimps/blocks_search.c:238:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(histo, "No");
data/blimps-3.9+ds/blimps/blocks_search.c:240:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Output, "-all");
data/blimps-3.9+ds/blimps/blocks_search.c:249:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cl = atoi(getenv("CONTENT_LENGTH"));
data/blimps-3.9+ds/blimps/blocks_search.c:325:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
{ strcpy(Output, "-sum"); }
data/blimps-3.9+ds/blimps/blocks_search.c:327:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
{ strcpy(Output, "-gff"); }
data/blimps-3.9+ds/blimps/blocks_search.c:346:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
csfp = fopen(cs_file, "w");
data/blimps-3.9+ds/blimps/blocks_search.c:381:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cshp = fopen(csh_file, "w");
data/blimps-3.9+ds/blimps/blocks_search.c:389:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{ sprintf(buf, "Block Search Results"); }
data/blimps-3.9+ds/blimps/blocks_search.c:452:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sfp = fopen(seq_file, "w");
data/blimps-3.9+ds/blimps/blocks_search.c:495:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datein[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/blocks_search.c:496:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dateout[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/blocks_search.c:497:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char db[10];
data/blimps-3.9+ds/blimps/blocks_search.c:579:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen(html_output, "r"))) {
data/blimps-3.9+ds/blimps/blpssm.c:156:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qijname[FNAMELEN];
data/blimps-3.9+ds/blimps/blpssm.c:231:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cfname[FNAMELEN];
data/blimps-3.9+ds/blimps/blpssm.c:246:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (cfp=fopen(cfname, "r")) == NULL)
data/blimps-3.9+ds/blimps/blpssm.c:359:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE], keyword[20], *ptr;
data/blimps-3.9+ds/blimps/blpssm.c:360:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char blname[FNAMELEN], exname[FNAMELEN], frname[FNAMELEN];
data/blimps-3.9+ds/blimps/blpssm.c:361:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alname[FNAMELEN], diname[FNAMELEN], clname[FNAMELEN];
data/blimps-3.9+ds/blimps/blpssm.c:362:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char grname[FNAMELEN], gqname[FNAMELEN], ouname[FNAMELEN];
data/blimps-3.9+ds/blimps/blpssm.c:363:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char paname[FNAMELEN];
data/blimps-3.9+ds/blimps/blpssm.c:386:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (Fbl = fopen(blname, "r")) == NULL)
data/blimps-3.9+ds/blimps/blpssm.c:392:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (Fex = fopen(exname, "w")) == NULL)
data/blimps-3.9+ds/blimps/blpssm.c:398:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (Fou = fopen(ouname, "w")) == NULL)
data/blimps-3.9+ds/blimps/blpssm.c:404:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (Ffr = fopen(frname, "r")) == NULL)
data/blimps-3.9+ds/blimps/blpssm.c:413:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (Fal = fopen(alname, "r")) == NULL)
data/blimps-3.9+ds/blimps/blpssm.c:429:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (Fal = fopen(alname, "r")) == NULL)
data/blimps-3.9+ds/blimps/blpssm.c:451:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (Fgr = fopen(grname, "r")) == NULL)
data/blimps-3.9+ds/blimps/blpssm.c:457:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (Fgq = fopen(gqname, "r")) == NULL)
data/blimps-3.9+ds/blimps/blpssm.c:463:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (Fdi = fopen(diname, "r")) == NULL)
data/blimps-3.9+ds/blimps/blpssm.c:469:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (Fcl = fopen(clname, "r")) == NULL)
data/blimps-3.9+ds/blimps/blpssm.c:504:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ClumpCounts = atoi(ptr);
data/blimps-3.9+ds/blimps/blpssm.c:513:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
PatternCutoff = atoi(ptr);
data/blimps-3.9+ds/blimps/blpssm.c:518:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (Fpa = fopen(paname, "w")) == NULL)
data/blimps-3.9+ds/blimps/blpssm.c:617:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[FNAMELEN];
data/blimps-3.9+ds/blimps/blpssm.c:631:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fst=fopen(fname, "r")) == NULL)
data/blimps-3.9+ds/blimps/blpssm.c:648:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE], *ptr;
data/blimps-3.9+ds/blimps/blpssm.c:1215:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE], *ptr;
data/blimps-3.9+ds/blimps/blpssm.c:1260:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
subst[row][col] = (double) atoi(ptr);
data/blimps-3.9+ds/blimps/blpssm.c:1302:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[MAXLINE], *ptr;
data/blimps-3.9+ds/blimps/blpssm.c:1758:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1000], *ptr;
data/blimps-3.9+ds/blimps/blpssm.c:1763:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fp = fopen("data", "w")) == NULL)
data/blimps-3.9+ds/blimps/blpssm.c:1778:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, "rind");
data/blimps-3.9+ds/blimps/blpssm.c:1786:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fp = fopen("counts", "r")) == NULL)
data/blimps-3.9+ds/blimps/blpssm.c:1993:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pattern[MAXLINE], ctemp[5], *ptr;
data/blimps-3.9+ds/blimps/blpssm.c:1998:21: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (ptr != NULL) strcat(pattern, "; PATMAT");
data/blimps-3.9+ds/blimps/blweight.c:96:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bdbname[MAXNAME], conname[MAXNAME], ctemp[BLWEIGHT_CTEMPLEN];
data/blimps-3.9+ds/blimps/blweight.c:125:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (bfp=fopen(bdbname, "r")) == NULL)
data/blimps-3.9+ds/blimps/blweight.c:138:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (ofp=fopen(conname, "w")) == NULL)
data/blimps-3.9+ds/blimps/blweight.c:161:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wtype = 2; clus = atoi(ctemp+1);
data/blimps-3.9+ds/blimps/blweight.c:199:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
stype = atoi(ctemp);
data/blimps-3.9+ds/blimps/blweight.c:799:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ptr, bltemp[132];
data/blimps-3.9+ds/blimps/blweight.c:816:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bltemp, " width=%d; seqs=%d; 99.5%%=%d; strength=%d ",
data/blimps-3.9+ds/blimps/cobbler.c:161:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Version[12] = " 1/16/03.1"; /* Version number */
data/blimps-3.9+ds/blimps/cobbler.c:238:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cfname[MAXNAME], save_family[MAXAC+1];
data/blimps-3.9+ds/blimps/cobbler.c:261:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (cfp=fopen(cfname, "r")) == NULL)
data/blimps-3.9+ds/blimps/cobbler.c:324:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE], keyword[20], *blimps_dir, *ptr;
data/blimps-3.9+ds/blimps/cobbler.c:325:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char blname[MAXNAME], ouname[MAXNAME], frname[MAXNAME];
data/blimps-3.9+ds/blimps/cobbler.c:326:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mlname[MAXNAME], llname[MAXNAME];
data/blimps-3.9+ds/blimps/cobbler.c:327:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char suname[MAXNAME], qmname[MAXNAME], sqname[MAXNAME];
data/blimps-3.9+ds/blimps/cobbler.c:328:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbname[MAXNAME], maname[MAXNAME], ctemp[MAXNAME];
data/blimps-3.9+ds/blimps/cobbler.c:353:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Type = atoi(ptr);
data/blimps-3.9+ds/blimps/cobbler.c:358:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (Fbl = fopen(blname, "r")) == NULL)
data/blimps-3.9+ds/blimps/cobbler.c:364:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (Fou = fopen(ouname, "w")) == NULL)
data/blimps-3.9+ds/blimps/cobbler.c:371:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (Fml = fopen(mlname, "w")) == NULL)
data/blimps-3.9+ds/blimps/cobbler.c:378:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (Fll = fopen(llname, "w")) == NULL)
data/blimps-3.9+ds/blimps/cobbler.c:385:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (Fsq = fopen(sqname, "r")) == NULL)
data/blimps-3.9+ds/blimps/cobbler.c:391:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (Fdb = fopen(dbname, "r")) == NULL)
data/blimps-3.9+ds/blimps/cobbler.c:403:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
CProp = (double) atoi(ptr) / 100.;
data/blimps-3.9+ds/blimps/cobbler.c:409:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fsu = fopen(suname, "r")) == NULL)
data/blimps-3.9+ds/blimps/cobbler.c:417:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fma = fopen(maname, "r")) == NULL)
data/blimps-3.9+ds/blimps/cobbler.c:432:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fqm = fopen(qmname, "r")) == NULL)
data/blimps-3.9+ds/blimps/cobbler.c:440:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ShortTrim = atoi(ptr);
data/blimps-3.9+ds/blimps/cobbler.c:454:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fsu = fopen(suname, "r")) != NULL)
data/blimps-3.9+ds/blimps/cobbler.c:469:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fqm = fopen(qmname, "r")) != NULL)
data/blimps-3.9+ds/blimps/cobbler.c:476:30: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcpy(ctemp, ouname); strcat(ctemp, ".prf");
data/blimps-3.9+ds/blimps/cobbler.c:477:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (Fpr = fopen(ctemp, "w")) == NULL)
data/blimps-3.9+ds/blimps/cobbler.c:993:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fam[MAXAC+1], ctemp[12], *cobbler, seqname[MAXNAME];
data/blimps-3.9+ds/blimps/cobbler.c:1067:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pssm->id, "COBBLER; MATRIX");
data/blimps-3.9+ds/blimps/cobbler.c:1072:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pssm->ma, "width=%d seqs=%d",
data/blimps-3.9+ds/blimps/cobbler.c:1266:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[MAXNAME], *ptr;
data/blimps-3.9+ds/blimps/cobbler.c:1449:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ptr, ctemp[MAXNAME];
data/blimps-3.9+ds/blimps/cobbler.c:1489:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (ptr != NULL) cur->next->minprev = atoi(ptr);
data/blimps-3.9+ds/blimps/cobbler.c:1554:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[132], *ptr;
data/blimps-3.9+ds/blimps/cobbler.c:1600:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
scores[row][col] = atoi(ptr);
data/blimps-3.9+ds/blimps/cobbler.c:1839:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seqname[MAXNAME];
data/blimps-3.9+ds/blimps/codehop.c:101:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Version[12] = "10/14/04.1"; /* Version date */
data/blimps-3.9+ds/blimps/codehop.c:119:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Frqname[MAXNAME]="";
data/blimps-3.9+ds/blimps/codehop.c:120:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char IDname[MAXNAME]="";
data/blimps-3.9+ds/blimps/codehop.c:122:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char Gcode[64], RevGcode[64];
data/blimps-3.9+ds/blimps/codehop.c:124:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Codons[64][3] = {
data/blimps-3.9+ds/blimps/codehop.c:152:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inpfname[MAXNAME]="stdin", outfname[MAXNAME]="stdout" ;
data/blimps-3.9+ds/blimps/codehop.c:153:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_fam_name[BLOCK_AC_LEN]="" ;
data/blimps-3.9+ds/blimps/codehop.c:154:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *blimps_dir, tmp[MAXNAME] ;
data/blimps-3.9+ds/blimps/codehop.c:157:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char codon_usage_file[MAXNAME] = CODON_USAGE_FILE_DFLT ;
data/blimps-3.9+ds/blimps/codehop.c:159:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qijname[MAXNAME]="";
data/blimps-3.9+ds/blimps/codehop.c:193:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (tmp, " %d ", Pssm_Type) ;
data/blimps-3.9+ds/blimps/codehop.c:246:45: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (strcmp(inpfname,"stdin") !=0 && (inpf=fopen(inpfname, "r")) == NULL)
data/blimps-3.9+ds/blimps/codehop.c:277:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (Pssm_Type == 30) strcat(qijname, "default.iij"); /*average score*/
data/blimps-3.9+ds/blimps/codehop.c:278:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
else strcat(qijname, "default.qij");
data/blimps-3.9+ds/blimps/codehop.c:281:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fqij=fopen(qijname, "r")) != NULL)
data/blimps-3.9+ds/blimps/codehop.c:290:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fcod=fopen(codon_usage_file, "r")) == NULL)
data/blimps-3.9+ds/blimps/codehop.c:300:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fcod = fopen(codon_usage_file, "r")) == NULL)
data/blimps-3.9+ds/blimps/codehop.c:306:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fcod = fopen(codon_usage_file, "r")) == NULL)
data/blimps-3.9+ds/blimps/codehop.c:312:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fcod = fopen(codon_usage_file, "r")) == NULL)
data/blimps-3.9+ds/blimps/codehop.c:324:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fcod = fopen(codon_usage_file, "r")) == NULL)
data/blimps-3.9+ds/blimps/codehop.c:425:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
PolyX = atoi(chr_ptr) ;
data/blimps-3.9+ds/blimps/codehop.c:444:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Gcode_Type = atoi(chr_ptr) ;
data/blimps-3.9+ds/blimps/codehop.c:459:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
OutOligo = atoi(chr_ptr) ;
data/blimps-3.9+ds/blimps/codehop.c:464:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Pssm_Type = atoi(chr_ptr) ;
data/blimps-3.9+ds/blimps/codehop.c:723:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dna[CORE_MAX_LEN + CLAMP_MAX_LEN];
data/blimps-3.9+ds/blimps/codehop.c:1019:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[6];
data/blimps-3.9+ds/blimps/coduse.c:44:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Codons[64][3] = {
data/blimps-3.9+ds/blimps/coduse.c:58:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char infile[MAXNAME], outfile[MAXNAME], organism[MAXNAME], line[MAXLINE];
data/blimps-3.9+ds/blimps/coduse.c:70:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fin=fopen(infile, "r")) == NULL)
data/blimps-3.9+ds/blimps/coduse.c:100:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fout=fopen(outfile, "w")) == NULL)
data/blimps-3.9+ds/blimps/coduse.c:130:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE], *ptr, ctemp[6];
data/blimps-3.9+ds/blimps/config.c:75:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/config.c:78:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/config.c:91:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/config.c:94:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/config.c:179:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/config.c:182:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/config.c:243:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/config.c:246:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/config.c:423:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cfp = fopen(filename, "r");
data/blimps-3.9+ds/blimps/config.c:555:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/config.c:558:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/config.c:564:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/config.c:567:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/config.c:573:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/config.c:576:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/config.c:702:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/config.c:721:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/config.c:731:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/config.c:734:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/config.c:737:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/config.c:754:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/config.c:763:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/config.c:766:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/config.c:769:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/config.c:783:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/config.c:788:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/config.c:795:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/config.c:809:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/config.c:814:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/config.c:821:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/config.c:832:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/config.c:838:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/config.c:841:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/config.c:844:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/config.c:847:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/config.c:850:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/config.c:889:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SequenceFiles.fp = fopen(SequenceFiles.file_names[0], "r");
data/blimps-3.9+ds/blimps/config.c:895:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/config.c:898:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/config.c:901:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/config.c:913:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer, "to determine the type of database\n");
data/blimps-3.9+ds/blimps/convert.c:189:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/convert.c:275:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/convert.c:278:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/convert.c:733:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[LARGE_BUFF_LENGTH], *ptr;
data/blimps-3.9+ds/blimps/convert.c:834:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/convert.c:837:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/convert.c:880:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer, "convert: Block is too wide, unable to continue (max=%d).\n",
data/blimps-3.9+ds/blimps/convert.c:885:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer, "Qij matrix missing, unable to continue.\n");
data/blimps-3.9+ds/blimps/convert.c:911:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sijname[SMALL_BUFF_LENGTH], *blimps_dir;
data/blimps-3.9+ds/blimps/convert.c:923:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sijname, "default.sij");
data/blimps-3.9+ds/blimps/convert.c:930:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/convert.c:1454:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer, "Qij matrix missing, unable to continue.\n");
data/blimps-3.9+ds/blimps/convert.c:1497:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *blimps_dir, diriname[SMALL_BUFF_LENGTH], rankname[SMALL_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/convert.c:1510:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(diriname, "default.diri");
data/blimps-3.9+ds/blimps/convert.c:1511:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rankname, "default.rank");
data/blimps-3.9+ds/blimps/convert.c:1519:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (rfp = fopen(rankname, "r") ) == NULL)
data/blimps-3.9+ds/blimps/convert.c:1607:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ErrorBuffer, "SIFT_pssm(): Amino acid %c at pos %d in your original sequence was not allowed by the prediction.\n",
data/blimps-3.9+ds/blimps/convert.c:1629:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/convert.c:1633:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE], *ptr;
data/blimps-3.9+ds/blimps/convert.c:1638:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fin = fopen (filename, "r")) == NULL)
data/blimps-3.9+ds/blimps/convert.c:1648:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ErrorBuffer, "dirichlet(): OUT OF MEMORY\n");
data/blimps-3.9+ds/blimps/email.c:28:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAXNAME], outname[MAXNAME], ctemp[MAXNAME];
data/blimps-3.9+ds/blimps/email.c:40:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (bfp=fopen(filename, "r")) == NULL)
data/blimps-3.9+ds/blimps/email.c:47:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "%d.seq", pid);
data/blimps-3.9+ds/blimps/email.c:60:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (ofp=fopen(outname, "w")) != NULL)
data/blimps-3.9+ds/blimps/errors.c:18:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ErrorBuffer[LARGE_BUFF_LENGTH+SMALL_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/errors.c:26:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ErrorFile[SMALL_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/errors.c:68:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
efp = fopen(ErrorFile, "a");
data/blimps-3.9+ds/blimps/errors.c:116:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *)ErrorBuffer)[0] = '\0'; /* clear the string incase the caller does */
data/blimps-3.9+ds/blimps/errors.c:154:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/errors.c:157:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/errors.c:160:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/errors.c:163:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/errors.c:166:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/errors.c:169:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/errors.c:172:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/errors.c:175:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/errors.c:178:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/errors.c:182:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/fastaseqs.c:24:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char infile[MAXNAME], outfile[MAXNAME];
data/blimps-3.9+ds/blimps/fastaseqs.c:44:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fin=fopen(infile, "r")) == NULL)
data/blimps-3.9+ds/blimps/fastaseqs.c:57:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fout=fopen(outfile, "w")) == NULL)
data/blimps-3.9+ds/blimps/files.c:20:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ExportMatrixFile[SMALL_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/files.c:21:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char OutputFile[SMALL_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/files.c:22:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ErrorFile[SMALL_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/files.c:104:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/files.c:137:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/files.c:211:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer, "get_file(): Bad file list, unable to open a file\n");
data/blimps-3.9+ds/blimps/files.c:217:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
this_list->fp = fopen(this_list->file_names[this_list->cur_file], "r");
data/blimps-3.9+ds/blimps/files.c:262:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer, "get_file(): Unknown file group");
data/blimps-3.9+ds/blimps/files.c:264:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer, " Unable to open a file\n");
data/blimps-3.9+ds/blimps/files.c:280:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
this_list->fp = fopen(this_list->file_names[this_list->cur_file], "r");
data/blimps-3.9+ds/blimps/files.c:293:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/files.c:296:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/files.c:299:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/files.c:311:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer, "to determine the type of database\n");
data/blimps-3.9+ds/blimps/files.c:358:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer, "get_file(): Unknown file group");
data/blimps-3.9+ds/blimps/files.c:360:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer, " Unable to open a file\n");
data/blimps-3.9+ds/blimps/files.c:393:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/files.c:434:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/files.c:441:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/files.c:444:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/files.c:475:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/files.c:482:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer, "get_file_name(): No files in the file group");
data/blimps-3.9+ds/blimps/files.c:484:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer, " Unable to return a file name\n");
data/blimps-3.9+ds/blimps/files.c:490:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/files.c:493:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/files.c:496:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/files.c:525:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/files.c:554:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/find_biassed_blocks.c:96:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bdbname[MAXNAME], outname[MAXNAME], ctemp[MAXNAME] ;
data/blimps-3.9+ds/blimps/find_biassed_blocks.c:97:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINELEN], db_type, percent_char[5] ;
data/blimps-3.9+ds/blimps/find_biassed_blocks.c:126:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ! WWW_FLAG && (out=fopen(outname, "w")) == NULL)
data/blimps-3.9+ds/blimps/find_biassed_blocks.c:138:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (WWW_FLAG) strcpy(percent_char,"%") ;
data/blimps-3.9+ds/blimps/find_biassed_blocks.c:144:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line,
data/blimps-3.9+ds/blimps/find_biassed_blocks.c:256:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line,"%d biassed blocks found in the %d blocks.",
data/blimps-3.9+ds/blimps/find_biassed_blocks.c:296:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (*bfp=fopen(bdbname, "r")) == NULL)
data/blimps-3.9+ds/blimps/find_biassed_blocks.c:331:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc > 4) *min_cols = atoi(argv[4]) ;
data/blimps-3.9+ds/blimps/find_biassed_blocks.c:337:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc > 5) dbg_lvl = atoi(argv[5]) ;
data/blimps-3.9+ds/blimps/find_biassed_blocks.c:603:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINELEN], word[MAXLINELEN], entry_name[MAXLINELEN] ;
data/blimps-3.9+ds/blimps/find_biassed_blocks.c:678:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
block->num_sequences = atoi(ptr) ;
data/blimps-3.9+ds/blimps/find_biassed_blocks.c:762:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
temp = atoi(ptr) ;
data/blimps-3.9+ds/blimps/find_biassed_blocks.c:926:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(word, " distance from previous block=(%d,%d)",
data/blimps-3.9+ds/blimps/find_biassed_blocks.c:930:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(block->bl, "adapted from ProDom entry; width=%d; seqs=%d;",
data/blimps-3.9+ds/blimps/format_block.c:61:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extblock_stdout[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/format_block.c:62:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Block_file[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/format_block.c:63:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Block_fileNW[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/format_block.c:64:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Blweight[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/format_block.c:65:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Weight_type[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/format_block.c:66:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Weight_scale[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/format_block.c:67:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char log_dir[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/format_block.c:68:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char log_file[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/format_block.c:69:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_file[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/format_block.c:70:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_dir[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/format_block.c:71:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char home_dir[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/format_block.c:72:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/format_block.c:165:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cl = atoi(getenv("CONTENT_LENGTH"));
data/blimps-3.9+ds/blimps/format_block.c:308:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[LARGE_BUFF_LENGTH], string2[SMALL_BUFF_LENGTH] ;
data/blimps-3.9+ds/blimps/format_block.c:407:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
block->width != atoi (MA_WIDTH_Ptr->val))
data/blimps-3.9+ds/blimps/format_block.c:686:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
block->sequences[k].position = atoi(string) ;
data/blimps-3.9+ds/blimps/format_block.c:707:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
block->num_sequences != atoi (MA_SEQS_Ptr->val))
data/blimps-3.9+ds/blimps/format_block.c:723:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(block->id, "None") ;
data/blimps-3.9+ds/blimps/format_block.c:727:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(block->id, "; BLOCK") ;
data/blimps-3.9+ds/blimps/format_block.c:755:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else j = atoi(MIN_DIST_Ptr->val) ;
data/blimps-3.9+ds/blimps/format_block.c:767:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else j = atoi(MAX_DIST_Ptr->val) ;
data/blimps-3.9+ds/blimps/format_block.c:773:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(block->de, "None") ;
data/blimps-3.9+ds/blimps/format_block.c:780:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(block->bl,"Method unspecified") ;
data/blimps-3.9+ds/blimps/format_block.c:790:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bfp = fopen(Block_fileNW, "w");
data/blimps-3.9+ds/blimps/format_block.c:870:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bfp = fopen(Block_file, "r");
data/blimps-3.9+ds/blimps/frequency.c:66:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ffp = fopen(fname, "r");
data/blimps-3.9+ds/blimps/frequency.c:137:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/frequency.c:143:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/frequency.c:156:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/frequency.c:161:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/frequency.c:166:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/frequency.c:173:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/frequency.c:176:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/frequency.c:179:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/frequency.c:232:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer, "Unable to open codon usage file");
data/blimps-3.9+ds/blimps/frequency.c:234:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer, "load_codons: Setting all codon usages to 1.\n");
data/blimps-3.9+ds/blimps/frequency.c:248:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/frequency.c:266:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *blimps_dir, qijname[SMALL_BUFF_LENGTH], frqname[SMALL_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/frequency.c:279:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(frqname, "default.amino.frq");
data/blimps-3.9+ds/blimps/frequency.c:280:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(qijname, "default.qij");
data/blimps-3.9+ds/blimps/frequency.c:284:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fqij=fopen(qijname, "r")) != NULL)
data/blimps-3.9+ds/blimps/gcode.c:18:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
register unsigned char xltab[64], rcxltab[64];
data/blimps-3.9+ds/blimps/htmlize-LAMA.c:45:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inpfname[MAXLINELEN], outfname[MAXLINELEN] ;
data/blimps-3.9+ds/blimps/htmlize-LAMA.c:46:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char readline[MAXLINELEN], prcssdline[MAXLINELEN] ;
data/blimps-3.9+ds/blimps/htmlize-LAMA.c:47:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Qfname[MAXLINELEN], Tfname[MAXLINELEN] ;
data/blimps-3.9+ds/blimps/htmlize-LAMA.c:48:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char link_string1[SMALLBUFF], link_string2[SMALLBUFF], link_string3[SMALLBUFF] ;
data/blimps-3.9+ds/blimps/htmlize-LAMA.c:49:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char help_icon[SMALLBUFF], logos_icon[SMALLBUFF], alignment_icon[SMALLBUFF] ;
data/blimps-3.9+ds/blimps/htmlize-LAMA.c:50:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char block1[SMALLBUFF], block2[SMALLBUFF], *ptr, *script;
data/blimps-3.9+ds/blimps/htmlize-LAMA.c:79:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (inpf=fopen(inpfname, "r")) == NULL)
data/blimps-3.9+ds/blimps/htmlize-LAMA.c:110:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (outf=fopen(outfname, "w")) == NULL)
data/blimps-3.9+ds/blimps/htmlize-LAMA.c:120:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(link_string1, "<A HREF=\"/btest-bin/LAMA_alignment.sh?");
data/blimps-3.9+ds/blimps/htmlize-LAMA.c:123:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(link_string1, "<A HREF=\"/blocks-bin/LAMA_alignment.sh?");
data/blimps-3.9+ds/blimps/htmlize-LAMA.c:126:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(link_string2, "<A HREF=\"/btest-bin/LAMA_logos.csh?");
data/blimps-3.9+ds/blimps/htmlize-LAMA.c:129:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(link_string2, "<A HREF=\"/blocks-bin/LAMA_logos.csh?");
data/blimps-3.9+ds/blimps/htmlize-LAMA.c:132:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(link_string3, "<A HREF=\"/btest/help/about_logos.html\">");
data/blimps-3.9+ds/blimps/htmlize-LAMA.c:135:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(link_string3, "<A HREF=\"/blocks/help/about_logos.html\">");
data/blimps-3.9+ds/blimps/htmlize-codehop.c:26:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE];
data/blimps-3.9+ds/blimps/htmlize-codehop.c:37:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[FNAMELEN];
data/blimps-3.9+ds/blimps/htmlize-codehop.c:38:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE];
data/blimps-3.9+ds/blimps/htmlize-codehop.c:55:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[FNAMELEN], line[MAXLINE], stemp[MAXLINE], *ptr, *ptr1, *ptrt;
data/blimps-3.9+ds/blimps/htmlize-codehop.c:63:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fin=fopen(filename, "r")) == NULL)
data/blimps-3.9+ds/blimps/htmlize-codehop.c:121:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (ptr1 != NULL) onew->degen = atoi(ptr1+6);
data/blimps-3.9+ds/blimps/interpro.c:65:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbkey[IDLEN];
data/blimps-3.9+ds/blimps/interpro.c:70:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ac[MAXAC+1];
data/blimps-3.9+ds/blimps/interpro.c:81:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iprfile[MAXNAME], xreffile[MAXNAME], iprname[MAXAC];
data/blimps-3.9+ds/blimps/interpro.c:99:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fip=fopen(iprfile, "r")) == NULL)
data/blimps-3.9+ds/blimps/interpro.c:113:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (!strlen(iprname)) strcpy(iprname, "all");
data/blimps-3.9+ds/blimps/interpro.c:126:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(xreffile, ".xref");
data/blimps-3.9+ds/blimps/interpro.c:127:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fxref = fopen(xreffile, "w");
data/blimps-3.9+ds/blimps/interpro.c:142:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iprname[MAXNAME];
data/blimps-3.9+ds/blimps/interpro.c:145:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE], ac[MAXNAME], id[MAXNAME], de[MAXLINE], *ptr, *ptr1;
data/blimps-3.9+ds/blimps/interpro.c:146:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[MAXLINE], ctemp1[MAXNAME], fname[MAXNAME], status[MAXNAME];
data/blimps-3.9+ds/blimps/interpro.c:147:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char db[MAXKEY+1][MAXNAME], dbkey[MAXKEY+1][MAXNAME];
data/blimps-3.9+ds/blimps/interpro.c:152:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fmot = fopen("interpro.motifj", "w");
data/blimps-3.9+ds/blimps/interpro.c:186:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
flis = fopen(fname, "w");
data/blimps-3.9+ds/blimps/interpro.c:399:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seqname[MAXNAME];
data/blimps-3.9+ds/blimps/interpro.c:461:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE] ;
data/blimps-3.9+ds/blimps/interpro.c:467:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
frep=fopen("repeats.dat", "r");
data/blimps-3.9+ds/blimps/lisblk.c:32:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Pros[FNAMELEN];
data/blimps-3.9+ds/blimps/lisblk.c:33:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Title[MAXLINE];
data/blimps-3.9+ds/blimps/lisblk.c:41:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char blkfile[FNAMELEN], lisfile[FNAMELEN], outfile[FNAMELEN];
data/blimps-3.9+ds/blimps/lisblk.c:58:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (flis=fopen(lisfile, "r")) == NULL)
data/blimps-3.9+ds/blimps/lisblk.c:75:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fblk=fopen(blkfile, "r")) == NULL)
data/blimps-3.9+ds/blimps/lisblk.c:84:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(blkfile, "A.blk");
data/blimps-3.9+ds/blimps/lisblk.c:85:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fblk=fopen(blkfile, "r")) == NULL)
data/blimps-3.9+ds/blimps/lisblk.c:92:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fblk=fopen(blkfile, "r")) == NULL)
data/blimps-3.9+ds/blimps/lisblk.c:136:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outfile, ".lsb");
data/blimps-3.9+ds/blimps/lisblk.c:137:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fout=fopen(outfile, "w+t")) == NULL)
data/blimps-3.9+ds/blimps/mablock.c:85:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char OutName[MAXNAME];
data/blimps-3.9+ds/blimps/mablock.c:86:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Block_AC[MAXNAME];
data/blimps-3.9+ds/blimps/mablock.c:87:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Block_ID[MAXNAME];
data/blimps-3.9+ds/blimps/mablock.c:88:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Block_DE[MAXNAME];
data/blimps-3.9+ds/blimps/mablock.c:106:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[MAXNAME], bdbname[MAXNAME], outtype[MABLOCK_OUTTYPELEN], *ptr;
data/blimps-3.9+ds/blimps/mablock.c:133:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (ifp=fopen(bdbname, "r")) == NULL)
data/blimps-3.9+ds/blimps/mablock.c:163:28: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcpy(ctemp, OutName); strcat(ctemp, ".blks");
data/blimps-3.9+ds/blimps/mablock.c:164:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (bfp=fopen(ctemp, "w")) == NULL)
data/blimps-3.9+ds/blimps/mablock.c:169:28: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcpy(ctemp, OutName); strcat(ctemp, ".seqs");
data/blimps-3.9+ds/blimps/mablock.c:170:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (sfp=fopen(ctemp, "w")) == NULL)
data/blimps-3.9+ds/blimps/mablock.c:186:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc > 4) MinWidth = atoi(argv[4]);
data/blimps-3.9+ds/blimps/mablock.c:192:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc > 5) MaxWidth = atoi(argv[5]);
data/blimps-3.9+ds/blimps/mablock.c:394:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLEN], tmp_name[MAXNAME], *name, *residues;
data/blimps-3.9+ds/blimps/mablock.c:421:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmp=fopen(tmp_name, "w");
data/blimps-3.9+ds/blimps/mablock.c:448:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (tmp = fopen(tmp_name, "r")) != NULL)
data/blimps-3.9+ds/blimps/mablock.c:500:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmp=fopen(tmp_name, "w");
data/blimps-3.9+ds/blimps/mablock.c:530:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLEN], tmp_name[30], *name, *residues;
data/blimps-3.9+ds/blimps/mablock.c:547:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_name, "mablock.%d", my_pid);
data/blimps-3.9+ds/blimps/mablock.c:548:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmp=fopen(tmp_name, "w");
data/blimps-3.9+ds/blimps/mablock.c:583:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (tmp = fopen(tmp_name, "r")) != NULL)
data/blimps-3.9+ds/blimps/mablock.c:635:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmp=fopen(tmp_name, "w");
data/blimps-3.9+ds/blimps/mablock.c:697:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[MAXNAME];
data/blimps-3.9+ds/blimps/mablock.c:713:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(block->motif, "UNK");
data/blimps-3.9+ds/blimps/mablock.c:714:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(block->bl, "UNK motif; width=%d; seqs=%d;",
data/blimps-3.9+ds/blimps/mablock.c:865:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[80];
data/blimps-3.9+ds/blimps/makeblockmap.c:84:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bdbname[MAXNAME]=INP_DFLT_FNAME, outname[MAXNAME]=OUT_DFLT_FNAME ;
data/blimps-3.9+ds/blimps/makeblockmap.c:85:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lisname[MAXNAME];
data/blimps-3.9+ds/blimps/makeblockmap.c:86:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_fam_name[MAXNAME]=DFLT_SRC_FAM_NAME;
data/blimps-3.9+ds/blimps/makeblockmap.c:90:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char family_name[8] ;
data/blimps-3.9+ds/blimps/makeblockmap.c:106:50: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (strcmp(bdbname,INP_DFLT_FNAME) !=0 && (bfp=fopen(bdbname, "r")) == NULL)
data/blimps-3.9+ds/blimps/makeblockmap.c:112:31: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (strlen(lisname) && (lfp=fopen(lisname, "r")) == NULL)
data/blimps-3.9+ds/blimps/makeblockmap.c:118:50: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (strcmp(outname,OUT_DFLT_FNAME) !=0 && (ofp=fopen(outname, "w")) == NULL)
data/blimps-3.9+ds/blimps/makelis.c:63:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SequenceFile[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/makelis.c:64:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char LisFile[LARGE_BUFF_LENGTH], ProFile[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/makelis.c:65:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char LenFile[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/makelis.c:66:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ErrFile[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/makelis.c:69:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Path[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/makelis.c:70:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Process[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/makelis.c:72:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char User[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/makelis.c:73:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Return[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/makelis.c:75:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char BlockName[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/makelis.c:77:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SubjectLine[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/makelis.c:78:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char TruncSubjectLine[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/makelis.c:79:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char DELine[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/makelis.c:154:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (mailfp = fopen(Buffer, "r")) == NULL)
data/blimps-3.9+ds/blimps/makelis.c:185:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(DELine, "SubjectLine");
data/blimps-3.9+ds/blimps/makelis.c:196:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
LisFileP = fopen(LisFile, "w");
data/blimps-3.9+ds/blimps/makelis.c:197:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
LenFileP = fopen(LenFile, "w");
data/blimps-3.9+ds/blimps/makelis.c:198:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ProFileP = fopen(ProFile, "w");
data/blimps-3.9+ds/blimps/makelis.c:199:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
WarnP = fopen(ErrFile, "w");
data/blimps-3.9+ds/blimps/makelis.c:232:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seqname[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/makelis.c:274:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/makelis.c:280:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SequenceFiles.fp = fopen(SequenceFiles.file_names[0], "r");
data/blimps-3.9+ds/blimps/makelis.c:303:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/makelis.c:306:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/makelis.c:309:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/makelis.c:334:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer, "to determine the type of database\n");
data/blimps-3.9+ds/blimps/makelis.c:349:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[80];
data/blimps-3.9+ds/blimps/makelogob.c:790:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
afile->f = fopen(afile->name, "r");
data/blimps-3.9+ds/blimps/makelogob.c:1166:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
LINK->colors->f = fopen(LINK->colors->name, "r");
data/blimps-3.9+ds/blimps/makelogob.c:1773:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
theplace->f = fopen(theplace->name, "r");
data/blimps-3.9+ds/blimps/makelogob.c:2050:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
symvec->f = fopen(symvec->name, "r");
data/blimps-3.9+ds/blimps/makelogob.c:2427:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
marks->f = fopen(marks->name, "r");
data/blimps-3.9+ds/blimps/makelogob.c:2439:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
colors->f = fopen(colors->name, "r");
data/blimps-3.9+ds/blimps/makelogob.c:2455:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
symvec->f = fopen(symvec->name, "r");
data/blimps-3.9+ds/blimps/makelogob.c:2465:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
V.logo->f = fopen(V.logo->name, "w");
data/blimps-3.9+ds/blimps/makelogob.c:2470:19: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
V.logo->f = tmpfile();
data/blimps-3.9+ds/blimps/makelogob.c:2729:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
V.logo->f = fopen(V.logo->name, "w");
data/blimps-3.9+ds/blimps/makelogob.c:2734:18: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
V.logo->f = tmpfile();
data/blimps-3.9+ds/blimps/makelogob.c:2780:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(logo.name, "logo");
data/blimps-3.9+ds/blimps/makelogob.c:2782:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(wave.name, "wave");
data/blimps-3.9+ds/blimps/makelogob.c:2784:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(marks.name, "marks");
data/blimps-3.9+ds/blimps/makelogob.c:2786:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(colors.name, "colors");
data/blimps-3.9+ds/blimps/makelogob.c:2788:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(makelogop.name, "makelogop");
data/blimps-3.9+ds/blimps/makelogob.c:2790:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(symvec.name, "symvec");
data/blimps-3.9+ds/blimps/matrix.c:127:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer, "Error in matrix file format. No ID line.\n");
data/blimps-3.9+ds/blimps/matrix.c:148:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer, "Error in matrix file format. No AC line.\n");
data/blimps-3.9+ds/blimps/matrix.c:162:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer, "Error in matrix file format. No DE line.\n");
data/blimps-3.9+ds/blimps/matrix.c:194:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer, "Setting width to zero\n");
data/blimps-3.9+ds/blimps/matrix.c:237:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer, "Error in matrix file format. No MA line.");
data/blimps-3.9+ds/blimps/matrix.c:239:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer, "Attempting to set values to be able to continue.");
data/blimps-3.9+ds/blimps/matrix.c:241:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer, "The first column of the matrix will be missed.\n");
data/blimps-3.9+ds/blimps/matrix.c:367:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(matrix->ma, "width=%d;", len);
data/blimps-3.9+ds/blimps/matrix.c:636:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/matrix.c:667:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/matrix.c:674:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/matrix_logob.c:144:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bdbname[MAXNAME], suffix[MAXNAME], outname[MAXNAME] ;
data/blimps-3.9+ds/blimps/matrix_logob.c:145:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char blockAC[MAXNAME], blockID[MAXNAME], version[32];
data/blimps-3.9+ds/blimps/matrix_logob.c:146:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char line[160] ;
data/blimps-3.9+ds/blimps/matrix_logob.c:147:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logodir[MAXNAME], suffix2[MAXNAME], blockAC2[MAXNAME];
data/blimps-3.9+ds/blimps/matrix_logob.c:148:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char symvec[MAXNAME], makelogop[MAXNAME], colors[MAXNAME+10];
data/blimps-3.9+ds/blimps/matrix_logob.c:152:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(version,"1.35") ; /*JGH*/
data/blimps-3.9+ds/blimps/matrix_logob.c:153:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(logodir, "./") ; /*JGH*/
data/blimps-3.9+ds/blimps/matrix_logob.c:234:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(symvec, "symvec");
data/blimps-3.9+ds/blimps/matrix_logob.c:237:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (out=fopen(symvec, "w")) == NULL)
data/blimps-3.9+ds/blimps/matrix_logob.c:251:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(makelogop, "makelogop");
data/blimps-3.9+ds/blimps/matrix_logob.c:254:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (out=fopen(makelogop, "w")) == NULL)
data/blimps-3.9+ds/blimps/matrix_logob.c:315:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bdbname[MAXNAME], suffix[MAXNAME], blockAC[];
data/blimps-3.9+ds/blimps/matrix_logob.c:340:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (*bfp=fopen(bdbname, "r")) == NULL)
data/blimps-3.9+ds/blimps/matrix_logob.c:366:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc > 4) dbg_lvl = atoi(argv[argc-1]) ; /*JGH*/
data/blimps-3.9+ds/blimps/matrix_logob.c:575:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PSviewer[MAXNAME], PSviewer_opt[MAXNAME] ;
data/blimps-3.9+ds/blimps/matrix_logob.c:576:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PSprint[MAXNAME], ans[2] , line[80] ;
data/blimps-3.9+ds/blimps/matrix_logob.c:578:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(PSviewer, "pageview") ;
data/blimps-3.9+ds/blimps/matrix_logob.c:579:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(PSviewer_opt, "-left") ;
data/blimps-3.9+ds/blimps/matrix_logob.c:580:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(PSprint, "lpr") ;
data/blimps-3.9+ds/blimps/memory.c:43:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer, "Reclaim space function is not defined. No memory will be reclaimed.\n");
data/blimps-3.9+ds/blimps/memory.c:67:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer, "Reclaim space function is not defined. No memory will be reclaimed.\n");
data/blimps-3.9+ds/blimps/narrow.c:72:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chkname[80], ctemp[80], line[MAXLINE], *ptr, *ptr1;
data/blimps-3.9+ds/blimps/narrow.c:109:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (chk=fopen(chkname, "r")) == NULL)
data/blimps-3.9+ds/blimps/narrow.c:227:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pssm->id, "WEIGHTS");
data/blimps-3.9+ds/blimps/narrow.c:228:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pssm->ac, "WEIGHTS");
data/blimps-3.9+ds/blimps/narrow.c:230:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pssm->ma, "width=%d;", width);
data/blimps-3.9+ds/blimps/narrow.c:288:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(block->id, "FREQS");
data/blimps-3.9+ds/blimps/narrow.c:289:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(block->ac, "FREQS");
data/blimps-3.9+ds/blimps/narrow.c:291:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(block->bl, "seqs=%d; width=%d;", TotReal, width);
data/blimps-3.9+ds/blimps/narrow.c:307:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fout=fopen(ctemp, "w")) == NULL)
data/blimps-3.9+ds/blimps/narrow.c:321:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fout=fopen(ctemp, "w")) == NULL)
data/blimps-3.9+ds/blimps/oligo_melt.c:27:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Version[12] = "11/20/99.1"; /* Version date */
data/blimps-3.9+ds/blimps/oligo_melt.c:58:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[80];
data/blimps-3.9+ds/blimps/oligo_melt.c:81:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((inpf=fopen(fname, "r")) == NULL)
data/blimps-3.9+ds/blimps/p2c.h:54:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# define memcpy(a,b,n) (bcopy(b,a,n),a)
data/blimps-3.9+ds/blimps/p2c.h:54:25: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# define memcpy(a,b,n) (bcopy(b,a,n),a)
data/blimps-3.9+ds/blimps/p2c.h:216:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#ifndef memcpy
data/blimps-3.9+ds/blimps/p2c.h:217:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
extern Anyptr memcpy PP( (Anyptr, Const Anyptr, size_t) );
data/blimps-3.9+ds/blimps/p2c.h:221:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
extern int atoi PP( (Const Char *) );
data/blimps-3.9+ds/blimps/p2c.h:223:17: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
extern long atol PP( (Const Char *) );
data/blimps-3.9+ds/blimps/p2c.h:287:10: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
# define tmpfile() (fopen(tmpnam(NULL), "w+"))
data/blimps-3.9+ds/blimps/p2c.h:287:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
# define tmpfile() (fopen(tmpnam(NULL), "w+"))
data/blimps-3.9+ds/blimps/p2c.h:310:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define APUTFBUF(f,type,v) (memcpy(GETFBUF(f,type), (v), \
data/blimps-3.9+ds/blimps/p2clib.c:76:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dd, ss, n);
data/blimps-3.9+ds/blimps/p2clib.c:748:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d, s, (*s + 1) * sizeof(long));
data/blimps-3.9+ds/blimps/p2clib.c:916:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, ": ");
data/blimps-3.9+ds/blimps/p2clib.c:922:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bufp, "Pascal system I/O error %d", ior);
data/blimps-3.9+ds/blimps/p2clib.c:925:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " (illegal I/O request)");
data/blimps-3.9+ds/blimps/p2clib.c:928:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " (bad file name)");
data/blimps-3.9+ds/blimps/p2clib.c:931:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " (file not found)");
data/blimps-3.9+ds/blimps/p2clib.c:934:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " (file not open)");
data/blimps-3.9+ds/blimps/p2clib.c:937:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " (bad input format)");
data/blimps-3.9+ds/blimps/p2clib.c:940:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " (not open for reading)");
data/blimps-3.9+ds/blimps/p2clib.c:943:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " (not open for writing)");
data/blimps-3.9+ds/blimps/p2clib.c:946:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " (not open for direct access)");
data/blimps-3.9+ds/blimps/p2clib.c:949:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " (string subscript out of range)");
data/blimps-3.9+ds/blimps/p2clib.c:952:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " (end-of-file)");
data/blimps-3.9+ds/blimps/p2clib.c:955:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " (file write error)");
data/blimps-3.9+ds/blimps/p2clib.c:959:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bufp, "Pascal system error %d", code);
data/blimps-3.9+ds/blimps/p2clib.c:962:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " (out of memory)");
data/blimps-3.9+ds/blimps/p2clib.c:965:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " (reference to NIL pointer)");
data/blimps-3.9+ds/blimps/p2clib.c:968:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " (integer overflow)");
data/blimps-3.9+ds/blimps/p2clib.c:971:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " (divide by zero)");
data/blimps-3.9+ds/blimps/p2clib.c:974:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " (real math overflow)");
data/blimps-3.9+ds/blimps/p2clib.c:977:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " (value range error)");
data/blimps-3.9+ds/blimps/p2clib.c:980:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " (CASE value range error)");
data/blimps-3.9+ds/blimps/p2clib.c:983:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " (bus error)");
data/blimps-3.9+ds/blimps/p2clib.c:986:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " (stopped by user)");
data/blimps-3.9+ds/blimps/p2clib.c:997:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/blimps-3.9+ds/blimps/papssm.c:161:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qijname[FNAMELEN];
data/blimps-3.9+ds/blimps/papssm.c:239:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bdbname[FNAMELEN], pssmname[FNAMELEN], cfname[FNAMELEN];
data/blimps-3.9+ds/blimps/papssm.c:240:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char freqname[FNAMELEN], diriname[FNAMELEN];
data/blimps-3.9+ds/blimps/papssm.c:255:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (cfp=fopen(cfname, "r")) == NULL)
data/blimps-3.9+ds/blimps/papssm.c:368:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE], keyword[20], *ptr;
data/blimps-3.9+ds/blimps/papssm.c:369:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char blname[FNAMELEN], exname[FNAMELEN], frname[FNAMELEN];
data/blimps-3.9+ds/blimps/papssm.c:370:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alname[FNAMELEN], diname[FNAMELEN], clname[FNAMELEN];
data/blimps-3.9+ds/blimps/papssm.c:371:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char grname[FNAMELEN], gqname[FNAMELEN], ouname[FNAMELEN];
data/blimps-3.9+ds/blimps/papssm.c:372:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char paname[FNAMELEN];
data/blimps-3.9+ds/blimps/papssm.c:395:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (Fbl = fopen(blname, "r")) == NULL)
data/blimps-3.9+ds/blimps/papssm.c:401:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (Fex = fopen(exname, "w")) == NULL)
data/blimps-3.9+ds/blimps/papssm.c:407:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (Fou = fopen(ouname, "w")) == NULL)
data/blimps-3.9+ds/blimps/papssm.c:413:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (Ffr = fopen(frname, "r")) == NULL)
data/blimps-3.9+ds/blimps/papssm.c:422:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (Fal = fopen(alname, "r")) == NULL)
data/blimps-3.9+ds/blimps/papssm.c:438:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (Fal = fopen(alname, "r")) == NULL)
data/blimps-3.9+ds/blimps/papssm.c:460:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (Fgr = fopen(grname, "r")) == NULL)
data/blimps-3.9+ds/blimps/papssm.c:466:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (Fgq = fopen(gqname, "r")) == NULL)
data/blimps-3.9+ds/blimps/papssm.c:472:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (Fdi = fopen(diname, "r")) == NULL)
data/blimps-3.9+ds/blimps/papssm.c:478:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (Fcl = fopen(clname, "r")) == NULL)
data/blimps-3.9+ds/blimps/papssm.c:513:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ClumpCounts = atoi(ptr);
data/blimps-3.9+ds/blimps/papssm.c:522:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
PatternCutoff = atoi(ptr);
data/blimps-3.9+ds/blimps/papssm.c:527:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (Fpa = fopen(paname, "w")) == NULL)
data/blimps-3.9+ds/blimps/papssm.c:626:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[FNAMELEN];
data/blimps-3.9+ds/blimps/papssm.c:640:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fst=fopen(fname, "r")) == NULL)
data/blimps-3.9+ds/blimps/papssm.c:658:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE], *ptr;
data/blimps-3.9+ds/blimps/papssm.c:1287:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/papssm.c:1293:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/papssm.c:1307:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/papssm.c:1312:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/papssm.c:1317:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/papssm.c:1324:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/papssm.c:1327:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/papssm.c:1330:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/papssm.c:1374:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE], chigh[6], *ptr;
data/blimps-3.9+ds/blimps/papssm.c:1419:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
subst[row][col] = (double) atoi(ptr);
data/blimps-3.9+ds/blimps/papssm.c:1477:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[MAXLINE], *ptr;
data/blimps-3.9+ds/blimps/papssm.c:1925:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE], *ptr;
data/blimps-3.9+ds/blimps/papssm.c:2022:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1000], *ptr;
data/blimps-3.9+ds/blimps/papssm.c:2027:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fp = fopen("data", "w")) == NULL)
data/blimps-3.9+ds/blimps/papssm.c:2042:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, "rind");
data/blimps-3.9+ds/blimps/papssm.c:2050:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fp = fopen("counts", "r")) == NULL)
data/blimps-3.9+ds/blimps/papssm.c:2257:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pattern[MAXLINE], ctemp[5], *ptr;
data/blimps-3.9+ds/blimps/papssm.c:2262:21: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (ptr != NULL) strcat(pattern, "; PATMAT");
data/blimps-3.9+ds/blimps/prints2blocks.c:57:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inpfname[MAXNAME], outfname[2][MAXNAME] ;
data/blimps-3.9+ds/blimps/prints2blocks.c:69:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (inpf=fopen(inpfname, "r")) == NULL)
data/blimps-3.9+ds/blimps/prints2blocks.c:76:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc > 2) verbose = atoi(argv[2]);
data/blimps-3.9+ds/blimps/prints2blocks.c:82:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (outf[0]=fopen(outfname[0], "w")) == NULL)
data/blimps-3.9+ds/blimps/prints2blocks.c:90:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (outf[1]=fopen(outfname[1], "w")) == NULL)
data/blimps-3.9+ds/blimps/prints2blocks.c:154:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINELEN], word[MAXLINELEN], entry_name[MAXLINELEN] ;
data/blimps-3.9+ds/blimps/prints2blocks.c:155:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fam_acc[8] ;
data/blimps-3.9+ds/blimps/prints2blocks.c:156:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PS_crssref[11] = "-", BL_crssref[11] = "-" ;
data/blimps-3.9+ds/blimps/prints2blocks.c:157:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PR_crssref[MAXLINELEN] = "" ;
data/blimps-3.9+ds/blimps/prints2blocks.c:282:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_blocks = atoi(ptr + 1) ; /* convert number of motifs to a number */
data/blimps-3.9+ds/blimps/prints2blocks.c:435:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(block[i1].width = atoi(ptr)) <= 0)
data/blimps-3.9+ds/blimps/prints2blocks.c:585:59: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(block[i1].sequences[num_seqs].position = atoi(ptr)) <= 0)
data/blimps-3.9+ds/blimps/prints2blocks.c:608:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
temp = atoi(ptr) ; /* (no simple test for the distance value
data/blimps-3.9+ds/blimps/prints2blocks.c:637:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(word, " distance from previous block=(%d,%d)",
data/blimps-3.9+ds/blimps/prints2blocks.c:641:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(block[i1].bl, "adapted from PRINTS entry; width=%d; seqs=%d;",
data/blimps-3.9+ds/blimps/protomat.c:22:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bl60_matrix[21][21]={
data/blimps-3.9+ds/blimps/protomat.c:50:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bl62_matrix[21][21]={
data/blimps-3.9+ds/blimps/protomat.c:187:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[FNAMELEN], line[MAXLINE], chigh[6], *ptr;
data/blimps-3.9+ds/blimps/protomat.c:191:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fstp = fopen("protomat.stp", "rt")) == NULL)
data/blimps-3.9+ds/blimps/protomat.c:194:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(filename, "def");
data/blimps-3.9+ds/blimps/protomat.c:209:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fin = fopen(filename, "rt")) == NULL)
data/blimps-3.9+ds/blimps/protomat.c:213:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(filename, "def");
data/blimps-3.9+ds/blimps/protomat.c:223:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
matrix->highpass = atoi(chigh);
data/blimps-3.9+ds/blimps/protomat.c:273:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
matrix->scores[row][col] = atoi(ptr);
data/blimps-3.9+ds/blimps/protomat.c:441:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tname[FNAMELEN], mem[MAXLINE], *ptr;
data/blimps-3.9+ds/blimps/protomat.c:442:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pros[FNAMELEN];
data/blimps-3.9+ds/blimps/protomat.c:505:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE], ctemp[20], *ptr;
data/blimps-3.9+ds/blimps/protomat.c:552:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
new->len = atoi(ctemp);
data/blimps-3.9+ds/blimps/protomat.c:580:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ptr, idtemp[SNAMELEN*6 + 6], dbtemp[SNAMELEN*6 + 6];
data/blimps-3.9+ds/blimps/protomat.c:581:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[SNAMELEN*6 + 6];
data/blimps-3.9+ds/blimps/protomat.c:582:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char idlist[10][SNAMELEN*6 + 6];
data/blimps-3.9+ds/blimps/protxblk.c:32:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bdbname[MAXNAME], conname[MAXNAME];
data/blimps-3.9+ds/blimps/protxblk.c:42:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (bfp=fopen(bdbname, "r")) == NULL)
data/blimps-3.9+ds/blimps/protxblk.c:55:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (ofp=fopen(conname, "w")) == NULL)
data/blimps-3.9+ds/blimps/pssmBL.c:24:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bdbname[MAXNAME], conname[MAXNAME], pssmname[MAXNAME];
data/blimps-3.9+ds/blimps/pssmBL.c:34:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (pfp=fopen(pssmname, "r")) == NULL)
data/blimps-3.9+ds/blimps/pssmBL.c:47:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (bfp=fopen(bdbname, "r")) == NULL)
data/blimps-3.9+ds/blimps/pssmBL.c:60:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (ofp=fopen(conname, "a")) == NULL)
data/blimps-3.9+ds/blimps/pssmBL.c:87:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXNAME], *ptr;
data/blimps-3.9+ds/blimps/pssmBL.c:97:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
block->percentile = atoi(ptr);
data/blimps-3.9+ds/blimps/pssmBL.c:102:51: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (ptr != NULL) block->strength = atoi(ptr);
data/blimps-3.9+ds/blimps/pssmdist.c:105:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mname[MAXNAME], fname[MAXNAME], oname[MAXNAME], *ptr, ctemp[MAXNAME];
data/blimps-3.9+ds/blimps/pssmdist.c:106:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outname[MAXNAME];
data/blimps-3.9+ds/blimps/pssmdist.c:118:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (mfp=fopen(mname, "r")) == NULL)
data/blimps-3.9+ds/blimps/pssmdist.c:131:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (ofp=fopen(oname, "r")) == NULL)
data/blimps-3.9+ds/blimps/pssmdist.c:143:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (ffp=fopen(fname, "r")) == NULL)
data/blimps-3.9+ds/blimps/pssmdist.c:176:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outname, "pssmdist");
data/blimps-3.9+ds/blimps/pssmdist.c:179:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fdt=fopen(ctemp, "a")) == NULL)
data/blimps-3.9+ds/blimps/pssmdist.c:190:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fcum=fopen(ctemp, "a")) == NULL)
data/blimps-3.9+ds/blimps/pssmdist.c:605:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/pssmdist.c:611:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/pssmdist.c:625:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/pssmdist.c:630:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/pssmdist.c:635:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/pssmdist.c:642:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/pssmdist.c:645:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/pssmdist.c:648:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/pssmdist.c:712:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE];
data/blimps-3.9+ds/blimps/rank_matrix.c:31:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char matname[MAXNAME];
data/blimps-3.9+ds/blimps/rank_matrix.c:44:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fmat=fopen(matname, "r")) == NULL)
data/blimps-3.9+ds/blimps/rank_matrix.c:94:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *blimps_dir, sijname[SMALL_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/rank_matrix.c:106:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sijname, "default.sij");
data/blimps-3.9+ds/blimps/rank_matrix.c:109:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (sijfp = fopen (sijname, "r")) == NULL)
data/blimps-3.9+ds/blimps/readchk.c:10:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chkname[80] ;
data/blimps-3.9+ds/blimps/readchk.c:25:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (chk=fopen(chkname, "r")) == NULL)
data/blimps-3.9+ds/blimps/readchk.c:36:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pssm->id, "PSI-BLAST");
data/blimps-3.9+ds/blimps/readchk.c:37:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pssm->ac, "PSI-BLAST");
data/blimps-3.9+ds/blimps/readchk.c:41:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(seq->name, "PSI-BLAST");
data/blimps-3.9+ds/blimps/readmast.c:18:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chkname[80], line[MAXLINE], *ptr, *ptr1;
data/blimps-3.9+ds/blimps/readmast.c:31:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (chk=fopen(chkname, "r")) == NULL)
data/blimps-3.9+ds/blimps/readmast.c:92:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pssm->id, "MAST");
data/blimps-3.9+ds/blimps/readmast.c:93:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pssm->ac, "MAST");
data/blimps-3.9+ds/blimps/readmast.c:95:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pssm->ma, "width=%d;", width);
data/blimps-3.9+ds/blimps/retblock.c:30:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bdbname[MAXNAME], outname[MAXNAME], acname[MAXNAME];
data/blimps-3.9+ds/blimps/retblock.c:55:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (bfp=fopen(bdbname, "r")) == NULL)
data/blimps-3.9+ds/blimps/retblock.c:67:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(acname, "all");
data/blimps-3.9+ds/blimps/retblock.c:98:12: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outname, ".blk");
data/blimps-3.9+ds/blimps/retblock.c:99:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (ofp=fopen(outname, "w")) == NULL)
data/blimps-3.9+ds/blimps/scores.c:75:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/scores.c:78:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/scores.c:139:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/scores.c:143:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/scores.c:146:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/scores.h:27:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char matrix_number[NUMBER_WIDTH]; /* the matrix/block number */
data/blimps-3.9+ds/blimps/scores.h:28:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sequence_number[NUMBER_WIDTH]; /* the sequence number/name */
data/blimps-3.9+ds/blimps/scores.h:29:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char matrix_desc[DESC_WIDTH]; /* the matrix/block description */
data/blimps-3.9+ds/blimps/scores.h:30:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sequence_desc[DESC_WIDTH]; /* the sequence description */
data/blimps-3.9+ds/blimps/scores.h:31:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char consensus[DESC_WIDTH]; /* the "consensus" sequence */
data/blimps-3.9+ds/blimps/scoring.c:126:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/scoring.c:136:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/scoring.c:294:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/sequences.c:184:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lbuff[LARGE_BUFF_LENGTH]; /* local Buffer to save the info */
data/blimps-3.9+ds/blimps/sequences.c:292:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuff[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/sequences.c:295:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[LARGE_BUFF_LENGTH], temp[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/sequences.c:299:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(new_sequence->name, "Unknown");
data/blimps-3.9+ds/blimps/sequences.c:300:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(new_sequence->info, "Unknown");
data/blimps-3.9+ds/blimps/sequences.c:347:24: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (ptr == NULL) { strcpy(new_sequence->name, "UNKNOWN"); }
data/blimps-3.9+ds/blimps/sequences.c:529:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char upper_str[SMALL_BUFF_LENGTH], *c_upper_str;
data/blimps-3.9+ds/blimps/sequences.c:692:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/sequences.c:695:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/sequences.c:785:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gcode[64];
data/blimps-3.9+ds/blimps/sequences.c:786:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char revgcode[64]; /* genetic codes */
data/blimps-3.9+ds/blimps/sequences.c:798:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/sequences.c:801:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/sequences.c:809:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/sequences.c:813:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/sequences.c:967:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/sequences.c:1037:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/sequences.c:1040:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/sequences.c:1064:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/sequences.c:1098:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_check_buf[SMALL_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/sequences.c:1287:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/sequences.c:1290:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ErrorBuffer,
data/blimps-3.9+ds/blimps/show_aligned_blocks.c:40:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bdbname1[MAXNAME], bdbname2[MAXNAME];
data/blimps-3.9+ds/blimps/show_aligned_blocks.c:41:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char blkname1[SMALL_BUFF_LENGTH], blkname2[SMALL_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/show_aligned_blocks.c:42:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char offset[MAXNAME] ;
data/blimps-3.9+ds/blimps/show_aligned_blocks.c:56:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (bfp1=fopen(bdbname1, "r")) == NULL)
data/blimps-3.9+ds/blimps/show_aligned_blocks.c:66:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
start1 = atoi(argv[3]) ;
data/blimps-3.9+ds/blimps/show_aligned_blocks.c:77:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (bfp2=fopen(bdbname2, "r")) == NULL)
data/blimps-3.9+ds/blimps/show_aligned_blocks.c:88:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
start2 = atoi(argv[6]) ;
data/blimps-3.9+ds/blimps/show_aligned_blocks.c:98:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
alignment_length = atoi(argv[7]) ;
data/blimps-3.9+ds/blimps/sortblk.c:35:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bdbname[MAXNAME], conname[MAXNAME], ctemp[10];
data/blimps-3.9+ds/blimps/sortblk.c:63:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (bfp=fopen(bdbname, "r")) == NULL)
data/blimps-3.9+ds/blimps/sortblk.c:76:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (ofp=fopen(conname, "w")) == NULL)
data/blimps-3.9+ds/blimps/strutil.c:18:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Buffer[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/translate.c:22:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sname[MAXNAME], outname[MAXNAME], ctemp[MAXNAME];
data/blimps-3.9+ds/blimps/translate.c:23:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gcode[64], revgcode[64];
data/blimps-3.9+ds/blimps/translate.c:34:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (bfp=fopen(sname, "r")) == NULL)
data/blimps-3.9+ds/blimps/translate.c:55:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (ofp=fopen(outname, "w")) == NULL)
data/blimps-3.9+ds/blimps/translate.c:61:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc > 3) frame = atoi(argv[3]);
data/blimps-3.9+ds/blimps/translate.c:66:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
frame = atoi(ctemp);
data/blimps-3.9+ds/blimps/translate.c:71:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc > 4) code = atoi(argv[4]);
data/blimps-3.9+ds/blimps/translate.c:78:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
code = atoi(ctemp);
data/blimps-3.9+ds/blimps/version.c:114:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ProgramString[SMALL_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/version.c:115:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char VersionString[SMALL_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/version.c:116:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char VersionInfo[SMALL_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/version.c:117:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char DateString[SMALL_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/version.c:118:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char CopyrightString[SMALL_BUFF_LENGTH];
data/blimps-3.9+ds/blimps/version.c:120:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char TitleString[SMALL_BUFF_LENGTH] = { '\0' };
data/blimps-3.9+ds/include/blocks.h:35:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[SMALL_BUFF_LENGTH]; /* Block ID string */
data/blimps-3.9+ds/include/blocks.h:36:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ac[SMALL_BUFF_LENGTH]; /* Block AC string */
data/blimps-3.9+ds/include/blocks.h:37:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char de[SMALL_BUFF_LENGTH]; /* Block DE string */
data/blimps-3.9+ds/include/blocks.h:38:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bl[SMALL_BUFF_LENGTH]; /* Block BL string */
data/blimps-3.9+ds/include/blocks.h:39:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char number[SMALL_BUFF_LENGTH]; /* AC: block number IPR123456A */
data/blimps-3.9+ds/include/blocks.h:40:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char family[SMALL_BUFF_LENGTH]; /* AC: block family IPR123456 */
data/blimps-3.9+ds/include/blocks.h:41:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char motif[20]; /* BL: motif */
data/blimps-3.9+ds/include/errors.h:31:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char ErrorBuffer[LARGE_BUFF_LENGTH+SMALL_BUFF_LENGTH];
data/blimps-3.9+ds/include/files.h:25:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char ExportMatrixFile[SMALL_BUFF_LENGTH];
data/blimps-3.9+ds/include/files.h:26:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char OutputFile[SMALL_BUFF_LENGTH];
data/blimps-3.9+ds/include/matrix.h:38:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[SMALL_BUFF_LENGTH]; /* Matrix ID string */
data/blimps-3.9+ds/include/matrix.h:39:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ac[SMALL_BUFF_LENGTH]; /* Matrix AC string */
data/blimps-3.9+ds/include/matrix.h:40:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char de[DESC_WIDTH]; /* Matrix DE string */
data/blimps-3.9+ds/include/matrix.h:41:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ma[SMALL_BUFF_LENGTH]; /* Matrix MA string */
data/blimps-3.9+ds/include/matrix.h:42:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char number[NUMBER_WIDTH]; /* the number of this matrix */
data/blimps-3.9+ds/include/matrix.h:43:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char motif[20]; /* motif */
data/blimps-3.9+ds/include/ntbet.h:105:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXTERN char nt_brevcomp[128] /* binary-to-binary reverse complement */
data/blimps-3.9+ds/include/ntbet.h:120:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXTERN char nt_arevcomp[128] /* ASCII-to-ASCII reverse complement */
data/blimps-3.9+ds/include/protomat.h:69:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char *aa_type[20][20][MAX_DISTANCE];
data/blimps-3.9+ds/include/protomat.h:99:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aa[3]; /* Amino acid motif */
data/blimps-3.9+ds/include/protomat.h:221:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scores[MATSIZE][MATSIZE]; /* valid range -127 to +128 */
data/blimps-3.9+ds/include/protomat.h:231:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char entry[SNAMELEN+1]; /* sequence name */
data/blimps-3.9+ds/include/protomat.h:232:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_entry[2*SNAMELEN]; /* enhanced sequence name */
data/blimps-3.9+ds/include/protomat.h:233:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ps[2]; /* PS type=T, F or P */
data/blimps-3.9+ds/include/protomat.h:234:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[FNAMELEN]; /* additional text info */
data/blimps-3.9+ds/include/sequences.h:27:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[SMALL_BUFF_LENGTH]; /* the name of the sequence */
data/blimps-3.9+ds/include/sequences.h:28:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[SMALL_BUFF_LENGTH]; /* the info line of the sequence */
data/blimps-3.9+ds/include/strutil.h:20:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char Buffer[LARGE_BUFF_LENGTH];
data/blimps-3.9+ds/protomat/blastdat.c:43:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char HomName[FNAMELEN];
data/blimps-3.9+ds/protomat/blastdat.c:51:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char homfile[FNAMELEN], lisfile[FNAMELEN];
data/blimps-3.9+ds/protomat/blastdat.c:63:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fhom=fopen(homfile, "r")) == NULL)
data/blimps-3.9+ds/protomat/blastdat.c:82:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ( (flis=fopen(lisfile, "r")) == NULL)
data/blimps-3.9+ds/protomat/blastdat.c:95:30: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcpy(homfile, HomName); strcat(homfile, ".tns");
data/blimps-3.9+ds/protomat/blastdat.c:96:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fout=fopen(homfile, "wt")) == NULL)
data/blimps-3.9+ds/protomat/blastdat.c:107:30: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcpy(homfile, HomName); strcat(homfile, ".mis");
data/blimps-3.9+ds/protomat/blastdat.c:108:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fout=fopen(homfile, "wt")) == NULL)
data/blimps-3.9+ds/protomat/blastdat.c:118:30: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcpy(homfile, HomName); strcat(homfile, ".fnd");
data/blimps-3.9+ds/protomat/blastdat.c:119:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fout=fopen(homfile, "wt")) == NULL)
data/blimps-3.9+ds/protomat/blastdat.c:145:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE], id[22], *ptr, *ptr1;
data/blimps-3.9+ds/protomat/blastdat.c:210:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tscore = atoi(ptr);
data/blimps-3.9+ds/protomat/blastdat.c:356:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fout=fopen("blastdat.dat", "a")) == NULL)
data/blimps-3.9+ds/protomat/blksort.c:68:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ac[MAXAC+1]; /* block name, eg. PS00094A */
data/blimps-3.9+ds/protomat/blksort.c:69:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fam[MAXAC]; /* family part of ac */
data/blimps-3.9+ds/protomat/blksort.c:77:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[25]; /* block description */
data/blimps-3.9+ds/protomat/blksort.c:78:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aa[MAX_WIDTH]; /* alignment to block */
data/blimps-3.9+ds/protomat/blksort.c:85:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ac[MAXAC+1]; /* accession number */
data/blimps-3.9+ds/protomat/blksort.c:86:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fam[MAXAC]; /* family part of ac */
data/blimps-3.9+ds/protomat/blksort.c:89:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXSEQS][SNAMELEN+1]; /* name of seq */
data/blimps-3.9+ds/protomat/blksort.c:91:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aa[MAXSEQS][MAX_WIDTH]; /* aas for seq */
data/blimps-3.9+ds/protomat/blksort.c:101:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ac[MAXAC+1];
data/blimps-3.9+ds/protomat/blksort.c:111:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datname[FNAMELEN];
data/blimps-3.9+ds/protomat/blksort.c:155:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Version[12] = "12/23/06.1";/* Version number */
data/blimps-3.9+ds/protomat/blksort.c:157:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Query[SNAMELEN+1]; /* Query sequence name */
data/blimps-3.9+ds/protomat/blksort.c:165:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char HomName[FNAMELEN]; /* Search file name for stats file */
data/blimps-3.9+ds/protomat/blksort.c:166:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Qfilename[FNAMELEN]; /* Query file */
data/blimps-3.9+ds/protomat/blksort.c:168:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ac[MAXAC+1];
data/blimps-3.9+ds/protomat/blksort.c:175:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char DatDir[FNAMELEN]; /* Directory of database files */
data/blimps-3.9+ds/protomat/blksort.c:183:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char homfile[FNAMELEN], datfile[FNAMELEN], ctemp[FNAMELEN];
data/blimps-3.9+ds/protomat/blksort.c:184:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char db[FNAMELEN];
data/blimps-3.9+ds/protomat/blksort.c:221:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fcf=fopen(ctemp, "r")) == NULL)
data/blimps-3.9+ds/protomat/blksort.c:234:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
MaxHit = atoi(ctemp);
data/blimps-3.9+ds/protomat/blksort.c:312:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char homfile[FNAMELEN];
data/blimps-3.9+ds/protomat/blksort.c:315:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE], keyword[20], *ptr;
data/blimps-3.9+ds/protomat/blksort.c:353:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[FNAMELEN], line[MAXLINE];
data/blimps-3.9+ds/protomat/blksort.c:356:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fname, "blksort.stp");
data/blimps-3.9+ds/protomat/blksort.c:357:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fstp=fopen(fname, "r")) == NULL)
data/blimps-3.9+ds/protomat/blksort.c:360:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fstp=fopen(fname, "r");
data/blimps-3.9+ds/protomat/blksort.c:424:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char homfile[FNAMELEN];
data/blimps-3.9+ds/protomat/blksort.c:427:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE], db[FNAMELEN];
data/blimps-3.9+ds/protomat/blksort.c:432:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fhom=fopen(homfile, "r")) == NULL)
data/blimps-3.9+ds/protomat/blksort.c:476:20: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
QLen = atol(ptr1);
data/blimps-3.9+ds/protomat/blksort.c:489:41: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (ptr1 != NULL) QLen = atol(ptr1);
data/blimps-3.9+ds/protomat/blksort.c:516:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (ptr1 != NULL) NBlock = atoi(ptr1);
data/blimps-3.9+ds/protomat/blksort.c:538:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fcur->fdat=fopen(fcur->datname, "r")) == NULL)
data/blimps-3.9+ds/protomat/blksort.c:571:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[FNAMELEN], line[MAXLINE];
data/blimps-3.9+ds/protomat/blksort.c:576:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fstn=fopen("blksort.stn", "r");
data/blimps-3.9+ds/protomat/blksort.c:580:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fstn=fopen(fname, "r");
data/blimps-3.9+ds/protomat/blksort.c:606:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE], fname[FNAMELEN];
data/blimps-3.9+ds/protomat/blksort.c:612:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
frep=fopen("repeats.dat", "r");
data/blimps-3.9+ds/protomat/blksort.c:616:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
frep=fopen(fname, "r");
data/blimps-3.9+ds/protomat/blksort.c:640:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE], fname[FNAMELEN];
data/blimps-3.9+ds/protomat/blksort.c:645:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fbias = fopen("blksort.bias", "r");
data/blimps-3.9+ds/protomat/blksort.c:649:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fbias = fopen(fname, "r");
data/blimps-3.9+ds/protomat/blksort.c:675:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE], ctemp[8], save_ac[MAXAC+1], save_fam[MAXAC+1];
data/blimps-3.9+ds/protomat/blksort.c:714:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
results[rank].strength = atoi(ctemp);
data/blimps-3.9+ds/protomat/blksort.c:716:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
results[rank].score = atoi(ctemp);
data/blimps-3.9+ds/protomat/blksort.c:718:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
results[rank].frame = atoi(ctemp);
data/blimps-3.9+ds/protomat/blksort.c:720:26: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
results[rank].offset = atol(ctemp);
data/blimps-3.9+ds/protomat/blksort.c:782:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char save_fam[MAXAC+1], ctemp[MAXAC+1];
data/blimps-3.9+ds/protomat/blksort.c:788:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (Stats) fstat = fopen("blksort.dat", "a");
data/blimps-3.9+ds/protomat/blksort.c:790:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (Stats) frep = fopen("blksort.rep", "a");
data/blimps-3.9+ds/protomat/blksort.c:936:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE], ctemp[MAXLINE], *ptr, *ptr1;
data/blimps-3.9+ds/protomat/blksort.c:978:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
block->minprev = atoi(ptr);
data/blimps-3.9+ds/protomat/blksort.c:980:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (ptr != NULL) block->maxprev = atoi(ptr);
data/blimps-3.9+ds/protomat/blksort.c:991:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
block->strength = atoi(ptr1);
data/blimps-3.9+ds/protomat/blksort.c:1007:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE], *ptr, *ptr1;
data/blimps-3.9+ds/protomat/blksort.c:1041:38: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
block->offset[block->nseq] = atol(ptr);
data/blimps-3.9+ds/protomat/blksort.c:1073:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ac[MAXAC+1], pline[2*MAXLINE], tline[40];
data/blimps-3.9+ds/protomat/blksort.c:1174:34: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (temp[i].flag) strcat(pline, " (biased) ");
data/blimps-3.9+ds/protomat/blksort.c:1243:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lastac[MAXAC+1];
data/blimps-3.9+ds/protomat/blksort.c:1592:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fam[MAXAC+1], dbline[MAXLINE], qline[MAXLINE], pline[MAXLINE];
data/blimps-3.9+ds/protomat/blksort.c:1824:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datline[MAXLINE], homline[MAXLINE], blkline[MAXLINE];
data/blimps-3.9+ds/protomat/blksort.c:1825:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char barline[MAXLINE], repline[MAXLINE], saveac[12], ctemp[10];
data/blimps-3.9+ds/protomat/blksort.c:1831:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(saveac, " ");
data/blimps-3.9+ds/protomat/blksort.c:1877:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctemp, "%ld", block->offset[s]);
data/blimps-3.9+ds/protomat/blksort.c:1880:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctemp, "%ld", block->offset[block->nseq-1]+1);
data/blimps-3.9+ds/protomat/blksort.c:1889:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctemp, "%d", datmin);
data/blimps-3.9+ds/protomat/blksort.c:1894:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctemp, "%d", datmax);
data/blimps-3.9+ds/protomat/blksort.c:1900:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctemp, "%d", homdist);
data/blimps-3.9+ds/protomat/blksort.c:1936:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctemp, "%ld", results[t].offset+1);
data/blimps-3.9+ds/protomat/blksort.c:2026:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seqaa[2];
data/blimps-3.9+ds/protomat/blosum.c:84:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ac[10];
data/blimps-3.9+ds/protomat/blosum.c:110:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datfile[FNAMELEN], outfile[FNAMELEN], ctemp[6];
data/blimps-3.9+ds/protomat/blosum.c:130:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fdat=fopen(datfile, "r")) == NULL)
data/blimps-3.9+ds/protomat/blosum.c:137:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc > 2) MinStr = atoi(argv[2]);
data/blimps-3.9+ds/protomat/blosum.c:143:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (strlen(ctemp)) MinStr = atoi(ctemp);
data/blimps-3.9+ds/protomat/blosum.c:146:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc > 3) MaxStr = atoi(argv[3]);
data/blimps-3.9+ds/protomat/blosum.c:152:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (strlen(ctemp)) MaxStr = atoi(ctemp);
data/blimps-3.9+ds/protomat/blosum.c:183:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
itemp = atoi(ctemp+1);
data/blimps-3.9+ds/protomat/blosum.c:190:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
{ Cluster = atoi(ctemp); }
data/blimps-3.9+ds/protomat/blosum.c:206:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc > 5) iscale = atoi(argv[5]);
data/blimps-3.9+ds/protomat/blosum.c:212:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (strlen(ctemp)) iscale = atoi(ctemp);
data/blimps-3.9+ds/protomat/blosum.c:281:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outfile, "blosum%d.qij", Cluster);
data/blimps-3.9+ds/protomat/blosum.c:283:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outfile, "blosump%d.qij", (int) (1. / PBParameter));
data/blimps-3.9+ds/protomat/blosum.c:285:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outfile, "blosumw.qij");
data/blimps-3.9+ds/protomat/blosum.c:287:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outfile, "blosumn.qij");
data/blimps-3.9+ds/protomat/blosum.c:289:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outfile, "blosume.qij");
data/blimps-3.9+ds/protomat/blosum.c:290:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fout=fopen(outfile, "wt"))==NULL) fout = stdout;
data/blimps-3.9+ds/protomat/blosum.c:499:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outfile, "blosum%d.sij", Cluster);
data/blimps-3.9+ds/protomat/blosum.c:501:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outfile, "blosump%d.sij", (int) (1. / PBParameter));
data/blimps-3.9+ds/protomat/blosum.c:503:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outfile, "blosumw.sij");
data/blimps-3.9+ds/protomat/blosum.c:505:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outfile, "blosumn.sij");
data/blimps-3.9+ds/protomat/blosum.c:507:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outfile, "blosume.sij");
data/blimps-3.9+ds/protomat/blosum.c:508:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fout=fopen(outfile, "wt"))==NULL) fout = stdout;
data/blimps-3.9+ds/protomat/blosum.c:547:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outfile, "blosum%d.iij", Cluster);
data/blimps-3.9+ds/protomat/blosum.c:549:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outfile, "blosump%d.iij", (int) (1. / PBParameter));
data/blimps-3.9+ds/protomat/blosum.c:551:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outfile, "blosumw.iij");
data/blimps-3.9+ds/protomat/blosum.c:553:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outfile, "blosumn.iij");
data/blimps-3.9+ds/protomat/blosum.c:555:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outfile, "blosume.iij");
data/blimps-3.9+ds/protomat/blosum.c:556:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fout=fopen(outfile, "wt"))==NULL) fout = stdout;
data/blimps-3.9+ds/protomat/blosum.c:633:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE], *ptr, *ptr1;
data/blimps-3.9+ds/protomat/blosum.c:651:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Block.strength = atoi(ptr1);
data/blimps-3.9+ds/protomat/blosum.c:676:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE], *ptr;
data/blimps-3.9+ds/protomat/getblock.c:50:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Version[12] = " 5/20/00.1";
data/blimps-3.9+ds/protomat/getblock.c:51:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char BlockFam[15];
data/blimps-3.9+ds/protomat/getblock.c:58:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char blkfile[FNAMELEN], defname[FNAMELEN], cobfile[FNAMELEN];
data/blimps-3.9+ds/protomat/getblock.c:59:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prosite[FNAMELEN], webfile[FNAMELEN], mapfile[FNAMELEN];
data/blimps-3.9+ds/protomat/getblock.c:60:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char treefile[FNAMELEN], pdbfile[FNAMELEN], lnkfile[FNAMELEN];
data/blimps-3.9+ds/protomat/getblock.c:61:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cyrfile[FNAMELEN];
data/blimps-3.9+ds/protomat/getblock.c:130:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defname, "/howard/btest/bin/blocks.dat");
data/blimps-3.9+ds/protomat/getblock.c:136:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fblk=fopen(blkfile, "r")) == NULL)
data/blimps-3.9+ds/protomat/getblock.c:155:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cobfile, "cobbler.pros");
data/blimps-3.9+ds/protomat/getblock.c:157:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fcob = fopen(cobfile, "r")) != NULL)
data/blimps-3.9+ds/protomat/getblock.c:175:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(mapfile, "maps.dat");
data/blimps-3.9+ds/protomat/getblock.c:177:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( (fmap = fopen(mapfile, "r")) != NULL)
data/blimps-3.9+ds/protomat/getblock.c:194:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(treefile, "trees.dat");
data/blimps-3.9+ds/protomat/getblock.c:196:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( (ftre = fopen(treefile, "r")) != NULL)
data/blimps-3.9+ds/protomat/getblock.c:213:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(webfile, "proweb.dat");
data/blimps-3.9+ds/protomat/getblock.c:215:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fweb = fopen(webfile, "r")) != NULL)
data/blimps-3.9+ds/protomat/getblock.c:232:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(lnkfile, "blinks.dat");
data/blimps-3.9+ds/protomat/getblock.c:234:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (flnk = fopen(lnkfile, "r")) != NULL)
data/blimps-3.9+ds/protomat/getblock.c:251:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(pdbfile, "blk2pdb.dat");
data/blimps-3.9+ds/protomat/getblock.c:253:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( (fpdb = fopen(pdbfile, "r")) != NULL)
data/blimps-3.9+ds/protomat/getblock.c:270:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cyrfile, "cyrca.dat");
data/blimps-3.9+ds/protomat/getblock.c:272:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( (fcyr = fopen(cyrfile, "r")) != NULL)
data/blimps-3.9+ds/protomat/getblock.c:297:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(prosite, "prosite"); plen = strlen(prosite);
data/blimps-3.9+ds/protomat/getblock.c:298:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(prosite,".dat");
data/blimps-3.9+ds/protomat/getblock.c:299:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fdat=fopen(prosite, "r")) == NULL)
data/blimps-3.9+ds/protomat/getblock.c:304:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(prosite, ".doc");
data/blimps-3.9+ds/protomat/getblock.c:305:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fdoc=fopen(prosite, "r")) == NULL)
data/blimps-3.9+ds/protomat/getblock.c:325:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE], id[MAXLINE], fam[MAXLINE], ctemp[MAXLINE], *ptr;
data/blimps-3.9+ds/protomat/getblock.c:392:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE], *ptr;
data/blimps-3.9+ds/protomat/getblock.c:415:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE];
data/blimps-3.9+ds/protomat/getblock.c:444:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE];
data/blimps-3.9+ds/protomat/getblock.c:473:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE];
data/blimps-3.9+ds/protomat/getblock.c:498:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE];
data/blimps-3.9+ds/protomat/getblock.c:524:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE];
data/blimps-3.9+ds/protomat/getblock.c:546:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE], id[MAXLINE], ac[MAXLINE];
data/blimps-3.9+ds/protomat/getblock.c:599:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE];
data/blimps-3.9+ds/protomat/getblock.c:600:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[15];
data/blimps-3.9+ds/protomat/getseq.c:41:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Pros[FNAMELEN];
data/blimps-3.9+ds/protomat/getseq.c:48:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char infile[FNAMELEN], seqname[FNAMELEN];
data/blimps-3.9+ds/protomat/getseq.c:49:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char foutname[FNAMELEN];
data/blimps-3.9+ds/protomat/getseq.c:85:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fin=fopen(infile, "r")) == NULL)
data/blimps-3.9+ds/protomat/getseq.c:102:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fout=fopen(foutname, "w+t")) == NULL)
data/blimps-3.9+ds/protomat/lislis.c:26:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Pros[FNAMELEN];
data/blimps-3.9+ds/protomat/lislis.c:33:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lisfile[FNAMELEN], lis2file[FNAMELEN];
data/blimps-3.9+ds/protomat/lislis.c:47:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (flis=fopen(lisfile, "r")) == NULL)
data/blimps-3.9+ds/protomat/lislis.c:63:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (flis2=fopen(lis2file, "r")) == NULL)
data/blimps-3.9+ds/protomat/lislis.c:79:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[MAXLINE], stemp[MAXLINE], *ptr;
data/blimps-3.9+ds/protomat/lislis.c:152:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ptr1, *ptr2, parts[10][12], ctemp1[120], ctemp2[120];
data/blimps-3.9+ds/protomat/motifj.c:131:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Version[12] = " 4/ 2/00.1";
data/blimps-3.9+ds/protomat/motifj.c:136:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Seqname[MAXSEQS][SNAMELEN];
data/blimps-3.9+ds/protomat/motifj.c:139:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Batch_Filename[FNAMELEN], Mot_Filename[FNAMELEN];
data/blimps-3.9+ds/protomat/motifj.c:140:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Title[MAXLINE];
data/blimps-3.9+ds/protomat/motifj.c:164:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ptr, intemp[MAXLINE], filepath[FNAMELEN];
data/blimps-3.9+ds/protomat/motifj.c:166:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chsig[5], chdup[5], chdis[5], chdrop[6];
data/blimps-3.9+ds/protomat/motifj.c:182:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc > 1) RunType = atoi(argv[1]);
data/blimps-3.9+ds/protomat/motifj.c:209:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((bf = fopen(Batch_Filename, READ)) == NULL)
data/blimps-3.9+ds/protomat/motifj.c:253:32: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcpy(filepath, intemp); strcat(filepath, ".lst");
data/blimps-3.9+ds/protomat/motifj.c:255:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filepath, READ)) == NULL)
data/blimps-3.9+ds/protomat/motifj.c:257:35: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcpy(filepath, intemp); strcat(filepath, ".lis");
data/blimps-3.9+ds/protomat/motifj.c:258:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filepath, READ);
data/blimps-3.9+ds/protomat/motifj.c:319:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ptr = strtok(NULL, ","); Signif = atoi(ptr);
data/blimps-3.9+ds/protomat/motifj.c:320:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ptr = strtok(NULL, ","); Dups = atoi(ptr);
data/blimps-3.9+ds/protomat/motifj.c:327:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc > 3) Signif = atoi(argv[3]);
data/blimps-3.9+ds/protomat/motifj.c:331:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gets(intemp); Signif = atoi(intemp);
data/blimps-3.9+ds/protomat/motifj.c:340:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc > 4) Dups = atoi(argv[4]);
data/blimps-3.9+ds/protomat/motifj.c:346:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gets(intemp); Dups = atoi(intemp);
data/blimps-3.9+ds/protomat/motifj.c:353:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc > 5) Distance = atoi(argv[5]);
data/blimps-3.9+ds/protomat/motifj.c:359:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (strlen(intemp)) Distance = atoi(intemp);
data/blimps-3.9+ds/protomat/motifj.c:365:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc > 6) Drop = atoi(argv[6]);
data/blimps-3.9+ds/protomat/motifj.c:371:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (strlen(intemp)) Drop = atoi(intemp);
data/blimps-3.9+ds/protomat/motifj.c:560:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gets(chsig); total_motifs = atoi(chsig);
data/blimps-3.9+ds/protomat/motifj.c:567:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
prevsig = Signif; gets(intemp); Signif = atoi(intemp);
data/blimps-3.9+ds/protomat/motifj.c:571:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
prevdup = Dups; gets(intemp); Dups = atoi(intemp);
data/blimps-3.9+ds/protomat/motifj.c:672:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gets(chsig); n = atoi(chsig);
data/blimps-3.9+ds/protomat/motifj.c:745:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prototype[MAX_DOMAIN_WIDTH];
data/blimps-3.9+ds/protomat/motifj.c:1248:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ptr, ctemp[FNAMELEN];
data/blimps-3.9+ds/protomat/motifj.c:1269:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fp = fopen(ctemp, READ) ) == NULL)
data/blimps-3.9+ds/protomat/motifj.c:1285:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE], *ptr;
data/blimps-3.9+ds/protomat/motifj.c:1339:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp, shuffle[3];
data/blimps-3.9+ds/protomat/motifj.c:1748:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(Mot_Filename, ".mot");
data/blimps-3.9+ds/protomat/motifj.c:1751:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Mot_Filename, "motifj.mot");
data/blimps-3.9+ds/protomat/motifj.c:1752:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (mot=fopen(Mot_Filename, "w+b")) == NULL)
data/blimps-3.9+ds/protomat/motifj.c:1783:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ctemp, filename[FNAMELEN];
data/blimps-3.9+ds/protomat/motifj.c:1800:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(filename, ".motifj.pros");
data/blimps-3.9+ds/protomat/motifj.c:1803:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(filename, "motifj.pros");
data/blimps-3.9+ds/protomat/motifj.c:1804:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (out=fopen(filename, "w+b")) == NULL)
data/blimps-3.9+ds/protomat/motifj.h:86:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char *aa_type[20][20][MAX_DISTANCE];
data/blimps-3.9+ds/protomat/motifj.h:116:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aa[3]; /* Amino acid motif */
data/blimps-3.9+ds/protomat/motifj.h:234:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scores[MATSIZE][MATSIZE]; /* valid range -127 to +128 */
data/blimps-3.9+ds/protomat/motifj.h:249:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char entry[SNAMELEN+1]; /* sequence name */
data/blimps-3.9+ds/protomat/motifj.h:250:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_entry[2*SNAMELEN]; /* enhanced sequence name */
data/blimps-3.9+ds/protomat/motifj.h:251:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pir[IDLEN+1]; /* PIR entry name */
data/blimps-3.9+ds/protomat/motifj.h:252:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ps[2]; /* PS type=T, F or P */
data/blimps-3.9+ds/protomat/motmisc.c:35:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bl60_matrix[21][21]={
data/blimps-3.9+ds/protomat/motmisc.c:63:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bl62_matrix[21][21]={
data/blimps-3.9+ds/protomat/motmisc.c:200:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[FNAMELEN], line[MAXLINE], chigh[6], *ptr;
data/blimps-3.9+ds/protomat/motmisc.c:204:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fstp = fopen("protomat.stp", "rt")) == NULL)
data/blimps-3.9+ds/protomat/motmisc.c:207:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(filename, "def");
data/blimps-3.9+ds/protomat/motmisc.c:222:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fin = fopen(filename, "rt")) == NULL)
data/blimps-3.9+ds/protomat/motmisc.c:226:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(filename, "def");
data/blimps-3.9+ds/protomat/motmisc.c:236:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
matrix->highpass = atoi(chigh);
data/blimps-3.9+ds/protomat/motmisc.c:286:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
matrix->scores[row][col] = atoi(ptr);
data/blimps-3.9+ds/protomat/motmisc.c:402:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE];
data/blimps-3.9+ds/protomat/motmisc.c:545:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tname[FNAMELEN], mem[MAXLINE], pros[FNAMELEN], *ptr;
data/blimps-3.9+ds/protomat/motmisc.c:608:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE], ctemp[20], *ptr;
data/blimps-3.9+ds/protomat/motmisc.c:654:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
new->len = atoi(ctemp);
data/blimps-3.9+ds/protomat/motmisc.c:687:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE], title[MAXLINE], temp[MAXLINE], *ptr;
data/blimps-3.9+ds/protomat/motmisc.c:688:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char foutname[FNAMELEN];
data/blimps-3.9+ds/protomat/motmisc.c:751:26: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (db == GB) strcat(foutname, ".dna");
data/blimps-3.9+ds/protomat/motmisc.c:752:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
else strcat(foutname, ".pro");
data/blimps-3.9+ds/protomat/motmisc.c:755:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fout = fopen(foutname, "w+t")) == NULL)
data/blimps-3.9+ds/protomat/motmisc.c:873:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ptr, idtemp[SNAMELEN*6 + 6], dbtemp[SNAMELEN*6 + 6];
data/blimps-3.9+ds/protomat/motmisc.c:874:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[SNAMELEN*6 + 6], xtemp[SNAMELEN];
data/blimps-3.9+ds/protomat/motmisc.c:875:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char idlist[10][SNAMELEN*6 + 6];
data/blimps-3.9+ds/protomat/motmisc.c:953:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char up1[2], up2[2];
data/blimps-3.9+ds/protomat/motomat.c:112:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char VerDate[12] = " 6/ 6/00.1";
data/blimps-3.9+ds/protomat/motomat.c:119:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Mot_Filename[FNAMELEN]; /* Name of the .mot input file */
data/blimps-3.9+ds/protomat/motomat.c:120:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Blk_Filename[FNAMELEN]; /* Name of the .blk output file */
data/blimps-3.9+ds/protomat/motomat.c:126:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char AC[MAXAC+1], ACName[MAXLINE], ID[MAXLINE], DE[MAXLINE];
data/blimps-3.9+ds/protomat/motomat.c:131:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Argv0[MAXLINE]; /* Save argv[0] for restart */
data/blimps-3.9+ds/protomat/motomat.c:140:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[MAXLINE], ctemp[MAXLINE], *ptr;
data/blimps-3.9+ds/protomat/motomat.c:172:21: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (ptr == NULL) strcat(Mot_Filename, ".mot");
data/blimps-3.9+ds/protomat/motomat.c:173:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (mot=fopen(Mot_Filename, "rb")) == NULL)
data/blimps-3.9+ds/protomat/motomat.c:275:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ID, "none"); strcpy(DE, "none");
data/blimps-3.9+ds/protomat/motomat.c:275:24: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ID, "none"); strcpy(DE, "none");
data/blimps-3.9+ds/protomat/motomat.c:324:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
MinScore = atoi(ctemp);
data/blimps-3.9+ds/protomat/motomat.c:340:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ClThres = atoi(ctemp);
data/blimps-3.9+ds/protomat/motomat.c:348:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else DropScore = atoi(argv[4]);
data/blimps-3.9+ds/protomat/motomat.c:412:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((Fblk=fopen(ctemp, "w+t")) == NULL)
data/blimps-3.9+ds/protomat/motomat.c:436:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
MinScore = atoi(ctemp);
data/blimps-3.9+ds/protomat/motomat.c:444:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ClThres = atoi(ctemp);
data/blimps-3.9+ds/protomat/motomat.c:522:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
DropScore = atoi(ctemp);
data/blimps-3.9+ds/protomat/motomat.c:1171:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempname[30];
data/blimps-3.9+ds/protomat/motomat.c:1407:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c1, c[2];
data/blimps-3.9+ds/protomat/motomat.c:1460:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c1, c[2];
data/blimps-3.9+ds/protomat/motomat.c:1592:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c1, c2, c[2];
data/blimps-3.9+ds/protomat/motomat.c:1629:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arg2[5], arg3[5], arg4[5];
data/blimps-3.9+ds/protomat/multimat.c:55:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ac[MAXAC+1]; /* block name, eg. PS00094A */
data/blimps-3.9+ds/protomat/multimat.c:66:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[30]; /* block description */
data/blimps-3.9+ds/protomat/multimat.c:67:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_id[25]; /* patmat sequence id */
data/blimps-3.9+ds/protomat/multimat.c:68:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aa[MAX_WIDTH]; /* alignment to block */
data/blimps-3.9+ds/protomat/multimat.c:74:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ac[MAXAC+1]; /* accession number */
data/blimps-3.9+ds/protomat/multimat.c:78:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXSEQS][SNAMELEN+5]; /* name of seq */
data/blimps-3.9+ds/protomat/multimat.c:80:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aa[MAXSEQS][MAX_WIDTH]; /* aas for seq */
data/blimps-3.9+ds/protomat/multimat.c:122:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Version[12] = " 6/11/00.1";/* Version number */
data/blimps-3.9+ds/protomat/multimat.c:124:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char AC[30]; /* Global variables */
data/blimps-3.9+ds/protomat/multimat.c:131:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Query[SNAMELEN]; /* Query file name */
data/blimps-3.9+ds/protomat/multimat.c:148:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char homfile[MAXHOM][FNAMELEN], *ptr, *ptr1, ctemp[FNAMELEN];
data/blimps-3.9+ds/protomat/multimat.c:149:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datfile[FNAMELEN], lisfile[FNAMELEN];
data/blimps-3.9+ds/protomat/multimat.c:168:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Fdat = fopen("multimat.dat", "a"); /* statistics file */
data/blimps-3.9+ds/protomat/multimat.c:179:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (strlen(ctemp)) MaxHit = atoi(ctemp);
data/blimps-3.9+ds/protomat/multimat.c:189:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fblk=fopen(datfile, "r")) == NULL)
data/blimps-3.9+ds/protomat/multimat.c:207:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (flis=fopen(lisfile, "r")) == NULL)
data/blimps-3.9+ds/protomat/multimat.c:231:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Fmis = fopen("multimat.mis", "w"); /* statistics file */
data/blimps-3.9+ds/protomat/multimat.c:232:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Ffnd = fopen("multimat.fnd", "w"); /* statistics file */
data/blimps-3.9+ds/protomat/multimat.c:276:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fhom=fopen(homfile[i], "r")) == NULL)
data/blimps-3.9+ds/protomat/multimat.c:377:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE], ctemp[30], *ptr;
data/blimps-3.9+ds/protomat/multimat.c:424:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
temp[t].score = atoi(ctemp);
data/blimps-3.9+ds/protomat/multimat.c:426:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
temp[t].frame = atoi(ctemp);
data/blimps-3.9+ds/protomat/multimat.c:431:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
temp[t].offset = atoi(ctemp);
data/blimps-3.9+ds/protomat/multimat.c:493:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char save_id[25];
data/blimps-3.9+ds/protomat/multimat.c:723:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE];
data/blimps-3.9+ds/protomat/multimat.c:725:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fstp=fopen("blksrch.stp", "r")) == NULL)
data/blimps-3.9+ds/protomat/multimat.c:816:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE], *ptr, *ptr1;
data/blimps-3.9+ds/protomat/multimat.c:847:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
block->minprev = atoi(ptr);
data/blimps-3.9+ds/protomat/multimat.c:849:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (ptr != NULL) block->maxprev = atoi(ptr);
data/blimps-3.9+ds/protomat/multimat.c:860:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
block->s995 = atoi(ptr1);
data/blimps-3.9+ds/protomat/multimat.c:867:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
block->strength = atoi(ptr1);
data/blimps-3.9+ds/protomat/multimat.c:883:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE], ctemp[MAXLINE], *ptr, *ptr1;
data/blimps-3.9+ds/protomat/multimat.c:910:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
block->offset[block->nseq] = atoi(ptr);
data/blimps-3.9+ds/protomat/multimat.c:943:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ac[10], pline[MAXLINE], tline[40];
data/blimps-3.9+ds/protomat/multimat.c:1274:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[20], dbline[MAXLINE], qline[MAXLINE], pline[MAXLINE];
data/blimps-3.9+ds/protomat/multimat.c:1438:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datline[MAXLINE], homline[MAXLINE], blkline[MAXLINE];
data/blimps-3.9+ds/protomat/multimat.c:1439:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char barline[MAXLINE], saveac[MAXAC+1];
data/blimps-3.9+ds/protomat/multimat.c:1440:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[MAXLINE];
data/blimps-3.9+ds/protomat/multimat.c:1490:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctemp, "%c<->%c", saveac[ACLen], block->ac[ACLen]);
data/blimps-3.9+ds/protomat/multimat.c:1492:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctemp, "%6d", block->offset[s]);
data/blimps-3.9+ds/protomat/multimat.c:1494:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctemp, "%6d", block->offset[block->nseq-1] + 1);
data/blimps-3.9+ds/protomat/multimat.c:1508:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ctemp, "(%d,%d):%d", datmin, datmax, homdist);
data/blimps-3.9+ds/protomat/multimat.c:1632:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seqaa[2];
data/blimps-3.9+ds/protomat/protomot.c:53:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PatName[15], Prefix[15], Pros[FNAMELEN];
data/blimps-3.9+ds/protomat/protomot.c:62:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char infile[FNAMELEN], defname[FNAMELEN], swiss[FNAMELEN];
data/blimps-3.9+ds/protomat/protomot.c:82:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(defname, "/cdrom/prosite/prosite.dat");
data/blimps-3.9+ds/protomat/protomot.c:88:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fdat=fopen(infile, "r")) == NULL)
data/blimps-3.9+ds/protomat/protomot.c:101:37: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if ((int) strlen(PatName) < 2) strcpy(PatName, "all");
data/blimps-3.9+ds/protomat/protomot.c:130:35: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if ((int) strlen(swiss) < 2) strcpy(swiss, "none");
data/blimps-3.9+ds/protomat/protomot.c:152:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (frep=fopen("repeats.dat", "a+t")) == NULL)
data/blimps-3.9+ds/protomat/protomot.c:156:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fpdb=fopen("pdb.dat", "a+t")) == NULL)
data/blimps-3.9+ds/protomat/protomot.c:168:32: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcpy(defname, Prefix); strcat(defname,".lis");
data/blimps-3.9+ds/protomat/protomot.c:184:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE], title[MAXLINE], id[25], *ptr;
data/blimps-3.9+ds/protomat/protomot.c:185:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pattern[3*MAXLINE], counts[3*MAXLINE], ac[10], filename[12];
data/blimps-3.9+ds/protomat/protomot.c:186:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char repeats[3*MAXLINE], pdbs[3*MAXLINE];
data/blimps-3.9+ds/protomat/protomot.c:219:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(title, " ;"); /* leave space for A,B...*/
data/blimps-3.9+ds/protomat/protomot.c:276:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(filename,".lis");
data/blimps-3.9+ds/protomat/protomot.c:279:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (flis=fopen(filename, "w+t")) == NULL)
data/blimps-3.9+ds/protomat/protomot.c:325:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ptr, swiss_key[20], temp[20];
data/blimps-3.9+ds/protomat/protomot.c:364:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ac[10];
data/blimps-3.9+ds/protomat/protomot.c:370:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *temp, *ptr, mem[40], tempc[MAXLINE];
data/blimps-3.9+ds/protomat/protomot.c:393:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nhit = atoi(ptr);
data/blimps-3.9+ds/protomat/protomot.c:395:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
npos = atoi(ptr);
data/blimps-3.9+ds/protomat/protomot.c:405:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nhit = nhit + atoi(ptr);
data/blimps-3.9+ds/protomat/protomot.c:406:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
npos = npos + atoi(ptr);
data/blimps-3.9+ds/protomat/protomot.c:416:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (ptr != NULL) nrep = atoi(ptr);
data/blimps-3.9+ds/protomat/protomot.c:460:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mem, " MOTIFJ=[%d,%d,%d,%d];",
data/blimps-3.9+ds/protomat/protomot.c:475:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ptr, tempc[30];
data/blimps-3.9+ds/protomat/protomot.c:486:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return(atoi(ptr));
data/blimps-3.9+ds/protomat/uextract.c:93:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Version[12] = " 2/21/00.1";
data/blimps-3.9+ds/protomat/uextract.c:94:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Pros[FNAMELEN];
data/blimps-3.9+ds/protomat/uextract.c:101:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char infile[FNAMELEN], lisfile[FNAMELEN], title[MAXLINE], stemp[MAXLINE];
data/blimps-3.9+ds/protomat/uextract.c:102:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char foutname[FNAMELEN], stitle[MAXLINE];
data/blimps-3.9+ds/protomat/uextract.c:103:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lstname[FNAMELEN], *temp, *ptr;
data/blimps-3.9+ds/protomat/uextract.c:104:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char runtype[3], signif[5], dups[5], distance[5];
data/blimps-3.9+ds/protomat/uextract.c:135:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (flis=fopen(lisfile, "r")) == NULL)
data/blimps-3.9+ds/protomat/uextract.c:149:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fin=fopen(infile, "r")) == NULL)
data/blimps-3.9+ds/protomat/uextract.c:179:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fout=fopen(foutname, "w+t")) == NULL)
data/blimps-3.9+ds/protomat/uextract.c:273:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(lstname, ".lst");
data/blimps-3.9+ds/protomat/uextract.c:274:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (flst=fopen(lstname, "w+t")) == NULL)
data/blimps-3.9+ds/protomat/uextract.c:300:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
test = atoi(dups);
data/blimps-3.9+ds/protomat/uextract.c:312:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(distance, "17"); /* Force distance=17 */
data/blimps-3.9+ds/protomat/uextract.c:326:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (flis=fopen(lisfile, "w+t")) == NULL)
data/blimps-3.9+ds/protomat/uextract.c:343:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fdat=fopen("uextract.dat", "a")) != NULL)
data/blimps-3.9+ds/protomat/uextract.c:382:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sid[80], tid[80], sid1[80];
data/blimps-3.9+ds/protomat/universa.c:44:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char infile[50], outfile[50], defname[50], *ptr;
data/blimps-3.9+ds/protomat/universa.c:65:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fin=fopen(infile, "r")) == NULL)
data/blimps-3.9+ds/protomat/universa.c:75:36: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
ptr = strtok(defname, "."); strcat(ptr, ".uni");
data/blimps-3.9+ds/protomat/universa.c:81:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fout=fopen(outfile, "w+")) == NULL)
data/blimps-3.9+ds/protomat/universa.c:107:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINE], title[MAXLINE], temp[MAXLINE], *ptr;
data/blimps-3.9+ds/protomat/universa.c:108:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[20], acc[MAXLINE], desc[MAXLINE], start[MAXLINE];
data/blimps-3.9+ds/protomat/universa.c:166:40: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcpy(temp, title); strcat(temp, " | ");
data/blimps-3.9+ds/protomat/universa.c:196:20: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(title, " (FRAGMENT)");
data/blimps-3.9+ds/blimps/LAMA.c:305:15: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(significance,"-") ;
data/blimps-3.9+ds/blimps/LAMA.c:1653:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i1=0; i1<(5 - (int) strlen(ptr)); i1++) word[i2++] = '0' ;
data/blimps-3.9+ds/blimps/LAMA.c:1659:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(block->ac, tmpbuf, SMALL_BUFF_LENGTH);
data/blimps-3.9+ds/blimps/LAMA.c:1660:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(block->number, tmpbuf, SMALL_BUFF_LENGTH);
data/blimps-3.9+ds/blimps/LAMA.c:1664:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(block->id, tmpbuf, SMALL_BUFF_LENGTH);
data/blimps-3.9+ds/blimps/LAMA.c:1683:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ptr[strlen(ptr)-1] != ')')
data/blimps-3.9+ds/blimps/LAMA.c:1690:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr[strlen(ptr)-1] = ' ' ;
data/blimps-3.9+ds/blimps/LAMA.c:1721:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(block->de, ptr, SMALL_BUFF_LENGTH) ;
data/blimps-3.9+ds/blimps/LAMA.c:1811:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
block->width = strlen(ptr) ;
data/blimps-3.9+ds/blimps/LAMA.c:1850:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(block->sequences[num_seqs].name, word, SMALL_BUFF_LENGTH) ;
data/blimps-3.9+ds/blimps/LAMA.c:1861:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ptr) != block->width)
data/blimps-3.9+ds/blimps/LAMA.c:1867:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
block->sequences[num_seqs].name, strlen(ptr),
data/blimps-3.9+ds/blimps/LAMA_search.c:234:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (int) strlen(entries[i].val) > 0)
data/blimps-3.9+ds/blimps/LAMA_search.c:244:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(database, printsdbase,LARGE_BUFF_LENGTH) ;
data/blimps-3.9+ds/blimps/LAMA_search.c:249:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(database, blplusdbase,LARGE_BUFF_LENGTH) ;
data/blimps-3.9+ds/blimps/LAMA_search.c:254:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(database, targetdbase,LARGE_BUFF_LENGTH) ;
data/blimps-3.9+ds/blimps/LAMA_search.c:259:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(database, blocksdbase, LARGE_BUFF_LENGTH) ;
data/blimps-3.9+ds/blimps/LAMA_search.c:331:22: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((buf[0]=getc(efp)) != EOF) putchar(buf[0]) ;
data/blimps-3.9+ds/blimps/LAMA_search.c:395:22: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((buf[0]=getc(efp)) != EOF) putchar(buf[0]) ;
data/blimps-3.9+ds/blimps/addseqs.c:1214:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((strlen(ptr1) == 6 && strcspn(parts[i],"_") == 6) ||
data/blimps-3.9+ds/blimps/addseqs.c:1215:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(parts[i]) == 6 && strcspn(ptr1,"_") == 6) ))
data/blimps-3.9+ds/blimps/addseqs.c:1223:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (match==1 && strlen(name1) > strlen(name2))
data/blimps-3.9+ds/blimps/addseqs.c:1223:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (match==1 && strlen(name1) > strlen(name2))
data/blimps-3.9+ds/blimps/biassed_blocks_finder.c:179:22: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((buf[0]=getc(efp)) != EOF) putchar(buf[0]) ;
data/blimps-3.9+ds/blimps/blDR.c:99:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(seq->name) > MAXNAME) { seq->name[MAXNAME] = '\0'; }
data/blimps-3.9+ds/blimps/blalign.c:433:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(out[seq].line, " ");
data/blimps-3.9+ds/blimps/blalign.c:435:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(out[seq].line, ".");
data/blimps-3.9+ds/blimps/blalign.c:446:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
alen = strlen(out[0].line);
data/blimps-3.9+ds/blimps/blalign.c:541:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
alen = strlen(header);
data/blimps-3.9+ds/blimps/blalign.c:542:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (pos = alen; pos < strlen(out[0].line); pos++)
data/blimps-3.9+ds/blimps/blalign.c:543:10: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(header, " ");
data/blimps-3.9+ds/blimps/blalign.c:668:16: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(out[seq].line, "-");
data/blimps-3.9+ds/blimps/blalign.c:672:16: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(out[seq].line, ".");
data/blimps-3.9+ds/blimps/blalign.c:684:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
alen = strlen(out[0].line);
data/blimps-3.9+ds/blimps/blalign.c:849:19: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
{ strcat(out[seq].line, "-"); }
data/blimps-3.9+ds/blimps/blalign.c:856:19: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
{ strcat(out[seq].line, "."); }
data/blimps-3.9+ds/blimps/blalign.c:868:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
alen = strlen(out[0].line);
data/blimps-3.9+ds/blimps/blexplode.c:48:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(prefix))
data/blimps-3.9+ds/blimps/blk2mot.c:159:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(ptr) > SNAMELEN - 1) ptr[SNAMELEN - 1] = '\0';
data/blimps-3.9+ds/blimps/blk2mot.c:169:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (Seq[ns] != NULL && Len[ns] < MAX_LENGTH + (int) strlen(line) )
data/blimps-3.9+ds/blimps/blk2mot.c:171:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i < (int) strlen(line); i++)
data/blimps-3.9+ds/blimps/blk2mot.c:261:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(block->motif) == 3)
data/blimps-3.9+ds/blimps/blk2mot.c:373:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite(&info->Title, strlen(info->Title)*sizeof(char), 1, mot);
data/blimps-3.9+ds/blimps/blk2pssm.c:121:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ctemp) && (ctemp[0] == 'm' || ctemp[0] == 'M'))
data/blimps-3.9+ds/blimps/blk2pssm.c:125:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ctemp) && (ctemp[0] == 'g' || ctemp[0] == 'G'))
data/blimps-3.9+ds/blimps/blk2pssm.c:129:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ctemp) && (ctemp[0] == 'p' || ctemp[0] == 'P'))
data/blimps-3.9+ds/blimps/blk_to_PSSM.c:453:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(alphabet),matrix->width);
data/blimps-3.9+ds/blimps/blkprob.c:330:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(ctemp)) strcpy(ctemp, "0");
data/blimps-3.9+ds/blimps/blkprob.c:330:24: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if (!strlen(ctemp)) strcpy(ctemp, "0");
data/blimps-3.9+ds/blimps/blkprob.c:331:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<strlen(ctemp); i++)
data/blimps-3.9+ds/blimps/blkprob.c:367:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(datfile))
data/blimps-3.9+ds/blimps/blkprob.c:415:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(DatDir, datfile, datsplit->dir_len);
data/blimps-3.9+ds/blimps/blkprob.c:612:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(HomName, homfile + homsplit->dir_len, homsplit->name_len);
data/blimps-3.9+ds/blimps/blkprob.c:626:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) > SNAMELEN && strstr(line, "Probe Sequence:") != NULL)
data/blimps-3.9+ds/blimps/blkprob.c:630:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(ptr); if (j > FNAMELEN) j = FNAMELEN;
data/blimps-3.9+ds/blimps/blkprob.c:631:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(Qfilename, ptr+16, j); Qfilename[j] = '\0';
data/blimps-3.9+ds/blimps/blkprob.c:636:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<strlen(Qfilename); i++)
data/blimps-3.9+ds/blimps/blkprob.c:646:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (j < strlen(Query) && Query[j] != ' ')
data/blimps-3.9+ds/blimps/blkprob.c:658:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(line) > SNAMELEN && strstr(line, "Size") != NULL)
data/blimps-3.9+ds/blimps/blkprob.c:672:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(line) > SNAMELEN && strstr(line, "Target") != NULL)
data/blimps-3.9+ds/blimps/blkprob.c:686:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(line) > SNAMELEN && strstr(line, "Records") != NULL)
data/blimps-3.9+ds/blimps/blkprob.c:699:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(line) > SNAMELEN && strstr(line, "Alignments") != NULL)
data/blimps-3.9+ds/blimps/blkprob.c:909:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) > aa_pos && NResult < NSCORE)
data/blimps-3.9+ds/blimps/blkprob.c:912:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(save_ac, &line[ac_pos], MAXAC); save_ac[MAXAC] = '\0';
data/blimps-3.9+ds/blimps/blkprob.c:916:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(save_ac); done = NO;
data/blimps-3.9+ds/blimps/blkprob.c:926:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(Results[NResult].title, &line[title_pos], title_len);
data/blimps-3.9+ds/blimps/blkprob.c:928:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ctemp, &line[str_pos], 6); ctemp[6] = '\0';
data/blimps-3.9+ds/blimps/blkprob.c:930:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ctemp, &line[score_pos], 6); ctemp[6] = '\0';
data/blimps-3.9+ds/blimps/blkprob.c:932:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ctemp, &line[frame_pos], 2); ctemp[2] = '\0';
data/blimps-3.9+ds/blimps/blkprob.c:934:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ctemp, &line[off_pos], 7); ctemp[7] = '\0';
data/blimps-3.9+ds/blimps/blkprob.c:940:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(Results[NResult].aa, &line[aa_pos], Results[NResult].width);
data/blimps-3.9+ds/blimps/blkprob.c:1399:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
famlen = strlen(fam);
data/blimps-3.9+ds/blimps/blkprob.c:1407:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fcur->prevfam) < famlen) len = strlen(fcur->prevfam);
data/blimps-3.9+ds/blimps/blkprob.c:1407:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fcur->prevfam) < famlen) len = strlen(fcur->prevfam);
data/blimps-3.9+ds/blimps/blkprob.c:1439:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(block->number) < famlen) len = strlen(block->number);
data/blimps-3.9+ds/blimps/blkprob.c:1439:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(block->number) < famlen) len = strlen(block->number);
data/blimps-3.9+ds/blimps/blkprob.c:1555:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pline) > 35) pline[35] = '\0';
data/blimps-3.9+ds/blimps/blkprob.c:1558:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=strlen(pline); i<35; i++) pline[i] = ' ';
data/blimps-3.9+ds/blimps/blkprob.c:1776:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
famlen = strlen(hit->fam); /* length of family name */
data/blimps-3.9+ds/blimps/blkprob.c:1812:40: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
for (i=spot; i < spot+imin; i++) strncpy(dbline+i, block->ac+famlen, 1);
data/blimps-3.9+ds/blimps/blkprob.c:1849:20: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(qline+i, block->ac+famlen, 1);
data/blimps-3.9+ds/blimps/blkprob.c:1873:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(qline) - qspot) <= (strlen(dbline) - maxspot))
data/blimps-3.9+ds/blimps/blkprob.c:1873:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(qline) - qspot) <= (strlen(dbline) - maxspot))
data/blimps-3.9+ds/blimps/blkprob.c:1874:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qright = strlen(qline);
data/blimps-3.9+ds/blimps/blkprob.c:1876:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qright = qspot + strlen(dbline) - maxspot;
data/blimps-3.9+ds/blimps/blkprob.c:1877:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pline, qline+qleft, qright-qleft+1); pline[qright-qleft+1] = '\0';
data/blimps-3.9+ds/blimps/blkprob.c:1879:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (qright != strlen(qline)) pline[strlen(pline)-1] = '>';
data/blimps-3.9+ds/blimps/blkprob.c:1879:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (qright != strlen(qline)) pline[strlen(pline)-1] = '>';
data/blimps-3.9+ds/blimps/blkprob.c:1905:25: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(qline+i, Results[t].ac+famlen, 1);
data/blimps-3.9+ds/blimps/blkprob.c:1916:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!done && strlen(qline))
data/blimps-3.9+ds/blimps/blkprob.c:1927:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(qline) > maxseq)
data/blimps-3.9+ds/blimps/blkprob.c:1958:25: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(qline+i, Results[t].ac+famlen, 1);
data/blimps-3.9+ds/blimps/blkprob.c:1968:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!done && strlen(qline))
data/blimps-3.9+ds/blimps/blkprob.c:1978:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(qline) > maxseq)
data/blimps-3.9+ds/blimps/blkprob.c:2007:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
famlen = strlen(hit->fam); /* length of family name */
data/blimps-3.9+ds/blimps/blkprob.c:2041:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(blkline+spot, block->ac, strlen(block->ac));
data/blimps-3.9+ds/blimps/blkprob.c:2041:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(blkline+spot, block->ac, strlen(block->ac));
data/blimps-3.9+ds/blimps/blkprob.c:2042:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(datline+spot, block->closest_name, strlen(block->closest_name));
data/blimps-3.9+ds/blimps/blkprob.c:2042:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(datline+spot, block->closest_name, strlen(block->closest_name));
data/blimps-3.9+ds/blimps/blkprob.c:2043:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(homline+spot, Query, strlen(Query));
data/blimps-3.9+ds/blimps/blkprob.c:2043:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(homline+spot, Query, strlen(Query));
data/blimps-3.9+ds/blimps/blkprob.c:2047:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(blkline+spot+1, "<->", 3);
data/blimps-3.9+ds/blimps/blkprob.c:2051:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(datline+spot, ctemp, strlen(ctemp));
data/blimps-3.9+ds/blimps/blkprob.c:2051:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(datline+spot, ctemp, strlen(ctemp));
data/blimps-3.9+ds/blimps/blkprob.c:2053:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(homline+spot, ctemp, strlen(ctemp));
data/blimps-3.9+ds/blimps/blkprob.c:2053:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(homline+spot, ctemp, strlen(ctemp));
data/blimps-3.9+ds/blimps/blkprob.c:2059:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy(blkline+bspot, "(", 1); bspot++;
data/blimps-3.9+ds/blimps/blkprob.c:2062:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(blkline+bspot, ctemp, strlen(ctemp));
data/blimps-3.9+ds/blimps/blkprob.c:2062:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(blkline+bspot, ctemp, strlen(ctemp));
data/blimps-3.9+ds/blimps/blkprob.c:2063:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bspot += strlen(ctemp);
data/blimps-3.9+ds/blimps/blkprob.c:2064:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy(blkline+bspot, ",", 1); bspot++;
data/blimps-3.9+ds/blimps/blkprob.c:2067:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(blkline+bspot, ctemp, strlen(ctemp));
data/blimps-3.9+ds/blimps/blkprob.c:2067:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(blkline+bspot, ctemp, strlen(ctemp));
data/blimps-3.9+ds/blimps/blkprob.c:2068:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bspot += strlen(ctemp);
data/blimps-3.9+ds/blimps/blkprob.c:2069:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy(blkline+bspot, ")", 1); bspot++;
data/blimps-3.9+ds/blimps/blkprob.c:2070:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy(blkline+bspot, ":", 1); bspot++;
data/blimps-3.9+ds/blimps/blkprob.c:2073:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(blkline+bspot, ctemp, strlen(ctemp));
data/blimps-3.9+ds/blimps/blkprob.c:2073:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(blkline+bspot, ctemp, strlen(ctemp));
data/blimps-3.9+ds/blimps/blkprob.c:2074:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bspot += strlen(ctemp);
data/blimps-3.9+ds/blimps/blkprob.c:2078:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(datline+spot, block->closest_aa+i, 1);
data/blimps-3.9+ds/blimps/blkprob.c:2079:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(homline+spot, Results[ block->query_res].aa+i, 1);
data/blimps-3.9+ds/blimps/blkprob.c:2109:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(repline+repspot, ctemp, strlen(ctemp));
data/blimps-3.9+ds/blimps/blkprob.c:2109:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(repline+repspot, ctemp, strlen(ctemp));
data/blimps-3.9+ds/blimps/blkprob.c:2551:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(aatemp, Results[res].aa+i, 1);
data/blimps-3.9+ds/blimps/blkprob.c:2555:16: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(Results[res].aa+i, aatemp, 1);
data/blimps-3.9+ds/blimps/block_vis.c:333:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(in_file);
data/blimps-3.9+ds/blimps/blocks.c:192:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(block->id, buf2, SMALL_BUFF_LENGTH);
data/blimps-3.9+ds/blimps/blocks.c:230:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(block->ac, buf2, SMALL_BUFF_LENGTH);
data/blimps-3.9+ds/blimps/blocks.c:232:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (buf2[strlen(buf2)-1] == ';')
data/blimps-3.9+ds/blimps/blocks.c:234:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf2[strlen(buf2)-1] = '\0'; /* remove the ';'*/
data/blimps-3.9+ds/blimps/blocks.c:236:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(block->number, buf2, SMALL_BUFF_LENGTH);
data/blimps-3.9+ds/blimps/blocks.c:238:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(block->family);
data/blimps-3.9+ds/blimps/blocks.c:286:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(block->de, buf2, SMALL_BUFF_LENGTH);
data/blimps-3.9+ds/blimps/blocks.c:319:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(block->bl, buf2, SMALL_BUFF_LENGTH);
data/blimps-3.9+ds/blimps/blocks.c:520:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(block->sequences[num_sequences_seen].name, name_buf, SMALL_BUFF_LENGTH);
data/blimps-3.9+ds/blimps/blocks.c:966:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenb = strlen(block->bl);
data/blimps-3.9+ds/blimps/blocks.c:972:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset = lenb - strlen(ptr);
data/blimps-3.9+ds/blimps/blocks.c:973:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(block->bl, bltemp, offset); /* preserve first part */
data/blimps-3.9+ds/blimps/blocks.c:987:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(bltemp) > 20) /* look for nearest | */
data/blimps-3.9+ds/blimps/blocks.c:1223:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(Buffer) > 5 && strstr(Buffer, "(") != NULL)
data/blimps-3.9+ds/blimps/blocks.c:1232:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (int) strlen(ctemp) != new_block->width)
data/blimps-3.9+ds/blimps/blocks_search.c:235:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(strands, "2"); /* Default blimps parameters */
data/blimps-3.9+ds/blimps/blocks_search.c:237:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(gecode, "0");
data/blimps-3.9+ds/blimps/blocks_search.c:239:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(Expect, "2");
data/blimps-3.9+ds/blimps/blocks_search.c:261:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cl = strlen(query_string);
data/blimps-3.9+ds/blimps/blocks_search.c:287:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(entries[i].val) > 0) { Mail_Flag = TRUE; }
data/blimps-3.9+ds/blimps/blocks_search.c:443:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tot = strlen(Sequence_Ptr->val);
data/blimps-3.9+ds/blimps/blocks_search.c:467:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, &Sequence_Ptr->val[sum], 80);
data/blimps-3.9+ds/blimps/blocks_search.c:468:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sum = sum + strlen(buf);
data/blimps-3.9+ds/blimps/blpssm.c:624:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (!strlen(fname) && Steve[i] != NULL && i < MAXMAT)
data/blimps-3.9+ds/blimps/blpssm.c:1222:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(!strlen(line) || line[0] == '#' || line[0] == ';'))
data/blimps-3.9+ds/blimps/blpssm.c:1229:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i < (int) strlen(line); i++)
data/blimps-3.9+ds/blimps/blpssm.c:1248:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(line) > 1)
data/blimps-3.9+ds/blimps/blpssm.c:1256:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strspn(ptr, "+-0123456789") == strlen(ptr))
data/blimps-3.9+ds/blimps/blpssm.c:1308:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(strstr(ctemp, "BLOCK"), "MATRIX\0", 7);
data/blimps-3.9+ds/blimps/blpssm.c:2017:34: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
for (i=0; i < pos; i++) strcat(pattern, "x");
data/blimps-3.9+ds/blimps/blpssm.c:2020:48: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
for (i=pos+1; i < matrix->width; i++) strcat(pattern, "x");
data/blimps-3.9+ds/blimps/blpssm.c:2025:39: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
for (i=0; i < pos; i++) strcat(pattern, "x");
data/blimps-3.9+ds/blimps/blpssm.c:2026:15: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(pattern, "[");
data/blimps-3.9+ds/blimps/blpssm.c:2033:15: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(pattern, "]");
data/blimps-3.9+ds/blimps/blpssm.c:2034:51: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
for (i=pos; i < matrix->width; i++) strcat(pattern, "x");
data/blimps-3.9+ds/blimps/blweight.c:155:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ctemp))
data/blimps-3.9+ds/blimps/blweight.c:193:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ctemp))
data/blimps-3.9+ds/blimps/blweight.c:806:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenb = strlen(block->bl);
data/blimps-3.9+ds/blimps/blweight.c:812:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset = lenb - strlen(ptr);
data/blimps-3.9+ds/blimps/blweight.c:813:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(block->bl, bltemp, offset); /* preserve first part */
data/blimps-3.9+ds/blimps/cobbler.c:1560:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (((int) strlen(line) < 1 || line[0]=='#' || line[0]=='>' ||
data/blimps-3.9+ds/blimps/cobbler.c:1569:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i< (int) strlen(line); i++)
data/blimps-3.9+ds/blimps/cobbler.c:1588:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(line) > 1 && nrows < MAXAA)
data/blimps-3.9+ds/blimps/cobbler.c:1596:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strspn(ptr, "+-0123456789") == strlen(ptr))
data/blimps-3.9+ds/blimps/cobbler.c:1827:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cobblen = (int) strlen(cobbler);
data/blimps-3.9+ds/blimps/codehop.c:356:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (!strlen(src_fam_name) ||
data/blimps-3.9+ds/blimps/codehop.c:357:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!strncasecmp(src_fam_name, block->family, strlen(src_fam_name)) )
data/blimps-3.9+ds/blimps/codehop.c:1127:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dna_pssm->nsres[pos] = (int) strlen(ctemp);
data/blimps-3.9+ds/blimps/codehop.c:1147:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = (rand() >> 3) % strlen(ctemp);
data/blimps-3.9+ds/blimps/coduse.c:83:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(organism))
data/blimps-3.9+ds/blimps/coduse.c:111:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strncasecmp(line, organism, strlen(organism)) == 0) )
data/blimps-3.9+ds/blimps/coduse.c:153:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ctemp, Codons[i], 3); ctemp[3] = '\0';
data/blimps-3.9+ds/blimps/config.c:136:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ExportMatrixFile, buf_token, SMALL_BUFF_LENGTH);
data/blimps-3.9+ds/blimps/config.c:210:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(OutputFile, buf_token, SMALL_BUFF_LENGTH);
data/blimps-3.9+ds/blimps/config.c:405:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(Buffer, filename, LARGE_BUFF_LENGTH);
data/blimps-3.9+ds/blimps/config.c:406:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_length = strlen(Buffer);
data/blimps-3.9+ds/blimps/config.c:413:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(&(Buffer[str_length]), ".err\0",
data/blimps-3.9+ds/blimps/config.c:417:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(&(Buffer[strlen(Buffer)]), ".err\0",
data/blimps-3.9+ds/blimps/config.c:417:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(&(Buffer[strlen(Buffer)]), ".err\0",
data/blimps-3.9+ds/blimps/config.c:418:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
LARGE_BUFF_LENGTH - strlen(Buffer));
data/blimps-3.9+ds/blimps/convert.c:106:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(Buffer, block->id, SMALL_BUFF_LENGTH);
data/blimps-3.9+ds/blimps/convert.c:110:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(strstr(Buffer, "BLOCK"), "MATRIX\0", 7);
data/blimps-3.9+ds/blimps/convert.c:111:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(matrix->id, Buffer, SMALL_BUFF_LENGTH);
data/blimps-3.9+ds/blimps/convert.c:114:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(matrix->id,
data/blimps-3.9+ds/blimps/convert.c:115:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(Buffer, "; MATRIX", SMALL_BUFF_LENGTH - strlen(Buffer)),
data/blimps-3.9+ds/blimps/convert.c:115:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(Buffer, "; MATRIX", SMALL_BUFF_LENGTH - strlen(Buffer)),
data/blimps-3.9+ds/blimps/convert.c:120:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(matrix->de, block->de, DESC_WIDTH);
data/blimps-3.9+ds/blimps/convert.c:121:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(matrix->ma, block->bl, SMALL_BUFF_LENGTH);
data/blimps-3.9+ds/blimps/convert.c:124:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(matrix->motif, block->motif, 20);
data/blimps-3.9+ds/blimps/convert.c:745:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (((int) strlen(line) < 1 ||
data/blimps-3.9+ds/blimps/convert.c:754:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i< (int) strlen(line); i++) {
data/blimps-3.9+ds/blimps/convert.c:777:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(line) > 1 && nrows < AAS) {
data/blimps-3.9+ds/blimps/convert.c:782:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strspn(ptr, ".+-0123456789") == strlen(ptr)) {
data/blimps-3.9+ds/blimps/errors.c:43:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ErrorFile, error_file, SMALL_BUFF_LENGTH);
data/blimps-3.9+ds/blimps/files.c:184:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
calloc(strlen(file_name) + 1, sizeof(char)) /* +1 for '\0' */
data/blimps-3.9+ds/blimps/files.c:186:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(this_list->file_names[this_list->num_files - 1], file_name,
data/blimps-3.9+ds/blimps/files.c:187:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(file_name));
data/blimps-3.9+ds/blimps/files.c:188:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
this_list->file_names[this_list->num_files - 1][strlen(file_name)+1] = '\0';
data/blimps-3.9+ds/blimps/files.c:271:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(this_list->fp);
data/blimps-3.9+ds/blimps/find_biassed_blocks.c:139:17: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
else strcpy(percent_char,"%") ;
data/blimps-3.9+ds/blimps/find_biassed_blocks.c:460:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int) strlen(first_entry) >= 6)
data/blimps-3.9+ds/blimps/find_biassed_blocks.c:499:36: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((first_entry[entrylen++]=getc(*dbfile)) != EOF)
data/blimps-3.9+ds/blimps/find_biassed_blocks.c:632:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i1=0; i1<(5 - (int) strlen(ptr)); i1++) word[i2++] = '0' ;
data/blimps-3.9+ds/blimps/find_biassed_blocks.c:660:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ptr[strlen(ptr)-1] != ')')
data/blimps-3.9+ds/blimps/find_biassed_blocks.c:667:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr[strlen(ptr)-1] = ' ' ;
data/blimps-3.9+ds/blimps/find_biassed_blocks.c:698:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(block->de, ptr, SMALL_BUFF_LENGTH) ;
data/blimps-3.9+ds/blimps/find_biassed_blocks.c:788:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
block->width = strlen(ptr) ;
data/blimps-3.9+ds/blimps/find_biassed_blocks.c:827:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(block->sequences[num_seqs].name, word, SMALL_BUFF_LENGTH) ;
data/blimps-3.9+ds/blimps/find_biassed_blocks.c:838:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ptr) != block->width)
data/blimps-3.9+ds/blimps/find_biassed_blocks.c:844:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
block->sequences[num_seqs].name, strlen(ptr),
data/blimps-3.9+ds/blimps/format_block.c:130:3: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(Weight_type, "P");
data/blimps-3.9+ds/blimps/format_block.c:131:3: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(Weight_scale, "M");
data/blimps-3.9+ds/blimps/format_block.c:463:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stringlen = (int) strlen(SEQS_Ptr->val) ;
data/blimps-3.9+ds/blimps/format_block.c:594:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stringlen = (int) strlen(SEQ_NAMES_Ptr->val) ;
data/blimps-3.9+ds/blimps/format_block.c:629:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(block->sequences[k].name,string,20) ;
data/blimps-3.9+ds/blimps/format_block.c:654:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stringlen = (int) strlen(SEQ_POS_Ptr->val) ;
data/blimps-3.9+ds/blimps/format_block.c:725:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(block->id,ID_Ptr->val, SMALL_BUFF_LENGTH) ;
data/blimps-3.9+ds/blimps/format_block.c:732:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(block->number, block->sequences[0].name, MAXAC) ;
data/blimps-3.9+ds/blimps/format_block.c:737:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(block->number) < MINAC)
data/blimps-3.9+ds/blimps/format_block.c:739:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=strlen(block->number); i< MINAC; i++) block->number[i] = 'x';
data/blimps-3.9+ds/blimps/format_block.c:742:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<strlen(block->number); i++)
data/blimps-3.9+ds/blimps/format_block.c:775:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(block->de,DE_Ptr->val, SMALL_BUFF_LENGTH) ;
data/blimps-3.9+ds/blimps/format_block.c:778:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(block->bl,MA_METH_Ptr->val, SMALL_BUFF_LENGTH-25) ;
data/blimps-3.9+ds/blimps/htmlize-LAMA.c:57:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(Qfname, argv[1], MAXLINELEN);
data/blimps-3.9+ds/blimps/htmlize-LAMA.c:67:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(Tfname, argv[2], MAXLINELEN);
data/blimps-3.9+ds/blimps/htmlize-LAMA.c:78:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(inpfname, argv[3], MAXLINELEN);
data/blimps-3.9+ds/blimps/htmlize-LAMA.c:109:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(outfname, argv[4], MAXLINELEN);
data/blimps-3.9+ds/blimps/htmlize-codehop.c:210:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
blen = strlen(bcur->line + ocur->firstpos);
data/blimps-3.9+ds/blimps/htmlize-codehop.c:212:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(stemp, bcur->line + ocur->firstpos, blen);
data/blimps-3.9+ds/blimps/htmlize-codehop.c:218:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(stemp, ocur->line + ocur->firstpos, olen);
data/blimps-3.9+ds/blimps/htmlize-codehop.c:332:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ocur->lastpos = strlen(ocur->line);
data/blimps-3.9+ds/blimps/interpro.c:113:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(iprname)) strcpy(iprname, "all");
data/blimps-3.9+ds/blimps/interpro.c:175:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ac) > 3 && ac[2] == 'R') ac[2] = 'B';
data/blimps-3.9+ds/blimps/interpro.c:182:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ac) > MAXAC-1) ac[MAXAC-1] = '\0';
data/blimps-3.9+ds/blimps/interpro.c:408:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (insert && did != NULL && strlen(did->entry) &&
data/blimps-3.9+ds/blimps/lisblk.c:77:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
done = NO; i = strlen(blkfile)-1;
data/blimps-3.9+ds/blimps/lisblk.c:134:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(outfile, lisfile+lissplit->dir_len, lissplit->name_len);
data/blimps-3.9+ds/blimps/lisblk.c:142:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(Title)) fprintf(fout, "%s", Title);
data/blimps-3.9+ds/blimps/lisblk.c:143:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(Pros)) fprintf(fout, "%s", Pros);
data/blimps-3.9+ds/blimps/lisblk.c:184:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(id->ps)) fprintf(flis, " PS=%s", id->ps);
data/blimps-3.9+ds/blimps/mablock.c:143:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(Block_AC) > MAXAC-1)
data/blimps-3.9+ds/blimps/mablock.c:145:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(Block_AC) < MINAC)
data/blimps-3.9+ds/blimps/mablock.c:147:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=strlen(Block_AC); i < MINAC; i++) Block_AC[i] = 'x';
data/blimps-3.9+ds/blimps/mablock.c:150:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<strlen(Block_AC); i++)
data/blimps-3.9+ds/blimps/mablock.c:176:4: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(outtype, "B"); ftype = 0;
data/blimps-3.9+ds/blimps/mablock.c:427:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(line) > (int) 3 )
data/blimps-3.9+ds/blimps/mablock.c:558:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while(allnumbers && i<strlen(line))
data/blimps-3.9+ds/blimps/mablock.c:717:34: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (blist->nblock == 1) strcat(ctemp, "A");
data/blimps-3.9+ds/blimps/mablock.c:718:34: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (blist->nblock == 2) strcat(ctemp, "B");
data/blimps-3.9+ds/blimps/mablock.c:719:34: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (blist->nblock == 3) strcat(ctemp, "C");
data/blimps-3.9+ds/blimps/mablock.c:720:34: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (blist->nblock == 4) strcat(ctemp, "D");
data/blimps-3.9+ds/blimps/mablock.c:721:34: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (blist->nblock == 5) strcat(ctemp, "E");
data/blimps-3.9+ds/blimps/mablock.c:722:34: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (blist->nblock == 6) strcat(ctemp, "F");
data/blimps-3.9+ds/blimps/mablock.c:723:34: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (blist->nblock == 7) strcat(ctemp, "G");
data/blimps-3.9+ds/blimps/mablock.c:724:34: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (blist->nblock == 8) strcat(ctemp, "H");
data/blimps-3.9+ds/blimps/mablock.c:725:34: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (blist->nblock == 9) strcat(ctemp, "I");
data/blimps-3.9+ds/blimps/mablock.c:726:34: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (blist->nblock == 10) strcat(ctemp, "J");
data/blimps-3.9+ds/blimps/mablock.c:727:34: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (blist->nblock == 11) strcat(ctemp, "K");
data/blimps-3.9+ds/blimps/mablock.c:728:34: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (blist->nblock == 12) strcat(ctemp, "L");
data/blimps-3.9+ds/blimps/mablock.c:729:34: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (blist->nblock == 13) strcat(ctemp, "M");
data/blimps-3.9+ds/blimps/mablock.c:730:34: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (blist->nblock == 14) strcat(ctemp, "N");
data/blimps-3.9+ds/blimps/mablock.c:731:34: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (blist->nblock == 15) strcat(ctemp, "O");
data/blimps-3.9+ds/blimps/mablock.c:732:34: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (blist->nblock == 16) strcat(ctemp, "P");
data/blimps-3.9+ds/blimps/mablock.c:733:34: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (blist->nblock == 17) strcat(ctemp, "Q");
data/blimps-3.9+ds/blimps/mablock.c:734:34: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (blist->nblock == 18) strcat(ctemp, "R");
data/blimps-3.9+ds/blimps/mablock.c:735:34: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (blist->nblock == 19) strcat(ctemp, "S");
data/blimps-3.9+ds/blimps/mablock.c:736:34: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (blist->nblock == 20) strcat(ctemp, "T");
data/blimps-3.9+ds/blimps/mablock.c:737:34: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (blist->nblock == 21) strcat(ctemp, "U");
data/blimps-3.9+ds/blimps/mablock.c:738:34: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (blist->nblock == 22) strcat(ctemp, "V");
data/blimps-3.9+ds/blimps/mablock.c:739:34: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (blist->nblock == 23) strcat(ctemp, "W");
data/blimps-3.9+ds/blimps/mablock.c:740:34: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (blist->nblock == 24) strcat(ctemp, "X");
data/blimps-3.9+ds/blimps/mablock.c:741:34: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (blist->nblock == 25) strcat(ctemp, "Y");
data/blimps-3.9+ds/blimps/mablock.c:742:34: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if (blist->nblock == 26) strcat(ctemp, "Z");
data/blimps-3.9+ds/blimps/mablock.c:743:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else strcat(ctemp, "*");
data/blimps-3.9+ds/blimps/mablock.c:872:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(seqs[s]->name) > 15) seqs[s]->name[15] = '\0';
data/blimps-3.9+ds/blimps/mablock.c:876:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(seqs[s]->name) > SNAMELEN)
data/blimps-3.9+ds/blimps/mablock.c:890:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(seqs[s]->name);
data/blimps-3.9+ds/blimps/makeblockmap.c:112:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(lisname) && (lfp=fopen(lisname, "r")) == NULL)
data/blimps-3.9+ds/blimps/makeblockmap.c:155:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aclen = strlen(block_fam[0]->number) - 1;
data/blimps-3.9+ds/blimps/makeblockmap.c:156:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (block_fam[0]->number[(int) strlen(block_fam[0]->number)-1] != 'A')
data/blimps-3.9+ds/blimps/makeblockmap.c:179:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (int)strlen(src_fam_name) == 0 ||
data/blimps-3.9+ds/blimps/makeblockmap.c:180:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((int) strlen(src_fam_name) > 0 &&
data/blimps-3.9+ds/blimps/makeblockmap.c:218:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (int)strlen(src_fam_name) == 0 ||
data/blimps-3.9+ds/blimps/makeblockmap.c:219:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((int) strlen(src_fam_name) > 0 &&
data/blimps-3.9+ds/blimps/makeblockmap.c:250:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (prcssd_maps == 0 && (int) strlen(src_fam_name) > 0)
data/blimps-3.9+ds/blimps/makeblockmap.c:275:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (block_fam[0]->number[(int) strlen(block_fam[0]->number)-1] != 'A')
data/blimps-3.9+ds/blimps/makeblockmap.c:285:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (block_fam[i1]->number[(int) strlen(block_fam[i1]->number)-1] -
data/blimps-3.9+ds/blimps/makeblockmap.c:286:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
block_fam[i1-1]->number[(int) strlen(block_fam[i1-1]->number)-1]
data/blimps-3.9+ds/blimps/makeblockmap.c:366:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(map->description, block_fam[0]->de, SMALL_BUFF_LENGTH) ;
data/blimps-3.9+ds/blimps/makeblockmap.c:368:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(map->id, get_token(block_fam[0]->id), SMALL_BUFF_LENGTH) ;
data/blimps-3.9+ds/blimps/makeblockmap.c:371:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (map->id[(int) strlen(map->id)-1] == ';')
data/blimps-3.9+ds/blimps/makeblockmap.c:372:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
map->id[(int) strlen(map->id)-1] = '\0' ;
data/blimps-3.9+ds/blimps/makeblockmap.c:382:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
block_fam[i1]->number[(int) strlen(block_fam[i1]->number)-1] ;
data/blimps-3.9+ds/blimps/makeblockmap.c:389:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(map->seq_map[i1].seq_name, block_fam[0]->sequences[i1].name,
data/blimps-3.9+ds/blimps/makeblockmap.c:409:27: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (i4 == i1) strncpy(map->seq_map[i1++].seq_name,
data/blimps-3.9+ds/blimps/makelis.c:106:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(Path, argv[1], LARGE_BUFF_LENGTH);
data/blimps-3.9+ds/blimps/makelis.c:113:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_length = (int) strlen(Path);
data/blimps-3.9+ds/blimps/makelis.c:120:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(Process, Path+str_length+1, LARGE_BUFF_LENGTH);
data/blimps-3.9+ds/blimps/makelis.c:123:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(User, argv[2], LARGE_BUFF_LENGTH);
data/blimps-3.9+ds/blimps/makelis.c:124:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_length = (int) strlen(User);
data/blimps-3.9+ds/blimps/makelis.c:132:5: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(Return, " "); /* the space is so that the header is */
data/blimps-3.9+ds/blimps/makelis.c:136:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(Return, User+str_length+1, LARGE_BUFF_LENGTH);
data/blimps-3.9+ds/blimps/makelis.c:140:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(BlockName, User, LARGE_BUFF_LENGTH);
data/blimps-3.9+ds/blimps/makelis.c:164:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(SubjectLine, "");
data/blimps-3.9+ds/blimps/makelis.c:169:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(SubjectLine) != 0) {
data/blimps-3.9+ds/blimps/makelis.c:170:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(SubjectLine) > 20) {
data/blimps-3.9+ds/blimps/makelis.c:175:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(TruncSubjectLine, SubjectLine, LARGE_BUFF_LENGTH);
data/blimps-3.9+ds/blimps/makelis.c:208:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(SubjectLine) != 0) {
data/blimps-3.9+ds/blimps/makelis.c:234:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(seqname, seq->name, XNAMELEN);
data/blimps-3.9+ds/blimps/makelis.c:288:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(line) > 1 )
data/blimps-3.9+ds/blimps/makelis.c:357:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(seq->name) > XNAMELEN) seq->name[XNAMELEN] = '\0';
data/blimps-3.9+ds/blimps/makelis.c:370:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(seq->name) > XNAMELEN)
data/blimps-3.9+ds/blimps/makelis.c:384:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int)strlen(seq->info) <= (60-ACLEN)) {
data/blimps-3.9+ds/blimps/makelis.c:388:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(Buffer, seq->info, 50);
data/blimps-3.9+ds/blimps/makelis.c:401:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(seq->name) < XNAMELEN) /* Try using other info */
data/blimps-3.9+ds/blimps/makelis.c:407:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(seq->name);
data/blimps-3.9+ds/blimps/makelogob.c:640:34: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
buffer->letters[index - 1] = getc(afile->f);
data/blimps-3.9+ds/blimps/makelogob.c:654:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(afile->f);
data/blimps-3.9+ds/blimps/makelogob.c:767:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(fin->f);
data/blimps-3.9+ds/blimps/makelogob.c:770:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(fin->f);
data/blimps-3.9+ds/blimps/makelogob.c:804:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(afile->f);
data/blimps-3.9+ds/blimps/makelogob.c:808:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(afile->f);
data/blimps-3.9+ds/blimps/makelogob.c:810:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(afile->f);
data/blimps-3.9+ds/blimps/makelogob.c:812:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(afile->f);
data/blimps-3.9+ds/blimps/makelogob.c:814:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(afile->f);
data/blimps-3.9+ds/blimps/makelogob.c:825:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(afile->f);
data/blimps-3.9+ds/blimps/makelogob.c:830:2: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(afile->f);
data/blimps-3.9+ds/blimps/makelogob.c:1175:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(LINK->colors->f);
data/blimps-3.9+ds/blimps/makelogob.c:1180:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(LINK->colors->f);
data/blimps-3.9+ds/blimps/makelogob.c:1183:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(LINK->colors->f);
data/blimps-3.9+ds/blimps/makelogob.c:1707:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(thefile->f);
data/blimps-3.9+ds/blimps/makelogob.c:1716:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(thefile->f);
data/blimps-3.9+ds/blimps/makelogob.c:1781:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(theplace->f);
data/blimps-3.9+ds/blimps/makelogob.c:1789:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(theplace->f);
data/blimps-3.9+ds/blimps/makelogob.c:1797:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(theplace->f);
data/blimps-3.9+ds/blimps/makelogob.c:1805:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(theplace->f);
data/blimps-3.9+ds/blimps/makelogob.c:1822:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(theplace->f);
data/blimps-3.9+ds/blimps/makelogob.c:1834:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(theplace->f);
data/blimps-3.9+ds/blimps/makelogob.c:1850:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(theplace->f);
data/blimps-3.9+ds/blimps/makelogob.c:1874:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(theplace->f);
data/blimps-3.9+ds/blimps/makelogob.c:1886:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(theplace->f);
data/blimps-3.9+ds/blimps/makelogob.c:1898:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(theplace->f);
data/blimps-3.9+ds/blimps/makelogob.c:1910:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(theplace->f);
data/blimps-3.9+ds/blimps/makelogob.c:1922:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(theplace->f);
data/blimps-3.9+ds/blimps/makelogob.c:1930:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(theplace->f);
data/blimps-3.9+ds/blimps/makelogob.c:1942:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(theplace->f);
data/blimps-3.9+ds/blimps/makelogob.c:1954:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(theplace->f);
data/blimps-3.9+ds/blimps/makelogob.c:1970:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(theplace->f);
data/blimps-3.9+ds/blimps/makelogob.c:1978:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(theplace->f);
data/blimps-3.9+ds/blimps/makelogob.c:2000:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(theplace->f);
data/blimps-3.9+ds/blimps/makelogob.c:2019:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(theplace->f);
data/blimps-3.9+ds/blimps/makelogob.c:2059:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(symvec->f); /* skip first line ('* dalvec') */
data/blimps-3.9+ds/blimps/makelogob.c:2064:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
a = getc(symvec->f);
data/blimps-3.9+ds/blimps/makelogob.c:2065:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b = getc(symvec->f);
data/blimps-3.9+ds/blimps/makelogob.c:2066:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(symvec->f);
data/blimps-3.9+ds/blimps/makelogob.c:2067:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
d = getc(symvec->f);
data/blimps-3.9+ds/blimps/makelogob.c:2068:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
e = getc(symvec->f);
data/blimps-3.9+ds/blimps/makelogob.c:2069:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
f = getc(symvec->f);
data/blimps-3.9+ds/blimps/makelogob.c:2070:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
g = getc(symvec->f);
data/blimps-3.9+ds/blimps/makelogob.c:2227:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(marks->f);
data/blimps-3.9+ds/blimps/makelogob.c:2483:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(symvec->f);
data/blimps-3.9+ds/blimps/makelogob.c:2536:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(symvec->f);
data/blimps-3.9+ds/blimps/makelogob.c:2543:2: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(symvec->f);
data/blimps-3.9+ds/blimps/makelogob.c:2545:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(symvec->f);
data/blimps-3.9+ds/blimps/makelogob.c:2794:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(logo.name, "."); strcat(logo.name, argv[1]);
data/blimps-3.9+ds/blimps/makelogob.c:2795:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(symvec.name, "."); strcat(symvec.name, argv[1]);
data/blimps-3.9+ds/blimps/makelogob.c:2796:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(makelogop.name, "."); strcat(makelogop.name, argv[1]);
data/blimps-3.9+ds/blimps/makelogob.c:2797:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(colors.name, "."); strcat(colors.name, argv[1]); /*SP*/
data/blimps-3.9+ds/blimps/matrix.c:122:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(matrix->id, buf2, SMALL_BUFF_LENGTH); /* copy the string into the matrix entry */
data/blimps-3.9+ds/blimps/matrix.c:136:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(matrix->ac, buf2, SMALL_BUFF_LENGTH); /* copy the string into the matrix entry */
data/blimps-3.9+ds/blimps/matrix.c:138:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (buf2[strlen(buf2)-1] == ';') {
data/blimps-3.9+ds/blimps/matrix.c:140:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf2[strlen(buf2)-1] = '\0';
data/blimps-3.9+ds/blimps/matrix.c:142:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(matrix->number, buf2, NUMBER_WIDTH); /* copy the string into the matrix entry */
data/blimps-3.9+ds/blimps/matrix.c:157:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(matrix->de, buf2, DESC_WIDTH); /* copy the string into the matrix entry */
data/blimps-3.9+ds/blimps/matrix.c:172:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(matrix->ma, buf2, SMALL_BUFF_LENGTH); /* copy the string into the matrix entry */
data/blimps-3.9+ds/blimps/matrix_logob.c:194:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
( strlen(blockAC) < strlen(block->number) &&
data/blimps-3.9+ds/blimps/matrix_logob.c:194:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
( strlen(blockAC) < strlen(block->number) &&
data/blimps-3.9+ds/blimps/matrix_logob.c:195:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncmp(blockAC, block->number, (int) strlen(blockAC)) == 0) )
data/blimps-3.9+ds/blimps/matrix_logob.c:199:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
itemp = (int) strlen(block->number) - strlen(blockAC);
data/blimps-3.9+ds/blimps/matrix_logob.c:199:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
itemp = (int) strlen(block->number) - strlen(blockAC);
data/blimps-3.9+ds/blimps/matrix_logob.c:203:14: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(suffix2, block->number + strlen(blockAC), itemp);
data/blimps-3.9+ds/blimps/matrix_logob.c:203:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(suffix2, block->number + strlen(blockAC), itemp);
data/blimps-3.9+ds/blimps/matrix_logob.c:204:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
suffix2[ (int) strlen(suffix) + itemp ] = '\0';
data/blimps-3.9+ds/blimps/matrix_logob.c:235:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(suffix2))
data/blimps-3.9+ds/blimps/matrix_logob.c:236:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
{ strcat(symvec, "."); strcat(symvec, suffix2); }
data/blimps-3.9+ds/blimps/matrix_logob.c:252:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(suffix2))
data/blimps-3.9+ds/blimps/matrix_logob.c:253:14: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
{ strcat(makelogop, "."); strcat(makelogop, suffix2); }
data/blimps-3.9+ds/blimps/matrix_logob.c:339:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(bdbname) || bdbname[0] == '-') *bfp = stdin;
data/blimps-3.9+ds/blimps/narrow.c:163:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ptr != NULL) alength = (long) strlen(ptr);
data/blimps-3.9+ds/blimps/narrow.c:212:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ptr != NULL) alength = (long) strlen(ptr);
data/blimps-3.9+ds/blimps/oligo_melt.c:80:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(fname) ) inpf = stdin;
data/blimps-3.9+ds/blimps/options.c:83:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
keylen = strlen(key);
data/blimps-3.9+ds/blimps/p2c.h:207:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extern size_t strlen PP( (Const Char *) );
data/blimps-3.9+ds/blimps/p2c.h:208:17: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
extern Char *strncat PP( (Char *, Const Char *, size_t) );
data/blimps-3.9+ds/blimps/p2c.h:210:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
extern Char *strncpy PP( (Char *, Const Char *, size_t) );
data/blimps-3.9+ds/blimps/p2clib.c:225:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(s) - pos;
data/blimps-3.9+ds/blimps/p2clib.c:229:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos = strlen(pat);
data/blimps-3.9+ds/blimps/p2clib.c:364:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(s) - pos;
data/blimps-3.9+ds/blimps/p2clib.c:386:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dlen = strlen(dst);
data/blimps-3.9+ds/blimps/p2clib.c:393:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(src);
data/blimps-3.9+ds/blimps/p2clib.c:415:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(f);
data/blimps-3.9+ds/blimps/p2clib.c:436:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(f);
data/blimps-3.9+ds/blimps/p2clib.c:451:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(f);
data/blimps-3.9+ds/blimps/p2clib.c:471:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(f);
data/blimps-3.9+ds/blimps/p2clib.c:491:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(f);
data/blimps-3.9+ds/blimps/p2clib.c:917:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufp = buf + strlen(buf);
data/blimps-3.9+ds/blimps/papssm.c:633:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (!strlen(fname) && Steve[i] != NULL && i < MAXMAT)
data/blimps-3.9+ds/blimps/papssm.c:1381:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(!strlen(line) || line[0] == '#' || line[0] == ';'))
data/blimps-3.9+ds/blimps/papssm.c:1388:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i < (int) strlen(line); i++)
data/blimps-3.9+ds/blimps/papssm.c:1407:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(line) > 1)
data/blimps-3.9+ds/blimps/papssm.c:1415:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strspn(ptr, "+-0123456789") == strlen(ptr))
data/blimps-3.9+ds/blimps/papssm.c:1483:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(strstr(ctemp, "BLOCK"), "MATRIX\0", 7);
data/blimps-3.9+ds/blimps/papssm.c:1939:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (((int) strlen(line) < 1 || line[0]=='#' ||
data/blimps-3.9+ds/blimps/papssm.c:1948:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i < (int) strlen(line); i++)
data/blimps-3.9+ds/blimps/papssm.c:1968:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(line) > 1 && nrows < AAS)
data/blimps-3.9+ds/blimps/papssm.c:1976:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strspn(ptr, ".+-0123456789") == strlen(ptr))
data/blimps-3.9+ds/blimps/papssm.c:2281:34: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
for (i=0; i < pos; i++) strcat(pattern, "x");
data/blimps-3.9+ds/blimps/papssm.c:2284:48: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
for (i=pos+1; i < matrix->width; i++) strcat(pattern, "x");
data/blimps-3.9+ds/blimps/papssm.c:2289:39: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
for (i=0; i < pos; i++) strcat(pattern, "x");
data/blimps-3.9+ds/blimps/papssm.c:2290:15: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(pattern, "[");
data/blimps-3.9+ds/blimps/papssm.c:2297:15: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(pattern, "]");
data/blimps-3.9+ds/blimps/papssm.c:2298:51: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
for (i=pos; i < matrix->width; i++) strcat(pattern, "x");
data/blimps-3.9+ds/blimps/pattern.c:359:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (tmp[strlen(tmp)-1] == ';') {
data/blimps-3.9+ds/blimps/pattern.c:360:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp[strlen(tmp)-1] = '\0';
data/blimps-3.9+ds/blimps/pattern.c:394:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (tmp[strlen(tmp)-1] == ';') {
data/blimps-3.9+ds/blimps/pattern.c:395:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp[strlen(tmp)-1] = '\0';
data/blimps-3.9+ds/blimps/prints2blocks.c:222:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(ptr) > 7)
data/blimps-3.9+ds/blimps/prints2blocks.c:232:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((int) strlen(ptr) < 7) /* add "_"s until code is 7 chars long*/
data/blimps-3.9+ds/blimps/prints2blocks.c:238:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i1=(int) strlen(ptr); i1<=7; i1++) ptr[i1] = '_' ;
data/blimps-3.9+ds/blimps/prints2blocks.c:332:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(block[i1].de, ptr, SMALL_BUFF_LENGTH) ;
data/blimps-3.9+ds/blimps/prints2blocks.c:347:50: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if ((ptr = get_token(NULL)) != NULL) strncpy(PS_crssref,ptr,11) ;
data/blimps-3.9+ds/blimps/prints2blocks.c:355:50: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if ((ptr = get_token(NULL)) != NULL) strncpy(BL_crssref,ptr,11) ;
data/blimps-3.9+ds/blimps/prints2blocks.c:366:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(isalnum(ptr[(int) strlen(ptr) - 1])))
data/blimps-3.9+ds/blimps/prints2blocks.c:367:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr[(int) strlen(ptr) - 1] = '\0' ;
data/blimps-3.9+ds/blimps/prints2blocks.c:369:16: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(PR_crssref, " ") ;
data/blimps-3.9+ds/blimps/prints2blocks.c:501:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(ptr) != block[i1].width)
data/blimps-3.9+ds/blimps/prints2blocks.c:507:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int) strlen(ptr), block[i1].width) ;
data/blimps-3.9+ds/blimps/prints2blocks.c:576:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(block[i1].sequences[num_seqs].name, ptr,
data/blimps-3.9+ds/blimps/protomat.c:235:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (strlen(line) < 1 && fgets(line, sizeof(line), fin) != NULL)
data/blimps-3.9+ds/blimps/protomat.c:242:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<strlen(line); i++)
data/blimps-3.9+ds/blimps/protomat.c:261:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) > 1)
data/blimps-3.9+ds/blimps/protomat.c:269:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strspn(ptr, "+-0123456789") == strlen(ptr))
data/blimps-3.9+ds/blimps/protomat.c:347:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0, j=strlen(s)-1; i<j; i++, j--)
data/blimps-3.9+ds/blimps/protomat.c:366:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(filename);
data/blimps-3.9+ds/blimps/protomat.c:371:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (filename[i] == '.') ext_len = strlen(filename)-i;
data/blimps-3.9+ds/blimps/protomat.c:378:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new->file_len = strlen(filename)-new->dir_len;
data/blimps-3.9+ds/blimps/protomat.c:451:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pros[strlen(pros)-1] != '/') strcat(pros, "/");
data/blimps-3.9+ds/blimps/protomat.c:451:36: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (pros[strlen(pros)-1] != '/') strcat(pros, "/");
data/blimps-3.9+ds/blimps/protomat.c:454:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pros))
data/blimps-3.9+ds/blimps/protomat.c:457:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tname[strlen(pros)-1] = '\0';
data/blimps-3.9+ds/blimps/protomat.c:512:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) &&
data/blimps-3.9+ds/blimps/protomat.c:521:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new->full_entry, line, len); new->full_entry[len] = '\0';
data/blimps-3.9+ds/blimps/protomat.c:523:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new->entry, line, len); new->entry[len] = '\0';
data/blimps-3.9+ds/blimps/protomat.c:542:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new->ps, ptr+3, 1); new->ps[1] = '\0';
data/blimps-3.9+ds/blimps/protomat.c:551:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ctemp, ptr+7, len); ctemp[len] = '\0';
data/blimps-3.9+ds/blimps/protomat.c:605:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(entry);
data/blimps-3.9+ds/blimps/protomat.c:607:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dbtemp, entry, len); dbtemp[len] = '\0';
data/blimps-3.9+ds/blimps/protomat.c:615:20: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ctemp, entry, len); ctemp[len] = '\0';
data/blimps-3.9+ds/blimps/protomat.c:618:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<strlen(ctemp); i++)
data/blimps-3.9+ds/blimps/pssmdist.c:160:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ctemp)) Search = atof(ctemp);
data/blimps-3.9+ds/blimps/pssmdist.c:171:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ctemp)) SearchAA = atof(ctemp);
data/blimps-3.9+ds/blimps/pssmdist.c:717:3: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(line) > 2)
data/blimps-3.9+ds/blimps/readmast.c:54:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ptr != NULL) alength = (long) strlen(ptr);
data/blimps-3.9+ds/blimps/retblock.c:87:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aclen = strlen(acname);
data/blimps-3.9+ds/blimps/retblock.c:90:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(block->number) < aclen) aclen = strlen(block->number);
data/blimps-3.9+ds/blimps/retblock.c:90:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(block->number) < aclen) aclen = strlen(block->number);
data/blimps-3.9+ds/blimps/scoring.c:347:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new_score->sequence_number, sequence->name, NUMBER_WIDTH);
data/blimps-3.9+ds/blimps/scoring.c:348:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new_score->sequence_desc, sequence->info, DESC_WIDTH);
data/blimps-3.9+ds/blimps/scoring.c:351:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new_score->matrix_number, matrix->block->number, NUMBER_WIDTH);
data/blimps-3.9+ds/blimps/scoring.c:352:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new_score->matrix_desc, matrix->block->de, DESC_WIDTH);
data/blimps-3.9+ds/blimps/scoring.c:356:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new_score->matrix_number, matrix->number, NUMBER_WIDTH);
data/blimps-3.9+ds/blimps/scoring.c:357:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new_score->matrix_desc, matrix->de, DESC_WIDTH);
data/blimps-3.9+ds/blimps/sequences.c:256:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!blank_line(lbuff) && ((int)strlen(lbuff) > DbInfo[db].seq_offset)) {
data/blimps-3.9+ds/blimps/sequences.c:261:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((strncmp(lbuff, DbInfo[db].end, strlen(DbInfo[db].end)) != 0) ||
data/blimps-3.9+ds/blimps/sequences.c:318:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (strncmp(lbuff, DbInfo[db].start, strlen(DbInfo[db].start)) != 0 &&
data/blimps-3.9+ds/blimps/sequences.c:350:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ptr) > SMALL_BUFF_LENGTH)
data/blimps-3.9+ds/blimps/sequences.c:361:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(temp, &lbuff[DbInfo[db].title_offset + strlen(new_sequence->name)]);
data/blimps-3.9+ds/blimps/sequences.c:370:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncmp(lbuff, DbInfo[db].seq, strlen(DbInfo[db].seq)) != 0)
data/blimps-3.9+ds/blimps/sequences.c:372:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(lbuff, DbInfo[db].desc, strlen(DbInfo[db].desc)) == 0 &&
data/blimps-3.9+ds/blimps/sequences.c:373:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((int)(strlen(title) + strlen(lbuff) +1) < LARGE_BUFF_LENGTH) )
data/blimps-3.9+ds/blimps/sequences.c:373:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((int)(strlen(title) + strlen(lbuff) +1) < LARGE_BUFF_LENGTH) )
data/blimps-3.9+ds/blimps/sequences.c:376:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp, title, LARGE_BUFF_LENGTH);
data/blimps-3.9+ds/blimps/sequences.c:377:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(temp, " ", LARGE_BUFF_LENGTH-strlen(temp));
data/blimps-3.9+ds/blimps/sequences.c:377:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(temp, " ", LARGE_BUFF_LENGTH-strlen(temp));
data/blimps-3.9+ds/blimps/sequences.c:379:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(temp, &lbuff[DbInfo[db].title_offset],
data/blimps-3.9+ds/blimps/sequences.c:380:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
LARGE_BUFF_LENGTH-strlen(temp));
data/blimps-3.9+ds/blimps/sequences.c:382:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(title, temp, LARGE_BUFF_LENGTH);
data/blimps-3.9+ds/blimps/sequences.c:387:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new_sequence->info, title, SMALL_BUFF_LENGTH);
data/blimps-3.9+ds/blimps/sequences.c:454:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
estimated_length = strlen(buff);
data/blimps-3.9+ds/blimps/sequences.c:568:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(upper_str);
data/blimps-3.9+ds/blimps/sequences.c:885:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new_seq->name, seq->name, SMALL_BUFF_LENGTH);
data/blimps-3.9+ds/blimps/sequences.c:886:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new_seq->info, seq->info, SMALL_BUFF_LENGTH);
data/blimps-3.9+ds/blimps/sequences.c:979:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(line, dbs[i].start, strlen(dbs[i].start)) == 0) {
data/blimps-3.9+ds/blimps/sequences.c:1005:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!((strncmp(line, dbs[GB].seq, strlen(dbs[GB].seq)) == 0) ||
data/blimps-3.9+ds/blimps/sequences.c:1006:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strncmp(line, dbs[PIR].seq, strlen(dbs[PIR].seq)) == 0) ||
data/blimps-3.9+ds/blimps/sequences.c:1007:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strncmp(line, dbs[EMBL].seq, strlen(dbs[EMBL].seq)) == 0)));
data/blimps-3.9+ds/blimps/sequences.c:1106:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncmp(Buffer, dbs[db].seq, strlen(dbs[db].seq)) != 0);
data/blimps-3.9+ds/blimps/sequences.c:1136:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((strncmp(Buffer, dbs[db].end, strlen(dbs[db].end)) != 0) ||
data/blimps-3.9+ds/blimps/sequences.c:1145:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(seq_check_buf + check_length,
data/blimps-3.9+ds/blimps/sequences.c:1149:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
check_length = strlen(seq_check_buf);
data/blimps-3.9+ds/blimps/sequences.c:1320:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new_seq->name, seq->name, SMALL_BUFF_LENGTH);
data/blimps-3.9+ds/blimps/sequences.c:1321:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new_seq->info, seq->info, SMALL_BUFF_LENGTH);
data/blimps-3.9+ds/blimps/show_aligned_blocks.c:147:46: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
for (i2=0; i2 < (start2-start1); i2++) strcat(offset, " ") ;
data/blimps-3.9+ds/blimps/show_aligned_blocks.c:173:46: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
for (i2=0; i2 < (start1-start2); i2++) strcat(offset, " ") ;
data/blimps-3.9+ds/blimps/strutil.c:52:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(tmp);
data/blimps-3.9+ds/blimps/strutil.c:116:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(s);
data/blimps-3.9+ds/blimps/util.c:23:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *word = (char *) malloc(sizeof(char) * (strlen(line) + 1));
data/blimps-3.9+ds/blimps/util.c:46:26: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
word[ll] = (char)fgetc(f);
data/blimps-3.9+ds/blimps/util.c:91:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(x=strlen(s) - 1;x != -1; x--)
data/blimps-3.9+ds/blimps/util.c:100:22: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
s[i] = (char)fgetc(f);
data/blimps-3.9+ds/blimps/util.c:103:20: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
s[i] = fgetc(f);
data/blimps-3.9+ds/blimps/util.c:118:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(f);
data/blimps-3.9+ds/blimps/util.c:137:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l=strlen(cmd);
data/blimps-3.9+ds/blimps/version.c:145:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ProgramString, program_string, SMALL_BUFF_LENGTH);
data/blimps-3.9+ds/blimps/version.c:146:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(VersionString, version_string, SMALL_BUFF_LENGTH);
data/blimps-3.9+ds/blimps/version.c:147:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(VersionInfo, version_info, SMALL_BUFF_LENGTH);
data/blimps-3.9+ds/blimps/version.c:148:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(DateString, date_string, SMALL_BUFF_LENGTH);
data/blimps-3.9+ds/blimps/version.c:149:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(CopyrightString, copyright_string, SMALL_BUFF_LENGTH);
data/blimps-3.9+ds/protomat/blastdat.c:70:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(HomName, homfile + homsplit->dir_len, homsplit->name_len);
data/blimps-3.9+ds/protomat/blastdat.c:81:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(lisfile)) flis = NULL;
data/blimps-3.9+ds/protomat/blastdat.c:196:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(line) > 66)
data/blimps-3.9+ds/protomat/blastdat.c:199:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(id, line, SNAMELEN); id[SNAMELEN] = '\0';
data/blimps-3.9+ds/protomat/blastdat.c:200:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<strlen(id); i++)
data/blimps-3.9+ds/protomat/blastdat.c:224:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenid = strlen(id);
data/blimps-3.9+ds/protomat/blastdat.c:229:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(did->entry) < len) len = strlen(did->entry);
data/blimps-3.9+ds/protomat/blastdat.c:229:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(did->entry) < len) len = strlen(did->entry);
data/blimps-3.9+ds/protomat/blastdat.c:418:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(did->ps)) fprintf(fmis, " PS=%s", did->ps);
data/blimps-3.9+ds/protomat/blastdat.c:446:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(did->ps)) fprintf(ffnd, " PS=%s", did->ps);
data/blimps-3.9+ds/protomat/blksort.c:216:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(ctemp)) strcpy(ctemp, "0");
data/blimps-3.9+ds/protomat/blksort.c:216:24: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if (!strlen(ctemp)) strcpy(ctemp, "0");
data/blimps-3.9+ds/protomat/blksort.c:217:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<strlen(ctemp); i++)
data/blimps-3.9+ds/protomat/blksort.c:253:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(datfile))
data/blimps-3.9+ds/protomat/blksort.c:267:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(DatDir, datfile, datsplit->dir_len);
data/blimps-3.9+ds/protomat/blksort.c:438:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(HomName, homfile + homsplit->dir_len, homsplit->name_len);
data/blimps-3.9+ds/protomat/blksort.c:451:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) > 10 && strstr(line, "Probe Sequence:") != NULL)
data/blimps-3.9+ds/protomat/blksort.c:455:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(ptr); if (j > FNAMELEN) j = FNAMELEN;
data/blimps-3.9+ds/protomat/blksort.c:456:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(Qfilename, ptr+16, j); Qfilename[j] = '\0';
data/blimps-3.9+ds/protomat/blksort.c:459:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while(i<strlen(Qfilename) && j <= SNAMELEN)
data/blimps-3.9+ds/protomat/blksort.c:479:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(line) > 10 && strstr(line, "Size") != NULL)
data/blimps-3.9+ds/protomat/blksort.c:493:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(line) > 10 && strstr(line, "Target") != NULL)
data/blimps-3.9+ds/protomat/blksort.c:507:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(line) > 10 && strstr(line, "Records") != NULL)
data/blimps-3.9+ds/protomat/blksort.c:695:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) > aa_pos && rank < NSCORE)
data/blimps-3.9+ds/protomat/blksort.c:698:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(save_ac, &line[ac_pos], MAXAC); save_ac[MAXAC] = '\0';
data/blimps-3.9+ds/protomat/blksort.c:702:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(save_ac); done = NO;
data/blimps-3.9+ds/protomat/blksort.c:711:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(results[rank].title, &line[title_pos], title_len);
data/blimps-3.9+ds/protomat/blksort.c:713:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ctemp, &line[str_pos], 6); ctemp[6] = '\0';
data/blimps-3.9+ds/protomat/blksort.c:715:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ctemp, &line[score_pos], 6); ctemp[6] = '\0';
data/blimps-3.9+ds/protomat/blksort.c:717:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ctemp, &line[frame_pos], 2); ctemp[2] = '\0';
data/blimps-3.9+ds/protomat/blksort.c:719:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ctemp, &line[off_pos], 7); ctemp[7] = '\0';
data/blimps-3.9+ds/protomat/blksort.c:725:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(results[rank].aa, &line[aa_pos], results[rank].width);
data/blimps-3.9+ds/protomat/blksort.c:945:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncasecmp(line+5, fam, strlen(fam)) > 0)
data/blimps-3.9+ds/protomat/blksort.c:948:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncasecmp(line+5, fam, strlen(fam)) == 0)
data/blimps-3.9+ds/protomat/blksort.c:960:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(block->fam); idone = NO;
data/blimps-3.9+ds/protomat/blksort.c:1014:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) == 1) /* blank line => new cluster */
data/blimps-3.9+ds/protomat/blksort.c:1022:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(line) > 1)
data/blimps-3.9+ds/protomat/blksort.c:1028:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ if (strlen(line) > SNAMELEN && block->nseq < MAXSEQS)
data/blimps-3.9+ds/protomat/blksort.c:1031:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
itemp = strlen(ptr);
data/blimps-3.9+ds/protomat/blksort.c:1032:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ptr) > SNAMELEN) itemp = SNAMELEN;
data/blimps-3.9+ds/protomat/blksort.c:1033:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(block->name[block->nseq], ptr, itemp);
data/blimps-3.9+ds/protomat/blksort.c:1050:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
block->width = strlen(block->aa[block->nseq]);
data/blimps-3.9+ds/protomat/blksort.c:1103:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = (int) strlen(results[i+min_t].ac);
data/blimps-3.9+ds/protomat/blksort.c:1107:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (int) strlen(Bias[j].ac) < t) imin = (int) strlen(Bias[j].ac);
data/blimps-3.9+ds/protomat/blksort.c:1107:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (int) strlen(Bias[j].ac) < t) imin = (int) strlen(Bias[j].ac);
data/blimps-3.9+ds/protomat/blksort.c:1175:34: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else strcat(pline, " ");
data/blimps-3.9+ds/protomat/blksort.c:1200:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pline))
data/blimps-3.9+ds/protomat/blksort.c:1204:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (i < strlen(pline))
data/blimps-3.9+ds/protomat/blksort.c:1207:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (i+imin > strlen(pline)) imin = strlen(pline) - i;
data/blimps-3.9+ds/protomat/blksort.c:1207:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (i+imin > strlen(pline)) imin = strlen(pline) - i;
data/blimps-3.9+ds/protomat/blksort.c:1208:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tline, pline+i, imin); tline[imin] = '\0';
data/blimps-3.9+ds/protomat/blksort.c:1308:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(lastac) && mrep > 0 && report)
data/blimps-3.9+ds/protomat/blksort.c:1376:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(lastac) && mrep > 0 && report)
data/blimps-3.9+ds/protomat/blksort.c:1632:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ilen = strlen(block->ac); ilen--;
data/blimps-3.9+ds/protomat/blksort.c:1633:40: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
for (i=spot; i < spot+imin; i++) strncpy(dbline+i, block->ac+ilen, 1);
data/blimps-3.9+ds/protomat/blksort.c:1668:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ilen = strlen(block->ac); ilen--;
data/blimps-3.9+ds/protomat/blksort.c:1670:20: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(qline+i, block->ac+ilen, 1);
data/blimps-3.9+ds/protomat/blksort.c:1694:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(qline) - qspot) <= (strlen(dbline) - maxspot))
data/blimps-3.9+ds/protomat/blksort.c:1694:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(qline) - qspot) <= (strlen(dbline) - maxspot))
data/blimps-3.9+ds/protomat/blksort.c:1695:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qright = strlen(qline);
data/blimps-3.9+ds/protomat/blksort.c:1697:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qright = qspot + strlen(dbline) - maxspot;
data/blimps-3.9+ds/protomat/blksort.c:1698:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pline, qline+qleft, qright-qleft+1); pline[qright-qleft+1] = '\0';
data/blimps-3.9+ds/protomat/blksort.c:1700:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (qright != strlen(qline)) pline[strlen(pline)-1] = '>';
data/blimps-3.9+ds/protomat/blksort.c:1700:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (qright != strlen(qline)) pline[strlen(pline)-1] = '>';
data/blimps-3.9+ds/protomat/blksort.c:1724:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ilen = strlen(results[t].ac); ilen--;
data/blimps-3.9+ds/protomat/blksort.c:1726:25: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(qline+i, results[t].ac+ilen, 1);
data/blimps-3.9+ds/protomat/blksort.c:1737:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!done && strlen(qline))
data/blimps-3.9+ds/protomat/blksort.c:1748:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(qline) > maxseq)
data/blimps-3.9+ds/protomat/blksort.c:1777:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ilen = strlen(results[t].ac); ilen--;
data/blimps-3.9+ds/protomat/blksort.c:1779:25: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(qline+i, results[t].ac+ilen, 1);
data/blimps-3.9+ds/protomat/blksort.c:1789:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!done && strlen(qline))
data/blimps-3.9+ds/protomat/blksort.c:1799:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(qline) > maxseq)
data/blimps-3.9+ds/protomat/blksort.c:1865:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
itemp = (int) strlen(block->name[s]);
data/blimps-3.9+ds/protomat/blksort.c:1866:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(blkline+spot, block->ac, strlen(block->ac));
data/blimps-3.9+ds/protomat/blksort.c:1866:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(blkline+spot, block->ac, strlen(block->ac));
data/blimps-3.9+ds/protomat/blksort.c:1867:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(datline+spot, block->name[s], strlen(block->name[s]));
data/blimps-3.9+ds/protomat/blksort.c:1867:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(datline+spot, block->name[s], strlen(block->name[s]));
data/blimps-3.9+ds/protomat/blksort.c:1868:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(homline+spot, block->name[block->nseq-1],
data/blimps-3.9+ds/protomat/blksort.c:1869:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(block->name[block->nseq-1]));
data/blimps-3.9+ds/protomat/blksort.c:1873:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(blkline+spot+1, "<->", 3);
data/blimps-3.9+ds/protomat/blksort.c:1878:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(datline+spot, ctemp, strlen(ctemp));
data/blimps-3.9+ds/protomat/blksort.c:1878:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(datline+spot, ctemp, strlen(ctemp));
data/blimps-3.9+ds/protomat/blksort.c:1881:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(homline+spot, ctemp, strlen(ctemp));
data/blimps-3.9+ds/protomat/blksort.c:1881:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(homline+spot, ctemp, strlen(ctemp));
data/blimps-3.9+ds/protomat/blksort.c:1887:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy(blkline+bspot, "(", 1); bspot++;
data/blimps-3.9+ds/protomat/blksort.c:1890:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(blkline+bspot, ctemp, strlen(ctemp));
data/blimps-3.9+ds/protomat/blksort.c:1890:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(blkline+bspot, ctemp, strlen(ctemp));
data/blimps-3.9+ds/protomat/blksort.c:1891:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bspot += strlen(ctemp);
data/blimps-3.9+ds/protomat/blksort.c:1892:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy(blkline+bspot, ",", 1); bspot++;
data/blimps-3.9+ds/protomat/blksort.c:1895:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(blkline+bspot, ctemp, strlen(ctemp));
data/blimps-3.9+ds/protomat/blksort.c:1895:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(blkline+bspot, ctemp, strlen(ctemp));
data/blimps-3.9+ds/protomat/blksort.c:1896:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bspot += strlen(ctemp);
data/blimps-3.9+ds/protomat/blksort.c:1897:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy(blkline+bspot, ")", 1); bspot++;
data/blimps-3.9+ds/protomat/blksort.c:1898:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy(blkline+bspot, ":", 1); bspot++;
data/blimps-3.9+ds/protomat/blksort.c:1901:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(blkline+bspot, ctemp, strlen(ctemp));
data/blimps-3.9+ds/protomat/blksort.c:1901:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(blkline+bspot, ctemp, strlen(ctemp));
data/blimps-3.9+ds/protomat/blksort.c:1902:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bspot += strlen(ctemp);
data/blimps-3.9+ds/protomat/blksort.c:1906:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(datline+spot, block->aa[s]+i, 1);
data/blimps-3.9+ds/protomat/blksort.c:1907:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(homline+spot, block->aa[block->nseq-1]+i, 1);
data/blimps-3.9+ds/protomat/blksort.c:1937:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(repline+repspot, ctemp, strlen(ctemp));
data/blimps-3.9+ds/protomat/blksort.c:1937:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(repline+repspot, ctemp, strlen(ctemp));
data/blimps-3.9+ds/protomat/blksort.c:2034:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(seqaa, block->aa[s]+i, 1);
data/blimps-3.9+ds/protomat/blksort.c:2038:16: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(block->aa[s]+i, seqaa, 1);
data/blimps-3.9+ds/protomat/blosum.c:143:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ctemp)) MinStr = atoi(ctemp);
data/blimps-3.9+ds/protomat/blosum.c:152:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ctemp)) MaxStr = atoi(ctemp);
data/blimps-3.9+ds/protomat/blosum.c:172:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ctemp))
data/blimps-3.9+ds/protomat/blosum.c:212:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ctemp)) iscale = atoi(ctemp);
data/blimps-3.9+ds/protomat/blosum.c:642:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(Block.ac, line+5, 8); Block.ac[9] = '\0';
data/blimps-3.9+ds/protomat/blosum.c:684:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) == 1) /* blank line => new cluster */
data/blimps-3.9+ds/protomat/blosum.c:692:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(line) > 1)
data/blimps-3.9+ds/protomat/blosum.c:695:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(line) > 20)
data/blimps-3.9+ds/protomat/blosum.c:703:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<strlen(ptr); i++)
data/blimps-3.9+ds/protomat/blosum.c:718:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
li += strlen(ptr);
data/blimps-3.9+ds/protomat/getblock.c:94:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while(strlen(BlockFam) < MINAC)
data/blimps-3.9+ds/protomat/getblock.c:102:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plen = strlen(BlockFam);
data/blimps-3.9+ds/protomat/getblock.c:133:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(blkfile))
data/blimps-3.9+ds/protomat/getblock.c:153:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(cobfile, blkfile, blksplit->dir_len);
data/blimps-3.9+ds/protomat/getblock.c:173:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(mapfile, blkfile, blksplit->dir_len);
data/blimps-3.9+ds/protomat/getblock.c:192:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(treefile, blkfile, blksplit->dir_len);
data/blimps-3.9+ds/protomat/getblock.c:211:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(webfile, blkfile, blksplit->dir_len);
data/blimps-3.9+ds/protomat/getblock.c:230:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(lnkfile, blkfile, blksplit->dir_len);
data/blimps-3.9+ds/protomat/getblock.c:249:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(pdbfile, blkfile, blksplit->dir_len);
data/blimps-3.9+ds/protomat/getblock.c:268:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(cyrfile, blkfile, blksplit->dir_len);
data/blimps-3.9+ds/protomat/getblock.c:294:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(prosite))
data/blimps-3.9+ds/protomat/getblock.c:296:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (prosite[strlen(prosite)-1] != '/') strcat(prosite, "/");
data/blimps-3.9+ds/protomat/getblock.c:296:46: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (prosite[strlen(prosite)-1] != '/') strcat(prosite, "/");
data/blimps-3.9+ds/protomat/getblock.c:297:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcat(prosite, "prosite"); plen = strlen(prosite);
data/blimps-3.9+ds/protomat/getblock.c:336:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(line, dbs[db]->start, strlen(dbs[db]->start)) == 0)
data/blimps-3.9+ds/protomat/getblock.c:346:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(fam); acdone = NO;
data/blimps-3.9+ds/protomat/getblock.c:367:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncmp(line, dbs[db]->end, strlen(dbs[db]->end)) != 0 )
data/blimps-3.9+ds/protomat/getblock.c:375:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(line) > 1 && strstr(line, "sparky") == NULL &&
data/blimps-3.9+ds/protomat/getblock.c:399:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (strncasecmp(BlockFam, line, strlen(BlockFam) )) == 0 )
data/blimps-3.9+ds/protomat/getblock.c:422:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (strncasecmp(BlockFam, line, strlen(BlockFam)) == 0 ) )
data/blimps-3.9+ds/protomat/getblock.c:454:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncasecmp(BlockFam, line+6, strlen(BlockFam)) == 0 ) ||
data/blimps-3.9+ds/protomat/getblock.c:456:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncasecmp(BlockFam, line+1, strlen(BlockFam)) == 0 ) )
data/blimps-3.9+ds/protomat/getblock.c:480:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncasecmp(BlockFam, line+1, strlen(BlockFam)) == 0 )
data/blimps-3.9+ds/protomat/getblock.c:507:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncasecmp(BlockFam, line+1, strlen(BlockFam)) == 0 )
data/blimps-3.9+ds/protomat/getblock.c:532:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strncasecmp(BlockFam, line, strlen(BlockFam)) == 0 )
data/blimps-3.9+ds/protomat/getblock.c:556:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(line, dbs[db]->start, strlen(dbs[db]->start)) == 0)
data/blimps-3.9+ds/protomat/getblock.c:572:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncmp(line, dbs[db]->end, strlen(dbs[db]->end)) != 0 )
data/blimps-3.9+ds/protomat/getblock.c:586:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(line) > 1) printf("%s", line);
data/blimps-3.9+ds/protomat/getblock.c:603:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pdoc) > 8) pdoc[9] = '\0'; /* PDOC????? */
data/blimps-3.9+ds/protomat/getseq.c:100:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(foutname))
data/blimps-3.9+ds/protomat/lislis.c:181:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((strlen(ptr1) == 6 && strcspn(parts[i],"_") == 6) ||
data/blimps-3.9+ds/protomat/lislis.c:182:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(parts[i]) == 6 && strcspn(ptr1,"_") == 6) ))
data/blimps-3.9+ds/protomat/lislis.c:190:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (match==1 && strlen(name1) > strlen(name2))
data/blimps-3.9+ds/protomat/lislis.c:190:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (match==1 && strlen(name1) > strlen(name2))
data/blimps-3.9+ds/protomat/motifj.c:196:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(intemp) && intemp[0] == '-')
data/blimps-3.9+ds/protomat/motifj.c:225:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(Title) && Title[0] != '>')
data/blimps-3.9+ds/protomat/motifj.c:250:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(intemp, Batch_Filename,
data/blimps-3.9+ds/protomat/motifj.c:304:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(Title))
data/blimps-3.9+ds/protomat/motifj.c:359:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(intemp)) Distance = atoi(intemp);
data/blimps-3.9+ds/protomat/motifj.c:371:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(intemp)) Drop = atoi(intemp);
data/blimps-3.9+ds/protomat/motifj.c:572:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (Dups < 0 || !strlen(intemp) ) Dups = prevdup;
data/blimps-3.9+ds/protomat/motifj.c:716:10: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
{ strcpy(intemp, "-"); strcat(intemp, Batch_Filename); }
data/blimps-3.9+ds/protomat/motifj.c:1264:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(ptr) > SNAMELEN - 1) ptr[SNAMELEN - 1] = '\0';
data/blimps-3.9+ds/protomat/motifj.c:1296:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(ptr) > SNAMELEN - 1) ptr[SNAMELEN - 1] = '\0';
data/blimps-3.9+ds/protomat/motifj.c:1306:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (Seq[ns] != NULL && Len[ns] < MAX_LENGTH + (int) strlen(line) )
data/blimps-3.9+ds/protomat/motifj.c:1308:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i < (int) strlen(line); i++)
data/blimps-3.9+ds/protomat/motifj.c:1310:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (toolong) i = strlen(line);
data/blimps-3.9+ds/protomat/motifj.c:1349:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(shuffle, "y");
data/blimps-3.9+ds/protomat/motifj.c:1351:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(shuffle,"n");
data/blimps-3.9+ds/protomat/motifj.c:1742:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(Batch_Filename) != 0)
data/blimps-3.9+ds/protomat/motifj.c:1745:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(Mot_Filename, Batch_Filename+Batsplit->dir_len,
data/blimps-3.9+ds/protomat/motifj.c:1794:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(Batch_Filename) != 0)
data/blimps-3.9+ds/protomat/motifj.c:1797:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(filename, Batch_Filename+Batsplit->dir_len,
data/blimps-3.9+ds/protomat/motmisc.c:248:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (strlen(line) < 1 && fgets(line, sizeof(line), fin) != NULL)
data/blimps-3.9+ds/protomat/motmisc.c:255:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<strlen(line); i++)
data/blimps-3.9+ds/protomat/motmisc.c:274:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) > 1)
data/blimps-3.9+ds/protomat/motmisc.c:282:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strspn(ptr, "+-0123456789") == strlen(ptr))
data/blimps-3.9+ds/protomat/motmisc.c:408:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(line, dbs[i]->start, strlen(dbs[i]->start)) == 0)
data/blimps-3.9+ds/protomat/motmisc.c:451:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0, j=strlen(s)-1; i<j; i++, j--)
data/blimps-3.9+ds/protomat/motmisc.c:470:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(filename);
data/blimps-3.9+ds/protomat/motmisc.c:475:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (filename[i] == '.') ext_len = strlen(filename)-i;
data/blimps-3.9+ds/protomat/motmisc.c:482:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new->file_len = strlen(filename)-new->dir_len;
data/blimps-3.9+ds/protomat/motmisc.c:554:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pros[strlen(pros)-1] != '/') strcat(pros, "/");
data/blimps-3.9+ds/protomat/motmisc.c:554:36: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (pros[strlen(pros)-1] != '/') strcat(pros, "/");
data/blimps-3.9+ds/protomat/motmisc.c:557:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pros))
data/blimps-3.9+ds/protomat/motmisc.c:560:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tname[strlen(pros)-1] = '\0';
data/blimps-3.9+ds/protomat/motmisc.c:615:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) &&
data/blimps-3.9+ds/protomat/motmisc.c:623:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new->full_entry, line, len); new->full_entry[len] = '\0';
data/blimps-3.9+ds/protomat/motmisc.c:625:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new->entry, line, len); new->entry[len] = '\0';
data/blimps-3.9+ds/protomat/motmisc.c:644:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new->ps, ptr+3, 1); new->ps[1] = '\0';
data/blimps-3.9+ds/protomat/motmisc.c:653:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ctemp, ptr+7, len); ctemp[len] = '\0';
data/blimps-3.9+ds/protomat/motmisc.c:712:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(line, dbs[db]->start, strlen(dbs[db]->start)) == 0)
data/blimps-3.9+ds/protomat/motmisc.c:718:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(line, " ");
data/blimps-3.9+ds/protomat/motmisc.c:773:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(temp) > MAXTITLE)
data/blimps-3.9+ds/protomat/motmisc.c:785:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncmp(line, dbs[db]->end, strlen(dbs[db]->end)) != 0 &&
data/blimps-3.9+ds/protomat/motmisc.c:786:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncmp(line, dbs[db]->start, strlen(dbs[db]->start)) != 0)
data/blimps-3.9+ds/protomat/motmisc.c:792:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<strlen(line); i++)
data/blimps-3.9+ds/protomat/motmisc.c:798:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(line,dbs[db]->desc,strlen(dbs[db]->desc))==0 &&
data/blimps-3.9+ds/protomat/motmisc.c:799:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(title) + strlen(line) < MAXLINE )
data/blimps-3.9+ds/protomat/motmisc.c:799:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(title) + strlen(line) < MAXLINE )
data/blimps-3.9+ds/protomat/motmisc.c:801:25: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcpy(temp, title); strcat(temp, " ");
data/blimps-3.9+ds/protomat/motmisc.c:821:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(line,dbs[db]->seq,strlen(dbs[db]->seq))==0)
data/blimps-3.9+ds/protomat/motmisc.c:828:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(temp) > MAXTITLE) temp[MAXTITLE] = '\0';
data/blimps-3.9+ds/protomat/motmisc.c:833:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncmp(line,dbs[db]->end,strlen(dbs[db]->end))!=0)
data/blimps-3.9+ds/protomat/motmisc.c:839:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=dbs[db]->seq_offset; i<strlen(line); i++)
data/blimps-3.9+ds/protomat/motmisc.c:850:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncmp(line, dbs[db]->start, strlen(dbs[db]->start)) == 0)
data/blimps-3.9+ds/protomat/motmisc.c:853:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(line, " ");
data/blimps-3.9+ds/protomat/motmisc.c:899:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(entry);
data/blimps-3.9+ds/protomat/motmisc.c:902:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dbtemp, entry, len); dbtemp[len] = '\0';
data/blimps-3.9+ds/protomat/motmisc.c:911:18: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(xtemp, ptr, xlen); xtemp[xlen] = '\0';
data/blimps-3.9+ds/protomat/motmisc.c:916:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((strlen(xtemp) > 0) && strcmp(xtemp, idlist[i]) == 0) )
data/blimps-3.9+ds/protomat/motmisc.c:918:20: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ctemp, entry, len); ctemp[len] = '\0';
data/blimps-3.9+ds/protomat/motmisc.c:921:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<strlen(ctemp); i++)
data/blimps-3.9+ds/protomat/motomat.c:180:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(Blk_Filename, Mot_Filename+motsplit->dir_len, motsplit->name_len);
data/blimps-3.9+ds/protomat/motomat.c:277:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(strlen(title)) || title[0] != '>')
data/blimps-3.9+ds/protomat/motomat.c:490:8: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c=getchar(); getchar(); /* 2nd get is for ENTER */
data/blimps-3.9+ds/protomat/motomat.c:490:19: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c=getchar(); getchar(); /* 2nd get is for ENTER */
data/blimps-3.9+ds/protomat/motomat.c:1182:19: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if (x >= 10) strcpy (tempname, "*");
data/blimps-3.9+ds/protomat/motomat.c:1190:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tempname, seqs->seq+seqs->offlen[0]+j, 1);
data/blimps-3.9+ds/protomat/motomat.c:1424:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(c, seqs->seq + seqs->offlen[s] + pos, 1);
data/blimps-3.9+ds/protomat/motomat.c:1478:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(c, seqs->seq + seqs->offlen[seq] + pos, 1);
data/blimps-3.9+ds/protomat/motomat.c:1513:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(c, seqs->seq + seqs->offlen[seq] + pos, 1);
data/blimps-3.9+ds/protomat/motomat.c:1605:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(c, seqs->seq+seqs->offlen[s1]+col1, 1);
data/blimps-3.9+ds/protomat/motomat.c:1614:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(c, seqs->seq+seqs->offlen[s2]+col2, 1);
data/blimps-3.9+ds/protomat/motomat2.c:936:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aclen = strlen(AC);
data/blimps-3.9+ds/protomat/multimat.c:179:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ctemp)) MaxHit = atoi(ctemp);
data/blimps-3.9+ds/protomat/multimat.c:249:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} while (nhom <= MAXHOM && strlen(homfile[nhom-1]));
data/blimps-3.9+ds/protomat/multimat.c:293:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (nhom > 1) AC[strlen(AC)-1] = '\0';
data/blimps-3.9+ds/protomat/multimat.c:294:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(AC) > 9)
data/blimps-3.9+ds/protomat/multimat.c:300:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ACLen = strlen(AC);
data/blimps-3.9+ds/protomat/multimat.c:410:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((int) strlen(line) > minlen && (t-first) < NScore)
data/blimps-3.9+ds/protomat/multimat.c:415:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp[t].seq_id, &line[0], 20); temp[t].seq_id[20]='\0';
data/blimps-3.9+ds/protomat/multimat.c:419:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp[t].seq_id, &line[0], 12); temp[t].seq_id[12]='\0';
data/blimps-3.9+ds/protomat/multimat.c:421:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp[t].title, &line[offtitle], 19);
data/blimps-3.9+ds/protomat/multimat.c:423:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ctemp, &line[offscore], 4); ctemp[4]='\0';
data/blimps-3.9+ds/protomat/multimat.c:425:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ctemp, &line[offframe], 2); ctemp[2]='\0';
data/blimps-3.9+ds/protomat/multimat.c:430:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ctemp, &line[offoffset], 5); ctemp[5]='\0';
data/blimps-3.9+ds/protomat/multimat.c:432:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ctemp, &line[offlen], 6); ctemp[6]='\0';
data/blimps-3.9+ds/protomat/multimat.c:472:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(id, did->entry, strlen(did->entry)) == 0)
data/blimps-3.9+ds/protomat/multimat.c:822:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aclen = strlen(ac);
data/blimps-3.9+ds/protomat/multimat.c:837:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(block->ac, line+5, aclen + 1); block->ac[aclen + 1] = '\0';
data/blimps-3.9+ds/protomat/multimat.c:890:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) == 1) /* blank line => new cluster */
data/blimps-3.9+ds/protomat/multimat.c:898:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((int) strlen(line) > (int) 1)
data/blimps-3.9+ds/protomat/multimat.c:901:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((int) strlen(line) > 20)
data/blimps-3.9+ds/protomat/multimat.c:918:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ptr) > MAX_WIDTH) ptr[MAX_WIDTH - 1] = '\0';
data/blimps-3.9+ds/protomat/multimat.c:922:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
block->width = (int) strlen(block->aa[block->nseq]);
data/blimps-3.9+ds/protomat/multimat.c:997:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(block->name[block->nseq], results[t].seq_id, SNAMELEN);
data/blimps-3.9+ds/protomat/multimat.c:1004:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(results[t].aa) < block->width )
data/blimps-3.9+ds/protomat/multimat.c:1006:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j = strlen(results[t].aa); j < block->width; j++)
data/blimps-3.9+ds/protomat/multimat.c:1041:42: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(pline, block->ac); strcat(pline, " ");
data/blimps-3.9+ds/protomat/multimat.c:1053:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (maxblock != NULL && strlen(pline))
data/blimps-3.9+ds/protomat/multimat.c:1057:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (i < (int) strlen(pline))
data/blimps-3.9+ds/protomat/multimat.c:1060:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (i+imin > (int) strlen(pline)) imin = (int) strlen(pline) - i;
data/blimps-3.9+ds/protomat/multimat.c:1060:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (i+imin > (int) strlen(pline)) imin = (int) strlen(pline) - i;
data/blimps-3.9+ds/protomat/multimat.c:1061:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tline, pline+i, imin); tline[imin] = '\0';
data/blimps-3.9+ds/protomat/multimat.c:1310:40: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
for (i=spot; i < spot+imin; i++) strncpy(dbline+i, block->ac+ACLen, 1);
data/blimps-3.9+ds/protomat/multimat.c:1353:20: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(qline+i, block->ac+ACLen, 1);
data/blimps-3.9+ds/protomat/multimat.c:1365:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ctemp, results[min_t].seq_id, SNAMELEN); ctemp[SNAMELEN] = '\0';
data/blimps-3.9+ds/protomat/multimat.c:1377:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (((int) strlen(qline) - qspot) <= ((int) strlen(dbline) - maxspot))
data/blimps-3.9+ds/protomat/multimat.c:1377:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (((int) strlen(qline) - qspot) <= ((int) strlen(dbline) - maxspot))
data/blimps-3.9+ds/protomat/multimat.c:1378:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qright = (int) strlen(qline);
data/blimps-3.9+ds/protomat/multimat.c:1380:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qright = qspot + (int) strlen(dbline) - maxspot;
data/blimps-3.9+ds/protomat/multimat.c:1381:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pline, qline+qleft, qright-qleft+1); pline[qright-qleft+1] = '\0';
data/blimps-3.9+ds/protomat/multimat.c:1383:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (qright != (int) strlen(qline)) pline[(int) strlen(pline)-1] = '>';
data/blimps-3.9+ds/protomat/multimat.c:1383:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (qright != (int) strlen(qline)) pline[(int) strlen(pline)-1] = '>';
data/blimps-3.9+ds/protomat/multimat.c:1408:19: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(qline+i, results[t].ac+ACLen, 1);
data/blimps-3.9+ds/protomat/multimat.c:1418:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!done && strlen(qline))
data/blimps-3.9+ds/protomat/multimat.c:1446:30: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
for (i=0; i<ACLen+1; i++) strcat(saveac, " ");
data/blimps-3.9+ds/protomat/multimat.c:1477:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(blkline+spot, ctemp, strlen(ctemp));
data/blimps-3.9+ds/protomat/multimat.c:1477:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(blkline+spot, ctemp, strlen(ctemp));
data/blimps-3.9+ds/protomat/multimat.c:1479:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(datline+spot, ctemp, strlen(ctemp));
data/blimps-3.9+ds/protomat/multimat.c:1479:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(datline+spot, ctemp, strlen(ctemp));
data/blimps-3.9+ds/protomat/multimat.c:1481:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(homline+spot, ctemp, strlen(ctemp));
data/blimps-3.9+ds/protomat/multimat.c:1481:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(homline+spot, ctemp, strlen(ctemp));
data/blimps-3.9+ds/protomat/multimat.c:1491:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(blkline+spot, ctemp, strlen(ctemp));
data/blimps-3.9+ds/protomat/multimat.c:1491:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(blkline+spot, ctemp, strlen(ctemp));
data/blimps-3.9+ds/protomat/multimat.c:1493:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(datline+spot, ctemp, strlen(ctemp));
data/blimps-3.9+ds/protomat/multimat.c:1493:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(datline+spot, ctemp, strlen(ctemp));
data/blimps-3.9+ds/protomat/multimat.c:1495:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(homline+spot, ctemp, strlen(ctemp));
data/blimps-3.9+ds/protomat/multimat.c:1495:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(homline+spot, ctemp, strlen(ctemp));
data/blimps-3.9+ds/protomat/multimat.c:1522:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(blkline+bspot, ctemp, strlen(ctemp));
data/blimps-3.9+ds/protomat/multimat.c:1522:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(blkline+bspot, ctemp, strlen(ctemp));
data/blimps-3.9+ds/protomat/multimat.c:1523:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bspot += strlen(ctemp);
data/blimps-3.9+ds/protomat/multimat.c:1527:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(datline+spot, block->aa[s]+i, 1);
data/blimps-3.9+ds/protomat/multimat.c:1528:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(homline+spot, block->aa[block->nseq-1]+i, 1);
data/blimps-3.9+ds/protomat/multimat.c:1640:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(seqaa, block->aa[s]+i, 1);
data/blimps-3.9+ds/protomat/multimat.c:1644:16: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(block->aa[s]+i, seqaa, 1);
data/blimps-3.9+ds/protomat/protomot.c:85:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(infile) < 2)
data/blimps-3.9+ds/protomat/protomot.c:101:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(PatName) < 2) strcpy(PatName, "all");
data/blimps-3.9+ds/protomat/protomot.c:120:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(Prefix) < 2)
data/blimps-3.9+ds/protomat/protomot.c:130:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(swiss) < 2) strcpy(swiss, "none");
data/blimps-3.9+ds/protomat/protomot.c:132:26: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
getcwd(defname, 40); strcat(defname, "/");
data/blimps-3.9+ds/protomat/protomot.c:135:32: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(defname, Prefix); strcat(defname, "/");
data/blimps-3.9+ds/protomat/protomot.c:146:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(Pros) < 2) strcpy(Pros, defname);
data/blimps-3.9+ds/protomat/protomot.c:149:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (Pros[(int) strlen(Pros)-1] != '/') strcat(Pros, "/");
data/blimps-3.9+ds/protomat/protomot.c:149:43: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (Pros[(int) strlen(Pros)-1] != '/') strcat(Pros, "/");
data/blimps-3.9+ds/protomat/protomot.c:199:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(line, dbs[db]->start, (int) strlen(dbs[db]->start)) == 0)
data/blimps-3.9+ds/protomat/protomot.c:211:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncmp(line, dbs[db]->end, (int) strlen(dbs[db]->end)) != 0 )
data/blimps-3.9+ds/protomat/protomot.c:217:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(title, ">");
data/blimps-3.9+ds/protomat/protomot.c:226:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(title, ";");
data/blimps-3.9+ds/protomat/protomot.c:232:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(title, ";");
data/blimps-3.9+ds/protomat/protomot.c:252:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i< (int) strlen(title); i++)
data/blimps-3.9+ds/protomat/protomot.c:263:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(title, "$"); /* finish off title */
data/blimps-3.9+ds/protomat/protomot.c:291:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncmp(line, dbs[db]->end, strlen(dbs[db]->end)) != 0 &&
data/blimps-3.9+ds/protomat/protomot.c:299:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(pdbs) && strncmp(line, "3D", 2) == 0)
data/blimps-3.9+ds/protomat/protomot.c:305:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pdbs)) fprintf(fpdb, "%s %s", ac, pdbs);
data/blimps-3.9+ds/protomat/protomot.c:433:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&tempc[0], &pattern[nl], n);
data/blimps-3.9+ds/protomat/uextract.c:176:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(foutname))
data/blimps-3.9+ds/protomat/uextract.c:191:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(title) && title[0] != '>')
data/blimps-3.9+ds/protomat/uextract.c:199:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ptr != NULL) stitle[strlen(stitle)-strlen(ptr)] = '\0';
data/blimps-3.9+ds/protomat/uextract.c:199:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ptr != NULL) stitle[strlen(stitle)-strlen(ptr)] = '\0';
data/blimps-3.9+ds/protomat/uextract.c:200:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else stitle[strlen(stitle) - 1] = '\0'; /* get rid of \n */
data/blimps-3.9+ds/protomat/uextract.c:206:40: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (getcwd(Pros, FNAMELEN) != NULL) strcat(Pros, "/"); /*DOS*/
data/blimps-3.9+ds/protomat/uextract.c:208:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(stemp) && stemp[0] != '>' && strstr(stemp, "/") != NULL) /*DOS*/
data/blimps-3.9+ds/protomat/uextract.c:210:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(Pros, stemp); Pros[strlen(stemp)-1] = '\0'; /* get rid of nl */
data/blimps-3.9+ds/protomat/uextract.c:271:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(lstname, lisfile+lissplit->dir_len, lissplit->name_len);
data/blimps-3.9+ds/protomat/uextract.c:279:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(title) > 2) fprintf(flst, "%s", title);
data/blimps-3.9+ds/protomat/uextract.c:280:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(Pros) > 2) fprintf(flst, "%s\n", Pros);
data/blimps-3.9+ds/protomat/uextract.c:308:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(runtype, "4");
data/blimps-3.9+ds/protomat/uextract.c:309:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(dups, "0");
data/blimps-3.9+ds/protomat/uextract.c:332:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(title) > 2) fprintf(flis, "%s", title);
data/blimps-3.9+ds/protomat/uextract.c:333:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(Pros) > 2) fprintf(flis, "%s\n", Pros);
data/blimps-3.9+ds/protomat/uextract.c:354:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
{ strcpy(stemp, "-"); strcat(stemp, foutname);
data/blimps-3.9+ds/protomat/uextract.c:405:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ if ( (doll+4) < strlen(sid1) ) sid1[doll+4] = '\0'; }
data/blimps-3.9+ds/protomat/uextract.c:417:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ if ( (doll+4) < strlen(tid) ) tid[doll+4] = '\0'; }
data/blimps-3.9+ds/protomat/uextract.c:425:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(save->ps)) fprintf(flst, " PS=%s", save->ps);
data/blimps-3.9+ds/protomat/uextract.c:448:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(save->ps)) fprintf(flst," PS=%s", save->ps);
data/blimps-3.9+ds/protomat/uextract.c:470:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(id->ps)) fprintf(flis, " PS=%s", id->ps);
data/blimps-3.9+ds/protomat/uextract.c:474:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(id->pir)) fprintf(flis, " PIR=%s", id->pir);
data/blimps-3.9+ds/protomat/universa.c:78:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(outfile) < 2)
data/blimps-3.9+ds/protomat/universa.c:121:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(line, dbs[db]->start, strlen(dbs[db]->start)) == 0)
data/blimps-3.9+ds/protomat/universa.c:127:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ptr) > 19) ptr[19] = '\0';
data/blimps-3.9+ds/protomat/universa.c:130:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncmp(line, dbs[db]->seq, strlen(dbs[db]->seq)) != 0)
data/blimps-3.9+ds/protomat/universa.c:132:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(line, dbs[db]->desc, strlen(dbs[db]->desc)) == 0 &&
data/blimps-3.9+ds/protomat/universa.c:134:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(title) + strlen(line) < MAXLINE )
data/blimps-3.9+ds/protomat/universa.c:134:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(title) + strlen(line) < MAXLINE )
data/blimps-3.9+ds/protomat/universa.c:137:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
desc[strlen(desc)-2] = '\0'; /* get rid of CRLF */
data/blimps-3.9+ds/protomat/universa.c:139:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(line, dbs[db]->acc, strlen(dbs[db]->acc)) == 0 &&
data/blimps-3.9+ds/protomat/universa.c:141:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(title) + strlen(line) < MAXLINE )
data/blimps-3.9+ds/protomat/universa.c:141:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(title) + strlen(line) < MAXLINE )
data/blimps-3.9+ds/protomat/universa.c:144:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
acc[strlen(acc)-2] = '\0'; /* get rid of CRLF */
data/blimps-3.9+ds/protomat/universa.c:154:28: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(temp, "|");
data/blimps-3.9+ds/protomat/universa.c:164:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(title) + 10 < MAXLINE) )
data/blimps-3.9+ds/protomat/universa.c:167:19: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(temp, &line[14], 7);
data/blimps-3.9+ds/protomat/universa.c:168:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
temp[strlen(title)+10] = '\0';
data/blimps-3.9+ds/protomat/universa.c:187:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(title) >= MAXTITLE)
data/blimps-3.9+ds/protomat/universa.c:194:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(title) >= (MAXTITLE-11) )
data/blimps-3.9+ds/protomat/universa.c:203:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncmp(line, dbs[db]->end, strlen(dbs[db]->end)) != 0)
data/blimps-3.9+ds/protomat/universa.c:205:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<strlen(line); i++) /* change CR to space */
ANALYSIS SUMMARY:
Hits = 3271
Lines analyzed = 65575 in approximately 2.50 seconds (26270 lines/second)
Physical Source Lines of Code (SLOC) = 43268
Hits@level = [0] 3317 [1] 866 [2] 1404 [3] 52 [4] 912 [5] 37
Hits@level+ = [0+] 6588 [1+] 3271 [2+] 2405 [3+] 1001 [4+] 949 [5+] 37
Hits/KSLOC@level+ = [0+] 152.26 [1+] 75.5986 [2+] 55.5838 [3+] 23.1349 [4+] 21.9331 [5+] 0.855135
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.