Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/eigensoft-7.2.1+dfsg/include/admutils.h
Examining data/eigensoft-7.2.1+dfsg/include/badpairs.h
Examining data/eigensoft-7.2.1+dfsg/include/egsubs.h
Examining data/eigensoft-7.2.1+dfsg/include/eigqpsubs.h
Examining data/eigensoft-7.2.1+dfsg/include/eigsubs.h
Examining data/eigensoft-7.2.1+dfsg/include/exclude.h
Examining data/eigensoft-7.2.1+dfsg/include/getpars.h
Examining data/eigensoft-7.2.1+dfsg/include/globals.h
Examining data/eigensoft-7.2.1+dfsg/include/gval.h
Examining data/eigensoft-7.2.1+dfsg/include/kjg_fpca.h
Examining data/eigensoft-7.2.1+dfsg/include/kjg_gsl.h
Examining data/eigensoft-7.2.1+dfsg/include/ldsubs.h
Examining data/eigensoft-7.2.1+dfsg/include/linsubs.h
Examining data/eigensoft-7.2.1+dfsg/include/mcio.h
Examining data/eigensoft-7.2.1+dfsg/include/mcmcpars.h
Examining data/eigensoft-7.2.1+dfsg/include/nicklib.h
Examining data/eigensoft-7.2.1+dfsg/include/packit.h
Examining data/eigensoft-7.2.1+dfsg/include/qpsubs.h
Examining data/eigensoft-7.2.1+dfsg/include/ranmath.h
Examining data/eigensoft-7.2.1+dfsg/include/regsubs.h
Examining data/eigensoft-7.2.1+dfsg/include/smartsubs.h
Examining data/eigensoft-7.2.1+dfsg/include/sortit.h
Examining data/eigensoft-7.2.1+dfsg/include/statsubs.h
Examining data/eigensoft-7.2.1+dfsg/include/strsubs.h
Examining data/eigensoft-7.2.1+dfsg/include/twtable.h
Examining data/eigensoft-7.2.1+dfsg/include/vsubs.h
Examining data/eigensoft-7.2.1+dfsg/include/workqueue.h
Examining data/eigensoft-7.2.1+dfsg/include/xpsubs.h
Examining data/eigensoft-7.2.1+dfsg/include/xsearch.h
Examining data/eigensoft-7.2.1+dfsg/src/admutils.c
Examining data/eigensoft-7.2.1+dfsg/src/baseprog.c
Examining data/eigensoft-7.2.1+dfsg/src/convertf.c
Examining data/eigensoft-7.2.1+dfsg/src/egsubs.c
Examining data/eigensoft-7.2.1+dfsg/src/eigensrc/eigenstrat.c
Examining data/eigensoft-7.2.1+dfsg/src/eigensrc/eigenstratQTL.c
Examining data/eigensoft-7.2.1+dfsg/src/eigensrc/eigsubs.c
Examining data/eigensoft-7.2.1+dfsg/src/eigensrc/eigx.c
Examining data/eigensoft-7.2.1+dfsg/src/eigensrc/exclude.c
Examining data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c
Examining data/eigensoft-7.2.1+dfsg/src/eigensrc/pcatoy.c
Examining data/eigensoft-7.2.1+dfsg/src/eigensrc/smarteigenstrat.c
Examining data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c
Examining data/eigensoft-7.2.1+dfsg/src/eigensrc/smartrel.c
Examining data/eigensoft-7.2.1+dfsg/src/eigensrc/smartsubs.c
Examining data/eigensoft-7.2.1+dfsg/src/eigensrc/twstats.c
Examining data/eigensoft-7.2.1+dfsg/src/gval.c
Examining data/eigensoft-7.2.1+dfsg/src/gval.h
Examining data/eigensoft-7.2.1+dfsg/src/h2d.c
Examining data/eigensoft-7.2.1+dfsg/src/ksrc/kjg_fpca.c
Examining data/eigensoft-7.2.1+dfsg/src/ksrc/kjg_gsl.c
Examining data/eigensoft-7.2.1+dfsg/src/mcio.c
Examining data/eigensoft-7.2.1+dfsg/src/mergeit.c
Examining data/eigensoft-7.2.1+dfsg/src/nicksrc/gauss.c
Examining data/eigensoft-7.2.1+dfsg/src/nicksrc/gds.c
Examining data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c
Examining data/eigensoft-7.2.1+dfsg/src/nicksrc/linsubs.c
Examining data/eigensoft-7.2.1+dfsg/src/nicksrc/qqq.c
Examining data/eigensoft-7.2.1+dfsg/src/nicksrc/sortit.c
Examining data/eigensoft-7.2.1+dfsg/src/nicksrc/statsubs.c
Examining data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c
Examining data/eigensoft-7.2.1+dfsg/src/nicksrc/twtable.c
Examining data/eigensoft-7.2.1+dfsg/src/nicksrc/vsubs.c
Examining data/eigensoft-7.2.1+dfsg/src/nicksrc/xsearch.c
Examining data/eigensoft-7.2.1+dfsg/src/pca.c
Examining data/eigensoft-7.2.1+dfsg/src/qpsubs.c
Examining data/eigensoft-7.2.1+dfsg/src/regsubs.c
Examining data/eigensoft-7.2.1+dfsg/src/smshrink.c
Examining data/eigensoft-7.2.1+dfsg/src/twsubs.c
FINAL RESULTS:
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1369:3: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod (fname, 0777);
data/eigensoft-7.2.1+dfsg/src/admutils.c:1234:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (xxx, ss);
data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:554:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buff, "rm -f %s", deletesnpoutname);
data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:555:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system (buff);
data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:1512:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (sss, "%s raw", cupt->ID);
data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:1515:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (sss, "%s subtract sing vec %d", cupt->ID, j + 1);
data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:1820:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ss2, "%s %s ", sss, "overall");
data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:1862:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ss2, "%s %s %s ", sss, eglist[k1], eglist[k2]);
data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:1994:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ss2, sss);
data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:3203:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (sss, "%s.N.bin", grmoutname);
data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:3228:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (sss, "%s.bin", grmoutname);
data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:3266:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (sss, "%s.id", grmoutname);
data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:596:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buff, "rm -f %s", deletesnpoutname);
data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:597:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system (buff);
data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:1632:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (sss, "%s raw", cupt->ID);
data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:1635:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (sss, "%s subtract sing vec %d", cupt->ID, j + 1);
data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:1973:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ss2, "%s %s ", sss, "overall");
data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:2015:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ss2, "%s %s %s ", sss, eglist[k1], eglist[k2]);
data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:2147:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ss2, sss);
data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:3331:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (sss, "%s.N.bin", grmoutname);
data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:3356:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (sss, "%s.bin", grmoutname);
data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:3394:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (sss, "%s.id", grmoutname);
data/eigensoft-7.2.1+dfsg/src/eigensrc/smartrel.c:849:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ss2, "%s %s ", sss, "overall");
data/eigensoft-7.2.1+dfsg/src/eigensrc/smartrel.c:891:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ss2, "%s %s %s ", sss, eglist[k1], eglist[k2]);
data/eigensoft-7.2.1+dfsg/src/eigensrc/smartrel.c:1020:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ss2, sss);
data/eigensoft-7.2.1+dfsg/src/h2d.c:25:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ss, indx->ID);
data/eigensoft-7.2.1+dfsg/src/h2d.c:33:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (indp->ID, ss);
data/eigensoft-7.2.1+dfsg/src/h2d.c:60:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s1, "%s:A", indx->ID);
data/eigensoft-7.2.1+dfsg/src/h2d.c:61:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s2, "%s:B", indx->ID);
data/eigensoft-7.2.1+dfsg/src/h2d.c:64:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s1, "%s_A", indx->ID);
data/eigensoft-7.2.1+dfsg/src/h2d.c:65:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s2, "%s_B", indx->ID);
data/eigensoft-7.2.1+dfsg/src/ksrc/kjg_gsl.c:19:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stream, template, gsl_matrix_get (m, i, 0));
data/eigensoft-7.2.1+dfsg/src/ksrc/kjg_gsl.c:23:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stream, template, gsl_matrix_get (m, i, j));
data/eigensoft-7.2.1+dfsg/src/ksrc/kjg_gsl.c:51:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stream, template, gsl_vector_get (eval, 0));
data/eigensoft-7.2.1+dfsg/src/ksrc/kjg_gsl.c:55:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stream, template, gsl_vector_get (eval, i));
data/eigensoft-7.2.1+dfsg/src/mcio.c:445:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (sdpt->ID, spt[0]);
data/eigensoft-7.2.1+dfsg/src/mcio.c:555:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (sdpt->ID, spt[1]);
data/eigensoft-7.2.1+dfsg/src/mcio.c:784:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ss, sdpt->cchrom);
data/eigensoft-7.2.1+dfsg/src/mcio.c:842:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cupt->ID, sname);
data/eigensoft-7.2.1+dfsg/src/mcio.c:996:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (indx->ID, sx);
data/eigensoft-7.2.1+dfsg/src/mcio.c:1060:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (indx->ID, nnbuff);
data/eigensoft-7.2.1+dfsg/src/mcio.c:1162:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cbuff, sx0);
data/eigensoft-7.2.1+dfsg/src/mcio.c:1164:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cbuff + l0 + 1, sx1);
data/eigensoft-7.2.1+dfsg/src/mcio.c:1167:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cbuff, sx1);
data/eigensoft-7.2.1+dfsg/src/mcio.c:1364:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (line, "%s/genotmp:%d", trashdir, getpid ());
data/eigensoft-7.2.1+dfsg/src/mcio.c:1366:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "gunzip -c %s > %s", genoname, genotmp);
data/eigensoft-7.2.1+dfsg/src/mcio.c:1368:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system (cmd);
data/eigensoft-7.2.1+dfsg/src/mcio.c:1369:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
kret = system (cmd);
data/eigensoft-7.2.1+dfsg/src/mcio.c:2089:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ss, indx->egroup);
data/eigensoft-7.2.1+dfsg/src/mcio.c:3225:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ss, indx->egroup);
data/eigensoft-7.2.1+dfsg/src/mcio.c:4459:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ss, sdpt->cchrom);
data/eigensoft-7.2.1+dfsg/src/mcio.c:4489:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ss, sss + 3);
data/eigensoft-7.2.1+dfsg/src/mcio.c:4493:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(strcpy (ss, sss));
data/eigensoft-7.2.1+dfsg/src/mcio.c:4682:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (gpt->gname, geno2name);
data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:184:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (str, field[0]);
data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:210:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (str, pp->pdata[kode]);
data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:237:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (str, pp->pdata[kode]);
data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:258:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (str, pp->pdata[kode]);
data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:283:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (str, pp->pdata[kode]);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:109:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (xword, spt);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:116:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (xword, spt);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:127:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (xrest, sx);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:183:3: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf (Estr, fmt, args);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:264:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (bigbuff, strin);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:306:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (bigbuff, strin);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:447:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (sxout, spt[i]);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:464:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (sxout, spt[i]);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:486:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (sxout, spt[i]);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:488:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (sxout, cc);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:510:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (outname, fname);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:518:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ss, dirname);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:522:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ss, fname);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:552:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (str + off, outx);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:555:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (str + off + x, pt);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1174:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (sout, sss);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1335:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (fmt, s1);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1339:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (fmt, ss[k]);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1341:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (fmt, "NULL");
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1586:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (aa, a);
data/eigensoft-7.2.1+dfsg/src/nicksrc/vsubs.c:985:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (format, a[i * n + j]);
data/eigensoft-7.2.1+dfsg/src/smshrink.c:577:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buff, "rm -f %s", deletesnpoutname);
data/eigensoft-7.2.1+dfsg/src/smshrink.c:578:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system (buff);
data/eigensoft-7.2.1+dfsg/src/smshrink.c:1522:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (sss, "%s raw", cupt->ID);
data/eigensoft-7.2.1+dfsg/src/smshrink.c:1525:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (sss, "%s subtract sing vec %d", cupt->ID, j + 1);
data/eigensoft-7.2.1+dfsg/src/smshrink.c:1857:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ss2, "%s %s ", sss, "overall");
data/eigensoft-7.2.1+dfsg/src/smshrink.c:1899:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ss2, "%s %s %s ", sss, eglist[k1], eglist[k2]);
data/eigensoft-7.2.1+dfsg/src/smshrink.c:2031:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ss2, sss);
data/eigensoft-7.2.1+dfsg/src/smshrink.c:3235:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (sss, "%s.N.bin", grmoutname);
data/eigensoft-7.2.1+dfsg/src/smshrink.c:3260:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (sss, "%s.bin", grmoutname);
data/eigensoft-7.2.1+dfsg/src/smshrink.c:3298:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (sss, "%s.id", grmoutname);
data/eigensoft-7.2.1+dfsg/include/ranmath.h:8:16: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define SRAND srandom
data/eigensoft-7.2.1+dfsg/include/ranmath.h:9:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define LRAND random
data/eigensoft-7.2.1+dfsg/include/ranmath.h:10:29: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define DRAND() ( (double) (random() % BIGINT) / (double) (BIGINT))
data/eigensoft-7.2.1+dfsg/src/baseprog.c:193:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt (argc, argv, "p:vV")) != -1) {
data/eigensoft-7.2.1+dfsg/src/convertf.c:544:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt (argc, argv, "p:vV")) != -1) {
data/eigensoft-7.2.1+dfsg/src/eigensrc/eigenstrat.c:34:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt (argc, argv, "i:j:p:l:o:")) != -1) {
data/eigensoft-7.2.1+dfsg/src/eigensrc/eigenstratQTL.c:34:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt (argc, argv, "i:j:p:l:o:")) != -1) {
data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:1543:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt (argc, argv, "p:vV")) != -1) {
data/eigensoft-7.2.1+dfsg/src/eigensrc/smarteigenstrat.c:232:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt (argc, argv, "p:vV")) != -1) {
data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:1686:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt (argc, argv, "p:vV")) != -1) {
data/eigensoft-7.2.1+dfsg/src/eigensrc/smartrel.c:634:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt (argc, argv, "p:vV")) != -1) {
data/eigensoft-7.2.1+dfsg/src/eigensrc/twstats.c:90:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt (argc, argv, "i:o:p:n:m:t:V")) != -1) {
data/eigensoft-7.2.1+dfsg/src/mergeit.c:356:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt (argc, argv, "p:vVf")) != -1) {
data/eigensoft-7.2.1+dfsg/src/pca.c:32:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt (argc, argv, "i:k:o:e:l:m:t:s:")) != -1) {
data/eigensoft-7.2.1+dfsg/src/smshrink.c:1576:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt (argc, argv, "p:vV")) != -1) {
data/eigensoft-7.2.1+dfsg/include/admutils.h:10:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ID[IDSIZE];
data/eigensoft-7.2.1+dfsg/include/admutils.h:35:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ID[IDSIZE];
data/eigensoft-7.2.1+dfsg/include/admutils.h:37:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cchrom[6];
data/eigensoft-7.2.1+dfsg/include/admutils.h:72:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alleles[2];
data/eigensoft-7.2.1+dfsg/include/admutils.h:78:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ID[IDSIZE];
data/eigensoft-7.2.1+dfsg/include/admutils.h:91:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gname[IDSIZE];
data/eigensoft-7.2.1+dfsg/include/mcio.h:35:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ID[IDSIZE];
data/eigensoft-7.2.1+dfsg/include/mcio.h:39:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cchrom[6];
data/eigensoft-7.2.1+dfsg/include/mcio.h:43:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alleles[2];
data/eigensoft-7.2.1+dfsg/src/admutils.c:407:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdir = open (dirname, O_RDONLY, 0);
data/eigensoft-7.2.1+dfsg/src/admutils.c:1025:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/admutils.c:1026:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *spt[MAXFF];
data/eigensoft-7.2.1+dfsg/src/admutils.c:1233:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char xxx[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/admutils.c:1246:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *spt[MAXS];
data/eigensoft-7.2.1+dfsg/src/baseprog.c:189:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[5000];
data/eigensoft-7.2.1+dfsg/src/convertf.c:540:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[5000];
data/eigensoft-7.2.1+dfsg/src/convertf.c:936:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/convertf.c:937:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *spt[MAXFF];
data/eigensoft-7.2.1+dfsg/src/convertf.c:972:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/convertf.c:973:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *spt[MAXFF];
data/eigensoft-7.2.1+dfsg/src/convertf.c:1049:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *spt[MAXFF];
data/eigensoft-7.2.1+dfsg/src/egsubs.c:55:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/egsubs.c:56:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *spt[MAXFF];
data/eigensoft-7.2.1+dfsg/src/egsubs.c:76:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tt = atoi (spt[1]);
data/eigensoft-7.2.1+dfsg/src/egsubs.c:89:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/egsubs.c:90:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *spt[MAXFF];
data/eigensoft-7.2.1+dfsg/src/egsubs.c:115:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/egsubs.c:116:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *spt[MAXFF];
data/eigensoft-7.2.1+dfsg/src/eigensrc/eigenstrat.c:49:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
L = atoi (optarg); /* number of principal components to correct */
data/eigensoft-7.2.1+dfsg/src/eigensrc/eigenstrat.c:64:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fpout = fopen (OUTFILE, "w")) == NULL) {
data/eigensoft-7.2.1+dfsg/src/eigensrc/eigenstrat.c:80:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (INFILE, "r")) == NULL) {
data/eigensoft-7.2.1+dfsg/src/eigensrc/eigenstrat.c:119:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fppca = fopen (PCAFILE, "r")) == NULL) {
data/eigensoft-7.2.1+dfsg/src/eigensrc/eigenstrat.c:160:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fppheno = fopen (PHENOFILE, "r")) == NULL) {
data/eigensoft-7.2.1+dfsg/src/eigensrc/eigenstrat.c:237:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (INFILE, "r")) == NULL) {
data/eigensoft-7.2.1+dfsg/src/eigensrc/eigenstratQTL.c:49:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
L = atoi (optarg); /* number of principal components to correct */
data/eigensoft-7.2.1+dfsg/src/eigensrc/eigenstratQTL.c:64:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fpout = fopen (OUTFILE, "w")) == NULL) {
data/eigensoft-7.2.1+dfsg/src/eigensrc/eigenstratQTL.c:80:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (INFILE, "r")) == NULL) {
data/eigensoft-7.2.1+dfsg/src/eigensrc/eigenstratQTL.c:119:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fppca = fopen (PCAFILE, "r")) == NULL) {
data/eigensoft-7.2.1+dfsg/src/eigensrc/eigenstratQTL.c:160:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fppheno = fopen (PHENOFILE, "r")) == NULL) {
data/eigensoft-7.2.1+dfsg/src/eigensrc/eigenstratQTL.c:220:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (INFILE, "r")) == NULL) {
data/eigensoft-7.2.1+dfsg/src/eigensrc/eigsubs.c:83:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fid = fopen ("eigsubs.dbg", "a");
data/eigensoft-7.2.1+dfsg/src/eigensrc/eigsubs.c:98:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fid = fopen ("eigsubs.dbg", "a");
data/eigensoft-7.2.1+dfsg/src/eigensrc/eigsubs.c:175:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fid = fopen ("eigsubs.dbg", "a");
data/eigensoft-7.2.1+dfsg/src/eigensrc/exclude.c:17:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/eigensrc/exclude.c:18:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *spt[MAXFF];
data/eigensoft-7.2.1+dfsg/src/eigensrc/exclude.c:21:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (xregionname, "r")) == NULL) {
data/eigensoft-7.2.1+dfsg/src/eigensrc/exclude.c:35:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
chr[i] = atoi (spt[0]);
data/eigensoft-7.2.1+dfsg/src/eigensrc/exclude.c:36:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lo[i] = atoi (spt[1]);
data/eigensoft-7.2.1+dfsg/src/eigensrc/exclude.c:37:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hi[i] = atoi (spt[2]);
data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:422:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&(XTX[row_idx * nrows]), &(XTX[(row_idx * (row_idx + 1)) / 2]),
data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:464:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sss[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:553:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[256];
data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:1485:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (sss, "eigenvector %d", j + 1);
data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:1786:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ss1[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:1787:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ss2[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:1983:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sshit[4];
data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:1984:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ss2[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:2022:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (sshit, "***");
data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:2024:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (sshit, "+++");
data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:3195:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sss[256];
data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:3205:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdes = open (sss, O_CREAT | O_TRUNC | O_RDWR, 0666);
data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:3230:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdes = open (sss, O_CREAT | O_TRUNC | O_RDWR, 0666);
data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:3261:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sss[256];
data/eigensoft-7.2.1+dfsg/src/eigensrc/smarteigenstrat.c:327:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fppca = fopen (PCAFILE, "r")) == NULL) {
data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:448:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&(XTX[row_idx * nrows]), &(XTX[(row_idx * (row_idx + 1)) / 2]),
data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:490:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sss[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:595:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[256];
data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:1605:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (sss, "eigenvector %d", j + 1);
data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:1939:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ss1[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:1940:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ss2[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:2136:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sshit[4];
data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:2137:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ss2[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:2175:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (sshit, "***");
data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:2177:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (sshit, "+++");
data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:3323:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sss[256];
data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:3333:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdes = open (sss, O_CREAT | O_TRUNC | O_RDWR, 0666);
data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:3358:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdes = open (sss, O_CREAT | O_TRUNC | O_RDWR, 0666);
data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:3389:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sss[256];
data/eigensoft-7.2.1+dfsg/src/eigensrc/smartrel.c:815:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ss1[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/eigensrc/smartrel.c:816:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ss2[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/eigensrc/smartrel.c:1009:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sshit[4];
data/eigensoft-7.2.1+dfsg/src/eigensrc/smartrel.c:1010:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ss2[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/eigensrc/smartrel.c:1048:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (sshit, "***");
data/eigensoft-7.2.1+dfsg/src/eigensrc/smartrel.c:1050:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (sshit, "+++");
data/eigensoft-7.2.1+dfsg/src/eigensrc/twstats.c:111:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
minleneig = atoi (optarg);
data/eigensoft-7.2.1+dfsg/src/h2d.c:14:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ss[50];
data/eigensoft-7.2.1+dfsg/src/h2d.c:51:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s1[50], s2[50];
data/eigensoft-7.2.1+dfsg/src/mcio.c:288:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXSTR + 1], c;
data/eigensoft-7.2.1+dfsg/src/mcio.c:289:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *spt[MAXFF], *sx;
data/eigensoft-7.2.1+dfsg/src/mcio.c:408:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[LONGSTR];
data/eigensoft-7.2.1+dfsg/src/mcio.c:409:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *spt[MAXFF], *sx;
data/eigensoft-7.2.1+dfsg/src/mcio.c:477:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
setsdpos (sdpt, atoi (spt[3]));
data/eigensoft-7.2.1+dfsg/src/mcio.c:489:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sdpt->nn[k] = atoi (spt[4 + k]);
data/eigensoft-7.2.1+dfsg/src/mcio.c:530:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/mcio.c:531:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *spt[MAXFF], *sx;
data/eigensoft-7.2.1+dfsg/src/mcio.c:583:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (sdpt->cchrom, "99");
data/eigensoft-7.2.1+dfsg/src/mcio.c:608:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sdpt->nn[k] = atoi (spt[4 + k]);
data/eigensoft-7.2.1+dfsg/src/mcio.c:750:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ss[6];
data/eigensoft-7.2.1+dfsg/src/mcio.c:754:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (ss, "??");
data/eigensoft-7.2.1+dfsg/src/mcio.c:764:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (sdpt->cchrom, "%d", chrom);
data/eigensoft-7.2.1+dfsg/src/mcio.c:806:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (cupt->ID, "fake-%d:%d", xc, nfake);
data/eigensoft-7.2.1+dfsg/src/mcio.c:968:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/mcio.c:969:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *spt[MAXFF], *sx;
data/eigensoft-7.2.1+dfsg/src/mcio.c:1027:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *spt[MAXFF], *sx, *sx0, gender;
data/eigensoft-7.2.1+dfsg/src/mcio.c:1033:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nnbuff[IDSIZE];
data/eigensoft-7.2.1+dfsg/src/mcio.c:1063:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
k = atoi (sx);
data/eigensoft-7.2.1+dfsg/src/mcio.c:1176:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/mcio.c:1177:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *spt[MAXFF], *sx;
data/eigensoft-7.2.1+dfsg/src/mcio.c:1241:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/mcio.c:1242:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *spt[MAXFF], *sx;
data/eigensoft-7.2.1+dfsg/src/mcio.c:1342:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXSTR], cmd[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/mcio.c:1343:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *spt[MAXFF], *sx;
data/eigensoft-7.2.1+dfsg/src/mcio.c:1519:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi (spt[2]);
data/eigensoft-7.2.1+dfsg/src/mcio.c:1838:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/mcio.c:1839:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *spt[MAXFF];
data/eigensoft-7.2.1+dfsg/src/mcio.c:1893:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (ss, "chr");
data/eigensoft-7.2.1+dfsg/src/mcio.c:1897:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (sx, "%d", chrom);
data/eigensoft-7.2.1+dfsg/src/mcio.c:1902:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (sx, "2a");
data/eigensoft-7.2.1+dfsg/src/mcio.c:1906:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (sx, "2b");
data/eigensoft-7.2.1+dfsg/src/mcio.c:1922:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ss[10];
data/eigensoft-7.2.1+dfsg/src/mcio.c:2023:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ss[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/mcio.c:2091:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ss, "%9.3f", indx->rawqval);
data/eigensoft-7.2.1+dfsg/src/mcio.c:2114:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/mcio.c:2115:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *spt[MAXFF], *sx;
data/eigensoft-7.2.1+dfsg/src/mcio.c:2166:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/mcio.c:2167:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *spt[MAXFF], *sx;
data/eigensoft-7.2.1+dfsg/src/mcio.c:2240:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/mcio.c:2241:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *spt[MAXFF], *sx;
data/eigensoft-7.2.1+dfsg/src/mcio.c:2340:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf ((char *) buff, "GENO %7d %7d %x %x", nind, nsnp, ihash, shash);
data/eigensoft-7.2.1+dfsg/src/mcio.c:2343:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdes = open (genooutfilename, O_CREAT | O_TRUNC | O_RDWR, 0666);
data/eigensoft-7.2.1+dfsg/src/mcio.c:2406:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[8];
data/eigensoft-7.2.1+dfsg/src/mcio.c:2408:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdes = open (gname, O_RDONLY);
data/eigensoft-7.2.1+dfsg/src/mcio.c:2435:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/mcio.c:2436:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *spt[MAXFF], *sx;
data/eigensoft-7.2.1+dfsg/src/mcio.c:2472:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *spt[2], *sx;
data/eigensoft-7.2.1+dfsg/src/mcio.c:2711:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char **arrx, junk[10];
data/eigensoft-7.2.1+dfsg/src/mcio.c:2733:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdes = open (gname, O_RDONLY);
data/eigensoft-7.2.1+dfsg/src/mcio.c:2831:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/mcio.c:2832:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *spt[MAXFF], *sx;
data/eigensoft-7.2.1+dfsg/src/mcio.c:3211:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ss[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/mcio.c:3227:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ss, "%9.3f", indx->rawqval);
data/eigensoft-7.2.1+dfsg/src/mcio.c:3568:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ibuff[3];
data/eigensoft-7.2.1+dfsg/src/mcio.c:3597:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdes = open (gname, O_CREAT | O_TRUNC | O_RDWR, 0666);
data/eigensoft-7.2.1+dfsg/src/mcio.c:3703:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ss, "%d", chrom);
data/eigensoft-7.2.1+dfsg/src/mcio.c:3718:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi (ss);
data/eigensoft-7.2.1+dfsg/src/mcio.c:3727:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ss[5];
data/eigensoft-7.2.1+dfsg/src/mcio.c:3773:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bb[2];
data/eigensoft-7.2.1+dfsg/src/mcio.c:3779:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi (bb);
data/eigensoft-7.2.1+dfsg/src/mcio.c:3843:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *buff, ibuff[3], jbuff[3];
data/eigensoft-7.2.1+dfsg/src/mcio.c:3865:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdes = open (gname, O_RDONLY);
data/eigensoft-7.2.1+dfsg/src/mcio.c:4291:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char **arrx, junk[10];
data/eigensoft-7.2.1+dfsg/src/mcio.c:4341:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdes = open (gname, O_RDONLY);
data/eigensoft-7.2.1+dfsg/src/mcio.c:4456:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ss[10], *sx;
data/eigensoft-7.2.1+dfsg/src/mcio.c:4485:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ss[6];
data/eigensoft-7.2.1+dfsg/src/mcio.c:4509:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi (ss);
data/eigensoft-7.2.1+dfsg/src/mcio.c:4696:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdes = open (geno2name, O_RDONLY);
data/eigensoft-7.2.1+dfsg/src/mcio.c:4835:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fid = fopen (deletesnpoutname, "a");
data/eigensoft-7.2.1+dfsg/src/mergeit.c:352:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[5000];
data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:34:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXSTR + 1];
data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:35:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:36:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ww[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:37:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rest[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:39:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ppars[MAXPARS];
data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:40:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pdata[MAXPARS];
data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:46:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ff = pp->fx = fopen (fname, "r");
data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:159:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *field[MAXFIELD];
data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:176:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *field[MAXFIELD];
data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:177:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:195:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*kret = atoi (str);
data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:202:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *field[MAXFIELD];
data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:204:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:218:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
aint[i] = atoi (field[i]);
data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:229:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *field[MAXFIELD];
data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:231:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:241:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
aint[i] = atoi (field[i]);
data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:251:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *field[MAXFIELD];
data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:253:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:275:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *field[MAXFIELD];
data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:277:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:313:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *field[MAXFIELD];
data/eigensoft-7.2.1+dfsg/src/nicksrc/statsubs.c:1725:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fff = fopen (twxtable, "r");
data/eigensoft-7.2.1+dfsg/src/nicksrc/statsubs.c:1747:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(twxval, TWXVAL, twtabsize*sizeof(double));
data/eigensoft-7.2.1+dfsg/src/nicksrc/statsubs.c:1748:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(twxpdf, TWXPDF, twtabsize*sizeof(double));
data/eigensoft-7.2.1+dfsg/src/nicksrc/statsubs.c:1749:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(twxtail, TWXTAIL, twtabsize*sizeof(double));
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:175:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char Estr[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:383:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rest[MAXSTR], str[MAXSTR], ww[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:478:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cc[2];
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:585:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:586:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *spt[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:614:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:615:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *spt[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:645:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdummy = fopen (sss, "r");
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:659:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
*fff = fopen (name, type);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:673:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:674:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *spt[MAXFF];
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:763:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:764:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *spt[MAXFF];
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:823:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:824:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *spt[MAXFF];
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:880:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:881:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *spt[MAXFF];
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:932:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:933:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *spt[MAXFF];
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:993:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:994:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *spt[MAXFF];
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1046:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1047:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qqq[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1048:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *spt[MAXFF];
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1181:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ss[100];
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1198:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ss[100];
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1331:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[10], s1[5];
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1333:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s1, "%ds ", slen);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1446:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1447:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *spt[MAXFF];
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1485:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
jj[i][num] = atoi (spt[i + 1]);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1498:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ss[5];
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1512:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ss[5];
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1529:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[5];
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1546:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (a, "AC");
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1549:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (a, "AG");
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1552:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (a, "AT");
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1555:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (a, "CG");
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1558:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (a, "CT");
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1561:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (a, "GT");
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1564:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (a, "ACG");
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1567:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (a, "ACT");
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1570:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (a, "AGT");
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1573:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (a, "CGT");
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1576:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (a, "ACGT");
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1579:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (a, "ACGT");
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1596:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uu[5];
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1618:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aa[5];
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1794:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXKL];
data/eigensoft-7.2.1+dfsg/src/nicksrc/xsearch.c:234:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xx[8];
data/eigensoft-7.2.1+dfsg/src/nicksrc/xsearch.c:247:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (xx, "%d", i);
data/eigensoft-7.2.1+dfsg/src/nicksrc/xsearch.c:259:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xx[8];
data/eigensoft-7.2.1+dfsg/src/nicksrc/xsearch.c:269:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (xx, "%d", i);
data/eigensoft-7.2.1+dfsg/src/pca.c:39:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
K = atoi (optarg); /* number of principal components to output */
data/eigensoft-7.2.1+dfsg/src/pca.c:54:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
MAXITER = atoi (optarg); /* max # of outlier removal iterations */
data/eigensoft-7.2.1+dfsg/src/pca.c:57:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
TOPK = atoi (optarg); /* # of PCs along which to remove outliers */
data/eigensoft-7.2.1+dfsg/src/pca.c:70:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fpout = fopen (OUTFILE, "w")) == NULL) {
data/eigensoft-7.2.1+dfsg/src/pca.c:74:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fpeval = fopen (EVALFILE, "w")) == NULL) {
data/eigensoft-7.2.1+dfsg/src/pca.c:78:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fplog = fopen (LOGFILE, "w")) == NULL) {
data/eigensoft-7.2.1+dfsg/src/pca.c:96:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (INFILE, "r")) == NULL) {
data/eigensoft-7.2.1+dfsg/src/pca.c:160:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (INFILE, "r")) == NULL) {
data/eigensoft-7.2.1+dfsg/src/smshrink.c:440:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&(XTX[row_idx * nrows]), &(XTX[(row_idx * (row_idx + 1)) / 2]),
data/eigensoft-7.2.1+dfsg/src/smshrink.c:482:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sss[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/smshrink.c:576:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[256];
data/eigensoft-7.2.1+dfsg/src/smshrink.c:1495:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (sss, "eigenvector %d", j + 1);
data/eigensoft-7.2.1+dfsg/src/smshrink.c:1823:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ss1[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/smshrink.c:1824:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ss2[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/smshrink.c:2020:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sshit[4];
data/eigensoft-7.2.1+dfsg/src/smshrink.c:2021:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ss2[MAXSTR];
data/eigensoft-7.2.1+dfsg/src/smshrink.c:2059:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (sshit, "***");
data/eigensoft-7.2.1+dfsg/src/smshrink.c:2061:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (sshit, "+++");
data/eigensoft-7.2.1+dfsg/src/smshrink.c:3227:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sss[256];
data/eigensoft-7.2.1+dfsg/src/smshrink.c:3237:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdes = open (sss, O_CREAT | O_TRUNC | O_RDWR, 0666);
data/eigensoft-7.2.1+dfsg/src/smshrink.c:3262:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdes = open (sss, O_CREAT | O_TRUNC | O_RDWR, 0666);
data/eigensoft-7.2.1+dfsg/src/smshrink.c:3293:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sss[256];
data/eigensoft-7.2.1+dfsg/src/admutils.c:40:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc (fp)) != '\n') {
data/eigensoft-7.2.1+dfsg/src/admutils.c:43:27: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (isgraph (c = getc (fp))) {
data/eigensoft-7.2.1+dfsg/src/admutils.c:675:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (str);
data/eigensoft-7.2.1+dfsg/src/convertf.c:907:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l1 = strlen (ch1);
data/eigensoft-7.2.1+dfsg/src/convertf.c:908:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l2 = strlen (ch2);
data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:1447:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (sss, eglist[k1], 10);
data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:1794:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (ss1, "");
data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:1992:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen (sss);
data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:2020:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (sshit, "");
data/eigensoft-7.2.1+dfsg/src/eigensrc/smarteigenstrat.c:282:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen (ss);
data/eigensoft-7.2.1+dfsg/src/eigensrc/smarteigenstrat.c:400:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen (grp); i++)
data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:1567:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (sss, eglist[k1], 10);
data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:1947:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (ss1, "");
data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:2145:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen (sss);
data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:2173:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (sshit, "");
data/eigensoft-7.2.1+dfsg/src/eigensrc/smartrel.c:823:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (ss1, "");
data/eigensoft-7.2.1+dfsg/src/eigensrc/smartrel.c:1018:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen (sss);
data/eigensoft-7.2.1+dfsg/src/eigensrc/smartrel.c:1046:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (sshit, "");
data/eigensoft-7.2.1+dfsg/src/h2d.c:26:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (ss);
data/eigensoft-7.2.1+dfsg/src/mcio.c:308:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (line);
data/eigensoft-7.2.1+dfsg/src/mcio.c:311:19: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc (fff)) != EOF) {
data/eigensoft-7.2.1+dfsg/src/mcio.c:334:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (fname);
data/eigensoft-7.2.1+dfsg/src/mcio.c:364:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (fname);
data/eigensoft-7.2.1+dfsg/src/mcio.c:393:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (fname);
data/eigensoft-7.2.1+dfsg/src/mcio.c:443:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (spt[0]) >= IDSIZE)
data/eigensoft-7.2.1+dfsg/src/mcio.c:448:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (sdpt->cchrom, spt[1], 6);
data/eigensoft-7.2.1+dfsg/src/mcio.c:553:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (spt[1]) >= IDSIZE)
data/eigensoft-7.2.1+dfsg/src/mcio.c:573:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (sdpt->cchrom, sx, 6);
data/eigensoft-7.2.1+dfsg/src/mcio.c:833:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (cupt->cchrom, ss, 6);
data/eigensoft-7.2.1+dfsg/src/mcio.c:856:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (cupt->cchrom, ss, 6);
data/eigensoft-7.2.1+dfsg/src/mcio.c:994:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (sx) >= IDSIZE)
data/eigensoft-7.2.1+dfsg/src/mcio.c:1054:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (sx) >= IDSIZE)
data/eigensoft-7.2.1+dfsg/src/mcio.c:1152:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l0 = strlen (sx0);
data/eigensoft-7.2.1+dfsg/src/mcio.c:1153:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l1 = strlen (sx1);
data/eigensoft-7.2.1+dfsg/src/mcio.c:1359:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gnlen = strlen (genoname);
data/eigensoft-7.2.1+dfsg/src/mcio.c:1634:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (cupt->cchrom, "");
data/eigensoft-7.2.1+dfsg/src/mcio.c:2413:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
t = read (fdes, buff, 8);
data/eigensoft-7.2.1+dfsg/src/mcio.c:2550:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (sx);
data/eigensoft-7.2.1+dfsg/src/mcio.c:2661:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
t = read (fdes, pt, xx);
data/eigensoft-7.2.1+dfsg/src/mcio.c:2738:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
t = read (fdes, buff, rlen);
data/eigensoft-7.2.1+dfsg/src/mcio.c:3366:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((t = fgetc (fff)) != EOF) {
data/eigensoft-7.2.1+dfsg/src/mcio.c:3870:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
t = read (fdes, jbuff, 3);
data/eigensoft-7.2.1+dfsg/src/mcio.c:3899:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
t = read (fdes, buff, blen);
data/eigensoft-7.2.1+dfsg/src/mcio.c:3966:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (ss);
data/eigensoft-7.2.1+dfsg/src/mcio.c:4346:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
t = read (fdes, buff, rlen);
data/eigensoft-7.2.1+dfsg/src/mcio.c:4366:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
t = read (fdes, tbuff, rlen);
data/eigensoft-7.2.1+dfsg/src/mcio.c:4486:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (sss) > 5)
data/eigensoft-7.2.1+dfsg/src/mcio.c:4702:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
t = read (fdes, buff, rlen);
data/eigensoft-7.2.1+dfsg/src/mcio.c:4766:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
t = read (gpt->fdes, gpt->buff, rlen);
data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:55:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (line);
data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:65:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plen = strlen (ww);
data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:143:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (str);
data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:300:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen (ss);
data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:386:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen (pp->ppars[k]);
data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:408:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen (inx);
data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:444:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen (ss); i++)
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:35:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (strin);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:48:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s2 = s1 + strlen (s1);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:52:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (str, s1, len);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:114:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l2 = strlen (sx) - 1;
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:215:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (str);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:261:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (strin);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:282:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (sx) > 0)
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:290:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (sx) > 0)
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:303:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (strin);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:343:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (strin);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:363:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (strin);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:386:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (str, strin, MAXSTR);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:387:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (strin);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:391:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (ww, str, l);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:397:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (rest, str + i + 1, l);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:432:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (sss);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:466:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (sxout, " ");
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:507:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (fname);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:513:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (dirname) + strlen (fname) + 1;
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:513:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (dirname) + strlen (fname) + 1;
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:519:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ss = ss + strlen (dirname);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:544:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (a) + strlen (inx) + strlen (outx) + 1;
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:544:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (a) + strlen (inx) + strlen (outx) + 1;
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:544:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (a) + strlen (inx) + strlen (outx) + 1;
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:551:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (str, a, off);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:553:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x = strlen (outx);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:554:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pt += strlen (inx);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1157:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (sin);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1289:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (sx);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1334:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (fmt, "%");
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1397:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (sx);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1408:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (sx);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1534:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (a, "A");
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1537:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (a, "C");
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1540:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (a, "G");
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1543:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (a, "T");
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1587:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen (a);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1679:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (cc);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1723:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (s);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1741:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (s);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1758:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc (fff);
data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1778:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (buff);
data/eigensoft-7.2.1+dfsg/src/nicksrc/vsubs.c:1217:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (sss, sx, w);
data/eigensoft-7.2.1+dfsg/src/nicksrc/vsubs.c:1218:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (sss) <= 0)
data/eigensoft-7.2.1+dfsg/src/nicksrc/vsubs.c:1240:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (sss, sx, w);
data/eigensoft-7.2.1+dfsg/src/nicksrc/vsubs.c:1241:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (sss) <= 0)
data/eigensoft-7.2.1+dfsg/src/nicksrc/xsearch.c:126:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (key);
data/eigensoft-7.2.1+dfsg/src/smshrink.c:1457:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (sss, eglist[k1], 10);
data/eigensoft-7.2.1+dfsg/src/smshrink.c:1831:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (ss1, "");
data/eigensoft-7.2.1+dfsg/src/smshrink.c:2029:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen (sss);
data/eigensoft-7.2.1+dfsg/src/smshrink.c:2057:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (sshit, "");
ANALYSIS SUMMARY:
Hits = 471
Lines analyzed = 41751 in approximately 1.04 seconds (40102 lines/second)
Physical Source Lines of Code (SLOC) = 32426
Hits@level = [0] 1159 [1] 107 [2] 259 [3] 15 [4] 89 [5] 1
Hits@level+ = [0+] 1630 [1+] 471 [2+] 364 [3+] 105 [4+] 90 [5+] 1
Hits/KSLOC@level+ = [0+] 50.2683 [1+] 14.5254 [2+] 11.2256 [3+] 3.23814 [4+] 2.77555 [5+] 0.0308394
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.