Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/eigensoft-7.2.1+dfsg/include/admutils.h Examining data/eigensoft-7.2.1+dfsg/include/badpairs.h Examining data/eigensoft-7.2.1+dfsg/include/egsubs.h Examining data/eigensoft-7.2.1+dfsg/include/eigqpsubs.h Examining data/eigensoft-7.2.1+dfsg/include/eigsubs.h Examining data/eigensoft-7.2.1+dfsg/include/exclude.h Examining data/eigensoft-7.2.1+dfsg/include/getpars.h Examining data/eigensoft-7.2.1+dfsg/include/globals.h Examining data/eigensoft-7.2.1+dfsg/include/gval.h Examining data/eigensoft-7.2.1+dfsg/include/kjg_fpca.h Examining data/eigensoft-7.2.1+dfsg/include/kjg_gsl.h Examining data/eigensoft-7.2.1+dfsg/include/ldsubs.h Examining data/eigensoft-7.2.1+dfsg/include/linsubs.h Examining data/eigensoft-7.2.1+dfsg/include/mcio.h Examining data/eigensoft-7.2.1+dfsg/include/mcmcpars.h Examining data/eigensoft-7.2.1+dfsg/include/nicklib.h Examining data/eigensoft-7.2.1+dfsg/include/packit.h Examining data/eigensoft-7.2.1+dfsg/include/qpsubs.h Examining data/eigensoft-7.2.1+dfsg/include/ranmath.h Examining data/eigensoft-7.2.1+dfsg/include/regsubs.h Examining data/eigensoft-7.2.1+dfsg/include/smartsubs.h Examining data/eigensoft-7.2.1+dfsg/include/sortit.h Examining data/eigensoft-7.2.1+dfsg/include/statsubs.h Examining data/eigensoft-7.2.1+dfsg/include/strsubs.h Examining data/eigensoft-7.2.1+dfsg/include/twtable.h Examining data/eigensoft-7.2.1+dfsg/include/vsubs.h Examining data/eigensoft-7.2.1+dfsg/include/workqueue.h Examining data/eigensoft-7.2.1+dfsg/include/xpsubs.h Examining data/eigensoft-7.2.1+dfsg/include/xsearch.h Examining data/eigensoft-7.2.1+dfsg/src/admutils.c Examining data/eigensoft-7.2.1+dfsg/src/baseprog.c Examining data/eigensoft-7.2.1+dfsg/src/convertf.c Examining data/eigensoft-7.2.1+dfsg/src/egsubs.c Examining data/eigensoft-7.2.1+dfsg/src/eigensrc/eigenstrat.c Examining data/eigensoft-7.2.1+dfsg/src/eigensrc/eigenstratQTL.c Examining data/eigensoft-7.2.1+dfsg/src/eigensrc/eigsubs.c Examining data/eigensoft-7.2.1+dfsg/src/eigensrc/eigx.c Examining data/eigensoft-7.2.1+dfsg/src/eigensrc/exclude.c Examining data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c Examining data/eigensoft-7.2.1+dfsg/src/eigensrc/pcatoy.c Examining data/eigensoft-7.2.1+dfsg/src/eigensrc/smarteigenstrat.c Examining data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c Examining data/eigensoft-7.2.1+dfsg/src/eigensrc/smartrel.c Examining data/eigensoft-7.2.1+dfsg/src/eigensrc/smartsubs.c Examining data/eigensoft-7.2.1+dfsg/src/eigensrc/twstats.c Examining data/eigensoft-7.2.1+dfsg/src/gval.c Examining data/eigensoft-7.2.1+dfsg/src/gval.h Examining data/eigensoft-7.2.1+dfsg/src/h2d.c Examining data/eigensoft-7.2.1+dfsg/src/ksrc/kjg_fpca.c Examining data/eigensoft-7.2.1+dfsg/src/ksrc/kjg_gsl.c Examining data/eigensoft-7.2.1+dfsg/src/mcio.c Examining data/eigensoft-7.2.1+dfsg/src/mergeit.c Examining data/eigensoft-7.2.1+dfsg/src/nicksrc/gauss.c Examining data/eigensoft-7.2.1+dfsg/src/nicksrc/gds.c Examining data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c Examining data/eigensoft-7.2.1+dfsg/src/nicksrc/linsubs.c Examining data/eigensoft-7.2.1+dfsg/src/nicksrc/qqq.c Examining data/eigensoft-7.2.1+dfsg/src/nicksrc/sortit.c Examining data/eigensoft-7.2.1+dfsg/src/nicksrc/statsubs.c Examining data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c Examining data/eigensoft-7.2.1+dfsg/src/nicksrc/twtable.c Examining data/eigensoft-7.2.1+dfsg/src/nicksrc/vsubs.c Examining data/eigensoft-7.2.1+dfsg/src/nicksrc/xsearch.c Examining data/eigensoft-7.2.1+dfsg/src/pca.c Examining data/eigensoft-7.2.1+dfsg/src/qpsubs.c Examining data/eigensoft-7.2.1+dfsg/src/regsubs.c Examining data/eigensoft-7.2.1+dfsg/src/smshrink.c Examining data/eigensoft-7.2.1+dfsg/src/twsubs.c FINAL RESULTS: data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1369:3: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod (fname, 0777); data/eigensoft-7.2.1+dfsg/src/admutils.c:1234:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (xxx, ss); data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:554:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (buff, "rm -f %s", deletesnpoutname); data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:555:5: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system (buff); data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:1512:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sss, "%s raw", cupt->ID); data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:1515:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sss, "%s subtract sing vec %d", cupt->ID, j + 1); data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:1820:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (ss2, "%s %s ", sss, "overall"); data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:1862:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (ss2, "%s %s %s ", sss, eglist[k1], eglist[k2]); data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:1994:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ss2, sss); data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:3203:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sss, "%s.N.bin", grmoutname); data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:3228:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sss, "%s.bin", grmoutname); data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:3266:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sss, "%s.id", grmoutname); data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:596:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (buff, "rm -f %s", deletesnpoutname); data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:597:5: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system (buff); data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:1632:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sss, "%s raw", cupt->ID); data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:1635:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sss, "%s subtract sing vec %d", cupt->ID, j + 1); data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:1973:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (ss2, "%s %s ", sss, "overall"); data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:2015:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (ss2, "%s %s %s ", sss, eglist[k1], eglist[k2]); data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:2147:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ss2, sss); data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:3331:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sss, "%s.N.bin", grmoutname); data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:3356:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sss, "%s.bin", grmoutname); data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:3394:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sss, "%s.id", grmoutname); data/eigensoft-7.2.1+dfsg/src/eigensrc/smartrel.c:849:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (ss2, "%s %s ", sss, "overall"); data/eigensoft-7.2.1+dfsg/src/eigensrc/smartrel.c:891:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (ss2, "%s %s %s ", sss, eglist[k1], eglist[k2]); data/eigensoft-7.2.1+dfsg/src/eigensrc/smartrel.c:1020:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ss2, sss); data/eigensoft-7.2.1+dfsg/src/h2d.c:25:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ss, indx->ID); data/eigensoft-7.2.1+dfsg/src/h2d.c:33:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (indp->ID, ss); data/eigensoft-7.2.1+dfsg/src/h2d.c:60:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s1, "%s:A", indx->ID); data/eigensoft-7.2.1+dfsg/src/h2d.c:61:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s2, "%s:B", indx->ID); data/eigensoft-7.2.1+dfsg/src/h2d.c:64:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s1, "%s_A", indx->ID); data/eigensoft-7.2.1+dfsg/src/h2d.c:65:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (s2, "%s_B", indx->ID); data/eigensoft-7.2.1+dfsg/src/ksrc/kjg_gsl.c:19:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stream, template, gsl_matrix_get (m, i, 0)); data/eigensoft-7.2.1+dfsg/src/ksrc/kjg_gsl.c:23:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stream, template, gsl_matrix_get (m, i, j)); data/eigensoft-7.2.1+dfsg/src/ksrc/kjg_gsl.c:51:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stream, template, gsl_vector_get (eval, 0)); data/eigensoft-7.2.1+dfsg/src/ksrc/kjg_gsl.c:55:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stream, template, gsl_vector_get (eval, i)); data/eigensoft-7.2.1+dfsg/src/mcio.c:445:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (sdpt->ID, spt[0]); data/eigensoft-7.2.1+dfsg/src/mcio.c:555:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (sdpt->ID, spt[1]); data/eigensoft-7.2.1+dfsg/src/mcio.c:784:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ss, sdpt->cchrom); data/eigensoft-7.2.1+dfsg/src/mcio.c:842:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (cupt->ID, sname); data/eigensoft-7.2.1+dfsg/src/mcio.c:996:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (indx->ID, sx); data/eigensoft-7.2.1+dfsg/src/mcio.c:1060:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (indx->ID, nnbuff); data/eigensoft-7.2.1+dfsg/src/mcio.c:1162:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (cbuff, sx0); data/eigensoft-7.2.1+dfsg/src/mcio.c:1164:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (cbuff + l0 + 1, sx1); data/eigensoft-7.2.1+dfsg/src/mcio.c:1167:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (cbuff, sx1); data/eigensoft-7.2.1+dfsg/src/mcio.c:1364:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (line, "%s/genotmp:%d", trashdir, getpid ()); data/eigensoft-7.2.1+dfsg/src/mcio.c:1366:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (cmd, "gunzip -c %s > %s", genoname, genotmp); data/eigensoft-7.2.1+dfsg/src/mcio.c:1368:5: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system (cmd); data/eigensoft-7.2.1+dfsg/src/mcio.c:1369:12: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. kret = system (cmd); data/eigensoft-7.2.1+dfsg/src/mcio.c:2089:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ss, indx->egroup); data/eigensoft-7.2.1+dfsg/src/mcio.c:3225:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ss, indx->egroup); data/eigensoft-7.2.1+dfsg/src/mcio.c:4459:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ss, sdpt->cchrom); data/eigensoft-7.2.1+dfsg/src/mcio.c:4489:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ss, sss + 3); data/eigensoft-7.2.1+dfsg/src/mcio.c:4493:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (strcpy (ss, sss)); data/eigensoft-7.2.1+dfsg/src/mcio.c:4682:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (gpt->gname, geno2name); data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:184:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (str, field[0]); data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:210:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (str, pp->pdata[kode]); data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:237:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (str, pp->pdata[kode]); data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:258:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (str, pp->pdata[kode]); data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:283:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (str, pp->pdata[kode]); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:109:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (xword, spt); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:116:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (xword, spt); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:127:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (xrest, sx); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:183:3: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf (Estr, fmt, args); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:264:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (bigbuff, strin); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:306:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (bigbuff, strin); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:447:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (sxout, spt[i]); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:464:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (sxout, spt[i]); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:486:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (sxout, spt[i]); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:488:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (sxout, cc); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:510:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (outname, fname); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:518:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ss, dirname); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:522:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ss, fname); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:552:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (str + off, outx); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:555:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (str + off + x, pt); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1174:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (sout, sss); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1335:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (fmt, s1); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1339:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (fmt, ss[k]); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1341:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (fmt, "NULL"); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1586:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (aa, a); data/eigensoft-7.2.1+dfsg/src/nicksrc/vsubs.c:985:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (format, a[i * n + j]); data/eigensoft-7.2.1+dfsg/src/smshrink.c:577:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (buff, "rm -f %s", deletesnpoutname); data/eigensoft-7.2.1+dfsg/src/smshrink.c:578:5: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system (buff); data/eigensoft-7.2.1+dfsg/src/smshrink.c:1522:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sss, "%s raw", cupt->ID); data/eigensoft-7.2.1+dfsg/src/smshrink.c:1525:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sss, "%s subtract sing vec %d", cupt->ID, j + 1); data/eigensoft-7.2.1+dfsg/src/smshrink.c:1857:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (ss2, "%s %s ", sss, "overall"); data/eigensoft-7.2.1+dfsg/src/smshrink.c:1899:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (ss2, "%s %s %s ", sss, eglist[k1], eglist[k2]); data/eigensoft-7.2.1+dfsg/src/smshrink.c:2031:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ss2, sss); data/eigensoft-7.2.1+dfsg/src/smshrink.c:3235:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sss, "%s.N.bin", grmoutname); data/eigensoft-7.2.1+dfsg/src/smshrink.c:3260:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sss, "%s.bin", grmoutname); data/eigensoft-7.2.1+dfsg/src/smshrink.c:3298:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sss, "%s.id", grmoutname); data/eigensoft-7.2.1+dfsg/include/ranmath.h:8:16: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define SRAND srandom data/eigensoft-7.2.1+dfsg/include/ranmath.h:9:16: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define LRAND random data/eigensoft-7.2.1+dfsg/include/ranmath.h:10:29: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define DRAND() ( (double) (random() % BIGINT) / (double) (BIGINT)) data/eigensoft-7.2.1+dfsg/src/baseprog.c:193:15: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((i = getopt (argc, argv, "p:vV")) != -1) { data/eigensoft-7.2.1+dfsg/src/convertf.c:544:15: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((i = getopt (argc, argv, "p:vV")) != -1) { data/eigensoft-7.2.1+dfsg/src/eigensrc/eigenstrat.c:34:15: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((i = getopt (argc, argv, "i:j:p:l:o:")) != -1) { data/eigensoft-7.2.1+dfsg/src/eigensrc/eigenstratQTL.c:34:15: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((i = getopt (argc, argv, "i:j:p:l:o:")) != -1) { data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:1543:15: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((i = getopt (argc, argv, "p:vV")) != -1) { data/eigensoft-7.2.1+dfsg/src/eigensrc/smarteigenstrat.c:232:15: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((i = getopt (argc, argv, "p:vV")) != -1) { data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:1686:15: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((i = getopt (argc, argv, "p:vV")) != -1) { data/eigensoft-7.2.1+dfsg/src/eigensrc/smartrel.c:634:15: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((i = getopt (argc, argv, "p:vV")) != -1) { data/eigensoft-7.2.1+dfsg/src/eigensrc/twstats.c:90:15: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((i = getopt (argc, argv, "i:o:p:n:m:t:V")) != -1) { data/eigensoft-7.2.1+dfsg/src/mergeit.c:356:15: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((i = getopt (argc, argv, "p:vVf")) != -1) { data/eigensoft-7.2.1+dfsg/src/pca.c:32:15: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((i = getopt (argc, argv, "i:k:o:e:l:m:t:s:")) != -1) { data/eigensoft-7.2.1+dfsg/src/smshrink.c:1576:15: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((i = getopt (argc, argv, "p:vV")) != -1) { data/eigensoft-7.2.1+dfsg/include/admutils.h:10:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ID[IDSIZE]; data/eigensoft-7.2.1+dfsg/include/admutils.h:35:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ID[IDSIZE]; data/eigensoft-7.2.1+dfsg/include/admutils.h:37:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cchrom[6]; data/eigensoft-7.2.1+dfsg/include/admutils.h:72:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char alleles[2]; data/eigensoft-7.2.1+dfsg/include/admutils.h:78:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ID[IDSIZE]; data/eigensoft-7.2.1+dfsg/include/admutils.h:91:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gname[IDSIZE]; data/eigensoft-7.2.1+dfsg/include/mcio.h:35:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ID[IDSIZE]; data/eigensoft-7.2.1+dfsg/include/mcio.h:39:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cchrom[6]; data/eigensoft-7.2.1+dfsg/include/mcio.h:43:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char alleles[2]; data/eigensoft-7.2.1+dfsg/src/admutils.c:407:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fdir = open (dirname, O_RDONLY, 0); data/eigensoft-7.2.1+dfsg/src/admutils.c:1025:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/admutils.c:1026:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *spt[MAXFF]; data/eigensoft-7.2.1+dfsg/src/admutils.c:1233:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char xxx[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/admutils.c:1246:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *spt[MAXS]; data/eigensoft-7.2.1+dfsg/src/baseprog.c:189:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[5000]; data/eigensoft-7.2.1+dfsg/src/convertf.c:540:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[5000]; data/eigensoft-7.2.1+dfsg/src/convertf.c:936:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/convertf.c:937:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *spt[MAXFF]; data/eigensoft-7.2.1+dfsg/src/convertf.c:972:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/convertf.c:973:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *spt[MAXFF]; data/eigensoft-7.2.1+dfsg/src/convertf.c:1049:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *spt[MAXFF]; data/eigensoft-7.2.1+dfsg/src/egsubs.c:55:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/egsubs.c:56:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *spt[MAXFF]; data/eigensoft-7.2.1+dfsg/src/egsubs.c:76:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tt = atoi (spt[1]); data/eigensoft-7.2.1+dfsg/src/egsubs.c:89:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/egsubs.c:90:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *spt[MAXFF]; data/eigensoft-7.2.1+dfsg/src/egsubs.c:115:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/egsubs.c:116:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *spt[MAXFF]; data/eigensoft-7.2.1+dfsg/src/eigensrc/eigenstrat.c:49:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). L = atoi (optarg); /* number of principal components to correct */ data/eigensoft-7.2.1+dfsg/src/eigensrc/eigenstrat.c:64:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fpout = fopen (OUTFILE, "w")) == NULL) { data/eigensoft-7.2.1+dfsg/src/eigensrc/eigenstrat.c:80:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen (INFILE, "r")) == NULL) { data/eigensoft-7.2.1+dfsg/src/eigensrc/eigenstrat.c:119:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fppca = fopen (PCAFILE, "r")) == NULL) { data/eigensoft-7.2.1+dfsg/src/eigensrc/eigenstrat.c:160:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fppheno = fopen (PHENOFILE, "r")) == NULL) { data/eigensoft-7.2.1+dfsg/src/eigensrc/eigenstrat.c:237:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen (INFILE, "r")) == NULL) { data/eigensoft-7.2.1+dfsg/src/eigensrc/eigenstratQTL.c:49:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). L = atoi (optarg); /* number of principal components to correct */ data/eigensoft-7.2.1+dfsg/src/eigensrc/eigenstratQTL.c:64:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fpout = fopen (OUTFILE, "w")) == NULL) { data/eigensoft-7.2.1+dfsg/src/eigensrc/eigenstratQTL.c:80:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen (INFILE, "r")) == NULL) { data/eigensoft-7.2.1+dfsg/src/eigensrc/eigenstratQTL.c:119:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fppca = fopen (PCAFILE, "r")) == NULL) { data/eigensoft-7.2.1+dfsg/src/eigensrc/eigenstratQTL.c:160:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fppheno = fopen (PHENOFILE, "r")) == NULL) { data/eigensoft-7.2.1+dfsg/src/eigensrc/eigenstratQTL.c:220:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen (INFILE, "r")) == NULL) { data/eigensoft-7.2.1+dfsg/src/eigensrc/eigsubs.c:83:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fid = fopen ("eigsubs.dbg", "a"); data/eigensoft-7.2.1+dfsg/src/eigensrc/eigsubs.c:98:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fid = fopen ("eigsubs.dbg", "a"); data/eigensoft-7.2.1+dfsg/src/eigensrc/eigsubs.c:175:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fid = fopen ("eigsubs.dbg", "a"); data/eigensoft-7.2.1+dfsg/src/eigensrc/exclude.c:17:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/eigensrc/exclude.c:18:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *spt[MAXFF]; data/eigensoft-7.2.1+dfsg/src/eigensrc/exclude.c:21:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen (xregionname, "r")) == NULL) { data/eigensoft-7.2.1+dfsg/src/eigensrc/exclude.c:35:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). chr[i] = atoi (spt[0]); data/eigensoft-7.2.1+dfsg/src/eigensrc/exclude.c:36:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). lo[i] = atoi (spt[1]); data/eigensoft-7.2.1+dfsg/src/eigensrc/exclude.c:37:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). hi[i] = atoi (spt[2]); data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:422:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&(XTX[row_idx * nrows]), &(XTX[(row_idx * (row_idx + 1)) / 2]), data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:464:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sss[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:553:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[256]; data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:1485:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (sss, "eigenvector %d", j + 1); data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:1786:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ss1[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:1787:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ss2[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:1983:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sshit[4]; data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:1984:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ss2[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:2022:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sshit, "***"); data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:2024:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sshit, "+++"); data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:3195:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sss[256]; data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:3205:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fdes = open (sss, O_CREAT | O_TRUNC | O_RDWR, 0666); data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:3230:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fdes = open (sss, O_CREAT | O_TRUNC | O_RDWR, 0666); data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:3261:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sss[256]; data/eigensoft-7.2.1+dfsg/src/eigensrc/smarteigenstrat.c:327:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fppca = fopen (PCAFILE, "r")) == NULL) { data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:448:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&(XTX[row_idx * nrows]), &(XTX[(row_idx * (row_idx + 1)) / 2]), data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:490:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sss[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:595:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[256]; data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:1605:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (sss, "eigenvector %d", j + 1); data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:1939:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ss1[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:1940:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ss2[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:2136:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sshit[4]; data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:2137:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ss2[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:2175:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sshit, "***"); data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:2177:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sshit, "+++"); data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:3323:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sss[256]; data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:3333:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fdes = open (sss, O_CREAT | O_TRUNC | O_RDWR, 0666); data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:3358:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fdes = open (sss, O_CREAT | O_TRUNC | O_RDWR, 0666); data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:3389:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sss[256]; data/eigensoft-7.2.1+dfsg/src/eigensrc/smartrel.c:815:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ss1[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/eigensrc/smartrel.c:816:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ss2[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/eigensrc/smartrel.c:1009:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sshit[4]; data/eigensoft-7.2.1+dfsg/src/eigensrc/smartrel.c:1010:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ss2[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/eigensrc/smartrel.c:1048:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sshit, "***"); data/eigensoft-7.2.1+dfsg/src/eigensrc/smartrel.c:1050:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sshit, "+++"); data/eigensoft-7.2.1+dfsg/src/eigensrc/twstats.c:111:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minleneig = atoi (optarg); data/eigensoft-7.2.1+dfsg/src/h2d.c:14:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ss[50]; data/eigensoft-7.2.1+dfsg/src/h2d.c:51:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s1[50], s2[50]; data/eigensoft-7.2.1+dfsg/src/mcio.c:288:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXSTR + 1], c; data/eigensoft-7.2.1+dfsg/src/mcio.c:289:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *spt[MAXFF], *sx; data/eigensoft-7.2.1+dfsg/src/mcio.c:408:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[LONGSTR]; data/eigensoft-7.2.1+dfsg/src/mcio.c:409:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *spt[MAXFF], *sx; data/eigensoft-7.2.1+dfsg/src/mcio.c:477:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). setsdpos (sdpt, atoi (spt[3])); data/eigensoft-7.2.1+dfsg/src/mcio.c:489:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sdpt->nn[k] = atoi (spt[4 + k]); data/eigensoft-7.2.1+dfsg/src/mcio.c:530:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/mcio.c:531:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *spt[MAXFF], *sx; data/eigensoft-7.2.1+dfsg/src/mcio.c:583:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sdpt->cchrom, "99"); data/eigensoft-7.2.1+dfsg/src/mcio.c:608:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sdpt->nn[k] = atoi (spt[4 + k]); data/eigensoft-7.2.1+dfsg/src/mcio.c:750:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ss[6]; data/eigensoft-7.2.1+dfsg/src/mcio.c:754:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (ss, "??"); data/eigensoft-7.2.1+dfsg/src/mcio.c:764:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (sdpt->cchrom, "%d", chrom); data/eigensoft-7.2.1+dfsg/src/mcio.c:806:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (cupt->ID, "fake-%d:%d", xc, nfake); data/eigensoft-7.2.1+dfsg/src/mcio.c:968:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/mcio.c:969:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *spt[MAXFF], *sx; data/eigensoft-7.2.1+dfsg/src/mcio.c:1027:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *spt[MAXFF], *sx, *sx0, gender; data/eigensoft-7.2.1+dfsg/src/mcio.c:1033:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nnbuff[IDSIZE]; data/eigensoft-7.2.1+dfsg/src/mcio.c:1063:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). k = atoi (sx); data/eigensoft-7.2.1+dfsg/src/mcio.c:1176:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/mcio.c:1177:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *spt[MAXFF], *sx; data/eigensoft-7.2.1+dfsg/src/mcio.c:1241:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/mcio.c:1242:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *spt[MAXFF], *sx; data/eigensoft-7.2.1+dfsg/src/mcio.c:1342:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXSTR], cmd[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/mcio.c:1343:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *spt[MAXFF], *sx; data/eigensoft-7.2.1+dfsg/src/mcio.c:1519:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). val = atoi (spt[2]); data/eigensoft-7.2.1+dfsg/src/mcio.c:1838:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/mcio.c:1839:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *spt[MAXFF]; data/eigensoft-7.2.1+dfsg/src/mcio.c:1893:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (ss, "chr"); data/eigensoft-7.2.1+dfsg/src/mcio.c:1897:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (sx, "%d", chrom); data/eigensoft-7.2.1+dfsg/src/mcio.c:1902:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (sx, "2a"); data/eigensoft-7.2.1+dfsg/src/mcio.c:1906:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (sx, "2b"); data/eigensoft-7.2.1+dfsg/src/mcio.c:1922:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ss[10]; data/eigensoft-7.2.1+dfsg/src/mcio.c:2023:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ss[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/mcio.c:2091:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (ss, "%9.3f", indx->rawqval); data/eigensoft-7.2.1+dfsg/src/mcio.c:2114:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/mcio.c:2115:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *spt[MAXFF], *sx; data/eigensoft-7.2.1+dfsg/src/mcio.c:2166:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/mcio.c:2167:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *spt[MAXFF], *sx; data/eigensoft-7.2.1+dfsg/src/mcio.c:2240:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/mcio.c:2241:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *spt[MAXFF], *sx; data/eigensoft-7.2.1+dfsg/src/mcio.c:2340:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf ((char *) buff, "GENO %7d %7d %x %x", nind, nsnp, ihash, shash); data/eigensoft-7.2.1+dfsg/src/mcio.c:2343:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fdes = open (genooutfilename, O_CREAT | O_TRUNC | O_RDWR, 0666); data/eigensoft-7.2.1+dfsg/src/mcio.c:2406:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[8]; data/eigensoft-7.2.1+dfsg/src/mcio.c:2408:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fdes = open (gname, O_RDONLY); data/eigensoft-7.2.1+dfsg/src/mcio.c:2435:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/mcio.c:2436:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *spt[MAXFF], *sx; data/eigensoft-7.2.1+dfsg/src/mcio.c:2472:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *spt[2], *sx; data/eigensoft-7.2.1+dfsg/src/mcio.c:2711:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char **arrx, junk[10]; data/eigensoft-7.2.1+dfsg/src/mcio.c:2733:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fdes = open (gname, O_RDONLY); data/eigensoft-7.2.1+dfsg/src/mcio.c:2831:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/mcio.c:2832:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *spt[MAXFF], *sx; data/eigensoft-7.2.1+dfsg/src/mcio.c:3211:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ss[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/mcio.c:3227:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (ss, "%9.3f", indx->rawqval); data/eigensoft-7.2.1+dfsg/src/mcio.c:3568:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ibuff[3]; data/eigensoft-7.2.1+dfsg/src/mcio.c:3597:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fdes = open (gname, O_CREAT | O_TRUNC | O_RDWR, 0666); data/eigensoft-7.2.1+dfsg/src/mcio.c:3703:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (ss, "%d", chrom); data/eigensoft-7.2.1+dfsg/src/mcio.c:3718:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi (ss); data/eigensoft-7.2.1+dfsg/src/mcio.c:3727:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ss[5]; data/eigensoft-7.2.1+dfsg/src/mcio.c:3773:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bb[2]; data/eigensoft-7.2.1+dfsg/src/mcio.c:3779:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi (bb); data/eigensoft-7.2.1+dfsg/src/mcio.c:3843:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *buff, ibuff[3], jbuff[3]; data/eigensoft-7.2.1+dfsg/src/mcio.c:3865:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fdes = open (gname, O_RDONLY); data/eigensoft-7.2.1+dfsg/src/mcio.c:4291:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char **arrx, junk[10]; data/eigensoft-7.2.1+dfsg/src/mcio.c:4341:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fdes = open (gname, O_RDONLY); data/eigensoft-7.2.1+dfsg/src/mcio.c:4456:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ss[10], *sx; data/eigensoft-7.2.1+dfsg/src/mcio.c:4485:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ss[6]; data/eigensoft-7.2.1+dfsg/src/mcio.c:4509:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi (ss); data/eigensoft-7.2.1+dfsg/src/mcio.c:4696:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fdes = open (geno2name, O_RDONLY); data/eigensoft-7.2.1+dfsg/src/mcio.c:4835:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fid = fopen (deletesnpoutname, "a"); data/eigensoft-7.2.1+dfsg/src/mergeit.c:352:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[5000]; data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:34:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXSTR + 1]; data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:35:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:36:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ww[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:37:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rest[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:39:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ppars[MAXPARS]; data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:40:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pdata[MAXPARS]; data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:46:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ff = pp->fx = fopen (fname, "r"); data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:159:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *field[MAXFIELD]; data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:176:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *field[MAXFIELD]; data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:177:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:195:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *kret = atoi (str); data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:202:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *field[MAXFIELD]; data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:204:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:218:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). aint[i] = atoi (field[i]); data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:229:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *field[MAXFIELD]; data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:231:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:241:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). aint[i] = atoi (field[i]); data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:251:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *field[MAXFIELD]; data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:253:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:275:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *field[MAXFIELD]; data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:277:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:313:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *field[MAXFIELD]; data/eigensoft-7.2.1+dfsg/src/nicksrc/statsubs.c:1725:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fff = fopen (twxtable, "r"); data/eigensoft-7.2.1+dfsg/src/nicksrc/statsubs.c:1747:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(twxval, TWXVAL, twtabsize*sizeof(double)); data/eigensoft-7.2.1+dfsg/src/nicksrc/statsubs.c:1748:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(twxpdf, TWXPDF, twtabsize*sizeof(double)); data/eigensoft-7.2.1+dfsg/src/nicksrc/statsubs.c:1749:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(twxtail, TWXTAIL, twtabsize*sizeof(double)); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:175:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char Estr[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:383:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rest[MAXSTR], str[MAXSTR], ww[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:478:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cc[2]; data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:585:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:586:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *spt[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:614:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:615:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *spt[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:645:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fdummy = fopen (sss, "r"); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:659:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). *fff = fopen (name, type); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:673:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:674:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *spt[MAXFF]; data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:763:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:764:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *spt[MAXFF]; data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:823:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:824:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *spt[MAXFF]; data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:880:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:881:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *spt[MAXFF]; data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:932:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:933:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *spt[MAXFF]; data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:993:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:994:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *spt[MAXFF]; data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1046:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1047:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char qqq[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1048:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *spt[MAXFF]; data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1181:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char ss[100]; data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1198:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char ss[100]; data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1331:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fmt[10], s1[5]; data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1333:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s1, "%ds ", slen); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1446:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1447:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *spt[MAXFF]; data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1485:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). jj[i][num] = atoi (spt[i + 1]); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1498:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ss[5]; data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1512:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ss[5]; data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1529:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char a[5]; data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1546:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (a, "AC"); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1549:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (a, "AG"); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1552:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (a, "AT"); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1555:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (a, "CG"); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1558:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (a, "CT"); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1561:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (a, "GT"); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1564:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (a, "ACG"); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1567:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (a, "ACT"); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1570:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (a, "AGT"); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1573:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (a, "CGT"); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1576:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (a, "ACGT"); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1579:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (a, "ACGT"); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1596:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uu[5]; data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1618:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char aa[5]; data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1794:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXKL]; data/eigensoft-7.2.1+dfsg/src/nicksrc/xsearch.c:234:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xx[8]; data/eigensoft-7.2.1+dfsg/src/nicksrc/xsearch.c:247:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (xx, "%d", i); data/eigensoft-7.2.1+dfsg/src/nicksrc/xsearch.c:259:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xx[8]; data/eigensoft-7.2.1+dfsg/src/nicksrc/xsearch.c:269:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (xx, "%d", i); data/eigensoft-7.2.1+dfsg/src/pca.c:39:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). K = atoi (optarg); /* number of principal components to output */ data/eigensoft-7.2.1+dfsg/src/pca.c:54:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). MAXITER = atoi (optarg); /* max # of outlier removal iterations */ data/eigensoft-7.2.1+dfsg/src/pca.c:57:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). TOPK = atoi (optarg); /* # of PCs along which to remove outliers */ data/eigensoft-7.2.1+dfsg/src/pca.c:70:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fpout = fopen (OUTFILE, "w")) == NULL) { data/eigensoft-7.2.1+dfsg/src/pca.c:74:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fpeval = fopen (EVALFILE, "w")) == NULL) { data/eigensoft-7.2.1+dfsg/src/pca.c:78:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fplog = fopen (LOGFILE, "w")) == NULL) { data/eigensoft-7.2.1+dfsg/src/pca.c:96:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen (INFILE, "r")) == NULL) { data/eigensoft-7.2.1+dfsg/src/pca.c:160:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen (INFILE, "r")) == NULL) { data/eigensoft-7.2.1+dfsg/src/smshrink.c:440:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&(XTX[row_idx * nrows]), &(XTX[(row_idx * (row_idx + 1)) / 2]), data/eigensoft-7.2.1+dfsg/src/smshrink.c:482:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sss[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/smshrink.c:576:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[256]; data/eigensoft-7.2.1+dfsg/src/smshrink.c:1495:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (sss, "eigenvector %d", j + 1); data/eigensoft-7.2.1+dfsg/src/smshrink.c:1823:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ss1[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/smshrink.c:1824:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ss2[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/smshrink.c:2020:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sshit[4]; data/eigensoft-7.2.1+dfsg/src/smshrink.c:2021:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ss2[MAXSTR]; data/eigensoft-7.2.1+dfsg/src/smshrink.c:2059:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sshit, "***"); data/eigensoft-7.2.1+dfsg/src/smshrink.c:2061:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sshit, "+++"); data/eigensoft-7.2.1+dfsg/src/smshrink.c:3227:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sss[256]; data/eigensoft-7.2.1+dfsg/src/smshrink.c:3237:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fdes = open (sss, O_CREAT | O_TRUNC | O_RDWR, 0666); data/eigensoft-7.2.1+dfsg/src/smshrink.c:3262:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fdes = open (sss, O_CREAT | O_TRUNC | O_RDWR, 0666); data/eigensoft-7.2.1+dfsg/src/smshrink.c:3293:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sss[256]; data/eigensoft-7.2.1+dfsg/src/admutils.c:40:15: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getc (fp)) != '\n') { data/eigensoft-7.2.1+dfsg/src/admutils.c:43:27: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (isgraph (c = getc (fp))) { data/eigensoft-7.2.1+dfsg/src/admutils.c:675:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (str); data/eigensoft-7.2.1+dfsg/src/convertf.c:907:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l1 = strlen (ch1); data/eigensoft-7.2.1+dfsg/src/convertf.c:908:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l2 = strlen (ch2); data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:1447:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (sss, eglist[k1], 10); data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:1794:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (ss1, ""); data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:1992:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen (sss); data/eigensoft-7.2.1+dfsg/src/eigensrc/newpca.c:2020:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (sshit, ""); data/eigensoft-7.2.1+dfsg/src/eigensrc/smarteigenstrat.c:282:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen (ss); data/eigensoft-7.2.1+dfsg/src/eigensrc/smarteigenstrat.c:400:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < strlen (grp); i++) data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:1567:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (sss, eglist[k1], 10); data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:1947:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (ss1, ""); data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:2145:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen (sss); data/eigensoft-7.2.1+dfsg/src/eigensrc/smartpca.c:2173:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (sshit, ""); data/eigensoft-7.2.1+dfsg/src/eigensrc/smartrel.c:823:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (ss1, ""); data/eigensoft-7.2.1+dfsg/src/eigensrc/smartrel.c:1018:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen (sss); data/eigensoft-7.2.1+dfsg/src/eigensrc/smartrel.c:1046:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (sshit, ""); data/eigensoft-7.2.1+dfsg/src/h2d.c:26:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (ss); data/eigensoft-7.2.1+dfsg/src/mcio.c:308:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (line); data/eigensoft-7.2.1+dfsg/src/mcio.c:311:19: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = fgetc (fff)) != EOF) { data/eigensoft-7.2.1+dfsg/src/mcio.c:334:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (fname); data/eigensoft-7.2.1+dfsg/src/mcio.c:364:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (fname); data/eigensoft-7.2.1+dfsg/src/mcio.c:393:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (fname); data/eigensoft-7.2.1+dfsg/src/mcio.c:443:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (spt[0]) >= IDSIZE) data/eigensoft-7.2.1+dfsg/src/mcio.c:448:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (sdpt->cchrom, spt[1], 6); data/eigensoft-7.2.1+dfsg/src/mcio.c:553:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (spt[1]) >= IDSIZE) data/eigensoft-7.2.1+dfsg/src/mcio.c:573:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (sdpt->cchrom, sx, 6); data/eigensoft-7.2.1+dfsg/src/mcio.c:833:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (cupt->cchrom, ss, 6); data/eigensoft-7.2.1+dfsg/src/mcio.c:856:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (cupt->cchrom, ss, 6); data/eigensoft-7.2.1+dfsg/src/mcio.c:994:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (sx) >= IDSIZE) data/eigensoft-7.2.1+dfsg/src/mcio.c:1054:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (sx) >= IDSIZE) data/eigensoft-7.2.1+dfsg/src/mcio.c:1152:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l0 = strlen (sx0); data/eigensoft-7.2.1+dfsg/src/mcio.c:1153:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l1 = strlen (sx1); data/eigensoft-7.2.1+dfsg/src/mcio.c:1359:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gnlen = strlen (genoname); data/eigensoft-7.2.1+dfsg/src/mcio.c:1634:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (cupt->cchrom, ""); data/eigensoft-7.2.1+dfsg/src/mcio.c:2413:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). t = read (fdes, buff, 8); data/eigensoft-7.2.1+dfsg/src/mcio.c:2550:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (sx); data/eigensoft-7.2.1+dfsg/src/mcio.c:2661:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). t = read (fdes, pt, xx); data/eigensoft-7.2.1+dfsg/src/mcio.c:2738:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). t = read (fdes, buff, rlen); data/eigensoft-7.2.1+dfsg/src/mcio.c:3366:15: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((t = fgetc (fff)) != EOF) { data/eigensoft-7.2.1+dfsg/src/mcio.c:3870:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). t = read (fdes, jbuff, 3); data/eigensoft-7.2.1+dfsg/src/mcio.c:3899:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). t = read (fdes, buff, blen); data/eigensoft-7.2.1+dfsg/src/mcio.c:3966:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (ss); data/eigensoft-7.2.1+dfsg/src/mcio.c:4346:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). t = read (fdes, buff, rlen); data/eigensoft-7.2.1+dfsg/src/mcio.c:4366:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). t = read (fdes, tbuff, rlen); data/eigensoft-7.2.1+dfsg/src/mcio.c:4486:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (sss) > 5) data/eigensoft-7.2.1+dfsg/src/mcio.c:4702:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). t = read (fdes, buff, rlen); data/eigensoft-7.2.1+dfsg/src/mcio.c:4766:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). t = read (gpt->fdes, gpt->buff, rlen); data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:55:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (line); data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:65:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). plen = strlen (ww); data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:143:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (str); data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:300:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen (ss); data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:386:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen (pp->ppars[k]); data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:408:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen (inx); data/eigensoft-7.2.1+dfsg/src/nicksrc/getpars.c:444:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < strlen (ss); i++) data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:35:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (strin); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:48:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s2 = s1 + strlen (s1); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:52:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (str, s1, len); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:114:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l2 = strlen (sx) - 1; data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:215:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (str); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:261:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (strin); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:282:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (sx) > 0) data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:290:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (sx) > 0) data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:303:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (strin); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:343:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (strin); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:363:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (strin); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:386:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (str, strin, MAXSTR); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:387:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (strin); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:391:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (ww, str, l); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:397:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (rest, str + i + 1, l); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:432:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (sss); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:466:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (sxout, " "); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:507:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (fname); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:513:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (dirname) + strlen (fname) + 1; data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:513:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (dirname) + strlen (fname) + 1; data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:519:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ss = ss + strlen (dirname); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:544:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (a) + strlen (inx) + strlen (outx) + 1; data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:544:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (a) + strlen (inx) + strlen (outx) + 1; data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:544:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (a) + strlen (inx) + strlen (outx) + 1; data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:551:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (str, a, off); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:553:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). x = strlen (outx); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:554:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pt += strlen (inx); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1157:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (sin); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1289:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (sx); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1334:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (fmt, "%"); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1397:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (sx); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1408:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (sx); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1534:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (a, "A"); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1537:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (a, "C"); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1540:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (a, "G"); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1543:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (a, "T"); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1587:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen (a); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1679:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (cc); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1723:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (s); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1741:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (s); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1758:9: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = fgetc (fff); data/eigensoft-7.2.1+dfsg/src/nicksrc/strsubs.c:1778:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (buff); data/eigensoft-7.2.1+dfsg/src/nicksrc/vsubs.c:1217:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (sss, sx, w); data/eigensoft-7.2.1+dfsg/src/nicksrc/vsubs.c:1218:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (sss) <= 0) data/eigensoft-7.2.1+dfsg/src/nicksrc/vsubs.c:1240:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (sss, sx, w); data/eigensoft-7.2.1+dfsg/src/nicksrc/vsubs.c:1241:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (sss) <= 0) data/eigensoft-7.2.1+dfsg/src/nicksrc/xsearch.c:126:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (key); data/eigensoft-7.2.1+dfsg/src/smshrink.c:1457:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (sss, eglist[k1], 10); data/eigensoft-7.2.1+dfsg/src/smshrink.c:1831:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (ss1, ""); data/eigensoft-7.2.1+dfsg/src/smshrink.c:2029:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen (sss); data/eigensoft-7.2.1+dfsg/src/smshrink.c:2057:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (sshit, ""); ANALYSIS SUMMARY: Hits = 471 Lines analyzed = 41751 in approximately 1.04 seconds (40102 lines/second) Physical Source Lines of Code (SLOC) = 32426 Hits@level = [0] 1159 [1] 107 [2] 259 [3] 15 [4] 89 [5] 1 Hits@level+ = [0+] 1630 [1+] 471 [2+] 364 [3+] 105 [4+] 90 [5+] 1 Hits/KSLOC@level+ = [0+] 50.2683 [1+] 14.5254 [2+] 11.2256 [3+] 3.23814 [4+] 2.77555 [5+] 0.0308394 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.