Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/automodified.c
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/check.c
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/checkpointdefs.h
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/ckpt.c
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/comgetvect.c
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/comlike.c
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/commoncode.c
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/commondefs.h
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/comnuclear.c
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/comoutput.c
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/compar.c
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/compar.h
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/comrec.c
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/gemdefs.h
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/ildefs.h
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/ilgetvect.c
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/ilink.c
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/ilinputcode.c
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/iloldnuclear.c
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/iostuff.c
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/lidefs.h
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/ligetvect.c
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/liinputcode.c
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/linkmap.c
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/lioldnuclear.c
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodefs.h
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/logetvect.c
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/looldnuclear.c
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/loopbrk.c
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/mldefs.h
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/mlgetvect.c
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/mlink.c
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/mlinputcode.c
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/mloldnuclear.c
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/moddefs.h
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/oldsegup.c
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/outbuff.c
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/parmodified.c
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/sexmodified.c
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/slowautomodified.c
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/slowsexmodified.c
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/strbuff.c
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/strbuff.h
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c
Examining data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.h
FINAL RESULTS:
data/fastlink-4.1P-fix100+dfsg/4.1P/src/check.c:618:3: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf ( checkpointDatafile , "%s" , theLine ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/ckpt.c:84:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat ( systemCallString , argList [ argNumber ] ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/ckpt.c:87:20: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
status = ( int ) system ( systemCallString ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:104:23: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
Local Void getriskhap(system, LINK)
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:105:6: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
long system;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:116:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system != mlocus)
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:153:22: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
Local Void getmuthap(system, LINK)
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:154:6: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
long system;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:165:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system != mlocus)
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:216:19: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
Local Void hapscr(system, nscramble, LINK)
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:217:6: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
long system, nscramble;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:224:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system != mlocus)
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:236:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system != mlocus)
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:244:19: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
Local Void sethap(system, LINK)
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:245:6: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
long system;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:260:6: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system != mlocus)
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:279:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system != mlocus)
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:306:20: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
Local Void gethet1(system, LINK)
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:307:6: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
long system;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:311:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system != mlocus)
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:317:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system != mlocus)
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1151:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
long system;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1347:23: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (lastpriv == V.system) {
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1648:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
long system;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1651:26: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
Local Void getbin(locus, system, LINK)
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1653:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
long *system;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1664:21: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(8L, *system, LINK->LINK->LINK->nfactor[*system - 1],
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1667:21: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(9L, *system, LINK->LINK->LINK->nfactor[*system - 1],
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1686:29: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
Local Void getnumber(locus, system, LINK)
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1688:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
long *system;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1714:27: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(28L, LINK->system, WITH->UU.U0.nclass, LINK->LINK->LINK);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1716:27: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(29L, LINK->system, WITH->UU.U0.nclass, LINK->LINK->LINK);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1725:26: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(30L, LINK->system, LINK->system, LINK->LINK->LINK);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1725:40: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(30L, LINK->system, LINK->system, LINK->LINK->LINK);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1742:26: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(30L, LINK->system, LINK->system, LINK->LINK->LINK);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1742:40: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(30L, LINK->system, LINK->system, LINK->LINK->LINK);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1768:27: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(31L, LINK->system, WITH->UU.U1.ntrait, LINK->LINK->LINK);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1770:27: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(32L, LINK->system, WITH->UU.U0.nclass, LINK->LINK->LINK);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1792:24: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(33L, LINK->system, LINK->system, LINK->LINK->LINK);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1792:38: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(33L, LINK->system, LINK->system, LINK->LINK->LINK);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1803:27: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(34L, LINK->system, LINK->system, LINK->LINK->LINK);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1803:41: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(34L, LINK->system, LINK->system, LINK->LINK->LINK);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1837:22: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(5L, V.system, LINK->whichtype, LINK->LINK);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1839:22: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(6L, V.system, WITH->nallele, LINK->LINK);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1841:22: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(7L, V.system, WITH->nallele, LINK->LINK);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1911:46: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
getnumber(&thislocus[V.system - 1], &V.system, &V);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1913:43: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
getbin(&thislocus[V.system - 1], &V.system, &V);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1946:18: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
lastpriv = V.system;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1955:23: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(35L, V.system, (int)riskall, LINK->LINK);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1957:23: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(36L, V.system, (int)riskall, LINK->LINK);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comlike.c:45:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, args);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/commondefs.h:1091:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int fprintf();
data/fastlink-4.1P-fix100+dfsg/4.1P/src/commondefs.h:1093:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
int fscanf();
data/fastlink-4.1P-fix100+dfsg/4.1P/src/commondefs.h:1099:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int printf();
data/fastlink-4.1P-fix100+dfsg/4.1P/src/commondefs.h:1106:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int vfprintf();
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comoutput.c:47:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempBuff, "%s\n%s\n", LINE, LINE);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comoutput.c:121:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempBuff, "%s\nPEDIGREE | LN LIKE | LOG 10 LIKE\n%s\n",
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comoutput.c:188:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempBuff, "%s\nTOTALS %12.6f %12.6f\n",
data/fastlink-4.1P-fix100+dfsg/4.1P/src/compar.c:952:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(errFile, errmesg);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/compar.c:986:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(format, barrierNum);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/compar.c:1296:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, &buffer[i+1]);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comrec.c:249:19: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
Local Void gethet(system, LINK)
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comrec.c:250:6: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int *system;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comrec.c:257:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (*system != mlocus)
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comrec.c:262:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (*system != mlocus)
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comrec.c:274:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int system;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comrec.c:281:11: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
gethet(&system, &V);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:202:23: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
Local Void getriskhap(system, LINK)
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:203:6: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
long system;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:214:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system != mlocus)
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:252:22: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
Local Void getmuthap(system, LINK)
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:253:6: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
long system;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:264:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system != mlocus)
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:315:19: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
Local Void hapscr(system, nscramble, LINK)
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:316:6: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
long system, nscramble;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:323:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system != mlocus)
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:335:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system != mlocus)
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:343:19: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
Local Void sethap(system, LINK)
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:344:6: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
long system;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:359:6: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system != mlocus)
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:378:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system != mlocus)
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:405:20: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
Local Void gethet1(system, LINK)
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:406:6: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
long system;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:410:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system != mlocus)
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:416:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system != mlocus)
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:905:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
long system;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1098:23: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (lastpriv == V.system) {
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1286:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
long system;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1289:26: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
Local Void getbin(locus, system, LINK)
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1291:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
long *system;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1302:21: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(8L, *system, LINK->LINK->LINK->nfactor[*system - 1],
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1305:21: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(9L, *system, LINK->LINK->LINK->nfactor[*system - 1],
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1324:29: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
Local Void getnumber(locus, system, LINK)
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1326:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
long *system;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1352:27: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(28L, LINK->system, WITH->UU.U0.nclass, LINK->LINK->LINK);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1354:27: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(29L, LINK->system, WITH->UU.U0.nclass, LINK->LINK->LINK);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1363:26: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(30L, LINK->system, LINK->system, LINK->LINK->LINK);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1363:40: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(30L, LINK->system, LINK->system, LINK->LINK->LINK);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1386:26: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(30L, LINK->system, LINK->system, LINK->LINK->LINK);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1386:40: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(30L, LINK->system, LINK->system, LINK->LINK->LINK);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1413:27: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(31L, LINK->system, WITH->UU.U1.ntrait, LINK->LINK->LINK);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1415:27: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(32L, LINK->system, WITH->UU.U0.nclass, LINK->LINK->LINK);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1437:24: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(33L, LINK->system, LINK->system, LINK->LINK->LINK);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1437:38: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(33L, LINK->system, LINK->system, LINK->LINK->LINK);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1448:27: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(34L, LINK->system, LINK->system, LINK->LINK->LINK);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1448:41: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(34L, LINK->system, LINK->system, LINK->LINK->LINK);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1477:22: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(5L, V.system, LINK->whichtype, LINK->LINK);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1479:22: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(6L, V.system, WITH->nallele, LINK->LINK);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1481:22: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(7L, V.system, WITH->nallele, LINK->LINK);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1540:46: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
getnumber(&holdlocus[V.system - 1], &V.system, &V);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1542:43: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
getbin(&holdlocus[V.system - 1], &V.system, &V);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1575:18: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
lastpriv = V.system;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loopbrk.c:1135:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(str1, "%s %d\n", str, &PedigreeWithLoops);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loopbrk.c:1139:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(str1, "%s %s %d %s %d %s %d %s %s %s",
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loopbrk.c:1141:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(str2, "%d %s %s\n", &tempid2, str ,str);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loopbrk.c:1291:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rest[PersonId], rest[PersonId+1]);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loopbrk.c:2168:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lineCopy, rest[p]);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/outbuff.c:68:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(f, oBuff->ipeds[i]->string);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/strbuff.c:80:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newString, sBuff->string);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/strbuff.c:90:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sBuff->string + sBuff->stindex, buffer);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:2357:18: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
long thisread, system;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:2618:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
long system;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:2632:27: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(31L, LINK->system, WITH->UU.ntrait);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:2634:27: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(32L, LINK->system, WITH->UU.U0.nclass);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:2653:27: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(28L, LINK->system, WITH->UU.U0.nclass);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:2655:27: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(29L, LINK->system, WITH->UU.U0.nclass);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:2664:26: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(30L, LINK->system, LINK->system);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:2664:40: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(30L, LINK->system, LINK->system);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:2681:24: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(30L, LINK->system, LINK->system);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:2681:38: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(30L, LINK->system, LINK->system);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:2705:26: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(8L, LINK->system, WITH->UU.U2.nfactor);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:2707:26: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
inputerror(9L, LINK->system, WITH->UU.U2.nfactor);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:2959:21: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
static void getgene(system, p, phen)
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:2960:6: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
long system;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/commoncode.c:607:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "ic")) != -1)
data/fastlink-4.1P-fix100+dfsg/4.1P/src/commondefs.h:1097:5: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int getopt();
data/fastlink-4.1P-fix100+dfsg/4.1P/src/compar.c:791:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "w:n:p:mi")) != -1)
data/fastlink-4.1P-fix100+dfsg/4.1P/src/compar.c:793:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "w:n:i")) != -1)
data/fastlink-4.1P-fix100+dfsg/4.1P/src/compar.c:796:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "w:n:mi")) != -1)
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:2072:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "i")) != -1)
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:5389:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "cl")) != -1) {
data/fastlink-4.1P-fix100+dfsg/4.1P/src/check.c:35:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char theLine [ 256 ] ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/check.c:80:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char theBuffer [ CopyBlockSize ] ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/check.c:88:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fromFile = open ( fromName , O_RDONLY, 0, "ctx=rec", "shr=get,put,upd" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/check.c:90:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fromFile = open ( fromName , O_RDONLY ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/check.c:94:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
toFile = open ( toName , flags , CopyAppendPerms ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/check.c:120:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char theLine [ 256 ] ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/check.c:125:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
checkpointBackup = fopen ( CheckpointILINKFileBackup , "r" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/check.c:127:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
checkpointBackup = fopen ( CheckpointLODSCOREFileBackup , "r" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/check.c:129:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
checkpointBackup = fopen ( CheckpointLINKMAPFileBackup , "r" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/check.c:131:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
checkpointBackup = fopen ( CheckpointMLINKFileBackup , "r" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/check.c:395:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
checkpointDatafile = fopen ( CheckpointILINKFilename , "w" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/check.c:397:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
checkpointDatafile = fopen ( CheckpointLODSCOREFilename , "w" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/check.c:399:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
checkpointDatafile = fopen ( CheckpointLINKMAPFilename , "w" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/check.c:401:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
checkpointDatafile = fopen ( CheckpointMLINKFilename , "w" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/check.c:590:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dateTimeStamp [ DateTimeStampStringLength ] ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/check.c:591:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char theLine [ 80 ] ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/check.c:598:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
checkpointDatafile = fopen ( CheckpointILINKFilename , "r" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/check.c:600:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
checkpointDatafile = fopen ( CheckpointLODSCOREFilename , "r" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/check.c:602:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
checkpointDatafile = fopen ( CheckpointLINKMAPFilename , "r" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/check.c:604:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
checkpointDatafile = fopen ( CheckpointMLINKFilename , "r" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/checkpointdefs.h:192:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dateTimeStamp [ DateTimeStampStringLength ] ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/ckpt.c:21:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * argList [ ] ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/ckpt.c:65:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
scriptCheckpoint = fopen ( scriptCheckpointFilename , "r+" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/ckpt.c:68:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
scriptCheckpoint = fopen ( scriptCheckpointFilename , "w" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:635:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
loopfile = fopen(LOOPFILE_NAME, "r");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:637:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
loopfile = fopen(LOOPFILE_NAME, "r");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:761:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
errorfile = fopen("FASTLINK.err","a");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:2000:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oldtheta, WITH->theta, sizeof(thetarray));
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comlike.c:147:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m, v, sizeof(covmatrix));
data/fastlink-4.1P-fix100+dfsg/4.1P/src/commoncode.c:216:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
datafile = fopen("datafile.dat", "r");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/commoncode.c:219:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ipedfile = fopen("ipedfile.dat", "r");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/commoncode.c:223:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
speedfile = fopen("newspeedfile.dat", "r");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/commoncode.c:225:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
speedfile = fopen("speedfile.dat", "r");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/commoncode.c:242:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile = fopen("outfile.dat", "w", "ctx=rec","shr=get,put,upd" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/commoncode.c:244:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile = fopen("outfile.dat", "w");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/commoncode.c:250:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen("stream.dat", "w", "ctx=rec","shr=get,put,upd" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/commoncode.c:252:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen("stream.dat", "w");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/commoncode.c:259:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
final = fopen("final.dat", "w", "ctx=rec","shr=get,put,upd" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/commoncode.c:261:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
final = fopen("final.dat", "w");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/commoncode.c:282:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
scriptCheckpoint = fopen ( ScriptCheckpointFilename ,
data/fastlink-4.1P-fix100+dfsg/4.1P/src/commoncode.c:285:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
scriptCheckpoint = fopen ( ScriptCheckpointFilename , "r" );
data/fastlink-4.1P-fix100+dfsg/4.1P/src/commoncode.c:295:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
scriptCheckpoint = fopen ( ScriptCheckpointFilename ,
data/fastlink-4.1P-fix100+dfsg/4.1P/src/commoncode.c:298:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
scriptCheckpoint = fopen ( ScriptCheckpointFilename , "w" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/commoncode.c:320:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fileTester = fopen ( ScriptFinalOut ,
data/fastlink-4.1P-fix100+dfsg/4.1P/src/commoncode.c:323:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fileTester = fopen ( ScriptFinalOut , "r" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/commoncode.c:333:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fileTester = fopen ( ScriptStreamOut ,
data/fastlink-4.1P-fix100+dfsg/4.1P/src/commoncode.c:336:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fileTester = fopen ( ScriptStreamOut , "r" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/commoncode.c:377:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fopen(CheckpointFilename , "r", "ctx=rec","shr=get,put,upd");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/commoncode.c:379:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
checkpointDatafile = fopen ( CheckpointFilename , "r" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/commoncode.c:467:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile = fopen("outfile.dat", "a", "ctx=rec","shr=get,put,upd");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/commoncode.c:469:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile = fopen( "outfile.dat", "a");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/commoncode.c:475:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen("stream.dat", "a", "ctx=rec","shr=get,put,upd");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/commoncode.c:477:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen( "stream.dat", "a");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/commoncode.c:531:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
scriptCheckpoint = fopen(ScriptCheckpointFilename,
data/fastlink-4.1P-fix100+dfsg/4.1P/src/commoncode.c:534:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
scriptCheckpoint = fopen ( ScriptCheckpointFilename , "r+" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/commondefs.h:362:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char hapvector[maxlocus];
data/fastlink-4.1P-fix100+dfsg/4.1P/src/commondefs.h:871:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char systemCallString [ SystemCallStringLength ] ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comnuclear.c:1404:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((*LINK->p)->gen->genarray, (*LINK->r)->gen->genarray,
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comnuclear.c:1406:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((*LINK->r)->gen->genarray, gene, maxfemgen * sizeof(double));
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comnuclear.c:1520:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((*LINK->p)->gen->genarray, (*LINK->r)->gen->genarray,
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comnuclear.c:1522:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((*LINK->r)->gen->genarray, gene, maxfemgen * sizeof(double));
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comoutput.c:37:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempBuff[TEMPBUFF_SIZE];
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comoutput.c:60:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tempBuff, "%6.3f", maletheta->theta[i]);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comoutput.c:67:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tempBuff, "%6.3f", maletheta->theta[mlocus - 1]);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comoutput.c:79:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tempBuff, "%6.3f\n", maletheta->theta[i]);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comoutput.c:83:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tempBuff, "%6.3f\n", maletheta->theta[mlocus - 1]);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comoutput.c:93:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tempBuff, "%6.3f", femaletheta->theta[i]);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comoutput.c:98:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tempBuff, "%6.3f", femaletheta->theta[mlocus - 1]);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comoutput.c:110:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tempBuff, "%6.3f\n", femaletheta->theta[i]);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comoutput.c:114:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tempBuff, "%6.3f\n", femaletheta->theta[mlocus - 1]);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comoutput.c:133:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempBuff[TEMPBUFF_SIZE];
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comoutput.c:137:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tempBuff, "%12d % .5e", proband[currThisped]->ped, currLike);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comoutput.c:139:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tempBuff, "%12d % .5e ", proband[currThisped]->ped, currLike);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comoutput.c:143:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tempBuff, "%9d %12.6f ", proband[currThisped]->ped, currLike);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comoutput.c:159:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempBuff[TEMPBUFF_SIZE];
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comoutput.c:162:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tempBuff, "%12.6f\n", currLike);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comoutput.c:168:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tempBuff, "%12.6f LOD= %12.6f\n", currLike,
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comoutput.c:173:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tempBuff, "%12.6f\n", currLike);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comoutput.c:186:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempBuff[TEMPBUFF_SIZE];
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comoutput.c:194:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tempBuff, "% .5e % .5e\n", currAlike, currTlike);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comoutput.c:196:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tempBuff, "% .5e % .5e\n", -2 * currAlike, currTlike);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comoutput.c:209:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempBuff[TEMPBUFF_SIZE];
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comoutput.c:219:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tempBuff, "-2 LN(LIKE) = % .5e", currAlike);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comoutput.c:241:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tempBuff, " LOD SCORE = %12.6f", currAlike);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comoutput.c:250:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tempBuff, " LOG LIKE DIFFERENCE = %12.6f", currAlike);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comoutput.c:256:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tempBuff, "% .5e\n", currTlike - *unlinkedLike);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comoutput.c:267:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tempBuff, "Maxcensor can be reduced to %12d\n", thisc);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/compar.c:801:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxworkingset = atoi(optarg);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/compar.c:812:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Tmk_nprocs = atoi(optarg);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/compar.c:948:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* errFile = fopen("FASTLINK.err", "a");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/compar.c:1285:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[maxNumStrlen + 1];
data/fastlink-4.1P-fix100+dfsg/4.1P/src/compar.c:1311:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char memNeededStr[maxNumStrlen];
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comrec.c:55:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(LINK->hap1, LINK->thishap1[i], sizeof(hapvector));
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comrec.c:105:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(LINK->thishap1[LINK->nhap - 1], LINK->hap1, sizeof(hapvector));
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comrec.c:106:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(LINK->thishap2[LINK->nhap - 1], LINK->hap2, sizeof(hapvector));
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comrec.c:313:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oldtheta, WITH->theta, sizeof(thetarray));
data/fastlink-4.1P-fix100+dfsg/4.1P/src/comrec.c:352:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oldtheta, WITH->theta, sizeof(thetarray));
data/fastlink-4.1P-fix100+dfsg/4.1P/src/ilink.c:550:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oldtheta, WITH1->theta, sizeof(thetarray));
data/fastlink-4.1P-fix100+dfsg/4.1P/src/ilink.c:560:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(WITH1->theta, oldtheta, sizeof(thetarray));
data/fastlink-4.1P-fix100+dfsg/4.1P/src/ilink.c:563:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oldtheta, WITH1->theta, sizeof(thetarray));
data/fastlink-4.1P-fix100+dfsg/4.1P/src/ilink.c:573:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(WITH1->theta, oldtheta, sizeof(thetarray));
data/fastlink-4.1P-fix100+dfsg/4.1P/src/ilink.c:694:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
final = fopen ( "final.dat" , "a", "ctx=rec","shr=get,put,upd" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/ilink.c:696:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
final = fopen ( "final.dat" , "a" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/ilink.c:704:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen ( "stream.dat" , "a", "ctx=rec","shr=get,put,upd" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/ilink.c:706:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen ( "stream.dat" , "a" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/ilink.c:719:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
final = fopen ( "final.dat" , "a", "ctx=rec","shr=get,put,upd" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/ilink.c:721:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
final = fopen ( "final.dat" , "a" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/ilink.c:729:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen ( "stream.dat" , "a", "ctx=rec","shr=get,put,upd" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/ilink.c:731:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen ( "stream.dat" , "a" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/ilink.c:830:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oldtheta, WITH1->theta, sizeof(thetarray));
data/fastlink-4.1P-fix100+dfsg/4.1P/src/ilink.c:840:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(WITH1->theta, oldtheta, sizeof(thetarray));
data/fastlink-4.1P-fix100+dfsg/4.1P/src/ilink.c:843:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oldtheta, WITH1->theta, sizeof(thetarray));
data/fastlink-4.1P-fix100+dfsg/4.1P/src/ilink.c:854:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(WITH1->theta, oldtheta, sizeof(thetarray));
data/fastlink-4.1P-fix100+dfsg/4.1P/src/ilink.c:1088:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x, xt, sizeof(vector));
data/fastlink-4.1P-fix100+dfsg/4.1P/src/ilink.c:1115:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x, xt, sizeof(vector));
data/fastlink-4.1P-fix100+dfsg/4.1P/src/ilink.c:1156:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x, xt, sizeof(vector));
data/fastlink-4.1P-fix100+dfsg/4.1P/src/ilink.c:1161:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x, xt, sizeof(vector));
data/fastlink-4.1P-fix100+dfsg/4.1P/src/ilink.c:1178:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x, xt, sizeof(vector));
data/fastlink-4.1P-fix100+dfsg/4.1P/src/ilink.c:1228:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gsave, g, sizeof(vector));
data/fastlink-4.1P-fix100+dfsg/4.1P/src/ilink.c:1352:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ztjp1, y, sizeof(vector));
data/fastlink-4.1P-fix100+dfsg/4.1P/src/ilink.c:1417:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d, dp, sizeof(vector));
data/fastlink-4.1P-fix100+dfsg/4.1P/src/ilink.c:1459:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xvec, xall, sizeof(vector));
data/fastlink-4.1P-fix100+dfsg/4.1P/src/ilink.c:1476:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xall, xvec, sizeof(vector));
data/fastlink-4.1P-fix100+dfsg/4.1P/src/ilink.c:1556:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in1 = fopen("in1.dat", "r");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/iostuff.c:80:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
errorfile = fopen("FASTLINK.err","a");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/iostuff.c:118:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(LOOPFILE_NAME, "r");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/iostuff.c:216:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
errorfile = fopen("FASTLINK.err", "a");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/iostuff.c:262:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char intext[DEFAULT_STRING_LENGTH]; /* the line read from the file */
data/fastlink-4.1P-fix100+dfsg/4.1P/src/iostuff.c:294:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inputline[DEFAULT_STRING_LENGTH]; /* line read from ipedfile */
data/fastlink-4.1P-fix100+dfsg/4.1P/src/iostuff.c:307:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ipedfile = fopen("ipedfile.dat","r");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/iostuff.c:308:34: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (ipedfile == NULL) ipedfile = fopen("pedfile.dat","r");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/linkmap.c:45:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempBuff[TEMPBUFF_SIZE]; /* temporary buffer */
data/fastlink-4.1P-fix100+dfsg/4.1P/src/linkmap.c:91:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tempBuff, "% .5e\n", tThisdist);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/linkmap.c:100:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tempBuff, "% .5e\n", tThisdist);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/linkmap.c:106:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tempBuff, "% .5e\n", tMaletheta[i - 1]);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/linkmap.c:114:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tempBuff, "% .5e\n", tFemaletheta[i - 1]);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/linkmap.c:244:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char instr[DEFAULT_STR_LENGTH]; /* str to read files with */
data/fastlink-4.1P-fix100+dfsg/4.1P/src/linkmap.c:286:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
s_screen = fopen(SCREENSAVE,"w"); /* open the files for output */
data/fastlink-4.1P-fix100+dfsg/4.1P/src/linkmap.c:287:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
s_outfile = fopen(OUTFILESAVE,"w");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/linkmap.c:288:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
s_stream = fopen(STREAMSAVE,"w");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/linkmap.c:304:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
s_save = fopen(LINKSAVE,"r"); /* try to open the head save file */
data/fastlink-4.1P-fix100+dfsg/4.1P/src/linkmap.c:336:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
s_screen = fopen(SCREENSAVE,"r"); /* open the files for restore */
data/fastlink-4.1P-fix100+dfsg/4.1P/src/linkmap.c:337:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
s_outfile = fopen(OUTFILESAVE,"r");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/linkmap.c:338:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
s_stream = fopen(STREAMSAVE,"r");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/linkmap.c:573:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
s_save = fopen(LINKSAVE,"w");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:185:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(itp, holditp, sizeof(itertype));
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:592:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
recfile = fopen ( "recfile.dat" , "a", "ctx=rec", "shr = get,put,upd") ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:594:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
recfile = fopen ( "recfile.dat" , "a") ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:602:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen ( "stream.dat" , "a", "ctx=rec", "shr=get,put,upd") ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:604:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen ( "stream.dat" , "a" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:618:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
recfile = fopen ( "recfile.dat" , "a", "ctx=rec", "shr=get,put,upd") ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:620:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
recfile = fopen ( "recfile.dat" , "a" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:628:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen ( "stream.dat" , "a", "ctx=rec", "shr=get,put,upd") ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:630:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen ( "stream.dat" , "a" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:911:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x, xt, sizeof(vector));
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:938:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x, xt, sizeof(vector));
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:978:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x, xt, sizeof(vector));
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:983:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x, xt, sizeof(vector));
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:1000:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x, xt, sizeof(vector));
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:1049:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gsave, g, sizeof(vector));
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:1173:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ztjp1, y, sizeof(vector));
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:1238:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d, dp, sizeof(vector));
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:1280:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xvec, xall, sizeof(vector));
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:1297:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xall, xvec, sizeof(vector));
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:1377:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in1 = fopen("in1.dat", "r");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:2060:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dateTimeStamp [ DateTimeStampStringLength ] ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:2085:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
recfile = fopen("recfile.dat", "w", "ctx=rec", "shr=get,put,upd") ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:2087:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
recfile = fopen("recfile.dat", "w"); /* If you change things in */
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:2093:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen("stream.dat", "w", "ctx=rec", "shr=get,put,upd") ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:2095:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen("stream.dat", "w"); /* to the checkpointing code near */
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:2112:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
scriptCheckpoint = fopen ( ScriptLODSCORECheckpointFilename , "r", "ctx=rec", "shr=get,put,upd") ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:2114:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
scriptCheckpoint = fopen ( ScriptLODSCORECheckpointFilename , "r" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:2123:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
scriptCheckpoint = fopen ( ScriptLODSCORECheckpointFilename , "w", "ctx=rec", "shr=get,put,upd") ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:2125:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
scriptCheckpoint = fopen ( ScriptLODSCORECheckpointFilename , "w" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:2139:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fileTester = fopen ( ScriptLODSCOREFinalOut , "r", "ctx=rec", "shr=get,put,upd") ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:2141:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fileTester = fopen ( ScriptLODSCOREFinalOut , "r" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:2151:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fileTester = fopen ( ScriptLODSCOREStreamOut , "r", "ctx=rec", "shr=get,put,upd") ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:2153:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fileTester = fopen ( ScriptLODSCOREStreamOut , "r" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:2171:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
datafile = fopen("datafile.dat", "r");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:2174:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pedfile = fopen("pedfile.dat", "r");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:2178:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile = fopen("outfile.dat", "w", "ctx=rec", "shr=get,put,upd") ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:2180:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile = fopen("outfile.dat", "w");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:2185:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
final = fopen("final.dat", "w", "ctx=rec", "shr=get,put,upd") ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:2187:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
final = fopen("final.dat", "w");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:2221:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
checkpointDatafile = fopen ( CheckpointLODSCOREFilename , "r", "ctx=rec", "shr=get,put,upd") ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:2223:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
checkpointDatafile = fopen ( CheckpointLODSCOREFilename , "r" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:2277:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
recfile = fopen ( "recfile.dat" , "a", "ctx=rec", "shr=get,put,upd") ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:2279:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
recfile = fopen ( "recfile.dat" , "a" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:2287:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen ( "stream.dat" , "a", "ctx=rec", "shr=get,put,upd") ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:2289:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen ( "stream.dat" , "a" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:2298:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
recfile = fopen ( "recfile.dat" , "a", "ctx=rec", "shr=get,put,upd") ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:2300:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
recfile = fopen ( "recfile.dat" , "a" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:2308:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen ( "stream.dat" , "a", "ctx=rec", "shr=get,put,upd") ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:2310:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen ( "stream.dat" , "a" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:2394:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
scriptCheckpoint = fopen ( ScriptLODSCORECheckpointFilename , "r+", "ctx=rec", "shr=get,put,upd" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/lodscore.c:2396:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
scriptCheckpoint = fopen ( ScriptLODSCORECheckpointFilename , "r+" ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1714:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(holditp, itp, sizeof(itertype));
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loopbrk.c:27:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *rest[maxindperpedigree]; /* array of genotype fields */
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loopbrk.c:94:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
countfile = fopen("countfile.dat", "w");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loopbrk.c:96:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
countfile = fopen("countfile.dat", "r");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loopbrk.c:102:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
countfile = fopen("countfile.dat", "w");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loopbrk.c:104:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
countfile = fopen("countfile.dat", "r");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loopbrk.c:117:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pedfile = fopen(pedfilename, "r");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loopbrk.c:122:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pedfile = fopen(pedfilename, "r");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loopbrk.c:133:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tpedfile = fopen("tpedfile.dat", "w");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loopbrk.c:1127:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[COUNTFILE_WORD_LENGTH];
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loopbrk.c:1128:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str1[COUNTFILE_LINE_LENGTH]; /*pedigree string from countfile*/
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loopbrk.c:1129:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str2[COUNTFILE_LINE_LENGTH]; /*person line from countfile*/
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loopbrk.c:2190:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
discreteValue = atoi(thisValue);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loopbrk.c:2194:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
junk = atoi(thisValue);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loopbrk.c:2205:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
discreteValue = atoi(thisValue);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loopbrk.c:2208:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
junk = atoi(thisValue);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loopbrk.c:2219:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
discreteValue = atoi(thisValue);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:131:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char status[maxind+1]; /* used to check pedfile.dat
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:152:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
errorfile = fopen("FASTLINK.err","a");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:222:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inputline[DEFAULT_STRING_LENGTH]; /* line read from ipedfile */
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:223:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char restofline[DEFAULT_STRING_LENGTH]; /* line read from ipedfile */
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:239:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
localpedfile = fopen("pedfile.dat", "r");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:243:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
localupedfile = fopen("upedfile.dat", "w");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:438:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char intext[DEFAULT_STRING_LENGTH]; /* the line read from the file */
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:514:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inputline[DEFAULT_STRING_LENGTH]; /* line read from ipedfile */
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:533:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pedfile = fopen("pedfile.dat", "r");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:3233:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(LINK->firsthap, seghap[first], sizeof(subhap));
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:3235:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(LINK->secondhap, seghap[nonzgens[nonzindex]], sizeof(subhap));
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:3325:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(LINK->firsthap, seghap[first], sizeof(subhap));
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:3327:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(LINK->secondhap, seghap[nonzgens[nonzindex]], sizeof(subhap));
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4601:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
datafile = fopen("datafile.dat", "r");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4604:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
datafile = fopen("datafile.dat", "r");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4624:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ipedfile = fopen("ipedfile.dat", "w");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4627:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ipedfile = fopen("ipedfile.dat", "w");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4635:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
loopfile = fopen(LOOPFILE_NAME, "w");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4638:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
loopfile = fopen(LOOPFILE_NAME, "w");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4647:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
speedfile = fopen("speedfile.dat", "w");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4649:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
speedfile = fopen("newspeedfile.dat", "w");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4653:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
speedfile = fopen("speedfile.dat", "w");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4655:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
speedfile = fopen("newspeedfile.dat", "w");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4691:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pedfilename,"upedfile.dat");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4695:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pedfilename,"pedfile.dat");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4699:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pedfile = fopen(pedfilename, "r");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4702:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pedfile = fopen(pedfilename, "r");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4816:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pedfile = fopen(pedfilename, "r");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4819:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pedfile = fopen(pedfilename, "r");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4828:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
countfile = fopen(COUNTFILE_NAME,"w");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4900:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pedfile = fopen(TPEDFILE_NAME, "r");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4903:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pedfile = fopen(TPEDFILE_NAME, "r");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:5044:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pedfile = fopen(pedfilename, "r");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:5047:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pedfile = fopen(pedfilename, "r");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:5056:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
countfile = fopen(COUNTFILE_NAME,"w");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:5167:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pedfile = fopen(TPEDFILE_NAME, "r");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:5170:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pedfile = fopen(TPEDFILE_NAME, "r");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:5174:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pedfile = fopen(pedfilename, "r");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:5177:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pedfile = fopen(pedfilename, "r");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:5345:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pedfilename,"upedfile.dat");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:5349:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pedfilename,"pedfile.dat");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:5358:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
lpedfile = fopen(LPEDFILE_NAME, "w");
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.h:401:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pedfilename[FILE_NAME_LENGTH];
data/fastlink-4.1P-fix100+dfsg/4.1P/src/check.c:101:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytesRead = read ( fromFile , theBuffer , CopyBlockSize ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/check.c:202:18: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
newlineDummy = getc ( checkpointDatafile ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/ckpt.c:85:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat ( systemCallString , " " ) ;
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:982:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ( getc(loopfile) != '\n' ) {
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1002:24: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((extrachar = getc(loopfile)) == 'i' ) {
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1024:12: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ( getc(loopfile) == '-' ) {
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1041:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ( getc(loopfile) != '\n' ) {
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1110:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(speedfile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1135:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(speedfile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1580:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(ipedfile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1661:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1683:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1712:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1733:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1748:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1766:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1783:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1797:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1801:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1863:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1866:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1898:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1904:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1951:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1992:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/cominputcode.c:1995:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/ilinputcode.c:179:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/ilinputcode.c:396:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/ilinputcode.c:424:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/ilinputcode.c:453:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/ilinputcode.c:476:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/ilinputcode.c:497:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/iostuff.c:49:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(f);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/iostuff.c:63:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(f);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/liinputcode.c:26:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/liinputcode.c:55:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/liinputcode.c:84:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/liinputcode.c:107:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/liinputcode.c:128:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/liinputcode.c:146:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1238:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(pedfile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1299:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1321:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1350:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1371:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1392:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1411:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1428:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1442:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1446:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1503:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1506:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1534:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1580:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1597:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1600:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1618:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1637:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1646:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1658:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1703:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1713:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loinputcode.c:1725:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loopbrk.c:40:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(f);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loopbrk.c:111:7: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/fastlink-4.1P-fix100+dfsg/4.1P/src/loopbrk.c:129:7: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/fastlink-4.1P-fix100+dfsg/4.1P/src/mlink.c:121:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/mlink.c:502:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/mlinputcode.c:24:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/mlinputcode.c:53:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/mlinputcode.c:82:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/mlinputcode.c:105:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/mlinputcode.c:126:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/mlinputcode.c:144:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/strbuff.c:64:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int length = strlen(buffer);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:184:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(f);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:199:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(f);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:831:3: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:2453:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
whichchr = getc(pedfile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:2458:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(pedfile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:2630:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:2637:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:2651:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:2672:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:2686:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:2702:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:2721:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:2790:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:2794:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:2798:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:2820:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:2834:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:2848:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:2852:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4470:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4472:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4480:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4487:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4489:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4491:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4494:2: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4497:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4499:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4504:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4506:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4508:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4512:4: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4517:4: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4524:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4527:2: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4531:2: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4537:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4539:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4542:2: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4548:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4551:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4554:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4563:3: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4568:11: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fff = getc(datafile);
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4611:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4709:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4826:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:4910:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:5054:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/fastlink-4.1P-fix100+dfsg/4.1P/src/unknown.c:5185:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
ANALYSIS SUMMARY:
Hits = 522
Lines analyzed = 38290 in approximately 1.15 seconds (33408 lines/second)
Physical Source Lines of Code (SLOC) = 29940
Hits@level = [0] 1336 [1] 125 [2] 256 [3] 7 [4] 134 [5] 0
Hits@level+ = [0+] 1858 [1+] 522 [2+] 397 [3+] 141 [4+] 134 [5+] 0
Hits/KSLOC@level+ = [0+] 62.0574 [1+] 17.4349 [2+] 13.2599 [3+] 4.70942 [4+] 4.47562 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.