Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/fitsverify-4.20/fitsverify.c Examining data/fitsverify-4.20/ftverify.c Examining data/fitsverify-4.20/fverify.h Examining data/fitsverify-4.20/fvrf_data.c Examining data/fitsverify-4.20/fvrf_file.c Examining data/fitsverify-4.20/fvrf_head.c Examining data/fitsverify-4.20/fvrf_key.c Examining data/fitsverify-4.20/fvrf_misc.c FINAL RESULTS: data/fitsverify-4.20/ftverify.c:296:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(msg,"Clobber is not set. Cannot overwrite the file%s",p); data/fitsverify-4.20/ftverify.c:341:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(comm,"%s %s (CFITSIO V%.3f)",task,tversion,fversion); data/fitsverify-4.20/fvrf_data.c:370:19: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(errmes,errtmp); data/fitsverify-4.20/fvrf_data.c:378:19: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(errmes,errtmp); data/fitsverify-4.20/fvrf_data.c:389:17: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(errmes,errtmp); data/fitsverify-4.20/fvrf_data.c:404:17: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(errmes,errtmp); data/fitsverify-4.20/fvrf_data.c:411:17: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(errmes,errtmp); data/fitsverify-4.20/fvrf_data.c:593:22: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(errmes,comm); data/fitsverify-4.20/fvrf_data.c:687:22: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(errmes, floatvalue); data/fitsverify-4.20/fvrf_data.c:717:26: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(errmes, floatvalue); data/fitsverify-4.20/fvrf_file.c:42:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (hduname[i]->extname,extname); data/fitsverify-4.20/fvrf_file.c:131:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temp,p->extname); data/fitsverify-4.20/fvrf_file.c:134:12: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(temp,temp1); data/fitsverify-4.20/fvrf_file.c:138:16: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(comm," %-5d %-20s Image Array %-4d %-4d ", data/fitsverify-4.20/fvrf_file.c:143:16: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(comm," %-5d %-20s ASCII Table %-4d %-4d ", data/fitsverify-4.20/fvrf_file.c:148:16: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(comm," %-5d %-20s Binary Table %-4d %-4d ", data/fitsverify-4.20/fvrf_file.c:153:16: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(comm," %-5d %-20s Unknown HDU %-4d %-4d ", data/fitsverify-4.20/fvrf_file.c:162:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(comm," End-of-file %-30s %-4d %-4d ", "", iwrn,ierr); data/fitsverify-4.20/fvrf_head.c:63:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(comm,"File: %s",pfile); data/fitsverify-4.20/fvrf_head.c:248:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:332:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:342:18: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, "Keyword #%d, %s is duplicated.", data/fitsverify-4.20/fvrf_head.c:390:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:515:15: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(hduptr->extname,kwds[k]->kvalue); data/fitsverify-4.20/fvrf_head.c:616:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temp,cfltkeys[i]); data/fitsverify-4.20/fvrf_head.c:633:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( errmes, data/fitsverify-4.20/fvrf_head.c:643:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( errmes, data/fitsverify-4.20/fvrf_head.c:654:18: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( errmes, data/fitsverify-4.20/fvrf_head.c:663:19: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( errmes, data/fitsverify-4.20/fvrf_head.c:705:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temp,cfltnkeys[i]); data/fitsverify-4.20/fvrf_head.c:720:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temp,cflt_keys[i]); data/fitsverify-4.20/fvrf_head.c:746:18: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( errmes, data/fitsverify-4.20/fvrf_head.c:755:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( errmes, data/fitsverify-4.20/fvrf_head.c:770:18: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( errmes, data/fitsverify-4.20/fvrf_head.c:779:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( errmes, data/fitsverify-4.20/fvrf_head.c:814:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temp,cstrkeys[i]); data/fitsverify-4.20/fvrf_head.c:835:18: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( errmes, data/fitsverify-4.20/fvrf_head.c:844:20: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( errmes, data/fitsverify-4.20/fvrf_head.c:871:14: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( errmes, data/fitsverify-4.20/fvrf_head.c:879:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temp,rastrkeys[i]); data/fitsverify-4.20/fvrf_head.c:897:20: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( errmes, data/fitsverify-4.20/fvrf_head.c:908:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temp,specstrkeys[i]); data/fitsverify-4.20/fvrf_head.c:928:20: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( errmes, data/fitsverify-4.20/fvrf_head.c:979:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temp,exlkey[i]); data/fitsverify-4.20/fvrf_head.c:984:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:1030:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:1050:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:1068:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:1095:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes,"Keyword #%d, %s ", data/fitsverify-4.20/fvrf_head.c:1104:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes,"Keyword #%d, %s: ", data/fitsverify-4.20/fvrf_head.c:1113:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:1132:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes,"Keyword #%d, %s ", data/fitsverify-4.20/fvrf_head.c:1143:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:1161:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes,"Keyword #%d, %s ", data/fitsverify-4.20/fvrf_head.c:1172:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:1265:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temp,exlkey[i]); data/fitsverify-4.20/fvrf_head.c:1270:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( errmes, data/fitsverify-4.20/fvrf_head.c:1278:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temp,exlnkey[i]); data/fitsverify-4.20/fvrf_head.c:1289:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( errmes, data/fitsverify-4.20/fvrf_head.c:1384:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:1396:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes,"Keyword #%d, %s: The scaling factor is 0.", data/fitsverify-4.20/fvrf_head.c:1404:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temp,exlkeys[i]); data/fitsverify-4.20/fvrf_head.c:1410:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( errmes, data/fitsverify-4.20/fvrf_head.c:1419:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temp,exlnkeys[i]); data/fitsverify-4.20/fvrf_head.c:1430:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( errmes, data/fitsverify-4.20/fvrf_head.c:1439:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temp,fltkeys[i]); data/fitsverify-4.20/fvrf_head.c:1451:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temp,strkeys[i]); data/fitsverify-4.20/fvrf_head.c:1635:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:1658:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes,"Keyword #%d, %s: TFORM=\"%s\" ", data/fitsverify-4.20/fvrf_head.c:1670:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:1680:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:1705:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:1724:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes,"Keyword #%d, %s: TDISP=\"%s\" ", data/fitsverify-4.20/fvrf_head.c:1734:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:1747:22: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:1753:22: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:1764:22: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:1770:22: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:1790:22: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:1800:22: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:1818:22: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:1833:22: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:1863:22: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:1878:22: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:1906:22: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:1913:18: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:1925:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temp,exlkey[i]); data/fitsverify-4.20/fvrf_head.c:1930:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( errmes, data/fitsverify-4.20/fvrf_head.c:1963:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temp,cfltkeys[i]); data/fitsverify-4.20/fvrf_head.c:1979:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( errmes, data/fitsverify-4.20/fvrf_head.c:1989:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temp,cstrkeys[i]); data/fitsverify-4.20/fvrf_head.c:2005:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( errmes, data/fitsverify-4.20/fvrf_head.c:2064:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:2084:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:2102:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes,"Keyword #%d, %s: Scaling factor is zero.", data/fitsverify-4.20/fvrf_head.c:2108:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:2115:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:2132:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:2139:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:2155:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( errmes, data/fitsverify-4.20/fvrf_head.c:2166:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( errmes, data/fitsverify-4.20/fvrf_head.c:2233:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:2243:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:2251:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes,"Keyword #%d, %s: The value %ld", data/fitsverify-4.20/fvrf_head.c:2259:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes,"Keyword #%d, %s: The value %ld", data/fitsverify-4.20/fvrf_head.c:2275:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes,"Keyword #%d, %s:", data/fitsverify-4.20/fvrf_head.c:2283:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:2292:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:2310:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:2319:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:2374:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes,"Keyword #%d, %s: TDIM=\"%s\" ", data/fitsverify-4.20/fvrf_head.c:2383:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:2390:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes,"Keyword #%d, %s: ", data/fitsverify-4.20/fvrf_head.c:2404:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:2412:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temp,exlkeys[i]); data/fitsverify-4.20/fvrf_head.c:2423:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( errmes, data/fitsverify-4.20/fvrf_head.c:2496:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:2513:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:2519:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:2532:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:2548:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes,"Keyword #%d, %s: ", kwds[j]->kindex,kwds[j]->kname); data/fitsverify-4.20/fvrf_head.c:2555:16: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:2565:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temp,strkey[i]); data/fitsverify-4.20/fvrf_head.c:2573:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temp,intkey[i]); data/fitsverify-4.20/fvrf_head.c:2581:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temp,fltkey[i]); data/fitsverify-4.20/fvrf_head.c:2591:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:2622:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:2640:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:2651:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:2713:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:2733:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:2829:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ttypecopy[i],ttype[i]); data/fitsverify-4.20/fvrf_head.c:2855:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:2890:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:2925:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temp,tform[colnum-1]); data/fitsverify-4.20/fvrf_head.c:2930:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes,"Illegal repeat value for value %s of TFORM%d.", data/fitsverify-4.20/fvrf_head.c:2937:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:2950:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, "Bad value of TFORM%d: %s.",colnum,tform[colnum-1]); data/fitsverify-4.20/fvrf_head.c:2956:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, "Bad value of TFORM%d: %s.",colnum,tform[colnum-1]); data/fitsverify-4.20/fvrf_head.c:3018:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(htemp,"%4d | %s",i,cards[i-1]); data/fitsverify-4.20/fvrf_head.c:3052:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(extnv, "%s",hduptr->extname); data/fitsverify-4.20/fvrf_head.c:3055:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(extnv,extver); data/fitsverify-4.20/fvrf_head.c:3059:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(comm," %s (%d columns x %lld rows)", extnv, hduptr->ncols, data/fitsverify-4.20/fvrf_head.c:3062:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(comm," %s (%d columns x %ld rows)", extnv, hduptr->ncols, data/fitsverify-4.20/fvrf_head.c:3073:16: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(extnv,"%s (%s)",ttype[i],tunit[i]); data/fitsverify-4.20/fvrf_head.c:3075:16: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(extnv,"%s",ttype[i]); data/fitsverify-4.20/fvrf_head.c:3114:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(comm,temp); data/fitsverify-4.20/fvrf_head.c:3117:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(comm,temp); data/fitsverify-4.20/fvrf_head.c:3124:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(comm,temp); data/fitsverify-4.20/fvrf_head.c:3134:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(comm,temp); data/fitsverify-4.20/fvrf_head.c:3145:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(extnv, "%s",hduptr->extname); data/fitsverify-4.20/fvrf_head.c:3148:20: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(extnv,extver); data/fitsverify-4.20/fvrf_head.c:3151:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(comm,extnv); data/fitsverify-4.20/fvrf_head.c:3182:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(comm,temp); data/fitsverify-4.20/fvrf_head.c:3185:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(comm,temp); data/fitsverify-4.20/fvrf_head.c:3192:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(comm,temp); data/fitsverify-4.20/fvrf_head.c:3202:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(comm,temp); data/fitsverify-4.20/fvrf_key.c:30:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes,"card %s is > 80.",card); data/fitsverify-4.20/fvrf_key.c:50:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes,"Keyword #%d: Name %s is not left justified.", data/fitsverify-4.20/fvrf_key.c:59:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_key.c:77:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(kcomm, p); data/fitsverify-4.20/fvrf_key.c:81:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_key.c:116:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(kcomm, p); data/fitsverify-4.20/fvrf_key.c:120:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_key.c:330:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(card,*pt); /* save the original */ data/fitsverify-4.20/fvrf_key.c:425:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temp,*pt); data/fitsverify-4.20/fvrf_key.c:432:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(kvalue, p1); data/fitsverify-4.20/fvrf_key.c:447:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_key.c:453:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_key.c:459:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes,"Keyword #%d, %s: Bad logical value \"%s\".", data/fitsverify-4.20/fvrf_key.c:464:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes,"Keyword #%d, %s: Bad numerical value \"%s\".", data/fitsverify-4.20/fvrf_key.c:469:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_key.c:475:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_key.c:481:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_key.c:487:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_key.c:493:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_key.c:499:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_key.c:505:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_key.c:511:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_key.c:519:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_key.c:531:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes,"Keyword #%d, %s has a null value; expected a string.", data/fitsverify-4.20/fvrf_key.c:536:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes,"Keyword #%d, %s: \"%s\" is not a string.", data/fitsverify-4.20/fvrf_key.c:547:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes,"Keyword #%d, %s has a null value; expected an integer.", data/fitsverify-4.20/fvrf_key.c:552:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes,"Keyword #%d, %s: value = %s is not an integer.", data/fitsverify-4.20/fvrf_key.c:564:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes,"Keyword #%d, %s has a null value; expected a float.", data/fitsverify-4.20/fvrf_key.c:569:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_key.c:583:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_key.c:597:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_key.c:610:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errmes, data/fitsverify-4.20/fvrf_misc.c:44:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(temp,mess); data/fitsverify-4.20/fvrf_misc.c:64:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(temp,mess); data/fitsverify-4.20/fvrf_misc.c:104:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(temp,mess); data/fitsverify-4.20/fvrf_misc.c:106:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(temp,ttemp); data/fitsverify-4.20/fvrf_misc.c:149:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(temp,mess); data/fitsverify-4.20/fvrf_misc.c:161:37: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. for(i=0; i<=nstack; i++) fprintf(out,errfmt,tmp[i]); data/fitsverify-4.20/fvrf_misc.c:166:37: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. for(i=0; i<=nstack; i++) fprintf(stdout,errfmt,tmp[i]); data/fitsverify-4.20/fvrf_misc.c:169:37: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. for(i=0; i<=nstack; i++) fprintf(stderr,errfmt,tmp[i]); data/fitsverify-4.20/fvrf_misc.c:253:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out,cont_fmt,tmp); data/fitsverify-4.20/fvrf_misc.c:281:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(line, title); data/fitsverify-4.20/fitsverify.c:24:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *filename, errormode[2] = {"w"}; data/fitsverify-4.20/fitsverify.c:247:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(taskname, "fitsverify"); data/fitsverify-4.20/fitsverify.c:254:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(taskvers, "4.20"); data/fitsverify-4.20/fitsverify.c:263:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void HD_ERROR_THROW(char msg[256], int status); data/fitsverify-4.20/fitsverify.c:264:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void HD_ERROR_THROW(char msg[256], int status) data/fitsverify-4.20/ftverify.c:150:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char infile[PIL_LINESIZE],outfile[PIL_LINESIZE]; data/fitsverify-4.20/ftverify.c:152:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errreport[PIL_LINESIZE]; data/fitsverify-4.20/ftverify.c:154:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char taskname[80] = "ftverify"; data/fitsverify-4.20/ftverify.c:155:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char version[8] = "4.20"; data/fitsverify-4.20/ftverify.c:190:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[MAXMSG]; data/fitsverify-4.20/ftverify.c:193:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "Error reading the 'infile' parameter."); data/fitsverify-4.20/ftverify.c:199:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "Error reading the 'outfile' parameter."); data/fitsverify-4.20/ftverify.c:204:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "Error reading the 'prhead' parameter."); data/fitsverify-4.20/ftverify.c:209:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "Error reading the 'prstat' parameter."); data/fitsverify-4.20/ftverify.c:214:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "Error reading the 'errreport' parameter."); data/fitsverify-4.20/ftverify.c:219:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "Error reading the 'testdata' parameter."); data/fitsverify-4.20/ftverify.c:224:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "Error reading the 'tchksum' parameter."); data/fitsverify-4.20/ftverify.c:229:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "Error reading the 'testfill' parameter."); data/fitsverify-4.20/ftverify.c:234:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "Error reading the 'heasarc' parameter."); data/fitsverify-4.20/ftverify.c:239:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "Error reading the 'hierarch' parameter."); data/fitsverify-4.20/ftverify.c:264:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char runchars[30]; data/fitsverify-4.20/ftverify.c:270:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char task[80]; data/fitsverify-4.20/ftverify.c:271:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tversion[80]; data/fitsverify-4.20/ftverify.c:274:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[MAXMSG]; data/fitsverify-4.20/ftverify.c:283:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( (list = fopen(p,"r")) == NULL ) { data/fitsverify-4.20/ftverify.c:295:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). && (outfptr = fopen(p,"r") ) != NULL ) { data/fitsverify-4.20/ftverify.c:313:25: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if( (outfptr = fopen(p,"w") ) == NULL) { data/fitsverify-4.20/ftverify.c:321:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). runfile=fopen("/tmp.shared/fits/tmpverify/counter.fitsverify","r+"); data/fitsverify-4.20/ftverify.c:325:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). runnum=atoi(runchars); data/fitsverify-4.20/ftverify.c:327:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(comm," Run Number %d",runnum); data/fitsverify-4.20/ftverify.c:329:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(runchars, "%d", runnum); data/fitsverify-4.20/ftverify.c:348:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(comm, "Caution: Only checking for the most severe FITS format errors."); data/fitsverify-4.20/ftverify.c:358:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(comm, "HEASARC conventions are being checked."); data/fitsverify-4.20/ftverify.c:363:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(comm, "ESO HIERARCH keywords are being checked."); data/fitsverify-4.20/ftverify.c:446:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char parname[32]; data/fitsverify-4.20/ftverify.c:452:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(parname, "numwrns"); data/fitsverify-4.20/ftverify.c:458:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(parname, "numerrs"); data/fitsverify-4.20/fverify.h:14:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char errmes[256]; data/fitsverify-4.20/fverify.h:15:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char comm[FLEN_FILENAME+6]; data/fitsverify-4.20/fverify.h:57:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char kname[FLEN_KEYWORD]; /* fits keyword name */ data/fitsverify-4.20/fverify.h:59:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char kvalue[FLEN_VALUE]; /* fits keyword name */ data/fitsverify-4.20/fverify.h:100:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char extname[FLEN_VALUE]; /* EXTENSION NAME */ data/fitsverify-4.20/fverify.h:168:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char extname[FLEN_VALUE]; /* extension name, used for extension*/ data/fitsverify-4.20/fvrf_data.c:96:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errtmp[80]; data/fitsverify-4.20/fvrf_data.c:143:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmes,"Column #%d: ",i); data/fitsverify-4.20/fvrf_data.c:168:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmes,"Column #%d: ",i); data/fitsverify-4.20/fvrf_data.c:246:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmes,"Column #%d: ",i); data/fitsverify-4.20/fvrf_data.c:361:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errtmp,"Row #%ld Col.#%d: ",jl,icol); data/fitsverify-4.20/fvrf_data.c:368:19: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(errmes,"Var row length exceeds maximum 32-bit signed int. "); data/fitsverify-4.20/fvrf_data.c:369:19: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errtmp,"First detected for Row #%ld Column #%d",jl,icol); data/fitsverify-4.20/fvrf_data.c:376:19: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(errmes,"Heap offset for var length row exceeds maximum 32-bit signed int. "); data/fitsverify-4.20/fvrf_data.c:377:19: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errtmp,"First detected for Row #%ld Column #%d",jl,icol); data/fitsverify-4.20/fvrf_data.c:385:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmes, "Descriptor of Column #%d at Row %ld: ", data/fitsverify-4.20/fvrf_data.c:387:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errtmp,"nelem(%ld) > maxlen(%ld) given by TFORM%d.", data/fitsverify-4.20/fvrf_data.c:399:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmes, "Descriptor of Column #%d at Row %ld: ", data/fitsverify-4.20/fvrf_data.c:401:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errtmp, data/fitsverify-4.20/fvrf_data.c:406:14: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errtmp, "/8 > total heap area = %ld.", data/fitsverify-4.20/fvrf_data.c:409:14: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errtmp, "*%d > total heap area = %ld.", data/fitsverify-4.20/fvrf_data.c:441:21: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errtmp,"Row #%ld Col.#%d: ",jl,icol); data/fitsverify-4.20/fvrf_data.c:449:23: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmes, data/fitsverify-4.20/fvrf_data.c:452:25: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(errmes, data/fitsverify-4.20/fvrf_data.c:464:21: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errtmp,"Row #%ld Col.#%d: ",jl,icol); data/fitsverify-4.20/fvrf_data.c:470:23: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmes, data/fitsverify-4.20/fvrf_data.c:474:24: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(errmes, data/fitsverify-4.20/fvrf_data.c:588:19: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmes, data/fitsverify-4.20/fvrf_data.c:592:22: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(comm, "0x%02x ", (unsigned char) data[k*repeat[i]+l]); data/fitsverify-4.20/fvrf_data.c:595:19: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(errmes,"is not left justified."); data/fitsverify-4.20/fvrf_data.c:597:19: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(errmes, data/fitsverify-4.20/fvrf_data.c:618:36: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ucdata = (unsigned char *)cdata[k+1]; data/fitsverify-4.20/fvrf_data.c:623:21: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmes, data/fitsverify-4.20/fvrf_data.c:627:23: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(errmes, data/fitsverify-4.20/fvrf_data.c:649:21: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmes, data/fitsverify-4.20/fvrf_data.c:654:24: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(errmes, data/fitsverify-4.20/fvrf_data.c:675:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. floatvalue = (char *)cdata[k+1]; data/fitsverify-4.20/fvrf_data.c:683:21: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmes, data/fitsverify-4.20/fvrf_data.c:688:22: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(errmes, data/fitsverify-4.20/fvrf_data.c:700:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. floatvalue = (char *)cdata[k+1]; data/fitsverify-4.20/fvrf_data.c:713:23: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmes, data/fitsverify-4.20/fvrf_data.c:718:26: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(errmes, data/fitsverify-4.20/fvrf_data.c:763:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keyname[9]; data/fitsverify-4.20/fvrf_data.c:764:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tform[FLEN_VALUE], comment[256]; data/fitsverify-4.20/fvrf_data.c:786:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(keyname, "TFORM%d",k); data/fitsverify-4.20/fvrf_data.c:790:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(keyname, "TBCOL%d",k); data/fitsverify-4.20/fvrf_data.c:811:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmes, data/fitsverify-4.20/fvrf_data.c:814:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmes, data/fitsverify-4.20/fvrf_data.c:824:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmes, data/fitsverify-4.20/fvrf_data.c:827:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmes, data/fitsverify-4.20/fvrf_data.c:841:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmes, data/fitsverify-4.20/fvrf_file.c:118:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[FLEN_VALUE]; data/fitsverify-4.20/fvrf_file.c:119:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp1[FLEN_VALUE]; data/fitsverify-4.20/fvrf_file.c:123:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(comm," HDU# Name (version) Type Warnings Errors"); data/fitsverify-4.20/fvrf_file.c:126:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(comm," 1 Primary Array %-4d %-4d ", data/fitsverify-4.20/fvrf_file.c:133:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp1," (%-d)",p->extver); data/fitsverify-4.20/fvrf_file.c:192:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmes, data/fitsverify-4.20/fvrf_file.c:212:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmes, data/fitsverify-4.20/fvrf_file.c:226:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmes, data/fitsverify-4.20/fvrf_file.c:250:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(comm,"\n%d Header-Data Units in this file.",totalhdu); data/fitsverify-4.20/fvrf_file.c:280:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(comm,"**** Verification found %d warning(s) and %d error(s). ****", data/fitsverify-4.20/fvrf_head.c:23:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char temp[80]; data/fitsverify-4.20/fvrf_head.c:41:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rootnam[FLEN_FILENAME] = ""; /* Input Fits file root name */ data/fitsverify-4.20/fvrf_head.c:50:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xtension[80]; data/fitsverify-4.20/fvrf_head.c:147:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(comm,"**** Abort Verification: Fatal Error. ****"); data/fitsverify-4.20/fvrf_head.c:205:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:241:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(cards[ncards-1],"END "); data/fitsverify-4.20/fvrf_head.c:281:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmes, "Unregistered XTENSION value \"%8.8s\".",p); data/fitsverify-4.20/fvrf_head.c:286:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:354:14: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:510:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp,"EXTNAME"); data/fitsverify-4.20/fvrf_head.c:518:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp,"EXTVER"); data/fitsverify-4.20/fvrf_head.c:553:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp,"CROTA2"); data/fitsverify-4.20/fvrf_head.c:561:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp,"WCSAXES"); data/fitsverify-4.20/fvrf_head.c:693:14: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( errmes, data/fitsverify-4.20/fvrf_head.c:698:14: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( errmes, data/fitsverify-4.20/fvrf_head.c:799:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( errmes, data/fitsverify-4.20/fvrf_head.c:806:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( errmes, data/fitsverify-4.20/fvrf_head.c:865:14: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( errmes, data/fitsverify-4.20/fvrf_head.c:992:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp,"GROUPS"); data/fitsverify-4.20/fvrf_head.c:1009:8: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp,"EXTEND"); data/fitsverify-4.20/fvrf_head.c:1016:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmes,"There are extensions but EXTEND = F."); data/fitsverify-4.20/fvrf_head.c:1023:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp,"PCOUNT"); data/fitsverify-4.20/fvrf_head.c:1043:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp,"GCOUNT"); data/fitsverify-4.20/fvrf_head.c:1063:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp,"BLOCKED"); data/fitsverify-4.20/fvrf_head.c:1086:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp,"PSCAL"); data/fitsverify-4.20/fvrf_head.c:1097:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(errmes, data/fitsverify-4.20/fvrf_head.c:1106:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(errmes, data/fitsverify-4.20/fvrf_head.c:1123:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp,"PZERO"); data/fitsverify-4.20/fvrf_head.c:1134:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(errmes, data/fitsverify-4.20/fvrf_head.c:1152:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp,"PTYPE"); data/fitsverify-4.20/fvrf_head.c:1163:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(errmes, data/fitsverify-4.20/fvrf_head.c:1215:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(comm, data/fitsverify-4.20/fvrf_head.c:1223:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp,"PCOUNT"); data/fitsverify-4.20/fvrf_head.c:1227:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmes,"cannot find the PCOUNT keyword."); data/fitsverify-4.20/fvrf_head.c:1235:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmes,"PCOUNT is not in record %d of the header.", data/fitsverify-4.20/fvrf_head.c:1244:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp,"GCOUNT"); data/fitsverify-4.20/fvrf_head.c:1248:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmes,"cannot find the GCOUNT keyword."); data/fitsverify-4.20/fvrf_head.c:1256:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmes,"GCOUNT is not in record %d of the header.", data/fitsverify-4.20/fvrf_head.c:1319:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:1325:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:1378:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp,"BLANK"); data/fitsverify-4.20/fvrf_head.c:1391:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp,"BSCALE"); data/fitsverify-4.20/fvrf_head.c:1612:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp,"TFIELDS"); data/fitsverify-4.20/fvrf_head.c:1620:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp,"TTYPE"); data/fitsverify-4.20/fvrf_head.c:1642:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp,"TFORM"); data/fitsverify-4.20/fvrf_head.c:1660:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(errmes, data/fitsverify-4.20/fvrf_head.c:1690:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp,"TUNIT"); data/fitsverify-4.20/fvrf_head.c:1713:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp,"TDISP"); data/fitsverify-4.20/fvrf_head.c:1726:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(errmes, data/fitsverify-4.20/fvrf_head.c:2051:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp,"TBCOL"); data/fitsverify-4.20/fvrf_head.c:2075:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp,"TNULL"); data/fitsverify-4.20/fvrf_head.c:2092:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp,"TSCAL"); data/fitsverify-4.20/fvrf_head.c:2122:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp,"TZERO"); data/fitsverify-4.20/fvrf_head.c:2146:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp,"TDIM"); data/fitsverify-4.20/fvrf_head.c:2161:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp,"THEAP"); data/fitsverify-4.20/fvrf_head.c:2223:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp,"TNULL"); data/fitsverify-4.20/fvrf_head.c:2253:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(errmes, " is not in the range of datatype B."); data/fitsverify-4.20/fvrf_head.c:2261:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(errmes, " is not in the range of datatype I "); data/fitsverify-4.20/fvrf_head.c:2267:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp,"TSCAL"); data/fitsverify-4.20/fvrf_head.c:2277:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(errmes, data/fitsverify-4.20/fvrf_head.c:2300:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp,"TZERO"); data/fitsverify-4.20/fvrf_head.c:2328:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp,"THEAP"); data/fitsverify-4.20/fvrf_head.c:2334:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( errmes, data/fitsverify-4.20/fvrf_head.c:2346:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmes,"Column #%d: ",i); data/fitsverify-4.20/fvrf_head.c:2356:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:2365:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp,"TDIM"); data/fitsverify-4.20/fvrf_head.c:2376:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(errmes, data/fitsverify-4.20/fvrf_head.c:2479:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vtemp[72]; data/fitsverify-4.20/fvrf_head.c:2505:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp,"NAXIS"); data/fitsverify-4.20/fvrf_head.c:2528:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp,"EPOCH"); data/fitsverify-4.20/fvrf_head.c:2541:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp,"DATE"); data/fitsverify-4.20/fvrf_head.c:2601:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp,"LONGSTRN"); data/fitsverify-4.20/fvrf_head.c:2605:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:2613:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp,"HIERARCH"); data/fitsverify-4.20/fvrf_head.c:2838:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmes, data/fitsverify-4.20/fvrf_head.c:2972:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char hdutitle[64]; data/fitsverify-4.20/fvrf_head.c:2981:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(hdutitle," HDU %d: Primary Array ", curhdu); data/fitsverify-4.20/fvrf_head.c:2986:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(hdutitle," HDU %d: Image Exten. ", curhdu); data/fitsverify-4.20/fvrf_head.c:2989:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(hdutitle," HDU %d: ASCII Table ", curhdu); data/fitsverify-4.20/fvrf_head.c:2992:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(hdutitle," HDU %d: BINARY Table ", curhdu); data/fitsverify-4.20/fvrf_head.c:2995:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(hdutitle," HDU %d: Unknown Ext. ", curhdu); data/fitsverify-4.20/fvrf_head.c:3015:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char htemp[100]; data/fitsverify-4.20/fvrf_head.c:3039:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char extver[10]; data/fitsverify-4.20/fvrf_head.c:3040:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char extnv[FLEN_VALUE]; data/fitsverify-4.20/fvrf_head.c:3048:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(comm," %d header keywords", hduptr->nkeys); data/fitsverify-4.20/fvrf_head.c:3054:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(extver,"(%d)",hduptr->extver); data/fitsverify-4.20/fvrf_head.c:3068:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(comm, " Col# Name (Units) Format"); data/fitsverify-4.20/fvrf_head.c:3076:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(comm," %3d %-20.20s %-10.10s", data/fitsverify-4.20/fvrf_head.c:3083:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(comm, " %d Random Groups, ",hduptr->gcount); data/fitsverify-4.20/fvrf_head.c:3087:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp," 8-bit integer pixels, "); data/fitsverify-4.20/fvrf_head.c:3090:20: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp," 16-bit integer pixels, "); data/fitsverify-4.20/fvrf_head.c:3093:20: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp," 16-bit unsigned integer pixels, "); data/fitsverify-4.20/fvrf_head.c:3096:20: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp," 32-bit integer pixels, "); data/fitsverify-4.20/fvrf_head.c:3099:20: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp," 64-bit long integer pixels, "); data/fitsverify-4.20/fvrf_head.c:3102:20: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp," 32-bit unsigned integer pixels, "); data/fitsverify-4.20/fvrf_head.c:3105:20: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp," 32-bit floating point pixels, "); data/fitsverify-4.20/fvrf_head.c:3108:20: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp," 64-bit double precision pixels, "); data/fitsverify-4.20/fvrf_head.c:3111:20: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp," unknown datatype, "); data/fitsverify-4.20/fvrf_head.c:3116:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp," %d axes ",hduptr->naxis); data/fitsverify-4.20/fvrf_head.c:3120:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, "(%lld",hduptr->naxes[0]); data/fitsverify-4.20/fvrf_head.c:3122:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, "(%ld",hduptr->naxes[0]); data/fitsverify-4.20/fvrf_head.c:3130:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, " x %lld",hduptr->naxes[i]); data/fitsverify-4.20/fvrf_head.c:3132:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, " x %ld",hduptr->naxes[i]); data/fitsverify-4.20/fvrf_head.c:3136:6: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(comm,"), "); data/fitsverify-4.20/fvrf_head.c:3147:20: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(extver," (%d)",hduptr->extver); data/fitsverify-4.20/fvrf_head.c:3155:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp," 8-bit integer pixels, "); data/fitsverify-4.20/fvrf_head.c:3158:20: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp," 16-bit integer pixels, "); data/fitsverify-4.20/fvrf_head.c:3161:20: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp," 16-bit unsigned integer pixels, "); data/fitsverify-4.20/fvrf_head.c:3164:20: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp," 32-bit integer pixels, "); data/fitsverify-4.20/fvrf_head.c:3167:20: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp," 64-bit long integer pixels, "); data/fitsverify-4.20/fvrf_head.c:3170:20: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp," 32-bit unsigned integer pixels, "); data/fitsverify-4.20/fvrf_head.c:3173:20: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp," 32-bit floating point pixels, "); data/fitsverify-4.20/fvrf_head.c:3176:20: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp," 64-bit double precision pixels, "); data/fitsverify-4.20/fvrf_head.c:3179:20: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp," unknown datatype, "); data/fitsverify-4.20/fvrf_head.c:3184:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp," %d axes ",hduptr->naxis); data/fitsverify-4.20/fvrf_head.c:3188:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, "(%lld",hduptr->naxes[0]); data/fitsverify-4.20/fvrf_head.c:3190:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, "(%ld",hduptr->naxes[0]); data/fitsverify-4.20/fvrf_head.c:3198:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, " x %lld",hduptr->naxes[i]); data/fitsverify-4.20/fvrf_head.c:3200:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, " x %ld",hduptr->naxes[i]); data/fitsverify-4.20/fvrf_head.c:3204:6: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(comm,"), "); data/fitsverify-4.20/fvrf_head.c:3208:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(comm," Null data array; NAXIS = 0 "); data/fitsverify-4.20/fvrf_key.c:15:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vind[3]; data/fitsverify-4.20/fvrf_key.c:19:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp1[FLEN_CARD]; data/fitsverify-4.20/fvrf_key.c:326:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[FLEN_CARD]; data/fitsverify-4.20/fvrf_key.c:327:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char card[FLEN_CARD]; data/fitsverify-4.20/fvrf_key.c:422:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[FLEN_CARD]; data/fitsverify-4.20/fvrf_key.c:555:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(errmes," The value is entered as a string. "); data/fitsverify-4.20/fvrf_key.c:573:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(errmes," The value is entered as a string. "); data/fitsverify-4.20/fvrf_key.c:587:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(errmes," The value is entered as a string. "); data/fitsverify-4.20/fvrf_key.c:601:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(errmes," The value is entered as a string. "); data/fitsverify-4.20/fvrf_key.c:614:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(errmes," The value is entered as a string. "); data/fitsverify-4.20/fvrf_key.c:640:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmes, data/fitsverify-4.20/fvrf_key.c:662:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmes, data/fitsverify-4.20/fvrf_key.c:672:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmes, data/fitsverify-4.20/fvrf_key.c:693:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmes, data/fitsverify-4.20/fvrf_key.c:707:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmes, data/fitsverify-4.20/fvrf_key.c:718:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errmes, data/fitsverify-4.20/fvrf_misc.c:14:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char temp[512]; data/fitsverify-4.20/fvrf_misc.c:43:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp,"*** Warning: "); data/fitsverify-4.20/fvrf_misc.c:45:19: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if(isheasarc) strcat(temp," (HEASARC Convention)"); data/fitsverify-4.20/fvrf_misc.c:63:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp,"*** Error: "); data/fitsverify-4.20/fvrf_misc.c:95:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ttemp[255]; data/fitsverify-4.20/fvrf_misc.c:103:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp,"*** Error: "); data/fitsverify-4.20/fvrf_misc.c:139:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[20][80]; data/fitsverify-4.20/fvrf_misc.c:148:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp,"*** Error: "); data/fitsverify-4.20/fvrf_misc.c:150:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(temp,"(from CFITSIO error stack:)"); data/fitsverify-4.20/fvrf_misc.c:195:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[81]; data/fitsverify-4.20/fvrf_misc.c:196:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char cont_fmt[80]; data/fitsverify-4.20/fvrf_misc.c:203:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(cont_fmt,"%.67s\n"); data/fitsverify-4.20/fitsverify.c:148:12: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(errormode,"e"); data/fitsverify-4.20/ftverify.c:294:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(prstat && strlen(p) && strcmp(p, "STDOUT") && strcmp(p, "STDERR") data/fitsverify-4.20/ftverify.c:304:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(prstat && (!strlen(p) || !strcmp(p, "STDOUT"))) { data/fitsverify-4.20/ftverify.c:307:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if(prstat && (!strlen(p) || !strcmp(p, "STDERR"))) { data/fitsverify-4.20/fvrf_data.c:681:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(floatvalue)) { /* ignore completely blank fields */ data/fitsverify-4.20/fvrf_data.c:706:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(floatvalue) - 1; data/fitsverify-4.20/fvrf_file.c:26:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(hduname[i]->extname,""); data/fitsverify-4.20/fvrf_file.c:44:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(hduname[i]->extname,""); data/fitsverify-4.20/fvrf_file.c:80:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(!strlen(p1->extname) || !strlen(p2->extname)) return 0; data/fitsverify-4.20/fvrf_file.c:80:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(!strlen(p1->extname) || !strlen(p2->extname)) return 0; data/fitsverify-4.20/fvrf_head.c:55:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(p); data/fitsverify-4.20/fvrf_head.c:59:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(!strlen(pfile)) return status; data/fitsverify-4.20/fvrf_head.c:443:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(hduptr->extname,""); data/fitsverify-4.20/fvrf_head.c:625:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(temp); data/fitsverify-4.20/fvrf_head.c:729:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(temp); data/fitsverify-4.20/fvrf_head.c:825:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(temp); data/fitsverify-4.20/fvrf_head.c:890:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(temp); data/fitsverify-4.20/fvrf_head.c:919:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(temp); data/fitsverify-4.20/fvrf_head.c:1427:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(temp); data/fitsverify-4.20/fvrf_head.c:1972:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(temp); data/fitsverify-4.20/fvrf_head.c:1998:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(temp); data/fitsverify-4.20/fvrf_head.c:2420:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(temp); data/fitsverify-4.20/fvrf_head.c:2837:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(!strlen(p)) { data/fitsverify-4.20/fvrf_head.c:2877:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(!strlen(cols[i]->name)) continue; data/fitsverify-4.20/fvrf_head.c:3072:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(tunit[i])) data/fitsverify-4.20/fvrf_head.c:3143:17: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(extnv,""); data/fitsverify-4.20/fvrf_key.c:27:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(card) > FLEN_CARD-1 ) { data/fitsverify-4.20/fvrf_key.c:28:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(temp1,card,20); data/fitsverify-4.20/fvrf_key.c:37:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(kname, card, 8); data/fitsverify-4.20/fvrf_key.c:111:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(vind,p,2); data/fitsverify-4.20/fvrf_key.c:174:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(kvalue); data/fitsverify-4.20/fvrf_key.c:218:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(kvalue,pi,nchar); data/fitsverify-4.20/fvrf_key.c:299:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(kvalue,pi,nchar); data/fitsverify-4.20/fvrf_key.c:365:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(kvalue,card,nchar); data/fitsverify-4.20/fvrf_key.c:408:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(kcomm,pi,nchar); data/fitsverify-4.20/fvrf_misc.c:207:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(temp) - 80; data/fitsverify-4.20/fvrf_misc.c:214:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp,p,80); data/fitsverify-4.20/fvrf_misc.c:233:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp,p,clen); data/fitsverify-4.20/fvrf_misc.c:235:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(p)- clen; data/fitsverify-4.20/fvrf_misc.c:268:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ntitle = strlen(title); ANALYSIS SUMMARY: Hits = 486 Lines analyzed = 6437 in approximately 0.27 seconds (23554 lines/second) Physical Source Lines of Code (SLOC) = 4873 Hits@level = [0] 137 [1] 40 [2] 247 [3] 0 [4] 199 [5] 0 Hits@level+ = [0+] 623 [1+] 486 [2+] 446 [3+] 199 [4+] 199 [5+] 0 Hits/KSLOC@level+ = [0+] 127.847 [1+] 99.7332 [2+] 91.5247 [3+] 40.8373 [4+] 40.8373 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.