Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/foreign-0.8.80/src/pspp-format-def.h
Examining data/foreign-0.8.80/src/SASxport.h
Examining data/foreign-0.8.80/src/Rdbfread.c
Examining data/foreign-0.8.80/src/spss.c
Examining data/foreign-0.8.80/src/file-handle.h
Examining data/foreign-0.8.80/src/avl.h
Examining data/foreign-0.8.80/src/R_systat.c
Examining data/foreign-0.8.80/src/pfm.h
Examining data/foreign-0.8.80/src/sfmP.h
Examining data/foreign-0.8.80/src/init.c
Examining data/foreign-0.8.80/src/swap_bytes.h
Examining data/foreign-0.8.80/src/sfm-read.c
Examining data/foreign-0.8.80/src/Rdbfwrite.c
Examining data/foreign-0.8.80/src/minitab.c
Examining data/foreign-0.8.80/src/format.c
Examining data/foreign-0.8.80/src/var.h
Examining data/foreign-0.8.80/src/SASxport.c
Examining data/foreign-0.8.80/src/dbfopen.c
Examining data/foreign-0.8.80/src/file-handle.c
Examining data/foreign-0.8.80/src/stataread.c
Examining data/foreign-0.8.80/src/sfm.h
Examining data/foreign-0.8.80/src/pfm-read.c
Examining data/foreign-0.8.80/src/format.h
Examining data/foreign-0.8.80/src/avl.c
Examining data/foreign-0.8.80/src/foreign.h
Examining data/foreign-0.8.80/src/shapefil.h

FINAL RESULTS:

data/foreign-0.8.80/src/R_systat.c:131:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(msg, _("not a rectangular data file (%s mtype is %d)"),
data/foreign-0.8.80/src/R_systat.c:238:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(u->h.fname, fname);
data/foreign-0.8.80/src/R_systat.c:516:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(mes, _("$ not in variable label column 9: %s"), label);
data/foreign-0.8.80/src/R_systat.c:531:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(u->h.lab[j], tmp);
data/foreign-0.8.80/src/R_systat.c:693:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(svalue, tmp_str);	/* store in svalue */
data/foreign-0.8.80/src/R_systat.c:702:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(svalue, tmp_str);	/* concatenate strings */
data/foreign-0.8.80/src/dbfopen.c:539:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy( pszBasename, pszFilename );
data/foreign-0.8.80/src/dbfopen.c:549:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf( pszFullname, "%s.dbf", pszBasename );
data/foreign-0.8.80/src/dbfopen.c:673:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy( pszFInfo, pszFieldName);
data/foreign-0.8.80/src/dbfopen.c:1105:6:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	    sprintf(szSField, szFormat, (int) *((double *) pValue) );
data/foreign-0.8.80/src/dbfopen.c:1112:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy((char *) (pabyRec+psDBF->panFieldOffset[iField]), szSField);
data/foreign-0.8.80/src/dbfopen.c:1123:6:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	    sprintf(szSField, szFormat, *((double *) pValue) );
data/foreign-0.8.80/src/dbfopen.c:1129:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy((char *) (pabyRec+psDBF->panFieldOffset[iField]), szSField);
data/foreign-0.8.80/src/file-handle.c:79:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(fn, filename);
data/foreign-0.8.80/src/file-handle.c:85:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy (&name[1], fn);
data/foreign-0.8.80/src/file-handle.c:143:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (&buf[1], h->fn);
data/foreign-0.8.80/src/format.c:90:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf (buf, "%s%d.%d", formats[f->type].name, f->w, f->d);
data/foreign-0.8.80/src/format.c:92:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf (buf, "%s%d", formats[f->type].name, f->w);
data/foreign-0.8.80/src/pfm-read.c:717:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (ext->dict->weight_var, name);
data/foreign-0.8.80/src/sfm-read.c:348:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (ext->dict->weight_var, wv->name);
data/foreign-0.8.80/src/sfm-read.c:859:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (inf->product, cp);
data/foreign-0.8.80/src/sfm-read.c:1492:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (print, fmt_to_string (&v->print));
data/foreign-0.8.80/src/spss.c:44:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(c, s);
data/foreign-0.8.80/src/spss.c:94:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy (v->name, name);
data/foreign-0.8.80/src/R_systat.c:36:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	*history[MAXLINES];
data/foreign-0.8.80/src/R_systat.c:37:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	fmt[4];
data/foreign-0.8.80/src/R_systat.c:52:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	*lab[MAXVARS];	/* array of pointers to variable names */
data/foreign-0.8.80/src/R_systat.c:54:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	fname[ERRMES];	/* opened file name */
data/foreign-0.8.80/src/R_systat.c:123:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char str[LABELSIZ+1], msg[256];
data/foreign-0.8.80/src/R_systat.c:231:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[ERRMES];
data/foreign-0.8.80/src/R_systat.c:235:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((u->h.fd = fopen(fname,  "rb")) == NULL)
data/foreign-0.8.80/src/R_systat.c:319:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(tmp, _("getuse: byte counter %o octal"), k);
data/foreign-0.8.80/src/R_systat.c:334:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(tmp, "Getuse: failure reading byte %d", end);
data/foreign-0.8.80/src/R_systat.c:346:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(tmp, "Getuse: last byte = %o octal", k);
data/foreign-0.8.80/src/R_systat.c:408:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mes[ERRMES], tmp1[ERRMES];
data/foreign-0.8.80/src/R_systat.c:409:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char label[LABELSIZ+1], tmp[LABELSIZ+1];
data/foreign-0.8.80/src/R_systat.c:410:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char var[30];
data/foreign-0.8.80/src/R_systat.c:413:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(mes, _("getlab: File format unknown"));
data/foreign-0.8.80/src/R_systat.c:421:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(tmp1, _("getlab: byte 0 = %o octal"), o);
data/foreign-0.8.80/src/R_systat.c:425:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(tmp1, _("getlab: byte 1 = %o octal"), o);
data/foreign-0.8.80/src/R_systat.c:437:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(tmp1, _("getlab: byte 9 = %o octal"), o);
data/foreign-0.8.80/src/R_systat.c:448:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(tmp1, _("getlab: comment begin byte = %o"), o);
data/foreign-0.8.80/src/R_systat.c:454:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(tmp1, _("getlab: comment = %c"), o);
data/foreign-0.8.80/src/R_systat.c:459:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(tmp1, _("getlab: comment end byte = %o"), o);
data/foreign-0.8.80/src/R_systat.c:477:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(tmp1, _("getlab: byte nv0 = %o octal"), o);
data/foreign-0.8.80/src/R_systat.c:488:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(tmp1, _("getlab: byte nv$ = %o octal"), o);
data/foreign-0.8.80/src/R_systat.c:503:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(tmp1, _("getlab: byte lab[%d]0 = %o, nv=%d"),
data/foreign-0.8.80/src/R_systat.c:529:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(var, "u->h.lab[%d]", j);
data/foreign-0.8.80/src/R_systat.c:536:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(tmp1, _("getlab: byte lab[%d]$ = %o octal"), j, o);
data/foreign-0.8.80/src/R_systat.c:680:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp_str[9];
data/foreign-0.8.80/src/Rdbfread.c:36:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char labelbuff[81];
data/foreign-0.8.80/src/Rdbfread.c:39:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTitle[12], buf[2];
data/foreign-0.8.80/src/Rdbfread.c:212:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(labelbuff, "%d", i+1);
data/foreign-0.8.80/src/Rdbfwrite.c:67:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTitle[12];
data/foreign-0.8.80/src/SASxport.c:87:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[4], ibuf[8];
data/foreign-0.8.80/src/SASxport.c:94:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ibuf, c, len);
data/foreign-0.8.80/src/SASxport.c:116:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char record[141];
data/foreign-0.8.80/src/SASxport.c:128:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(namestr->nname, record + 8, 8);
data/foreign-0.8.80/src/SASxport.c:129:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(namestr->nlabel, record + 16, 40);
data/foreign-0.8.80/src/SASxport.c:130:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(namestr->nform, record + 56, 8);
data/foreign-0.8.80/src/SASxport.c:134:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(namestr->nfill, record + 70, 2);
data/foreign-0.8.80/src/SASxport.c:135:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(namestr->niform, record + 72, 8);
data/foreign-0.8.80/src/SASxport.c:145:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char record[81];
data/foreign-0.8.80/src/SASxport.c:158:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(head->sas_symbol[0], record, 8);
data/foreign-0.8.80/src/SASxport.c:159:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(head->sas_symbol[1], record+8, 8);
data/foreign-0.8.80/src/SASxport.c:160:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(head->saslib, record+16, 8);
data/foreign-0.8.80/src/SASxport.c:161:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(head->sasver, record+24, 8);
data/foreign-0.8.80/src/SASxport.c:162:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(head->sas_os, record+32, 8);
data/foreign-0.8.80/src/SASxport.c:165:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(head->sas_create, record+64, 16);
data/foreign-0.8.80/src/SASxport.c:171:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(head->sas_mod, record, 16);
data/foreign-0.8.80/src/SASxport.c:183:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char record[81];
data/foreign-0.8.80/src/SASxport.c:194:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(member->sas_symbol, record, 8);
data/foreign-0.8.80/src/SASxport.c:195:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(member->sas_dsname, record+8, 8);
data/foreign-0.8.80/src/SASxport.c:196:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(member->sasdata, record+16, 8);
data/foreign-0.8.80/src/SASxport.c:197:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(member->sasver, record+24, 8);
data/foreign-0.8.80/src/SASxport.c:198:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(member->sas_osname, record+32, 8);
data/foreign-0.8.80/src/SASxport.c:201:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(member->sas_create, record+64, 16);
data/foreign-0.8.80/src/SASxport.c:206:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(member->sas_mod, record, 16);
data/foreign-0.8.80/src/SASxport.c:215:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char record[81];
data/foreign-0.8.80/src/SASxport.c:244:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char record[81];
data/foreign-0.8.80/src/SASxport.c:284:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char record[81];
data/foreign-0.8.80/src/SASxport.c:316:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmpname[41];
data/foreign-0.8.80/src/SASxport.c:498:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dsname[9];
data/foreign-0.8.80/src/SASxport.c:511:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen(R_ExpandFileName(CHAR(STRING_ELT(xportFile, 0))), "rb");
data/foreign-0.8.80/src/SASxport.c:608:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen(R_ExpandFileName(CHAR(STRING_ELT(xportFile, 0))), "rb");
data/foreign-0.8.80/src/SASxport.h:36:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char sas_symbol[2][8];	/* should be "SAS     " */
data/foreign-0.8.80/src/SASxport.h:37:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char saslib[8];		/* should be "SASLIB  " */
data/foreign-0.8.80/src/SASxport.h:38:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char sasver[8];
data/foreign-0.8.80/src/SASxport.h:39:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char sas_os[8];
data/foreign-0.8.80/src/SASxport.h:40:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char sas_create[16];
data/foreign-0.8.80/src/SASxport.h:41:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char sas_mod[16];
data/foreign-0.8.80/src/SASxport.h:45:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char sas_symbol[8];
data/foreign-0.8.80/src/SASxport.h:46:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char sas_dsname[8];
data/foreign-0.8.80/src/SASxport.h:47:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char sasdata[8];
data/foreign-0.8.80/src/SASxport.h:48:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char sasver[8];
data/foreign-0.8.80/src/SASxport.h:49:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char sas_osname[8];
data/foreign-0.8.80/src/SASxport.h:50:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char sas_create[16];
data/foreign-0.8.80/src/SASxport.h:51:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char sas_mod[16];
data/foreign-0.8.80/src/SASxport.h:59:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    nname[8];		/* NAME OF VARIABLE                    */
data/foreign-0.8.80/src/SASxport.h:60:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    nlabel[40];		/* LABEL OF VARIABLE                   */
data/foreign-0.8.80/src/SASxport.h:61:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    nform[8];		/* NAME OF FORMAT                      */
data/foreign-0.8.80/src/SASxport.h:65:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    nfill[2];           /* (UNUSED, FOR ALIGNMENT AND FUTURE)  */
data/foreign-0.8.80/src/SASxport.h:66:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    niform[8];		/* NAME OF INPUT FORMAT                */
data/foreign-0.8.80/src/SASxport.h:70:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    rest[52];           /* remaining fields are irrelevant     */
data/foreign-0.8.80/src/SASxport.h:75:33:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define char_to_short(from, to) memcpy(&to, from, 2)
data/foreign-0.8.80/src/SASxport.h:76:31:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define char_to_int(from, to) memcpy(&to, from, 4)
data/foreign-0.8.80/src/SASxport.h:77:32:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define char_to_uint(from, to) memcpy(&to, from, 4)
data/foreign-0.8.80/src/SASxport.h:81:33:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define char_to_short(from, to)	memcpy(&to, from, 2); reverse_short(to);
data/foreign-0.8.80/src/SASxport.h:82:31:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define char_to_int(from, to) memcpy(&to, from, 4); reverse_int(to);
data/foreign-0.8.80/src/SASxport.h:83:32:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define char_to_uint(from, to) memcpy(&to, from, 4); reverse_uint(to);
data/foreign-0.8.80/src/avl.c:98:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char ab[AVL_MAX_HEIGHT];		/* Stack A: bits. */
data/foreign-0.8.80/src/avl.c:577:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char a[AVL_MAX_HEIGHT];		/* Stack P: Bits. */
data/foreign-0.8.80/src/avl.h:41:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    signed char pad[2];		/* Unused.  Reserved for threaded trees. */
data/foreign-0.8.80/src/dbfopen.c:241:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char	abyHeader[XBASE_FLDHDR_SZ];
data/foreign-0.8.80/src/dbfopen.c:325:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char		abyFileHeader[32];
data/foreign-0.8.80/src/dbfopen.c:378:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    psDBF->fp = fopen( pszFilename, pszAccess );
data/foreign-0.8.80/src/dbfopen.c:555:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen( pszFullname, "wb" );
data/foreign-0.8.80/src/dbfopen.c:562:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen( pszFullname, "rb+" );
data/foreign-0.8.80/src/dbfopen.c:1005:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	szSField[400], szFormat[20];
data/foreign-0.8.80/src/dbfopen.c:1104:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( szFormat, "%%%dd", nWidth );
data/foreign-0.8.80/src/dbfopen.c:1121:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( szFormat, "%%%d.%df",
data/foreign-0.8.80/src/dbfopen.c:1364:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy ( pabyRec, pRawTuple,  psDBF->nRecordLength );
data/foreign-0.8.80/src/dbfopen.c:1414:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy ( pReturnTuple, pabyRec, psDBF->nRecordLength );
data/foreign-0.8.80/src/dbfopen.c:1434:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy ( newDBF->pszHeader, psDBF->pszHeader, 32 * psDBF->nFields );
data/foreign-0.8.80/src/dbfopen.c:1441:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy ( newDBF->panFieldOffset, psDBF->panFieldOffset, sizeof(int) * psDBF->nFields );
data/foreign-0.8.80/src/dbfopen.c:1443:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy ( newDBF->panFieldSize, psDBF->panFieldSize, sizeof(int) * psDBF->nFields );
data/foreign-0.8.80/src/dbfopen.c:1445:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy ( newDBF->panFieldDecimals, psDBF->panFieldDecimals, sizeof(int) * psDBF->nFields );
data/foreign-0.8.80/src/dbfopen.c:1447:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy ( newDBF->pachFieldType, psDBF->pachFieldType, sizeof(int) * psDBF->nFields );
data/foreign-0.8.80/src/dbfopen.c:1510:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char          name[12], name1[12], name2[12];
data/foreign-0.8.80/src/file-handle.c:108:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
fh_get_handle_by_name (const char name[9])
data/foreign-0.8.80/src/file-handle.h:96:50:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
struct file_handle *fh_get_handle_by_name (const char name[9]);
data/foreign-0.8.80/src/format.c:87:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char buf[32];
data/foreign-0.8.80/src/format.h:44:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[9];		/* `DATETIME' is the longest name. */
data/foreign-0.8.80/src/minitab.c:44:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char   name[9];
data/foreign-0.8.80/src/minitab.c:109:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[MTP_BUF_SIZE], blank[1], *pres;
data/foreign-0.8.80/src/minitab.c:115:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((f = fopen(R_ExpandFileName(CHAR(fname)), "rt")) == NULL)
data/foreign-0.8.80/src/minitab.c:117:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((f = fopen(R_ExpandFileName(CHAR(fname)), "r")) == NULL)
data/foreign-0.8.80/src/pfm-read.c:88:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[83];	/* Input buffer. */
data/foreign-0.8.80/src/pfm-read.c:239:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  ext->file = fopen (R_ExpandFileName(h->norm_fn), "rb");
data/foreign-0.8.80/src/pfm-read.c:487:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char src[256];
data/foreign-0.8.80/src/pfm-read.c:518:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char sig[8] = {92, 89, 92, 92, 89, 88, 91, 93};
data/foreign-0.8.80/src/pfm-read.c:664:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char spss2ascii[256] =
data/foreign-0.8.80/src/pfm-read.c:1006:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (dest, src, n);
data/foreign-0.8.80/src/pfm-read.c:1009:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (dest, src, len);
data/foreign-0.8.80/src/pfm-read.c:1065:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy (perm[v->fv].c, &temp[v->get.fv], v->width);
data/foreign-0.8.80/src/pfm.h:40:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char creation_date[11];	/* `dd mm yyyy' plus a null. */
data/foreign-0.8.80/src/pfm.h:41:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char creation_time[9];	/* `hh:mm:ss' plus a null. */
data/foreign-0.8.80/src/pfm.h:42:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char product[61];		/* Product name plus a null. */
data/foreign-0.8.80/src/pfm.h:43:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char subproduct[61];	/* Subproduct name plus a null. */
data/foreign-0.8.80/src/sfm-read.c:79:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char c[8];
data/foreign-0.8.80/src/sfm-read.c:84:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char c[8];
data/foreign-0.8.80/src/sfm-read.c:125:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char x[sizeof (R_flt64)];
data/foreign-0.8.80/src/sfm-read.c:308:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  ext->file = fopen (R_ExpandFileName(h->norm_fn), "rb");
data/foreign-0.8.80/src/sfm-read.c:706:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char prod_name[sizeof hdr.prod_name + 1];	/* Buffer for product name. */
data/foreign-0.8.80/src/sfm-read.c:747:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (prod_name, hdr.prod_name, sizeof hdr.prod_name);
data/foreign-0.8.80/src/sfm-read.c:761:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const char *prefix[N_PREFIXES] =
data/foreign-0.8.80/src/sfm-read.c:831:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  memcpy (dict->label, hdr.file_label, i + 1);
data/foreign-0.8.80/src/sfm-read.c:841:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (inf->creation_date, hdr.creation_date, 9);
data/foreign-0.8.80/src/sfm-read.c:844:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (inf->creation_time, hdr.creation_time, 8);
data/foreign-0.8.80/src/sfm-read.c:1066:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		  memcpy (vv->missing[j].s, &mv[j], vv->width);
data/foreign-0.8.80/src/sfm-read.c:1221:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (&raw_label[i], &value, sizeof value);
data/foreign-0.8.80/src/sfm-read.c:1302:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  memcpy (cooked_label[i]->v.s, (char *) &raw_label[i], copy_len);
data/foreign-0.8.80/src/sfm-read.c:1429:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char print[32];
data/foreign-0.8.80/src/sfm-read.c:1565:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy (temp++, ext->ptr++, sizeof *temp);
data/foreign-0.8.80/src/sfm-read.c:1606:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (ext->x, ext->ptr++, sizeof *temp);
data/foreign-0.8.80/src/sfm-read.c:1680:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy (perm[v->fv].c, &temp[v->get.fv], v->width);
data/foreign-0.8.80/src/sfm.h:37:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char creation_date[10];	/* `dd mmm yy' plus a null. */
data/foreign-0.8.80/src/sfm.h:38:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char creation_time[9];	/* `hh:mm:ss' plus a null. */
data/foreign-0.8.80/src/sfm.h:42:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char product[61];		/* Product name plus a null. */
data/foreign-0.8.80/src/sfmP.h:24:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char rec_type[4];		/* Record-type code, "$FL2". */
data/foreign-0.8.80/src/sfmP.h:25:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char prod_name[60];		/* Product identification. */
data/foreign-0.8.80/src/sfmP.h:32:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char creation_date[9];	/* `dd mmm yy' creation date of file. */
data/foreign-0.8.80/src/sfmP.h:33:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char creation_time[8];	/* `hh:mm:ss' 24-hour creation time. */
data/foreign-0.8.80/src/sfmP.h:34:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char file_label[64];	/* File label. */
data/foreign-0.8.80/src/sfmP.h:35:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char padding[3];		/* Ignored padding. */
data/foreign-0.8.80/src/sfmP.h:49:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[8];		/* Variable name. */
data/foreign-0.8.80/src/spss.c:227:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char tmp[MAX_SHORT_STRING+1];
data/foreign-0.8.80/src/spss.c:251:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(tmp,flattened_labels[j]->v.s, MAX_SHORT_STRING);
data/foreign-0.8.80/src/spss.c:421:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			       mkChar((char *)case_vals[v->fv].c));
data/foreign-0.8.80/src/spss.c:536:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			       mkChar((char *)case_vals[v->fv].c));
data/foreign-0.8.80/src/spss.c:619:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char src[256];
data/foreign-0.8.80/src/spss.c:643:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char sig[9] = {92, 89, 92, 92, 89, 88, 91, 93, '\0'};
data/foreign-0.8.80/src/spss.c:644:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buf[9];
data/foreign-0.8.80/src/spss.c:665:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *fp = fopen(R_ExpandFileName(filename), "rb");
data/foreign-0.8.80/src/spss.c:666:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[5];
data/foreign-0.8.80/src/stataread.c:188:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char datalabel[81], timestamp[50], aname[33];
data/foreign-0.8.80/src/stataread.c:189:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char stringbuffer[245], *txt;
data/foreign-0.8.80/src/stataread.c:550:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(datalabel, "%d", i+1);
data/foreign-0.8.80/src/stataread.c:584:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen(R_ExpandFileName(CHAR(STRING_ELT(fname,0))), "rb");
data/foreign-0.8.80/src/stataread.c:681:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char labelName2[namelength + 1];
data/foreign-0.8.80/src/stataread.c:728:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char datalabel[81] = "Written by R.              ",
data/foreign-0.8.80/src/stataread.c:730:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char format9g[50] = "%9.0g", strformat[50] = "";
data/foreign-0.8.80/src/stataread.c:865:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(strformat, "%%%ds", INTEGER(types)[i]);
data/foreign-0.8.80/src/stataread.c:924:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char tmp[namelength];
data/foreign-0.8.80/src/stataread.c:1044:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen(R_ExpandFileName(CHAR(STRING_ELT(fname, 0))), "wb");
data/foreign-0.8.80/src/var.h:58:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char s[MAX_SHORT_STRING];
data/foreign-0.8.80/src/var.h:197:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char zname[10];		/* Name for z-score variable. */
data/foreign-0.8.80/src/var.h:232:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char new_name[VAR_NAME_LEN +1];		/* Variable's new name. */
data/foreign-0.8.80/src/var.h:306:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[VAR_NAME_LEN +1];	/* As a string. */
data/foreign-0.8.80/src/var.h:377:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char weight_var[VAR_NAME_LEN];/* Name of WEIGHT variable. */
data/foreign-0.8.80/src/var.h:379:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filter_var[VAR_NAME_LEN];/* Name of FILTER variable. */
data/foreign-0.8.80/src/R_systat.c:528:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = (int)strlen(tmp);
data/foreign-0.8.80/src/Rdbfwrite.c:74:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(szTitle, CHAR(STRING_ELT(names,i)), 11);
data/foreign-0.8.80/src/SASxport.c:269:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(name, mem_head->sas_dsname, n);
data/foreign-0.8.80/src/SASxport.c:327:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(tmpname, nam_head[i].nname, nname_len);
data/foreign-0.8.80/src/SASxport.c:335:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(tmpname, nam_head[i].nlabel, nlabel_len);
data/foreign-0.8.80/src/SASxport.c:343:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(tmpname, nam_head[i].nform, nform_len);
data/foreign-0.8.80/src/SASxport.c:397:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(record, tmp, 80);
data/foreign-0.8.80/src/dbfopen.c:538:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pszBasename = (char *) malloc(strlen(pszFilename)+5);
data/foreign-0.8.80/src/dbfopen.c:540:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for( i = strlen(pszBasename)-1;
data/foreign-0.8.80/src/dbfopen.c:548:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pszFullname = (char *) malloc(strlen(pszBasename) + 5);
data/foreign-0.8.80/src/dbfopen.c:672:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( (int) strlen(pszFieldName) < 10 )
data/foreign-0.8.80/src/dbfopen.c:675:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy( pszFInfo, pszFieldName, 10);
data/foreign-0.8.80/src/dbfopen.c:765:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy( pszStringField,
data/foreign-0.8.80/src/dbfopen.c:907:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return strlen(pszValue) == 0 || strncmp(pszValue,"00000000",8) == 0;
data/foreign-0.8.80/src/dbfopen.c:915:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return strlen(pszValue) == 0;
data/foreign-0.8.80/src/dbfopen.c:969:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy( pszFieldName, (char *) psDBF->pszHeader+iField*32, 11 );
data/foreign-0.8.80/src/dbfopen.c:1106:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if( (int)strlen(szSField) > psDBF->panFieldSize[iField] )
data/foreign-0.8.80/src/dbfopen.c:1124:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if( (int) strlen(szSField) > psDBF->panFieldSize[iField] )
data/foreign-0.8.80/src/dbfopen.c:1140:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if( (int) strlen((char *) pValue) > psDBF->panFieldSize[iField] )
data/foreign-0.8.80/src/dbfopen.c:1149:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    j = (int) strlen((char *) pValue);
data/foreign-0.8.80/src/dbfopen.c:1152:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy((char *) (pabyRec+psDBF->panFieldOffset[iField]),
data/foreign-0.8.80/src/dbfopen.c:1220:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( (int)strlen((char *) pValue) > psDBF->panFieldSize[iField] )
data/foreign-0.8.80/src/dbfopen.c:1226:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	j = (int) strlen((char *) pValue);
data/foreign-0.8.80/src/dbfopen.c:1229:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy((char *) (pabyRec+psDBF->panFieldOffset[iField]),
data/foreign-0.8.80/src/dbfopen.c:1491:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen (string);
data/foreign-0.8.80/src/dbfopen.c:1513:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(name1, pszFieldName,11);
data/foreign-0.8.80/src/dbfopen.c:1520:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(name2, name, 12); // this copied the terminator, but be sure
data/foreign-0.8.80/src/file-handle.c:77:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen (filename);
data/foreign-0.8.80/src/file-handle.c:140:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      size_t len = strlen (h->fn);
data/foreign-0.8.80/src/minitab.c:55:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (i = (int) strlen(str) - 1; i >= 0 && isspace((int)str[i]); i--)
data/foreign-0.8.80/src/pfm-read.c:144:9:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    c = getc (ext->file);
data/foreign-0.8.80/src/pfm-read.c:148:9:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    c = getc (ext->file);
data/foreign-0.8.80/src/pfm-read.c:551:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen (date) != 8)
data/foreign-0.8.80/src/pfm-read.c:552:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      lose ((_("Bad date string length %d"), strlen (date)));
data/foreign-0.8.80/src/pfm-read.c:578:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen (time) != 6)
data/foreign-0.8.80/src/pfm-read.c:579:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      lose ((_("Bad time string length %d"), strlen (time)));
data/foreign-0.8.80/src/pfm-read.c:606:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy (inf->product, product, 60);
data/foreign-0.8.80/src/pfm-read.c:622:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy (inf->subproduct, subproduct, 60);
data/foreign-0.8.80/src/pfm-read.c:753:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strlen ((char *) name) > 8)
data/foreign-0.8.80/src/pfm-read.c:755:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	       i, strlen ((char *) name)));
data/foreign-0.8.80/src/pfm-read.c:768:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      for (j = 1; j < (int) strlen ((char *) name); j++)
data/foreign-0.8.80/src/pfm-read.c:1004:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t len = strlen (src);
data/foreign-0.8.80/src/sfm-read.c:681:11:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
          strncpy(lp[0]->name, val, 64);
data/foreign-0.8.80/src/sfm-read.c:770:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (!strncmp (prefix[i], hdr.prod_name, strlen (prefix[i])))
data/foreign-0.8.80/src/sfm-read.c:772:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    skip_amt = (int) strlen (prefix[i]);
data/foreign-0.8.80/src/spss.c:42:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = (int) strlen(s);
data/foreign-0.8.80/src/spss.c:590:10:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	int c = fgetc(stream);
data/foreign-0.8.80/src/spss.c:592:10:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	    c = fgetc(stream);
data/foreign-0.8.80/src/spss.c:599:6:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	    fgetc(stream);
data/foreign-0.8.80/src/stataread.c:678:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	txtlen += strlen(CHAR(STRING_ELT(theselabels, i))) + 1;
data/foreign-0.8.80/src/stataread.c:682:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(labelName2, labelName, namelength + 1); // nameMangleOut changes its arg.
data/foreign-0.8.80/src/stataread.c:683:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    OutStringBinary(nameMangleOut(labelName2, (int)strlen(labelName)),
data/foreign-0.8.80/src/stataread.c:693:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len += strlen(CHAR(STRING_ELT(theselabels,i))) + 1;
data/foreign-0.8.80/src/stataread.c:712:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(CHAR(STRING_ELT(theselabels, i)));
data/foreign-0.8.80/src/stataread.c:764:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(datalabel, CHAR(STRING_ELT(dlabel, 0)), 80);
data/foreign-0.8.80/src/stataread.c:800:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    k = (int) strlen(CHAR(STRING_ELT(VECTOR_ELT(df, i), j)));
data/foreign-0.8.80/src/stataread.c:830:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    k = (int) strlen(CHAR(STRING_ELT(VECTOR_ELT(df, i),j)));
data/foreign-0.8.80/src/stataread.c:849:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(aname, CHAR(STRING_ELT(names, i)), namelength);
data/foreign-0.8.80/src/stataread.c:884:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	    	strncpy(aname, CHAR(STRING_ELT(curr_val_labels, i)), namelength);
data/foreign-0.8.80/src/stataread.c:886:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(aname, CHAR(STRING_ELT(names, i)), namelength);
data/foreign-0.8.80/src/stataread.c:900:6:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	    strncpy(datalabel,CHAR(STRING_ELT(vlabels,i)),80);
data/foreign-0.8.80/src/stataread.c:908:6:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	    strncpy(datalabel,CHAR(STRING_ELT(orig_names,i)),80);
data/foreign-0.8.80/src/stataread.c:930:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(tmp, CHAR(STRING_ELT(exp_field, 0)), namelength);
data/foreign-0.8.80/src/stataread.c:934:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(tmp, CHAR(STRING_ELT(exp_field, 1)), namelength);
data/foreign-0.8.80/src/stataread.c:991:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	    	strncpy(aname, CHAR(STRING_ELT(curr_val_labels, i)), namelength);
data/foreign-0.8.80/src/stataread.c:993:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(aname, CHAR(STRING_ELT(names, i)), namelength);

ANALYSIS SUMMARY:

Hits = 267
Lines analyzed = 11373 in approximately 1.24 seconds (9196 lines/second)
Physical Source Lines of Code (SLOC) = 7543
Hits@level = [0]  53 [1]  66 [2] 177 [3]   0 [4]  24 [5]   0
Hits@level+ = [0+] 320 [1+] 267 [2+] 201 [3+]  24 [4+]  24 [5+]   0
Hits/KSLOC@level+ = [0+] 42.4234 [1+] 35.3971 [2+] 26.6472 [3+] 3.18176 [4+] 3.18176 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.