Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/foreign-0.8.80/src/pspp-format-def.h Examining data/foreign-0.8.80/src/SASxport.h Examining data/foreign-0.8.80/src/Rdbfread.c Examining data/foreign-0.8.80/src/spss.c Examining data/foreign-0.8.80/src/file-handle.h Examining data/foreign-0.8.80/src/avl.h Examining data/foreign-0.8.80/src/R_systat.c Examining data/foreign-0.8.80/src/pfm.h Examining data/foreign-0.8.80/src/sfmP.h Examining data/foreign-0.8.80/src/init.c Examining data/foreign-0.8.80/src/swap_bytes.h Examining data/foreign-0.8.80/src/sfm-read.c Examining data/foreign-0.8.80/src/Rdbfwrite.c Examining data/foreign-0.8.80/src/minitab.c Examining data/foreign-0.8.80/src/format.c Examining data/foreign-0.8.80/src/var.h Examining data/foreign-0.8.80/src/SASxport.c Examining data/foreign-0.8.80/src/dbfopen.c Examining data/foreign-0.8.80/src/file-handle.c Examining data/foreign-0.8.80/src/stataread.c Examining data/foreign-0.8.80/src/sfm.h Examining data/foreign-0.8.80/src/pfm-read.c Examining data/foreign-0.8.80/src/format.h Examining data/foreign-0.8.80/src/avl.c Examining data/foreign-0.8.80/src/foreign.h Examining data/foreign-0.8.80/src/shapefil.h FINAL RESULTS: data/foreign-0.8.80/src/R_systat.c:131:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(msg, _("not a rectangular data file (%s mtype is %d)"), data/foreign-0.8.80/src/R_systat.c:238:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(u->h.fname, fname); data/foreign-0.8.80/src/R_systat.c:516:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(mes, _("$ not in variable label column 9: %s"), label); data/foreign-0.8.80/src/R_systat.c:531:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(u->h.lab[j], tmp); data/foreign-0.8.80/src/R_systat.c:693:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(svalue, tmp_str); /* store in svalue */ data/foreign-0.8.80/src/R_systat.c:702:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(svalue, tmp_str); /* concatenate strings */ data/foreign-0.8.80/src/dbfopen.c:539:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( pszBasename, pszFilename ); data/foreign-0.8.80/src/dbfopen.c:549:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( pszFullname, "%s.dbf", pszBasename ); data/foreign-0.8.80/src/dbfopen.c:673:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( pszFInfo, pszFieldName); data/foreign-0.8.80/src/dbfopen.c:1105:6: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(szSField, szFormat, (int) *((double *) pValue) ); data/foreign-0.8.80/src/dbfopen.c:1112:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char *) (pabyRec+psDBF->panFieldOffset[iField]), szSField); data/foreign-0.8.80/src/dbfopen.c:1123:6: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(szSField, szFormat, *((double *) pValue) ); data/foreign-0.8.80/src/dbfopen.c:1129:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char *) (pabyRec+psDBF->panFieldOffset[iField]), szSField); data/foreign-0.8.80/src/file-handle.c:79:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fn, filename); data/foreign-0.8.80/src/file-handle.c:85:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (&name[1], fn); data/foreign-0.8.80/src/file-handle.c:143:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (&buf[1], h->fn); data/foreign-0.8.80/src/format.c:90:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (buf, "%s%d.%d", formats[f->type].name, f->w, f->d); data/foreign-0.8.80/src/format.c:92:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (buf, "%s%d", formats[f->type].name, f->w); data/foreign-0.8.80/src/pfm-read.c:717:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ext->dict->weight_var, name); data/foreign-0.8.80/src/sfm-read.c:348:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ext->dict->weight_var, wv->name); data/foreign-0.8.80/src/sfm-read.c:859:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (inf->product, cp); data/foreign-0.8.80/src/sfm-read.c:1492:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (print, fmt_to_string (&v->print)); data/foreign-0.8.80/src/spss.c:44:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(c, s); data/foreign-0.8.80/src/spss.c:94:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (v->name, name); data/foreign-0.8.80/src/R_systat.c:36:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *history[MAXLINES]; data/foreign-0.8.80/src/R_systat.c:37:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fmt[4]; data/foreign-0.8.80/src/R_systat.c:52:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *lab[MAXVARS]; /* array of pointers to variable names */ data/foreign-0.8.80/src/R_systat.c:54:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[ERRMES]; /* opened file name */ data/foreign-0.8.80/src/R_systat.c:123:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[LABELSIZ+1], msg[256]; data/foreign-0.8.80/src/R_systat.c:231:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[ERRMES]; data/foreign-0.8.80/src/R_systat.c:235:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((u->h.fd = fopen(fname, "rb")) == NULL) data/foreign-0.8.80/src/R_systat.c:319:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, _("getuse: byte counter %o octal"), k); data/foreign-0.8.80/src/R_systat.c:334:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "Getuse: failure reading byte %d", end); data/foreign-0.8.80/src/R_systat.c:346:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "Getuse: last byte = %o octal", k); data/foreign-0.8.80/src/R_systat.c:408:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mes[ERRMES], tmp1[ERRMES]; data/foreign-0.8.80/src/R_systat.c:409:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label[LABELSIZ+1], tmp[LABELSIZ+1]; data/foreign-0.8.80/src/R_systat.c:410:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char var[30]; data/foreign-0.8.80/src/R_systat.c:413:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mes, _("getlab: File format unknown")); data/foreign-0.8.80/src/R_systat.c:421:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp1, _("getlab: byte 0 = %o octal"), o); data/foreign-0.8.80/src/R_systat.c:425:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp1, _("getlab: byte 1 = %o octal"), o); data/foreign-0.8.80/src/R_systat.c:437:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp1, _("getlab: byte 9 = %o octal"), o); data/foreign-0.8.80/src/R_systat.c:448:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp1, _("getlab: comment begin byte = %o"), o); data/foreign-0.8.80/src/R_systat.c:454:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp1, _("getlab: comment = %c"), o); data/foreign-0.8.80/src/R_systat.c:459:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp1, _("getlab: comment end byte = %o"), o); data/foreign-0.8.80/src/R_systat.c:477:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp1, _("getlab: byte nv0 = %o octal"), o); data/foreign-0.8.80/src/R_systat.c:488:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp1, _("getlab: byte nv$ = %o octal"), o); data/foreign-0.8.80/src/R_systat.c:503:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp1, _("getlab: byte lab[%d]0 = %o, nv=%d"), data/foreign-0.8.80/src/R_systat.c:529:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(var, "u->h.lab[%d]", j); data/foreign-0.8.80/src/R_systat.c:536:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp1, _("getlab: byte lab[%d]$ = %o octal"), j, o); data/foreign-0.8.80/src/R_systat.c:680:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_str[9]; data/foreign-0.8.80/src/Rdbfread.c:36:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char labelbuff[81]; data/foreign-0.8.80/src/Rdbfread.c:39:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szTitle[12], buf[2]; data/foreign-0.8.80/src/Rdbfread.c:212:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(labelbuff, "%d", i+1); data/foreign-0.8.80/src/Rdbfwrite.c:67:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szTitle[12]; data/foreign-0.8.80/src/SASxport.c:87:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4], ibuf[8]; data/foreign-0.8.80/src/SASxport.c:94:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ibuf, c, len); data/foreign-0.8.80/src/SASxport.c:116:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char record[141]; data/foreign-0.8.80/src/SASxport.c:128:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(namestr->nname, record + 8, 8); data/foreign-0.8.80/src/SASxport.c:129:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(namestr->nlabel, record + 16, 40); data/foreign-0.8.80/src/SASxport.c:130:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(namestr->nform, record + 56, 8); data/foreign-0.8.80/src/SASxport.c:134:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(namestr->nfill, record + 70, 2); data/foreign-0.8.80/src/SASxport.c:135:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(namestr->niform, record + 72, 8); data/foreign-0.8.80/src/SASxport.c:145:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char record[81]; data/foreign-0.8.80/src/SASxport.c:158:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(head->sas_symbol[0], record, 8); data/foreign-0.8.80/src/SASxport.c:159:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(head->sas_symbol[1], record+8, 8); data/foreign-0.8.80/src/SASxport.c:160:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(head->saslib, record+16, 8); data/foreign-0.8.80/src/SASxport.c:161:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(head->sasver, record+24, 8); data/foreign-0.8.80/src/SASxport.c:162:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(head->sas_os, record+32, 8); data/foreign-0.8.80/src/SASxport.c:165:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(head->sas_create, record+64, 16); data/foreign-0.8.80/src/SASxport.c:171:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(head->sas_mod, record, 16); data/foreign-0.8.80/src/SASxport.c:183:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char record[81]; data/foreign-0.8.80/src/SASxport.c:194:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(member->sas_symbol, record, 8); data/foreign-0.8.80/src/SASxport.c:195:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(member->sas_dsname, record+8, 8); data/foreign-0.8.80/src/SASxport.c:196:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(member->sasdata, record+16, 8); data/foreign-0.8.80/src/SASxport.c:197:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(member->sasver, record+24, 8); data/foreign-0.8.80/src/SASxport.c:198:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(member->sas_osname, record+32, 8); data/foreign-0.8.80/src/SASxport.c:201:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(member->sas_create, record+64, 16); data/foreign-0.8.80/src/SASxport.c:206:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(member->sas_mod, record, 16); data/foreign-0.8.80/src/SASxport.c:215:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char record[81]; data/foreign-0.8.80/src/SASxport.c:244:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char record[81]; data/foreign-0.8.80/src/SASxport.c:284:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char record[81]; data/foreign-0.8.80/src/SASxport.c:316:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpname[41]; data/foreign-0.8.80/src/SASxport.c:498:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dsname[9]; data/foreign-0.8.80/src/SASxport.c:511:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(R_ExpandFileName(CHAR(STRING_ELT(xportFile, 0))), "rb"); data/foreign-0.8.80/src/SASxport.c:608:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(R_ExpandFileName(CHAR(STRING_ELT(xportFile, 0))), "rb"); data/foreign-0.8.80/src/SASxport.h:36:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sas_symbol[2][8]; /* should be "SAS " */ data/foreign-0.8.80/src/SASxport.h:37:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char saslib[8]; /* should be "SASLIB " */ data/foreign-0.8.80/src/SASxport.h:38:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sasver[8]; data/foreign-0.8.80/src/SASxport.h:39:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sas_os[8]; data/foreign-0.8.80/src/SASxport.h:40:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sas_create[16]; data/foreign-0.8.80/src/SASxport.h:41:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sas_mod[16]; data/foreign-0.8.80/src/SASxport.h:45:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sas_symbol[8]; data/foreign-0.8.80/src/SASxport.h:46:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sas_dsname[8]; data/foreign-0.8.80/src/SASxport.h:47:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sasdata[8]; data/foreign-0.8.80/src/SASxport.h:48:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sasver[8]; data/foreign-0.8.80/src/SASxport.h:49:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sas_osname[8]; data/foreign-0.8.80/src/SASxport.h:50:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sas_create[16]; data/foreign-0.8.80/src/SASxport.h:51:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sas_mod[16]; data/foreign-0.8.80/src/SASxport.h:59:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nname[8]; /* NAME OF VARIABLE */ data/foreign-0.8.80/src/SASxport.h:60:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nlabel[40]; /* LABEL OF VARIABLE */ data/foreign-0.8.80/src/SASxport.h:61:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nform[8]; /* NAME OF FORMAT */ data/foreign-0.8.80/src/SASxport.h:65:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nfill[2]; /* (UNUSED, FOR ALIGNMENT AND FUTURE) */ data/foreign-0.8.80/src/SASxport.h:66:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char niform[8]; /* NAME OF INPUT FORMAT */ data/foreign-0.8.80/src/SASxport.h:70:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rest[52]; /* remaining fields are irrelevant */ data/foreign-0.8.80/src/SASxport.h:75:33: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define char_to_short(from, to) memcpy(&to, from, 2) data/foreign-0.8.80/src/SASxport.h:76:31: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define char_to_int(from, to) memcpy(&to, from, 4) data/foreign-0.8.80/src/SASxport.h:77:32: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define char_to_uint(from, to) memcpy(&to, from, 4) data/foreign-0.8.80/src/SASxport.h:81:33: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define char_to_short(from, to) memcpy(&to, from, 2); reverse_short(to); data/foreign-0.8.80/src/SASxport.h:82:31: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define char_to_int(from, to) memcpy(&to, from, 4); reverse_int(to); data/foreign-0.8.80/src/SASxport.h:83:32: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define char_to_uint(from, to) memcpy(&to, from, 4); reverse_uint(to); data/foreign-0.8.80/src/avl.c:98:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ab[AVL_MAX_HEIGHT]; /* Stack A: bits. */ data/foreign-0.8.80/src/avl.c:577:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char a[AVL_MAX_HEIGHT]; /* Stack P: Bits. */ data/foreign-0.8.80/src/avl.h:41:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. signed char pad[2]; /* Unused. Reserved for threaded trees. */ data/foreign-0.8.80/src/dbfopen.c:241:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char abyHeader[XBASE_FLDHDR_SZ]; data/foreign-0.8.80/src/dbfopen.c:325:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char abyFileHeader[32]; data/foreign-0.8.80/src/dbfopen.c:378:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). psDBF->fp = fopen( pszFilename, pszAccess ); data/foreign-0.8.80/src/dbfopen.c:555:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen( pszFullname, "wb" ); data/foreign-0.8.80/src/dbfopen.c:562:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen( pszFullname, "rb+" ); data/foreign-0.8.80/src/dbfopen.c:1005:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szSField[400], szFormat[20]; data/foreign-0.8.80/src/dbfopen.c:1104:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( szFormat, "%%%dd", nWidth ); data/foreign-0.8.80/src/dbfopen.c:1121:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( szFormat, "%%%d.%df", data/foreign-0.8.80/src/dbfopen.c:1364:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pabyRec, pRawTuple, psDBF->nRecordLength ); data/foreign-0.8.80/src/dbfopen.c:1414:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( pReturnTuple, pabyRec, psDBF->nRecordLength ); data/foreign-0.8.80/src/dbfopen.c:1434:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( newDBF->pszHeader, psDBF->pszHeader, 32 * psDBF->nFields ); data/foreign-0.8.80/src/dbfopen.c:1441:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( newDBF->panFieldOffset, psDBF->panFieldOffset, sizeof(int) * psDBF->nFields ); data/foreign-0.8.80/src/dbfopen.c:1443:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( newDBF->panFieldSize, psDBF->panFieldSize, sizeof(int) * psDBF->nFields ); data/foreign-0.8.80/src/dbfopen.c:1445:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( newDBF->panFieldDecimals, psDBF->panFieldDecimals, sizeof(int) * psDBF->nFields ); data/foreign-0.8.80/src/dbfopen.c:1447:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ( newDBF->pachFieldType, psDBF->pachFieldType, sizeof(int) * psDBF->nFields ); data/foreign-0.8.80/src/dbfopen.c:1510:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[12], name1[12], name2[12]; data/foreign-0.8.80/src/file-handle.c:108:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. fh_get_handle_by_name (const char name[9]) data/foreign-0.8.80/src/file-handle.h:96:50: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. struct file_handle *fh_get_handle_by_name (const char name[9]); data/foreign-0.8.80/src/format.c:87:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[32]; data/foreign-0.8.80/src/format.h:44:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[9]; /* `DATETIME' is the longest name. */ data/foreign-0.8.80/src/minitab.c:44:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[9]; data/foreign-0.8.80/src/minitab.c:109:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MTP_BUF_SIZE], blank[1], *pres; data/foreign-0.8.80/src/minitab.c:115:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((f = fopen(R_ExpandFileName(CHAR(fname)), "rt")) == NULL) data/foreign-0.8.80/src/minitab.c:117:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((f = fopen(R_ExpandFileName(CHAR(fname)), "r")) == NULL) data/foreign-0.8.80/src/pfm-read.c:88:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[83]; /* Input buffer. */ data/foreign-0.8.80/src/pfm-read.c:239:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ext->file = fopen (R_ExpandFileName(h->norm_fn), "rb"); data/foreign-0.8.80/src/pfm-read.c:487:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char src[256]; data/foreign-0.8.80/src/pfm-read.c:518:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char sig[8] = {92, 89, 92, 92, 89, 88, 91, 93}; data/foreign-0.8.80/src/pfm-read.c:664:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char spss2ascii[256] = data/foreign-0.8.80/src/pfm-read.c:1006:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (dest, src, n); data/foreign-0.8.80/src/pfm-read.c:1009:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (dest, src, len); data/foreign-0.8.80/src/pfm-read.c:1065:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (perm[v->fv].c, &temp[v->get.fv], v->width); data/foreign-0.8.80/src/pfm.h:40:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char creation_date[11]; /* `dd mm yyyy' plus a null. */ data/foreign-0.8.80/src/pfm.h:41:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char creation_time[9]; /* `hh:mm:ss' plus a null. */ data/foreign-0.8.80/src/pfm.h:42:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char product[61]; /* Product name plus a null. */ data/foreign-0.8.80/src/pfm.h:43:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char subproduct[61]; /* Subproduct name plus a null. */ data/foreign-0.8.80/src/sfm-read.c:79:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char c[8]; data/foreign-0.8.80/src/sfm-read.c:84:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char c[8]; data/foreign-0.8.80/src/sfm-read.c:125:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char x[sizeof (R_flt64)]; data/foreign-0.8.80/src/sfm-read.c:308:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ext->file = fopen (R_ExpandFileName(h->norm_fn), "rb"); data/foreign-0.8.80/src/sfm-read.c:706:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prod_name[sizeof hdr.prod_name + 1]; /* Buffer for product name. */ data/foreign-0.8.80/src/sfm-read.c:747:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (prod_name, hdr.prod_name, sizeof hdr.prod_name); data/foreign-0.8.80/src/sfm-read.c:761:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *prefix[N_PREFIXES] = data/foreign-0.8.80/src/sfm-read.c:831:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (dict->label, hdr.file_label, i + 1); data/foreign-0.8.80/src/sfm-read.c:841:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (inf->creation_date, hdr.creation_date, 9); data/foreign-0.8.80/src/sfm-read.c:844:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (inf->creation_time, hdr.creation_time, 8); data/foreign-0.8.80/src/sfm-read.c:1066:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (vv->missing[j].s, &mv[j], vv->width); data/foreign-0.8.80/src/sfm-read.c:1221:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&raw_label[i], &value, sizeof value); data/foreign-0.8.80/src/sfm-read.c:1302:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (cooked_label[i]->v.s, (char *) &raw_label[i], copy_len); data/foreign-0.8.80/src/sfm-read.c:1429:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char print[32]; data/foreign-0.8.80/src/sfm-read.c:1565:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (temp++, ext->ptr++, sizeof *temp); data/foreign-0.8.80/src/sfm-read.c:1606:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ext->x, ext->ptr++, sizeof *temp); data/foreign-0.8.80/src/sfm-read.c:1680:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (perm[v->fv].c, &temp[v->get.fv], v->width); data/foreign-0.8.80/src/sfm.h:37:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char creation_date[10]; /* `dd mmm yy' plus a null. */ data/foreign-0.8.80/src/sfm.h:38:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char creation_time[9]; /* `hh:mm:ss' plus a null. */ data/foreign-0.8.80/src/sfm.h:42:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char product[61]; /* Product name plus a null. */ data/foreign-0.8.80/src/sfmP.h:24:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rec_type[4]; /* Record-type code, "$FL2". */ data/foreign-0.8.80/src/sfmP.h:25:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prod_name[60]; /* Product identification. */ data/foreign-0.8.80/src/sfmP.h:32:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char creation_date[9]; /* `dd mmm yy' creation date of file. */ data/foreign-0.8.80/src/sfmP.h:33:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char creation_time[8]; /* `hh:mm:ss' 24-hour creation time. */ data/foreign-0.8.80/src/sfmP.h:34:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_label[64]; /* File label. */ data/foreign-0.8.80/src/sfmP.h:35:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char padding[3]; /* Ignored padding. */ data/foreign-0.8.80/src/sfmP.h:49:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[8]; /* Variable name. */ data/foreign-0.8.80/src/spss.c:227:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tmp[MAX_SHORT_STRING+1]; data/foreign-0.8.80/src/spss.c:251:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp,flattened_labels[j]->v.s, MAX_SHORT_STRING); data/foreign-0.8.80/src/spss.c:421:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. mkChar((char *)case_vals[v->fv].c)); data/foreign-0.8.80/src/spss.c:536:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. mkChar((char *)case_vals[v->fv].c)); data/foreign-0.8.80/src/spss.c:619:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char src[256]; data/foreign-0.8.80/src/spss.c:643:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char sig[9] = {92, 89, 92, 92, 89, 88, 91, 93, '\0'}; data/foreign-0.8.80/src/spss.c:644:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[9]; data/foreign-0.8.80/src/spss.c:665:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(R_ExpandFileName(filename), "rb"); data/foreign-0.8.80/src/spss.c:666:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[5]; data/foreign-0.8.80/src/stataread.c:188:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char datalabel[81], timestamp[50], aname[33]; data/foreign-0.8.80/src/stataread.c:189:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stringbuffer[245], *txt; data/foreign-0.8.80/src/stataread.c:550:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(datalabel, "%d", i+1); data/foreign-0.8.80/src/stataread.c:584:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(R_ExpandFileName(CHAR(STRING_ELT(fname,0))), "rb"); data/foreign-0.8.80/src/stataread.c:681:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char labelName2[namelength + 1]; data/foreign-0.8.80/src/stataread.c:728:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char datalabel[81] = "Written by R. ", data/foreign-0.8.80/src/stataread.c:730:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char format9g[50] = "%9.0g", strformat[50] = ""; data/foreign-0.8.80/src/stataread.c:865:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(strformat, "%%%ds", INTEGER(types)[i]); data/foreign-0.8.80/src/stataread.c:924:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[namelength]; data/foreign-0.8.80/src/stataread.c:1044:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(R_ExpandFileName(CHAR(STRING_ELT(fname, 0))), "wb"); data/foreign-0.8.80/src/var.h:58:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char s[MAX_SHORT_STRING]; data/foreign-0.8.80/src/var.h:197:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char zname[10]; /* Name for z-score variable. */ data/foreign-0.8.80/src/var.h:232:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char new_name[VAR_NAME_LEN +1]; /* Variable's new name. */ data/foreign-0.8.80/src/var.h:306:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[VAR_NAME_LEN +1]; /* As a string. */ data/foreign-0.8.80/src/var.h:377:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char weight_var[VAR_NAME_LEN];/* Name of WEIGHT variable. */ data/foreign-0.8.80/src/var.h:379:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filter_var[VAR_NAME_LEN];/* Name of FILTER variable. */ data/foreign-0.8.80/src/R_systat.c:528:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int)strlen(tmp); data/foreign-0.8.80/src/Rdbfwrite.c:74:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(szTitle, CHAR(STRING_ELT(names,i)), 11); data/foreign-0.8.80/src/SASxport.c:269:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name, mem_head->sas_dsname, n); data/foreign-0.8.80/src/SASxport.c:327:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmpname, nam_head[i].nname, nname_len); data/foreign-0.8.80/src/SASxport.c:335:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmpname, nam_head[i].nlabel, nlabel_len); data/foreign-0.8.80/src/SASxport.c:343:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmpname, nam_head[i].nform, nform_len); data/foreign-0.8.80/src/SASxport.c:397:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(record, tmp, 80); data/foreign-0.8.80/src/dbfopen.c:538:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pszBasename = (char *) malloc(strlen(pszFilename)+5); data/foreign-0.8.80/src/dbfopen.c:540:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for( i = strlen(pszBasename)-1; data/foreign-0.8.80/src/dbfopen.c:548:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pszFullname = (char *) malloc(strlen(pszBasename) + 5); data/foreign-0.8.80/src/dbfopen.c:672:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( (int) strlen(pszFieldName) < 10 ) data/foreign-0.8.80/src/dbfopen.c:675:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( pszFInfo, pszFieldName, 10); data/foreign-0.8.80/src/dbfopen.c:765:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( pszStringField, data/foreign-0.8.80/src/dbfopen.c:907:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(pszValue) == 0 || strncmp(pszValue,"00000000",8) == 0; data/foreign-0.8.80/src/dbfopen.c:915:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(pszValue) == 0; data/foreign-0.8.80/src/dbfopen.c:969:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( pszFieldName, (char *) psDBF->pszHeader+iField*32, 11 ); data/foreign-0.8.80/src/dbfopen.c:1106:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( (int)strlen(szSField) > psDBF->panFieldSize[iField] ) data/foreign-0.8.80/src/dbfopen.c:1124:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( (int) strlen(szSField) > psDBF->panFieldSize[iField] ) data/foreign-0.8.80/src/dbfopen.c:1140:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( (int) strlen((char *) pValue) > psDBF->panFieldSize[iField] ) data/foreign-0.8.80/src/dbfopen.c:1149:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). j = (int) strlen((char *) pValue); data/foreign-0.8.80/src/dbfopen.c:1152:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((char *) (pabyRec+psDBF->panFieldOffset[iField]), data/foreign-0.8.80/src/dbfopen.c:1220:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( (int)strlen((char *) pValue) > psDBF->panFieldSize[iField] ) data/foreign-0.8.80/src/dbfopen.c:1226:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). j = (int) strlen((char *) pValue); data/foreign-0.8.80/src/dbfopen.c:1229:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((char *) (pabyRec+psDBF->panFieldOffset[iField]), data/foreign-0.8.80/src/dbfopen.c:1491:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (string); data/foreign-0.8.80/src/dbfopen.c:1513:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name1, pszFieldName,11); data/foreign-0.8.80/src/dbfopen.c:1520:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name2, name, 12); // this copied the terminator, but be sure data/foreign-0.8.80/src/file-handle.c:77:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (filename); data/foreign-0.8.80/src/file-handle.c:140:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen (h->fn); data/foreign-0.8.80/src/minitab.c:55:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = (int) strlen(str) - 1; i >= 0 && isspace((int)str[i]); i--) data/foreign-0.8.80/src/pfm-read.c:144:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc (ext->file); data/foreign-0.8.80/src/pfm-read.c:148:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc (ext->file); data/foreign-0.8.80/src/pfm-read.c:551:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (date) != 8) data/foreign-0.8.80/src/pfm-read.c:552:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lose ((_("Bad date string length %d"), strlen (date))); data/foreign-0.8.80/src/pfm-read.c:578:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (time) != 6) data/foreign-0.8.80/src/pfm-read.c:579:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lose ((_("Bad time string length %d"), strlen (time))); data/foreign-0.8.80/src/pfm-read.c:606:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (inf->product, product, 60); data/foreign-0.8.80/src/pfm-read.c:622:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (inf->subproduct, subproduct, 60); data/foreign-0.8.80/src/pfm-read.c:753:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen ((char *) name) > 8) data/foreign-0.8.80/src/pfm-read.c:755:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i, strlen ((char *) name))); data/foreign-0.8.80/src/pfm-read.c:768:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (j = 1; j < (int) strlen ((char *) name); j++) data/foreign-0.8.80/src/pfm-read.c:1004:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen (src); data/foreign-0.8.80/src/sfm-read.c:681:11: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(lp[0]->name, val, 64); data/foreign-0.8.80/src/sfm-read.c:770:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp (prefix[i], hdr.prod_name, strlen (prefix[i]))) data/foreign-0.8.80/src/sfm-read.c:772:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). skip_amt = (int) strlen (prefix[i]); data/foreign-0.8.80/src/spss.c:42:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = (int) strlen(s); data/foreign-0.8.80/src/spss.c:590:10: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int c = fgetc(stream); data/foreign-0.8.80/src/spss.c:592:10: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = fgetc(stream); data/foreign-0.8.80/src/spss.c:599:6: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fgetc(stream); data/foreign-0.8.80/src/stataread.c:678:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). txtlen += strlen(CHAR(STRING_ELT(theselabels, i))) + 1; data/foreign-0.8.80/src/stataread.c:682:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(labelName2, labelName, namelength + 1); // nameMangleOut changes its arg. data/foreign-0.8.80/src/stataread.c:683:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). OutStringBinary(nameMangleOut(labelName2, (int)strlen(labelName)), data/foreign-0.8.80/src/stataread.c:693:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(CHAR(STRING_ELT(theselabels,i))) + 1; data/foreign-0.8.80/src/stataread.c:712:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(CHAR(STRING_ELT(theselabels, i))); data/foreign-0.8.80/src/stataread.c:764:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(datalabel, CHAR(STRING_ELT(dlabel, 0)), 80); data/foreign-0.8.80/src/stataread.c:800:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). k = (int) strlen(CHAR(STRING_ELT(VECTOR_ELT(df, i), j))); data/foreign-0.8.80/src/stataread.c:830:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). k = (int) strlen(CHAR(STRING_ELT(VECTOR_ELT(df, i),j))); data/foreign-0.8.80/src/stataread.c:849:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(aname, CHAR(STRING_ELT(names, i)), namelength); data/foreign-0.8.80/src/stataread.c:884:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(aname, CHAR(STRING_ELT(curr_val_labels, i)), namelength); data/foreign-0.8.80/src/stataread.c:886:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(aname, CHAR(STRING_ELT(names, i)), namelength); data/foreign-0.8.80/src/stataread.c:900:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(datalabel,CHAR(STRING_ELT(vlabels,i)),80); data/foreign-0.8.80/src/stataread.c:908:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(datalabel,CHAR(STRING_ELT(orig_names,i)),80); data/foreign-0.8.80/src/stataread.c:930:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, CHAR(STRING_ELT(exp_field, 0)), namelength); data/foreign-0.8.80/src/stataread.c:934:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, CHAR(STRING_ELT(exp_field, 1)), namelength); data/foreign-0.8.80/src/stataread.c:991:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(aname, CHAR(STRING_ELT(curr_val_labels, i)), namelength); data/foreign-0.8.80/src/stataread.c:993:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(aname, CHAR(STRING_ELT(names, i)), namelength); ANALYSIS SUMMARY: Hits = 267 Lines analyzed = 11373 in approximately 1.24 seconds (9196 lines/second) Physical Source Lines of Code (SLOC) = 7543 Hits@level = [0] 53 [1] 66 [2] 177 [3] 0 [4] 24 [5] 0 Hits@level+ = [0+] 320 [1+] 267 [2+] 201 [3+] 24 [4+] 24 [5+] 0 Hits/KSLOC@level+ = [0+] 42.4234 [1+] 35.3971 [2+] 26.6472 [3+] 3.18176 [4+] 3.18176 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.