Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/fpgatools-0.0+201212/autotest.c
Examining data/fpgatools-0.0+201212/bit2fp.c
Examining data/fpgatools-0.0+201212/blinking_led.c
Examining data/fpgatools-0.0+201212/draw_svg_tiles.c
Examining data/fpgatools-0.0+201212/fp2bit.c
Examining data/fpgatools-0.0+201212/hello_world.c
Examining data/fpgatools-0.0+201212/hstrrep.c
Examining data/fpgatools-0.0+201212/libs/bit.h
Examining data/fpgatools-0.0+201212/libs/bit_frames.c
Examining data/fpgatools-0.0+201212/libs/bit_regs.c
Examining data/fpgatools-0.0+201212/libs/control.c
Examining data/fpgatools-0.0+201212/libs/control.h
Examining data/fpgatools-0.0+201212/libs/floorplan.c
Examining data/fpgatools-0.0+201212/libs/floorplan.h
Examining data/fpgatools-0.0+201212/libs/helper.c
Examining data/fpgatools-0.0+201212/libs/helper.h
Examining data/fpgatools-0.0+201212/libs/model.h
Examining data/fpgatools-0.0+201212/libs/model_conns.c
Examining data/fpgatools-0.0+201212/libs/model_devices.c
Examining data/fpgatools-0.0+201212/libs/model_helper.c
Examining data/fpgatools-0.0+201212/libs/model_main.c
Examining data/fpgatools-0.0+201212/libs/model_ports.c
Examining data/fpgatools-0.0+201212/libs/model_switches.c
Examining data/fpgatools-0.0+201212/libs/model_tiles.c
Examining data/fpgatools-0.0+201212/libs/parts.c
Examining data/fpgatools-0.0+201212/libs/parts.h
Examining data/fpgatools-0.0+201212/merge_seq.c
Examining data/fpgatools-0.0+201212/mini-jtag/jtag.c
Examining data/fpgatools-0.0+201212/mini-jtag/jtag.h
Examining data/fpgatools-0.0+201212/mini-jtag/load-bits.c
Examining data/fpgatools-0.0+201212/mini-jtag/load-bits.h
Examining data/fpgatools-0.0+201212/mini-jtag/mini-jtag.c
Examining data/fpgatools-0.0+201212/new_fp.c
Examining data/fpgatools-0.0+201212/pair2net.c
Examining data/fpgatools-0.0+201212/sort_seq.c

FINAL RESULTS:

data/fpgatools-0.0+201212/autotest.c:52:4:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			printf(line);
data/fpgatools-0.0+201212/autotest.c:62:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(tstate->base_name, base_name);
data/fpgatools-0.0+201212/autotest.c:114:7:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	rc = system(tmp);
data/fpgatools-0.0+201212/autotest.c:1261:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
					sprintf(lut6_str, "(A6+~A6)*%s", lut5_str);
data/fpgatools-0.0+201212/autotest.c:1924:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(cmdline_test, param);
data/fpgatools-0.0+201212/autotest.c:1933:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(tstate.cmdline_diff_exec, param);
data/fpgatools-0.0+201212/autotest.c:1974:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(tstate.cmdline_diff_exec, DEFAULT_DIFF_EXEC);
data/fpgatools-0.0+201212/autotest.c:2007:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(tstate.tmp_dir, AUTOTEST_TMP_DIR);
data/fpgatools-0.0+201212/draw_svg_tiles.c:88:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(str, fpga_tiletype_str(
data/fpgatools-0.0+201212/libs/bit_frames.c:327:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
						strcpy(cfg.istandard, IO_LVCMOS25);
data/fpgatools-0.0+201212/libs/bit_frames.c:331:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
						strcpy(cfg.istandard, IO_LVCMOS12);
data/fpgatools-0.0+201212/libs/bit_frames.c:335:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
						strcpy(cfg.istandard, IO_LVCMOS12_JEDEC);
data/fpgatools-0.0+201212/libs/bit_frames.c:339:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
						strcpy(cfg.istandard, IO_SSTL2_I);
data/fpgatools-0.0+201212/libs/bit_frames.c:347:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cfg.ostandard, IO_LVCMOS25);
data/fpgatools-0.0+201212/libs/bit_frames.c:351:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cfg.ostandard, IO_LVCMOS33);
data/fpgatools-0.0+201212/libs/bit_frames.c:355:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cfg.ostandard, IO_LVCMOS33);
data/fpgatools-0.0+201212/libs/bit_frames.c:359:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cfg.ostandard, IO_LVCMOS33);
data/fpgatools-0.0+201212/libs/bit_frames.c:363:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cfg.ostandard, IO_LVCMOS33);
data/fpgatools-0.0+201212/libs/bit_frames.c:367:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cfg.ostandard, IO_LVCMOS33);
data/fpgatools-0.0+201212/libs/bit_frames.c:371:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cfg.ostandard, IO_LVCMOS33);
data/fpgatools-0.0+201212/libs/bit_frames.c:376:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cfg.ostandard, IO_LVCMOS25);
data/fpgatools-0.0+201212/libs/bit_frames.c:380:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cfg.ostandard, IO_LVCMOS25);
data/fpgatools-0.0+201212/libs/bit_frames.c:384:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cfg.ostandard, IO_LVCMOS25);
data/fpgatools-0.0+201212/libs/bit_frames.c:388:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cfg.ostandard, IO_LVCMOS25);
data/fpgatools-0.0+201212/libs/bit_frames.c:392:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cfg.ostandard, IO_LVCMOS25);
data/fpgatools-0.0+201212/libs/bit_frames.c:396:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cfg.ostandard, IO_LVCMOS25);
data/fpgatools-0.0+201212/libs/bit_frames.c:401:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cfg.ostandard, IO_LVTTL);
data/fpgatools-0.0+201212/libs/bit_frames.c:405:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cfg.ostandard, IO_LVTTL);
data/fpgatools-0.0+201212/libs/bit_frames.c:409:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cfg.ostandard, IO_LVTTL);
data/fpgatools-0.0+201212/libs/bit_frames.c:413:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cfg.ostandard, IO_LVTTL);
data/fpgatools-0.0+201212/libs/bit_frames.c:417:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cfg.ostandard, IO_LVTTL);
data/fpgatools-0.0+201212/libs/bit_frames.c:421:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cfg.ostandard, IO_LVTTL);
data/fpgatools-0.0+201212/libs/bit_frames.c:425:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cfg.ostandard, IO_LVTTL);
data/fpgatools-0.0+201212/libs/bit_frames.c:430:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cfg.ostandard, IO_LVCMOS18);
data/fpgatools-0.0+201212/libs/bit_frames.c:434:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cfg.ostandard, IO_LVCMOS18);
data/fpgatools-0.0+201212/libs/bit_frames.c:438:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cfg.ostandard, IO_LVCMOS18);
data/fpgatools-0.0+201212/libs/bit_frames.c:442:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cfg.ostandard, IO_LVCMOS18);
data/fpgatools-0.0+201212/libs/bit_frames.c:446:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cfg.ostandard, IO_LVCMOS18);
data/fpgatools-0.0+201212/libs/bit_frames.c:450:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cfg.ostandard, IO_LVCMOS18);
data/fpgatools-0.0+201212/libs/bit_frames.c:454:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cfg.ostandard, IO_LVCMOS18);
data/fpgatools-0.0+201212/libs/bit_frames.c:459:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cfg.ostandard, IO_LVCMOS15);
data/fpgatools-0.0+201212/libs/bit_frames.c:463:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cfg.ostandard, IO_LVCMOS15);
data/fpgatools-0.0+201212/libs/bit_frames.c:467:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cfg.ostandard, IO_LVCMOS15);
data/fpgatools-0.0+201212/libs/bit_frames.c:471:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cfg.ostandard, IO_LVCMOS15);
data/fpgatools-0.0+201212/libs/bit_frames.c:475:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cfg.ostandard, IO_LVCMOS15);
data/fpgatools-0.0+201212/libs/bit_frames.c:479:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cfg.ostandard, IO_LVCMOS15);
data/fpgatools-0.0+201212/libs/bit_frames.c:484:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cfg.ostandard, IO_LVCMOS12);
data/fpgatools-0.0+201212/libs/bit_frames.c:488:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cfg.ostandard, IO_LVCMOS12);
data/fpgatools-0.0+201212/libs/bit_frames.c:492:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cfg.ostandard, IO_LVCMOS12);
data/fpgatools-0.0+201212/libs/bit_frames.c:496:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cfg.ostandard, IO_LVCMOS12);
data/fpgatools-0.0+201212/libs/bit_frames.c:500:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(cfg.ostandard, IO_LVCMOS12);
data/fpgatools-0.0+201212/libs/bit_frames.c:667:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(lut5_buf, str);
data/fpgatools-0.0+201212/libs/bit_frames.c:674:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(lut6_buf, str);
data/fpgatools-0.0+201212/libs/bit_regs.c:1171:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(cfg->header_str[i-'a'], (char*) &d[inpos + *outdelta + 3]);
data/fpgatools-0.0+201212/libs/control.c:874:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dev->u.iob.istandard, io_std);
data/fpgatools-0.0+201212/libs/control.c:895:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dev->u.iob.ostandard, io_std);
data/fpgatools-0.0+201212/libs/control.c:1442:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	return strcpy(switch_get_buf[last_buf], hash_str);
data/fpgatools-0.0+201212/libs/control.c:1559:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(&buf[last_buf][o], fpga_switch_str(model, y, x, set->sw[0], SW_FROM));
data/fpgatools-0.0+201212/libs/control.c:1563:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(&buf[last_buf][o],
data/fpgatools-0.0+201212/libs/control.c:1570:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(&buf[last_buf][o],
data/fpgatools-0.0+201212/libs/control.c:1575:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(&buf[last_buf][o], fpga_switch_str(model, y, x, set->sw[0], SW_TO));
data/fpgatools-0.0+201212/libs/floorplan.c:1038:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
					sprintf(tmp_line, "conn y%i x%i %s ",
data/fpgatools-0.0+201212/libs/floorplan.c:1043:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
					sprintf(&tmp_line[k], "y%i x%i %s\n",
data/fpgatools-0.0+201212/libs/helper.c:46:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		printf(fmt_str, indent_str, i, data[i]);
data/fpgatools-0.0+201212/libs/helper.c:876:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(&line[i+1], 256, fmt, list);
data/fpgatools-0.0+201212/libs/helper.c:1012:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(&array->bin_strings[bin][array->bin_len[bin]+BIN_STR_HEADER], str);
data/fpgatools-0.0+201212/libs/helper.c:1148:7:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
		if (sscanf(argv[i], scan_str, buf[next_buf]) == 1) {
data/fpgatools-0.0+201212/libs/helper.c:1163:7:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
		if (sscanf(argv[i], buf, &out_int) == 1)
data/fpgatools-0.0+201212/libs/helper.h:19:24:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define OUT_OF_MEM()	{ fprintf(stderr, \
data/fpgatools-0.0+201212/libs/helper.h:21:32:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define EXIT(expr)	if (expr) { fprintf(stderr, \
data/fpgatools-0.0+201212/libs/model_conns.c:826:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(wstr, fpga_connpt_str(model, net->wire+i, y, x, -1, -1));
data/fpgatools-0.0+201212/libs/model_helper.c:23:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(pf_buf[last_buf], sizeof(pf_buf[0]), fmt, list);
data/fpgatools-0.0+201212/libs/model_helper.c:352:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(buf1, sizeof(buf1), name1, i);
data/fpgatools-0.0+201212/libs/model_helper.c:354:4:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			snprintf(buf2, sizeof(buf2), name2, (start2 & COUNT_MASK)-(i-start1));
data/fpgatools-0.0+201212/libs/model_helper.c:356:4:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			snprintf(buf2, sizeof(buf2), name2, (start2 & COUNT_MASK)+(i-start1));
data/fpgatools-0.0+201212/libs/model_helper.c:962:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(buf[last_buf], fpga_wire2str(wire));
data/fpgatools-0.0+201212/libs/model_helper.c:969:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(buf[last_buf], fpga_wire2str(wire));
data/fpgatools-0.0+201212/libs/model_helper.c:971:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(buf[last_buf], fpga_wire2str(wire));
data/fpgatools-0.0+201212/libs/model_helper.c:1004:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(buf[last_buf], fpga_wire2str(wire));
data/fpgatools-0.0+201212/libs/model_helper.c:1011:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(buf[last_buf], fpga_wire2str(wire));
data/fpgatools-0.0+201212/libs/model_helper.c:1013:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(buf[last_buf], fpga_wire2str(wire));
data/fpgatools-0.0+201212/libs/model_helper.c:1034:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(buf[last_buf], fpga_wire2str(wire));
data/fpgatools-0.0+201212/libs/model_helper.c:1041:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(buf[last_buf], fpga_wire2str(wire));
data/fpgatools-0.0+201212/libs/model_helper.c:1043:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(buf[last_buf], fpga_wire2str(wire));
data/fpgatools-0.0+201212/merge_seq.c:35:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		printf(line->buf);
data/fpgatools-0.0+201212/merge_seq.c:56:2:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	printf(buf);
data/fpgatools-0.0+201212/pair2net.c:151:7:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
		i = sscanf(line, "%s%s", point_a, point_b);
data/fpgatools-0.0+201212/sort_seq.c:412:4:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			printf(s_lines[i]);
data/fpgatools-0.0+201212/autotest.c:26:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cmdline_diff_exec[1024];
data/fpgatools-0.0+201212/autotest.c:32:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp_dir[256];
data/fpgatools-0.0+201212/autotest.c:33:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char base_name[256];
data/fpgatools-0.0+201212/autotest.c:39:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char line[1024];
data/fpgatools-0.0+201212/autotest.c:44:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!(f = fopen(path, "r")))
data/fpgatools-0.0+201212/autotest.c:69:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char path[1024], tmp[1024], prior_fp[1024];
data/fpgatools-0.0+201212/autotest.c:93:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(prior_fp, "/dev/null");
data/fpgatools-0.0+201212/autotest.c:100:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(&path[path_base], ".fp");
data/fpgatools-0.0+201212/autotest.c:101:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	dest_f = fopen(path, "w");
data/fpgatools-0.0+201212/autotest.c:123:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(&path[path_base], ".diff");
data/fpgatools-0.0+201212/autotest.c:794:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char iob_name[32];
data/fpgatools-0.0+201212/autotest.c:1186:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lut6_str[128], lut5_str[128];
data/fpgatools-0.0+201212/autotest.c:1208:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
					sprintf(lut6_str, "A%c", i);
data/fpgatools-0.0+201212/autotest.c:1233:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(lut6_str, "(A6+~A6)*1");
data/fpgatools-0.0+201212/autotest.c:1238:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(lut6_str, "(A6+~A6)*0");
data/fpgatools-0.0+201212/autotest.c:1244:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
					sprintf(lut5_str, "A%c", i);
data/fpgatools-0.0+201212/autotest.c:1245:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
					sprintf(lut6_str, "(A6+~A6)*A%c", (i == '5') ? '1' : i+1);
data/fpgatools-0.0+201212/autotest.c:1889:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char param[1024], cmdline_test[1024];
data/fpgatools-0.0+201212/bit2fp.c:66:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		FILE* fbits = fopen(argv[file_arg], "r");
data/fpgatools-0.0+201212/draw_svg_tiles.c:42:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char str[128];
data/fpgatools-0.0+201212/draw_svg_tiles.c:79:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(str, "y%i x%i:", i, j);
data/fpgatools-0.0+201212/fp2bit.c:31:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fp = fopen(argv[1], "r");
data/fpgatools-0.0+201212/fp2bit.c:37:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fbits = fopen(argv[2], "w");
data/fpgatools-0.0+201212/hstrrep.c:19:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char line[1024], search_str[1024], replace_str[1024];
data/fpgatools-0.0+201212/hstrrep.c:49:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fp = fopen(argv[2], "r");
data/fpgatools-0.0+201212/hstrrep.c:79:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fp = fopen(argv[1], "r");
data/fpgatools-0.0+201212/libs/bit.h:77:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char header_str[4][MAX_HEADER_STR_LEN];
data/fpgatools-0.0+201212/libs/bit_frames.c:690:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lut6_ml[NUM_LUTS][MAX_LUT_LEN];
data/fpgatools-0.0+201212/libs/bit_frames.c:691:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lut5_ml[NUM_LUTS][MAX_LUT_LEN];
data/fpgatools-0.0+201212/libs/bit_frames.c:692:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lut6_x[NUM_LUTS][MAX_LUT_LEN];
data/fpgatools-0.0+201212/libs/bit_frames.c:693:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lut5_x[NUM_LUTS][MAX_LUT_LEN];
data/fpgatools-0.0+201212/libs/bit_frames.c:2253:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char bit_str[129];
data/fpgatools-0.0+201212/libs/bit_frames.c:2495:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			from_idx = atoi(&from_found[6]);
data/fpgatools-0.0+201212/libs/bit_frames.c:2496:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			to_idx = atoi(&to_found[5]);
data/fpgatools-0.0+201212/libs/bit_regs.c:635:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char bits[512];
data/fpgatools-0.0+201212/libs/bit_regs.c:722:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char bit_str[129];
data/fpgatools-0.0+201212/libs/bit_regs.c:748:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char bit_str[65];
data/fpgatools-0.0+201212/libs/bit_regs.c:781:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char bit_str[64];
data/fpgatools-0.0+201212/libs/bit_regs.c:1361:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(&cfg->bits.d[offset_in_bits
data/fpgatools-0.0+201212/libs/bit_regs.c:1370:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&cfg->bits.d[offset_in_bits],
data/fpgatools-0.0+201212/libs/bit_regs.c:1801:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char padding_frame[FRAME_SIZE];
data/fpgatools-0.0+201212/libs/control.c:420:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[NUM_BUFS][BUF_SIZE];
data/fpgatools-0.0+201212/libs/control.c:639:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(*lut_ptr, lut_str, lut_len);
data/fpgatools-0.0+201212/libs/control.c:1429:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char switch_get_buf[NUM_CONNPT_BUFS][CONNPT_BUF_SIZE];
data/fpgatools-0.0+201212/libs/control.c:1469:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[NUM_BUFS][BUF_SIZE];
data/fpgatools-0.0+201212/libs/control.c:1522:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char sw_buf[NUM_SW_BUFS][SW_BUF_SIZE];
data/fpgatools-0.0+201212/libs/control.c:1524:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char midstr[64];
data/fpgatools-0.0+201212/libs/control.c:1528:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(midstr, "<->");
data/fpgatools-0.0+201212/libs/control.c:1530:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(midstr, "->");
data/fpgatools-0.0+201212/libs/control.c:1551:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[FMT_SWSET_NUM_BUFS][FMT_SWSET_BUF_SIZE];
data/fpgatools-0.0+201212/libs/control.c:2442:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1024];
data/fpgatools-0.0+201212/libs/floorplan.c:69:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pref[256];
data/fpgatools-0.0+201212/libs/floorplan.c:202:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(dev->u.iob.istandard, w2, w2_len);
data/fpgatools-0.0+201212/libs/floorplan.c:207:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(dev->u.iob.ostandard, w2, w2_len);
data/fpgatools-0.0+201212/libs/floorplan.c:297:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pref[256];
data/fpgatools-0.0+201212/libs/floorplan.c:490:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cmp_str[128];
data/fpgatools-0.0+201212/libs/floorplan.c:666:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pref[256];
data/fpgatools-0.0+201212/libs/floorplan.c:757:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pref[256];
data/fpgatools-0.0+201212/libs/floorplan.c:837:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pref[256];
data/fpgatools-0.0+201212/libs/floorplan.c:996:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp_line[512];
data/fpgatools-0.0+201212/libs/floorplan.c:1121:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1024];
data/fpgatools-0.0+201212/libs/floorplan.c:1155:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(buf, &line[from_beg], from_end-from_beg);
data/fpgatools-0.0+201212/libs/floorplan.c:1172:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(buf, &line[to_beg], to_end-to_beg);
data/fpgatools-0.0+201212/libs/floorplan.c:1311:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char line[1024];
data/fpgatools-0.0+201212/libs/helper.c:14:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        static char str[2 /* "0b" */ + 32 + 1 /* '\0' */];
data/fpgatools-0.0+201212/libs/helper.c:28:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fmt_str[16] = "%s@%05x %02x";
data/fpgatools-0.0+201212/libs/helper.c:29:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char indent_str[16];
data/fpgatools-0.0+201212/libs/helper.c:222:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char a[6]; // 0=A1, 5=A6. value can be 0, 1 or 2 for 'removed'
data/fpgatools-0.0+201212/libs/helper.c:239:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char str[2048];
data/fpgatools-0.0+201212/libs/helper.c:287:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char new_term[6];
data/fpgatools-0.0+201212/libs/helper.c:368:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char init_str[65];
data/fpgatools-0.0+201212/libs/helper.c:413:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(&init_str[j*2], "%02X", init_byte);
data/fpgatools-0.0+201212/libs/helper.c:434:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(&init_str[j*2], "%02X", init_byte);
data/fpgatools-0.0+201212/libs/helper.c:627:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char prefix[128], suffix[128];
data/fpgatools-0.0+201212/libs/helper.c:630:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(prefix, "f%i ", abs(row));
data/fpgatools-0.0+201212/libs/helper.c:632:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(prefix, "r%i ma%i mi%i ", row, major, minor);
data/fpgatools-0.0+201212/libs/helper.c:739:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE* statusf = fopen("/proc/self/status", "r");
data/fpgatools-0.0+201212/libs/helper.c:740:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char line[1024];
data/fpgatools-0.0+201212/libs/helper.c:754:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	random_f = open("/dev/urandom", O_RDONLY);
data/fpgatools-0.0+201212/libs/helper.c:1140:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[NUM_BUFS][BUF_SIZE];
data/fpgatools-0.0+201212/libs/helper.c:1142:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char scan_str[128];
data/fpgatools-0.0+201212/libs/helper.c:1158:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[128];
data/fpgatools-0.0+201212/libs/model.h:460:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef char IOSTANDARD[32];
data/fpgatools-0.0+201212/libs/model_conns.c:761:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char i_str[MAX_WIRENAME_LEN], j_str[MAX_WIRENAME_LEN];
data/fpgatools-0.0+201212/libs/model_conns.c:818:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char wstr[MAX_WIRENAME_LEN];
data/fpgatools-0.0+201212/libs/model_conns.c:3465:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[128];
data/fpgatools-0.0+201212/libs/model_conns.c:3688:8:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
							sprintf(buf, "BRAM_LOGICINB%%i_INT%i", 3-i);
data/fpgatools-0.0+201212/libs/model_conns.c:3846:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			const char *s[4] = { \
data/fpgatools-0.0+201212/libs/model_conns.c:3854:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			const char *s[4] = { \
data/fpgatools-0.0+201212/libs/model_conns.c:3867:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			const char *s[4] = { \
data/fpgatools-0.0+201212/libs/model_conns.c:3880:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			const char *s[4] = { \
data/fpgatools-0.0+201212/libs/model_conns.c:3888:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			const char *s[4] = { \
data/fpgatools-0.0+201212/libs/model_devices.c:400:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp_str[128];
data/fpgatools-0.0+201212/libs/model_devices.c:453:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(tmp_str, "LIOB_TOP_PCI_RDY0");
data/fpgatools-0.0+201212/libs/model_devices.c:455:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(tmp_str, "LIOB_BOT_PCI_RDY0");
data/fpgatools-0.0+201212/libs/model_devices.c:457:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(tmp_str, "RIOB_BOT_PCI_RDY0");
data/fpgatools-0.0+201212/libs/model_devices.c:459:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(tmp_str, "RIOB_TOP_PCI_RDY1");
data/fpgatools-0.0+201212/libs/model_helper.c:17:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char pf_buf[NUM_PF_BUFS][128];
data/fpgatools-0.0+201212/libs/model_helper.c:30:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[8][128];
data/fpgatools-0.0+201212/libs/model_helper.c:208:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name_buf[MAX_WIRENAME_LEN];
data/fpgatools-0.0+201212/libs/model_helper.c:347:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf1[MAX_WIRENAME_LEN], buf2[MAX_WIRENAME_LEN];
data/fpgatools-0.0+201212/libs/model_helper.c:527:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char from[64], to[64];
data/fpgatools-0.0+201212/libs/model_helper.c:573:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(to_tile->conn_point_names, from_tile->conn_point_names, from_tile->num_conn_point_names*2*sizeof(uint16_t));
data/fpgatools-0.0+201212/libs/model_helper.c:578:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(to_tile->switches, from_tile->switches, from_tile->num_switches*sizeof(*from_tile->switches));
data/fpgatools-0.0+201212/libs/model_helper.c:936:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[NUM_BUFS][BUF_SIZE];
data/fpgatools-0.0+201212/libs/model_helper.c:1069:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
						strcat(buf[last_buf], "_S");
data/fpgatools-0.0+201212/libs/model_helper.c:1089:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
						strcat(buf[last_buf], "_S");
data/fpgatools-0.0+201212/libs/model_helper.c:1128:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
						strcat(buf[last_buf], "_N");
data/fpgatools-0.0+201212/libs/model_helper.c:1151:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
						strcat(buf[last_buf], "_N");
data/fpgatools-0.0+201212/libs/model_helper.c:1173:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
						strcat(buf[last_buf], "_E");
data/fpgatools-0.0+201212/libs/model_helper.c:1180:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
						strcat(buf[last_buf], "_E");
data/fpgatools-0.0+201212/libs/model_helper.c:1193:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
						strcat(buf[last_buf], "_E");
data/fpgatools-0.0+201212/libs/model_helper.c:1200:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
						strcat(buf[last_buf], "_E");
data/fpgatools-0.0+201212/libs/model_helper.c:1224:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
						strcat(buf[last_buf], "_W");
data/fpgatools-0.0+201212/libs/model_helper.c:1231:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
						strcat(buf[last_buf], "_W");
data/fpgatools-0.0+201212/libs/model_helper.c:1245:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
						strcat(buf[last_buf], "_W");
data/fpgatools-0.0+201212/libs/model_helper.c:1252:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
						strcat(buf[last_buf], "_W");
data/fpgatools-0.0+201212/libs/model_helper.c:1370:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
						strcat(buf[last_buf], "_W");
data/fpgatools-0.0+201212/libs/model_helper.c:1418:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
						strcat(buf[last_buf], "_S");
data/fpgatools-0.0+201212/libs/model_helper.c:1434:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
						strcat(buf[last_buf], "_S");
data/fpgatools-0.0+201212/libs/model_helper.c:1459:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
						strcat(buf[last_buf], "_N");
data/fpgatools-0.0+201212/libs/model_helper.c:1479:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
						strcat(buf[last_buf], "_N");
data/fpgatools-0.0+201212/libs/model_helper.c:1501:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
						strcat(buf[last_buf], "_E");
data/fpgatools-0.0+201212/libs/model_helper.c:1508:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
						strcat(buf[last_buf], "_E");
data/fpgatools-0.0+201212/libs/model_helper.c:1521:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
						strcat(buf[last_buf], "_E");
data/fpgatools-0.0+201212/libs/model_helper.c:1528:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
						strcat(buf[last_buf], "_E");
data/fpgatools-0.0+201212/libs/model_helper.c:1546:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
						strcat(buf[last_buf], "_W");
data/fpgatools-0.0+201212/libs/model_helper.c:1553:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
						strcat(buf[last_buf], "_W");
data/fpgatools-0.0+201212/libs/model_helper.c:1567:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
						strcat(buf[last_buf], "_W");
data/fpgatools-0.0+201212/libs/model_helper.c:1574:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
						strcat(buf[last_buf], "_W");
data/fpgatools-0.0+201212/libs/model_helper.c:1590:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[NUM_BUFS][BUF_SIZE];
data/fpgatools-0.0+201212/merge_seq.c:19:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[LINE_LENGTH];
data/fpgatools-0.0+201212/merge_seq.c:31:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[LINE_LENGTH];
data/fpgatools-0.0+201212/merge_seq.c:321:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fp = fopen(argv[1], "r");
data/fpgatools-0.0+201212/merge_seq.c:329:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		last_merge_try = atoi(argv[3]);
data/fpgatools-0.0+201212/mini-jtag/jtag.c:142:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(&buf_bytes[3], (in + i * FTDI_MAX_RW_SIZE), len);
data/fpgatools-0.0+201212/mini-jtag/mini-jtag.c:166:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			fp = fopen(argv[2], "r");
data/fpgatools-0.0+201212/pair2net.c:117:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char line[1024], point_a[1024], point_b[1024];
data/fpgatools-0.0+201212/pair2net.c:144:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fp = fopen(argv[1], "r");
data/fpgatools-0.0+201212/sort_seq.c:17:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char s_lines[1000][LINE_LENGTH];
data/fpgatools-0.0+201212/sort_seq.c:390:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fp = fopen(argv[1], "r");
data/fpgatools-0.0+201212/autotest.c:90:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	path_base = strlen(path);
data/fpgatools-0.0+201212/autotest.c:598:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if (strlen(str) < 5
data/fpgatools-0.0+201212/autotest.c:1199:5:  [1] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source is a constant character.
				sprintf(lut6_str, "0");
data/fpgatools-0.0+201212/autotest.c:1203:5:  [1] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source is a constant character.
				sprintf(lut6_str, "1");
data/fpgatools-0.0+201212/autotest.c:1234:5:  [1] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source is a constant character.
				sprintf(lut5_str, "0");
data/fpgatools-0.0+201212/autotest.c:1239:5:  [1] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source is a constant character.
				sprintf(lut5_str, "1");
data/fpgatools-0.0+201212/autotest.c:1871:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		"Output dir: " AUTOTEST_TMP_DIR "\n", argv_0, (int) strlen(argv_0), "");
data/fpgatools-0.0+201212/bit2fp.c:26:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			"\n", argv[0], argv[0], (int) strlen(argv[0]), "");
data/fpgatools-0.0+201212/blinking_led.c:42:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			"\n", (int) strlen(*argv), "",
data/fpgatools-0.0+201212/blinking_led.c:43:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			(int) strlen(*argv), "", (int) strlen(*argv), "");
data/fpgatools-0.0+201212/blinking_led.c:43:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			(int) strlen(*argv), "", (int) strlen(*argv), "");
data/fpgatools-0.0+201212/hstrrep.c:58:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			i = strlen(replace_str);
data/fpgatools-0.0+201212/libs/bit_regs.c:1612:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	s_len = strlen(s)+1;
data/fpgatools-0.0+201212/libs/control.c:313:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    && strlen(dev_str[i]) == len
data/fpgatools-0.0+201212/libs/control.c:377:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(iob_pinw_str[i]) == len
data/fpgatools-0.0+201212/libs/control.c:386:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(logic_pinw_str[i]) == len
data/fpgatools-0.0+201212/libs/control.c:638:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (lut_len == ZTERM) lut_len = strlen(lut_str);
data/fpgatools-0.0+201212/libs/control.c:1437:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!hash_str || (strlen(hash_str) >= CONNPT_BUF_SIZE)) {
data/fpgatools-0.0+201212/libs/control.c:1560:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			o += strlen(&buf[last_buf][o]);
data/fpgatools-0.0+201212/libs/control.c:1565:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				o += strlen(&buf[last_buf][o]);
data/fpgatools-0.0+201212/libs/control.c:1572:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				o += strlen(&buf[last_buf][o]);
data/fpgatools-0.0+201212/libs/control.c:1576:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			o += strlen(&buf[last_buf][o]);
data/fpgatools-0.0+201212/libs/floorplan.c:1040:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					k = strlen(tmp_line);
data/fpgatools-0.0+201212/libs/helper.c:207:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	str_len = strlen(str);
data/fpgatools-0.0+201212/libs/helper.c:755:2:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	read(random_f, &random_num, sizeof(random_num));
data/fpgatools-0.0+201212/libs/helper.c:867:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	i = strlen(line);
data/fpgatools-0.0+201212/libs/helper.c:990:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int str_len = strlen(str);
data/fpgatools-0.0+201212/libs/helper.c:1107:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				*argv, *argv, (int) strlen(*argv), "",
data/fpgatools-0.0+201212/libs/helper.c:1108:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				(int) strlen(*argv), "");
data/fpgatools-0.0+201212/libs/model_helper.c:539:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			from_len = strlen(from);
data/fpgatools-0.0+201212/libs/model_helper.c:540:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			to_len = strlen(to);
data/fpgatools-0.0+201212/libs/model_helper.c:1803:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(_str);
data/fpgatools-0.0+201212/libs/model_helper.c:1813:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(&_str[9]);
data/fpgatools-0.0+201212/libs/model_helper.c:1883:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(&_str[8]);
data/fpgatools-0.0+201212/pair2net.c:154:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		i = strlen(point_b);

ANALYSIS SUMMARY:

Hits = 264
Lines analyzed = 30014 in approximately 0.92 seconds (32451 lines/second)
Physical Source Lines of Code (SLOC) = 25528
Hits@level = [0] 702 [1]  35 [2] 141 [3]   0 [4]  88 [5]   0
Hits@level+ = [0+] 966 [1+] 264 [2+] 229 [3+]  88 [4+]  88 [5+]   0
Hits/KSLOC@level+ = [0+] 37.8408 [1+] 10.3416 [2+] 8.97054 [3+] 3.4472 [4+] 3.4472 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.