Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrcompoundcurve.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogr_xerces.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrfeaturestyle.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrcurvepolygon.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogr_api.h
Examining data/gdal-3.0.4+dfsg/ogr/ogr_api.cpp
Examining data/gdal-3.0.4+dfsg/ogr/swq_parser.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogr_xerces.h
Examining data/gdal-3.0.4+dfsg/ogr/swq_parser.hpp
Examining data/gdal-3.0.4+dfsg/ogr/ogr_geos.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrgeomediageometry.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrmultipoint.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogr_geo_utils.h
Examining data/gdal-3.0.4+dfsg/ogr/ogr_expat.h
Examining data/gdal-3.0.4+dfsg/ogr/ogr_srs_panorama.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrfeaturequery.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogr_srs_ozi.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrtriangle.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsurface.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrgeomfielddefn.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrcircularstring.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogr_capi_test.c
Examining data/gdal-3.0.4+dfsg/ogr/ogr_srs_erm.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogr_core.h
Examining data/gdal-3.0.4+dfsg/ogr/ogr_geometry.h
Examining data/gdal-3.0.4+dfsg/ogr/ogr_geo_utils.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogr_srs_usgs.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogr_srs_dict.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogr_srs_xml.cpp
Examining data/gdal-3.0.4+dfsg/ogr/swq_select.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogr_p.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrmulticurve.cpp
Examining data/gdal-3.0.4+dfsg/ogr/swq_op_general.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogr_proj_p.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogr_fromepsg.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrmultisurface.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrmultilinestring.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrpolygon.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogr_sfcgal.h
Examining data/gdal-3.0.4+dfsg/ogr/ograssemblepolygon.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogr_spatialref.h
Examining data/gdal-3.0.4+dfsg/ogr/ogr_srs_esri_names.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrfielddefn.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogr_libs.h
Examining data/gdal-3.0.4+dfsg/ogr/ogr_proj_p.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrgeomediageometry.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/osm_parser.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/osm_parser.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogr_osm.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/osm2osm.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/gpb.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/ogravcbindatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/ogravce00layer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/ogravclayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/ogravce00driver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_mbyte.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_binwr.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/ogravce00datasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00read.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00gen.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_misc.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_rawbin.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/ogr_avc.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00parse.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/ogravcbindriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/ogravcdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_mbyte.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_bin.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00write.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/ogravcbinlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmt/ogrgmtdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmt/ogrgmtdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmt/ogrgmtlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmt/ogr_gmt.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wasp/ogrwasp.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wasp/ogrwaspdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wasp/ogrwasplayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wasp/ogrwaspdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogrwfsdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogr_wfs.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogrwfsjoinlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogrwfsdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogrwfslayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogroapifdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogrwfsfilter.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpsbabel/ogr_gpsbabel.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpsbabel/ogrgpsbabelwritedatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpsbabel/ogrgpsbabeldriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpsbabel/ogrgpsbabeldatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ogdi/ogrogdidatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ogdi/ogrogdilayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ogdi/ogrogdidriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ogdi/ogrogdi.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shptree_wrapper.c
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/gdal_shapelib_symbol_rename.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/ogrshapedriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shp_vsi.c
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/ogrshapedatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/ogrshape.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/sbnsearch.c
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shptree.c
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shp_vsi.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shape2ogr.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/ogrshapelayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shapefil.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/sbnsearch_wrapper.c
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen_wrapper.c
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen_wrapper.c
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/ogrkmldatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/ogrkmllayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/kml.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/kml.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/ogr2kmlgeometry.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/kmlvector.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/kmlutility.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/kmlnode.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/kmlnode.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/ogrkmldriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/kmlvector.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/ogr_kml.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ods/ogrodsdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ods/ods_formula.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ods/ogrodsdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ods/ods_formula.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ods/ogr_ods.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ods/ods_formula_parser.hpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ods/testparser.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ods/ods_formula_node.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ods/ods_formula_parser.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geomedia/ogrgeomediadatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geomedia/ogrgeomediaselectlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geomedia/ogrgeomediatablelayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geomedia/ogr_geomedia.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geomedia/ogrgeomediadriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geomedia/ogrgeomedialayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pds/ogr_pds.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pds/ogrpdsdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pds/ogrpdsdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pds/ogrpdslayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/carto/ogrcartodatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/carto/ogrcartolayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/carto/ogr_carto.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/carto/ogrcartodriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/carto/ogrcartoresultlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/carto/ogrcartotablelayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxflayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxfdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogr_sxf.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/org_sxf_defs.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxfdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlasdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlasxsdcache.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/xercesc_headers.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlasschemaanalyzer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlasreader.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlaslayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlaswriter.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlasxlinkresolver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogr_gmlas_consts.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlasxpatchmatcher.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlasfeatureclass.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlasdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogr_gmlas.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlasutils.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlasconf.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/aeronavfaa/ogr_aeronavfaa.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/aeronavfaa/ograeronavfaalayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/aeronavfaa/ograeronavfaadriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/aeronavfaa/ograeronavfaadatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpx/ogrgpxdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpx/ogr_gpx.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpx/ogrgpxdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpx/ogrgpxlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segy/ogr_segy.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segy/ogrsegylayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segy/ogrsegydriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segy/ogrsegydatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/odbc/ogrodbctablelayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/odbc/ogrodbcdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/odbc/ogrodbclayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/odbc/ogr_odbc.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/odbc/ogrodbcselectlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/odbc/ogrodbcdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgeo/ogrpgeodriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgeo/ogrpgeoselectlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgeo/ogrpgeotablelayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgeo/ogrpgeodatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgeo/ogr_pgeo.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgeo/ogrpgeolayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/jml/ogrjmlwriterlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/jml/ogrjmldataset.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/jml/ogrjmllayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/jml/ogr_jml.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/htf/ogrhtfdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/htf/ogrhtflayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/htf/ogrhtfdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/htf/ogr_htf.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mem/ogr_mem.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mem/ogrmemdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mem/ogrmemlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mem/ogrmemdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mongodb/ogrmongodbdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mongodb/mongocxx_headers.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/rec/ll_recio.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/rec/ogrrecdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/rec/ogr_rec.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/rec/ogrreclayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/rec/ogrrecdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vdv/ogr_vdv.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vdv/ogrvdvdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/amigocloud/ogramigoclouddriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/amigocloud/ogramigocloudresultlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/amigocloud/ogramigocloudlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/amigocloud/ogr_amigocloud.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/amigocloud/ogramigocloudtablelayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/amigocloud/ogramigoclouddatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/idb/ogr_idb.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/idb/ogridbtablelayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/idb/ogridbdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/idb/ogridblayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/idb/ogridbselectlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/idb/ogridbdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gtm/ogrgtmdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gtm/gtm.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gtm/ogr_gtm.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gtm/gtmtracklayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gtm/gtmwaypointlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gtm/ogrgtmlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gtm/gtm.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gtm/ogrgtmdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/caddictionary.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/cadfilestreamio.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/opencad.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/cadclasses.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/cadclasses.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/cadcolors.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/cadfile.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/cadlayer.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/dwg/io.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/dwg/io.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/dwg/r2000.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/dwg/r2000.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/opencad_api.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/cadgeometry.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/cadfileio.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/cadheader.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/cadobjects.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/cadheader.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/cadfileio.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/cadlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/cadfile.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/cadfilestreamio.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/cadgeometry.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/cadtables.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/caddictionary.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/cadtables.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/cadcolors.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/cadobjects.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/opencad.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/vsilfileio.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/ogrcadlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/ogr_cad.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/ogrcaddriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/gdalcaddataset.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/vsilfileio.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrociloaderlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogr_oci.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocidatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ocitest.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrociwritablelayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/fastload.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/oci_utils.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocisession.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrociselectlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocistringbuf.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocistroke.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocidriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocistatement.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocilayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogr_csv.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmldriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmlgeometry.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/libkml_headers.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogr_libkml.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmlfeature.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmllayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmlfeature.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmlfeaturestyle.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmlstyle.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmlgeometry.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmlfield.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmlfeaturestyle.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmldatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmlfield.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmlstyle.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqllayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqltablelayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqlresultlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqldatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogr_mysql.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqldriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cloudant/ogrcloudantdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cloudant/ogrcloudantdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cloudant/ogrcloudanttablelayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cloudant/ogr_cloudant.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xls/ogrxlsdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xls/ogrxlsdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xls/ogr_xls.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xls/ogrxlslayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogr_ingres.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringresstatement.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringresdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringreslayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringrestablelayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringresresultlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringresdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/idrisi/ogr_idrisi.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/idrisi/ogridrisilayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/idrisi/ogridrisidriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/idrisi/ogridrisidatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/idrisi/generate_test_files.c
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/generic/ogrdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/generic/ogrlayerdecorator.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/generic/ogrlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/generic/ogrunionlayer.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/generic/ogr_miattrind.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/generic/ogr_gensql.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/generic/ogrmutexeddatasource.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/generic/ogr_gensql.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/generic/ogr_attrind.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/generic/ogremulatedtransaction.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/generic/ogrsfdriverregistrar.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/generic/ogrmutexedlayer.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/generic/ogrwarpedlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/generic/ogrregisterall.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/generic/ogrmutexeddatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/generic/ogrwarpedlayer.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/generic/ogrlayerdecorator.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/generic/ogrunionlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/generic/ogrlayerpool.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/generic/ogrlayerpool.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/generic/ogrmutexedlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/generic/ogreditablelayer.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/generic/ogrsfdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/generic/ogremulatedtransaction.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/generic/ogreditablelayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/ogrgeoconceptdatasource.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept_syscoord.c
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/ogrgeoconceptlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/ogrgeoconceptlayer.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/ogrgeoconceptdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/ogrgeoconceptdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/ogrgeoconceptdriver.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.c
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept_syscoord.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/arcgen/ograrcgenlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/arcgen/ograrcgendriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/arcgen/ograrcgendatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/arcgen/ogr_arcgen.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogr_autocad_services.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/intronurbs.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfreader.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogr_dxf.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_polyline_smooth.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfblockslayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_hatch.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_leader.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfwriterlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_dimension.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfwriterds.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_ocstransformer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_feature.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_blockmap.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogr_autocad_services.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfblockswriterlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_polyline_smooth.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgutility.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpglayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgutility.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgtablelayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogr_pg.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgresultlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigeroverunder.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerzipcodes.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerfeatureids.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/ogr_tiger.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerpolygon.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/ogrtigerlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerkeyfeatures.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigeridhistory.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerpolychainlink.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerzipplus4.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerpolygoneconomic.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerfilebase.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerentitynames.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/ogrtigerdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerarealandmarks.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigeraltname.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerpip.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerlandmarks.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerspatialmetadata.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerzerocellid.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerpolygoncorrections.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/ogrtigerdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigercompletechain.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigertlidrange.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerpoint.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ogr_attrind.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlfeature.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/ogrgmllayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/ogrgmldriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/ogr_gml.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlfeatureclass.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlutils.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/xercesc_headers.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/parsexsd.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlpropertydefn.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/ogrgmldatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gfstemplate.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/parsexsd.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/hugefileresolver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlregistry.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlreader.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/resolvexlinks.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlhandler.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlreaderp.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlregistry.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlreader.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlreadstate.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlutils.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/bna/ogrbnadatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/bna/ogrbnaparser.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/bna/ogrbnaparser.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/bna/ogrbnadriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/bna/ogr_bna.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/bna/ogrbnalayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/georss/ogrgeorsslayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/georss/ogrgeorssdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/georss/ogrgeorssdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/georss/ogr_georss.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2selectlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2driver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2layer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2cli.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2geometryvalidator.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/gdaldb2rasterband.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogr_db2.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2tablelayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasourcemd.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgndump.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/ogrdgnlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnhelp.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnlibp.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dist/cpl_config.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnopen.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/ogrdgndatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnlib.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnfloat.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnstroke.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/ogrdgndriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/ogr_dgn.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwritetest.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/plscenes/ogrplscenesdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/plscenes/ogr_plscenes.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/plscenes/ogrplscenesdatav1layer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/plscenes/ogrplscenesdatav1dataset.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqliteapiroutines.c
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitevirtualogr.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitesinglefeaturelayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitesqlfunctions.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitesqlfunctions.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqliteexecutesql.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqliteviewlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/rasterlite2_header.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/rasterlite2.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqliteselectlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqliteregexp.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitedatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqliteutility.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitedriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogr_sqlite.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqliteexecutesql.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/test_load_virtual_ogr.c
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqliteutility.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitevfs.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqliteregexp.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitevirtualogr.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlite3ext.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ngw/ogrngwdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ngw/gdalngwdataset.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ngw/ogrngwlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ngw/ogr_ngw.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ngw/ngw_api.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sua/ogrsuadriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sua/ogrsualayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sua/ogr_sua.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sua/ogrsuadatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/couchdb/ogrcouchdbtablelayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/couchdb/ogrcouchdbdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/couchdb/ogr_couchdb.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/couchdb/ogrcouchdbdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/couchdb/ogrcouchdbrowslayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/couchdb/ogrcouchdblayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/selafin/ogr_selafin.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/selafin/ogrselafindriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/selafin/io_selafin.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/selafin/ogrselafindatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/selafin/io_selafin.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/selafin/ogrselafinlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mdb/ogrmdblayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mdb/ogrmdbdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mdb/ogr_mdb.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mdb/ogrmdbjackcess.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mdb/ogrmdbdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sde/ogrsdelayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sde/ogr_sde.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sde/ogrsdedatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sde/ogrsdedriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sosi/ogrsosilayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sosi/fyba_melding.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sosi/ogr_sosi.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sosi/ogrsosidatatypes.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sosi/ogrsosidatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sosi/ogrsosidriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sosi/ogrsosidatatypes.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57tables.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57classregistrar.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/ogrs57layer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57featuredefns.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/ogrs57driver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/ogr_s57.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/ogrs57datasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57dump.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57reader.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57filecollector.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57writer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/ddfrecordindex.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/nas/ogr_nas.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/nas/nasreader.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/nas/ogrnaslayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/nas/ogrnasdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/nas/nashandler.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/nas/ogrnasrelationlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/nas/ogrnasdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/nas/nasreaderp.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_codelist.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ogrntflayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_generic.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntfdump.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntfstroke.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntfrecord.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_raster.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ogrntfdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ogrntfdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ogrntffeatureclasslayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_apt_reader.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_awy_reader.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_fix_reader.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_nav_reader.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_apt_reader.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogrxplanelayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_reader.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_awy_reader.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_reader.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_nav_reader.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_fix_reader.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogrxplanedatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogrxplanedriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vfk/vfkdatablocksqlite.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vfk/vfkproperty.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vfk/ogr_vfk.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vfk/vfkpropertydefn.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vfk/ogrvfklayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vfk/vfkfeature.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vfk/ogrvfkdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vfk/vfkdatablock.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vfk/vfkreader.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vfk/ogrvfkdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vfk/vfkfeaturesqlite.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vfk/vfkreader.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vfk/vfkreaderp.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vfk/vfkreadersqlite.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/elastic/ogrelasticdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/elastic/ogrelasticlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/elastic/ogrelasticdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/elastic/ogr_elastic.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumpdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogr_pgdump.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumplayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumpdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/ogropenfilegdbdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/filegdbtable.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/filegdbtable_priv.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/filegdbindex.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/ogr_openfilegdb.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/ogropenfilegdblayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/ogropenfilegdbdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/filegdbtable.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sdts/ogrsdtsdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sdts/ogrsdtslayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sdts/ogrsdtsdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sdts/ogr_sdts.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooadatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooadriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogr_segukooa.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogrwalk.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogis_geometry_wkb_struct.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogrwalklayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogrwalktablelayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogrwalktool.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogrwalkdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogrwalkdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogrwalkselectlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/grass/ogrgrass.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/grass/ogrgrassdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/grass/ogrgrasslayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/grass/ogrgrassdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dods/ogrdodsgrid.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dods/ogrdodssequencelayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dods/ogr_dods.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dods/ogrdodslayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dods/ogrdodsfielddefn.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dods/ogrdodsdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dods/libdap_headers.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dods/ogrdodsdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/ogrmvtdataset.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/mvt_tile_test.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/mvtutils.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/mvt_tile.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/mvtutils.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/mvt_tile.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/svg/ogr_svg.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/svg/ogrsvgdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/svg/ogrsvglayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/svg/ogrsvgdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogr_geopackage.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagetablelayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackageutility.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/gpkgmbtilescommon.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagelayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/gdalgeopackagerasterband.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackageutility.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackageselectlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ogrsf_frmts.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openair/ogr_openair.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openair/ogropenairdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openair/ogropenairlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openair/ogropenairlabellayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openair/ogropenairdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbLayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbDriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbResultLayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbUtils.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/ogr_fgdb.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbUtils.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbDatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/filegdbsdk_headers.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mongodbv3/ogrmongodbv3driver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mongodbv3/mongocxxv3_headers.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gft/ogrgfttablelayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gft/ogrgftlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gft/ogrgftresultlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gft/ogr_gft.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gft/ogrgftdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gft/ogrgftdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dwg/dgnv8_headers.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dwg/ogrdgnv8driver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dwg/ogrdwg_blockmap.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dwg/ogrdwglayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dwg/ogrdgnv8datasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dwg/ogr_dwg.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dwg/dwg_headers.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dwg/ogrdwg_dimension.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dwg/ogrdwgdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dwg/ogrteigha.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dwg/ogrteigha.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dwg/createdgnv8testfile_headers.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dwg/ogrdgnv8layer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dwg/createdgnv8testfile.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dwg/ogrdwg_hatch.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dwg/ogr_dgnv8.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dwg/ogrdwgblockslayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dwg/ogrdwgdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlgeometrywriter.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialselectlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatiallayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlgeometryvalidator.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialtablelayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlgeometryparser.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogr_mssqlspatial.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonseqdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrtopojsonreader.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogresrijsonreader.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsondriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsondatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonutils.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonreader.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonwriter.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonutils.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonwriter.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonreader.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrtopojsondriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonwritelayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/json_config.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/json_util.c
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/json_object_iterator.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/linkhash.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/json_inttypes.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/printbuf.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/json.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/json_object.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/debug.c
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/arraylist.c
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/json_c_version.c
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/json_object_private.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/json_tokener.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/symbol_renames.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/printbuf.c
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/config.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/json_util.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/json_object_iterator.c
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/linkhash.c
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/json_tokener.c
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/json_c_version.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/bits.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/debug.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/arraylist.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/json_object.c
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogresrijsondriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogr_geojson.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csw/ogrcswdataset.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xlsx/ogrxlsxdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xlsx/ogrxlsxdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xlsx/ogr_xlsx.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/arcobjects/ogr_ao.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/arcobjects/aoutils.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/arcobjects/aodatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/arcobjects/aoutils.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/arcobjects/aolayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/arcobjects/aodriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vrt/ogrvrtlayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vrt/ogrvrtdatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vrt/ogrvrtdriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vrt/ogr_vrt.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ili/ogrili1datasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ili/ili1reader.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ili/xercesc_headers.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ili/ogr_ili2.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ili/ili2readerp.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ili/ogrili1layer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ili/imdreader.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ili/ili1reader.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ili/imdreader.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ili/ili2reader.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ili/ogr_ili1.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ili/ogrili2datasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ili/ili2handler.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ili/ogrili2layer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ili/ili2reader.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ili/ili1readerp.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ili/ogrili1driver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ili/ogrili2driver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/edigeo/ogredigeodatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/edigeo/ogredigeodriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/edigeo/ogredigeolayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/edigeo/ogr_edigeo.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_bounds.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_spatialref.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_idfile.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_ogr_driver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_middatafile.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_utils.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_miffile.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_tabview.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_coordsys.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_geometry.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_mapindexblock.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_mapobjectblock.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_utils.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_tabseamless.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_indfile.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_tooldef.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_ogr_driver.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_tabfile.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_mapfile.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_geometry.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_priv.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_maptoolblock.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_mapheaderblock.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_mapcoordblock.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_ogr_datasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_rawbinblock.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_imapinfofile.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmecacheindex.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayercached.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmedatasource.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayer.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayerdb.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/fme2ogr_utils.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/fme2ogr.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmedriver.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogr_srs_api.h
Examining data/gdal-3.0.4+dfsg/ogr/ogr_srs_esri.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogr_expat.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ograpispy.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogr_geocoding.h
Examining data/gdal-3.0.4+dfsg/ogr/test_geo_utils.cpp
Examining data/gdal-3.0.4+dfsg/ogr/generate_encoding_table.c
Examining data/gdal-3.0.4+dfsg/ogr/swq_op_registrar.cpp
Examining data/gdal-3.0.4+dfsg/ogr/swq.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrgeometrycollection.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogr_srs_pci.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrpoint.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrfeaturedefn.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogr_geocoding.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrpolyhedralsurface.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrcurvecollection.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrmultipolygon.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ograpispy.h
Examining data/gdal-3.0.4+dfsg/ogr/ogrct.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrlinearring.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrspatialreference.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogr_xerces_headers.h
Examining data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogr_srsnode.cpp
Examining data/gdal-3.0.4+dfsg/ogr/swq_expr_node.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrcurve.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrgeometryfactory.cpp
Examining data/gdal-3.0.4+dfsg/ogr/gml2ogrgeometry.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrtriangulatedsurface.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrgeometry.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogr_feature.h
Examining data/gdal-3.0.4+dfsg/ogr/ogr_featurestyle.h
Examining data/gdal-3.0.4+dfsg/ogr/swq.cpp
Examining data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp
Examining data/gdal-3.0.4+dfsg/frmts/rasdaman/rasdamandataset.h
Examining data/gdal-3.0.4+dfsg/frmts/rasdaman/rasdamandataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/ceos2/sar_ceosdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/ceos2/ceos.c
Examining data/gdal-3.0.4+dfsg/frmts/ceos2/ceossar.c
Examining data/gdal-3.0.4+dfsg/frmts/ceos2/ceosrecipe.c
Examining data/gdal-3.0.4+dfsg/frmts/ceos2/link.c
Examining data/gdal-3.0.4+dfsg/frmts/ceos2/ceos.h
Examining data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/ease.h
Examining data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c
Examining data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/gctp_wrap.c
Examining data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c
Examining data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/HDFEOSVersion.h
Examining data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/HdfEosDef.h
Examining data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c
Examining data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4imagedataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4compat.h
Examining data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4dataset.h
Examining data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4dataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/zmap/zmapdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.h
Examining data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/mbtiles/mbtilesdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/sgi/sgidataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/hf2/hf2dataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/gta/gta_headers.h
Examining data/gdal-3.0.4+dfsg/frmts/gta/gtadataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/gdalallregister.cpp
Examining data/gdal-3.0.4+dfsg/frmts/til/tildataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/webp/webp_headers.h
Examining data/gdal-3.0.4+dfsg/frmts/webp/webpdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/rda/rdadataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/vrt/vrtsources.cpp
Examining data/gdal-3.0.4+dfsg/frmts/vrt/vrtdriver.cpp
Examining data/gdal-3.0.4+dfsg/frmts/vrt/vrtsourcedrasterband.cpp
Examining data/gdal-3.0.4+dfsg/frmts/vrt/vrtdataset.h
Examining data/gdal-3.0.4+dfsg/frmts/vrt/vrtdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/vrt/gdal_vrt.h
Examining data/gdal-3.0.4+dfsg/frmts/vrt/pixelfunctions.cpp
Examining data/gdal-3.0.4+dfsg/frmts/vrt/vrtrawrasterband.cpp
Examining data/gdal-3.0.4+dfsg/frmts/vrt/vrtrasterband.cpp
Examining data/gdal-3.0.4+dfsg/frmts/vrt/vrtwarped.cpp
Examining data/gdal-3.0.4+dfsg/frmts/vrt/vrtfilters.cpp
Examining data/gdal-3.0.4+dfsg/frmts/vrt/vrtpansharpened.cpp
Examining data/gdal-3.0.4+dfsg/frmts/vrt/vrtderivedrasterband.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/pcidskdataset2.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/vsi_pcidsk_io.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/pcidsk_shape.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/pcidsk_array.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskads40model.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskapmodel.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskbitmap.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskapmodel.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/vecsegheader.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/metadatasegment_p.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/vecsegdataindex.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskephemerissegment.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/sysblockmap.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskbinarysegment.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/vecsegheader.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskpct.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidsktoutinmodel.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskgeoref.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidsk_tex.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskbinarysegment.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidsk_array.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskgcp2segment.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskpct.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskgeoref.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskrpcmodel.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/toutinstructures.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/sysblockmap.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskpolymodel.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskads40model.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskrpcmodel.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidsktoutinmodel.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskephemerissegment.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskgcp2segment.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/metadatasegment.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/orbitstructures.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskvectorsegment.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidsk_array.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/vecsegdataindex.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidsk_tex.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskvectorsegment.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidsksegment.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskvectorsegment_consistencycheck.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/pcidsksegmentbuilder.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskbitmap.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidsksegment.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/pcidsk_ads40.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/pcidsk_types.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/pcidsk_toutin.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/pcidsk_rpc.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/pcidsk_poly.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/pcidsk_channel.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/pcidsk_binary.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/mutexholder.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidsk_pubutils.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/libjpeg_io.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/cpcidskfile.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/clinksegment.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/clinksegment.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidsk_utils.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/protectedfile.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidskopen.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/metadataset.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidsk_utils.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/cpcidskfile.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidskcreate.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidskbuffer.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidskexception.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/sysvirtualfile.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidskinterfaces.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/metadataset_p.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/edb_pcidsk.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/sysvirtualfile.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/pcidsk.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/pcidsk_ephemeris.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/pcidsk_mutex.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/pcidsk_exception.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/pcidsk_gcp.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/pcidsk_io.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cbandinterleavedchannel.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cexternalchannel.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cpcidskchannel.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/ctiledchannel.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/ctiledchannel.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cpixelinterleavedchannel.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cbandinterleavedchannel.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cpixelinterleavedchannel.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cpcidskchannel.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cexternalchannel.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/pcidsk_segment.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/pcidsk_airphoto.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/port/io_win32.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/port/io_stdio.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/port/pthread_mutex.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/port/win32_mutex.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/pcidsk_georef.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/pcidsk_interfaces.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/pcidsk_config.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/pcidsk_tex.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/pcidsk_pct.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/pcidsk_gcpsegment.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/pcidsk_edb.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/pcidsk_buffer.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/pcidsk_file.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/pcidsk_vectorsegment.h
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/pcidskdataset2.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/gdal_edb.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcidsk/ogrpcidsklayer.cpp
Examining data/gdal-3.0.4+dfsg/frmts/northwood/northwood.cpp
Examining data/gdal-3.0.4+dfsg/frmts/northwood/grcdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/northwood/northwood.h
Examining data/gdal-3.0.4+dfsg/frmts/northwood/grddataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/prf/phprfdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/wms/minidriver_mrf.h
Examining data/gdal-3.0.4+dfsg/frmts/wms/gdalwmscache.cpp
Examining data/gdal-3.0.4+dfsg/frmts/wms/minidriver_mrf.cpp
Examining data/gdal-3.0.4+dfsg/frmts/wms/gdalhttp.h
Examining data/gdal-3.0.4+dfsg/frmts/wms/gdalhttp.cpp
Examining data/gdal-3.0.4+dfsg/frmts/wms/gdalwmsdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/wms/wmsmetadataset.h
Examining data/gdal-3.0.4+dfsg/frmts/wms/minidriver_arcgis_server.cpp
Examining data/gdal-3.0.4+dfsg/frmts/wms/minidriver_arcgis_server.h
Examining data/gdal-3.0.4+dfsg/frmts/wms/minidriver_iip.h
Examining data/gdal-3.0.4+dfsg/frmts/wms/minidriver_worldwind.h
Examining data/gdal-3.0.4+dfsg/frmts/wms/wmsutils.cpp
Examining data/gdal-3.0.4+dfsg/frmts/wms/minidriver_tms.h
Examining data/gdal-3.0.4+dfsg/frmts/wms/minidriver_tiled_wms.cpp
Examining data/gdal-3.0.4+dfsg/frmts/wms/wmsmetadataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/wms/minidriver_worldwind.cpp
Examining data/gdal-3.0.4+dfsg/frmts/wms/minidriver.cpp
Examining data/gdal-3.0.4+dfsg/frmts/wms/gdalwmsrasterband.cpp
Examining data/gdal-3.0.4+dfsg/frmts/wms/minidriver_iip.cpp
Examining data/gdal-3.0.4+dfsg/frmts/wms/minidriver_wms.cpp
Examining data/gdal-3.0.4+dfsg/frmts/wms/minidriver_wms.h
Examining data/gdal-3.0.4+dfsg/frmts/wms/wmsdriver.cpp
Examining data/gdal-3.0.4+dfsg/frmts/wms/minidriver_tms.cpp
Examining data/gdal-3.0.4+dfsg/frmts/wms/minidriver_tiled_wms.h
Examining data/gdal-3.0.4+dfsg/frmts/wms/minidriver_tileservice.cpp
Examining data/gdal-3.0.4+dfsg/frmts/wms/wmsdriver.h
Examining data/gdal-3.0.4+dfsg/frmts/wms/minidriver_virtualearth.cpp
Examining data/gdal-3.0.4+dfsg/frmts/wms/minidriver_virtualearth.h
Examining data/gdal-3.0.4+dfsg/frmts/wms/minidriver_tileservice.h
Examining data/gdal-3.0.4+dfsg/frmts/e00grid/e00compr.h
Examining data/gdal-3.0.4+dfsg/frmts/e00grid/e00griddataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/e00grid/e00read.c
Examining data/gdal-3.0.4+dfsg/frmts/iris/irisdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/daas/daasdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/fit/fitdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/fit/gstEndian.h
Examining data/gdal-3.0.4+dfsg/frmts/fit/fit.cpp
Examining data/gdal-3.0.4+dfsg/frmts/fit/gstTypes.h
Examining data/gdal-3.0.4+dfsg/frmts/fit/fit.h
Examining data/gdal-3.0.4+dfsg/frmts/msgn/msg_reader_core.cpp
Examining data/gdal-3.0.4+dfsg/frmts/msgn/msgndataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/msgn/msg_reader_core.h
Examining data/gdal-3.0.4+dfsg/frmts/msgn/msg_basic_types.h
Examining data/gdal-3.0.4+dfsg/frmts/msgn/msg_basic_types.cpp
Examining data/gdal-3.0.4+dfsg/frmts/postgisraster/postgisrasterrasterband.cpp
Examining data/gdal-3.0.4+dfsg/frmts/postgisraster/postgisrastertilerasterband.cpp
Examining data/gdal-3.0.4+dfsg/frmts/postgisraster/postgisraster.h
Examining data/gdal-3.0.4+dfsg/frmts/postgisraster/postgisrastertiledataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/postgisraster/postgisrastertools.cpp
Examining data/gdal-3.0.4+dfsg/frmts/postgisraster/postgisrasterdriver.cpp
Examining data/gdal-3.0.4+dfsg/frmts/postgisraster/postgisrasterdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/adrg/srpdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/openjpeg/openjpegdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/raw/cpgdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/raw/mffdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/raw/gtxdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/raw/eirdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/raw/landataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/raw/ace2dataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/raw/idadataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/raw/envidataset.h
Examining data/gdal-3.0.4+dfsg/frmts/raw/ctable2dataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/raw/ndfdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/raw/pnmdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/raw/roipacdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/raw/doq1dataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/raw/dipxdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/raw/gscdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/raw/rrasterdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/raw/ntv1dataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/raw/snodasdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/raw/atlsci_spheroid.cpp
Examining data/gdal-3.0.4+dfsg/frmts/raw/genbindataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/raw/fastdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/raw/iscedataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/raw/lcpdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/raw/loslasdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/raw/fujibasdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/raw/ehdrdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/raw/atlsci_spheroid.h
Examining data/gdal-3.0.4+dfsg/frmts/raw/doq2dataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/raw/byndataset.h
Examining data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/raw/hkvdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/raw/krodataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/raw/ehdrdataset.h
Examining data/gdal-3.0.4+dfsg/frmts/raw/pauxdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.h
Examining data/gdal-3.0.4+dfsg/frmts/hfa/hfaentry.cpp
Examining data/gdal-3.0.4+dfsg/frmts/hfa/hfatest.cpp
Examining data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp
Examining data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp
Examining data/gdal-3.0.4+dfsg/frmts/hfa/hfadictionary.cpp
Examining data/gdal-3.0.4+dfsg/frmts/hfa/hfa_p.h
Examining data/gdal-3.0.4+dfsg/frmts/hfa/hfa.h
Examining data/gdal-3.0.4+dfsg/frmts/hfa/hfatype.cpp
Examining data/gdal-3.0.4+dfsg/frmts/hfa/hfacompress.cpp
Examining data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/hfa/hfaband.cpp
Examining data/gdal-3.0.4+dfsg/frmts/hfa/hfa_overviews.cpp
Examining data/gdal-3.0.4+dfsg/frmts/dods/libdap_headers.h
Examining data/gdal-3.0.4+dfsg/frmts/dods/dodsdataset2.cpp
Examining data/gdal-3.0.4+dfsg/frmts/ngsgeoid/ngsgeoiddataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/jp2lura/jp2luradataset.h
Examining data/gdal-3.0.4+dfsg/frmts/jp2lura/jp2luracallbacks.cpp
Examining data/gdal-3.0.4+dfsg/frmts/jp2lura/jp2luradataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/jp2lura/jp2lurarasterband.h
Examining data/gdal-3.0.4+dfsg/frmts/jp2lura/jp2luracallbacks.h
Examining data/gdal-3.0.4+dfsg/frmts/jp2lura/jp2lurarasterband.cpp
Examining data/gdal-3.0.4+dfsg/frmts/wcs/httpdriver.cpp
Examining data/gdal-3.0.4+dfsg/frmts/wcs/gmlcoverage.h
Examining data/gdal-3.0.4+dfsg/frmts/wcs/wcsutils.cpp
Examining data/gdal-3.0.4+dfsg/frmts/wcs/wcsrasterband.h
Examining data/gdal-3.0.4+dfsg/frmts/wcs/wcsdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/wcs/wcsdataset201.cpp
Examining data/gdal-3.0.4+dfsg/frmts/wcs/wcsutils.h
Examining data/gdal-3.0.4+dfsg/frmts/wcs/wcsdataset100.cpp
Examining data/gdal-3.0.4+dfsg/frmts/wcs/gmlcoverage.cpp
Examining data/gdal-3.0.4+dfsg/frmts/wcs/wcsdataset.h
Examining data/gdal-3.0.4+dfsg/frmts/wcs/wcsdataset110.cpp
Examining data/gdal-3.0.4+dfsg/frmts/wcs/wcsrasterband.cpp
Examining data/gdal-3.0.4+dfsg/frmts/mrf/Packer.h
Examining data/gdal-3.0.4+dfsg/frmts/mrf/JPNG_band.cpp
Examining data/gdal-3.0.4+dfsg/frmts/mrf/marfa_dataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/mrf/Packer_RLE.h
Examining data/gdal-3.0.4+dfsg/frmts/mrf/BitMask2D.h
Examining data/gdal-3.0.4+dfsg/frmts/mrf/JPEG_band.cpp
Examining data/gdal-3.0.4+dfsg/frmts/mrf/mrf_band.cpp
Examining data/gdal-3.0.4+dfsg/frmts/mrf/Tif_band.cpp
Examining data/gdal-3.0.4+dfsg/frmts/mrf/mrf_util.cpp
Examining data/gdal-3.0.4+dfsg/frmts/mrf/marfa.h
Examining data/gdal-3.0.4+dfsg/frmts/mrf/Packer_RLE.cpp
Examining data/gdal-3.0.4+dfsg/frmts/mrf/mrf_overview.cpp
Examining data/gdal-3.0.4+dfsg/frmts/mrf/PNG_band.cpp
Examining data/gdal-3.0.4+dfsg/frmts/mrf/LERC_band.cpp
Examining data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/TImage.hpp
Examining data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/CntZImage.h
Examining data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/DefinesV1.h
Examining data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/BitMaskV1.cpp
Examining data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/BitStufferV1.cpp
Examining data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/BitStufferV1.h
Examining data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/CntZImage.cpp
Examining data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/Image.h
Examining data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/BitMaskV1.h
Examining data/gdal-3.0.4+dfsg/frmts/mrf/Raw_band.cpp
Examining data/gdal-3.0.4+dfsg/frmts/mrf/JPEG12_band.cpp
Examining data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp
Examining data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/georaster/cpl_vsil_ocilob.cpp
Examining data/gdal-3.0.4+dfsg/frmts/georaster/oci_wrapper.h
Examining data/gdal-3.0.4+dfsg/frmts/georaster/oci_wrapper.cpp
Examining data/gdal-3.0.4+dfsg/frmts/georaster/georaster_rasterband.cpp
Examining data/gdal-3.0.4+dfsg/frmts/georaster/georaster_priv.h
Examining data/gdal-3.0.4+dfsg/frmts/mrsid/mrsiddataset_headers_include.h
Examining data/gdal-3.0.4+dfsg/frmts/mrsid/mrsidstream.h
Examining data/gdal-3.0.4+dfsg/frmts/mrsid/mrsidstream_headers_include.h
Examining data/gdal-3.0.4+dfsg/frmts/mrsid/mrsidstream.cpp
Examining data/gdal-3.0.4+dfsg/frmts/mrsid/mrsiddataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/rmf/rmfjpeg.cpp
Examining data/gdal-3.0.4+dfsg/frmts/rmf/rmfdataset.h
Examining data/gdal-3.0.4+dfsg/frmts/rmf/rmfdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/rmf/rmflzw.cpp
Examining data/gdal-3.0.4+dfsg/frmts/rmf/rmfdem.cpp
Examining data/gdal-3.0.4+dfsg/frmts/xpm/xpmdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/grib/gribdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/grib/gribcreatecopy.cpp
Examining data/gdal-3.0.4+dfsg/frmts/grib/gribdataset.h
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib2.cpp
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/tdlpack.cpp
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/inventory.h
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/weather.h
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/inventory.cpp
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/meta.h
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/scan.h
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/engribapi.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/hazard.h
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myerror.h
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/grib2api.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaprint.cpp
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myassert.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/tendian.cpp
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/grib1tab.cpp
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib1.h
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/scan.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/tdlpack.h
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/engribapi.h
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.h
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/weather.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaparse.cpp
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/type.h
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.h
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myassert.h
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib2.h
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myerror.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/grib2api.h
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.h
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib1.cpp
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/tendian.h
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/hazard.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/enc_jpeg2000.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/pdstemplates.h
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/specunpack.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/g2_unpack4.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/pngpack.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/g2_free.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/g2_addgrid.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/gridtemplates.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/g2_addfield.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/jpcpack.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/getpoly.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/dec_png.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/g2_unpack5.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/mkieee.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/enc_png.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/reduce.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/g2_unpack7.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/jpcunpack.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/drstemplates.h
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/g2_getfld.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/gbits.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/getdim.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/simunpack.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/g2_unpack6.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/misspack.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/pngunpack.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/g2_unpack2.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/pack_gp.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/seekgb.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/dec_jpeg2000.cpp
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/comunpack.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/int_power.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/gridtemplates.h
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/pdstemplates.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/specpack.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/g2_unpack3.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/compack.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/g2_gribend.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/g2_info.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/g2_addlocal.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/g2_create.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/g2_unpack1.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/g2_miss.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/simpack.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/rdieee.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/cmplxpack.c
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/grib2.h
Examining data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/drstemplates.c
Examining data/gdal-3.0.4+dfsg/frmts/xyz/xyzdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/sdts/sdtsiref.cpp
Examining data/gdal-3.0.4+dfsg/frmts/sdts/sdts2shp.cpp
Examining data/gdal-3.0.4+dfsg/frmts/sdts/sdtsdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/sdts/sdtslinereader.cpp
Examining data/gdal-3.0.4+dfsg/frmts/sdts/sdtsindexedreader.cpp
Examining data/gdal-3.0.4+dfsg/frmts/sdts/sdtsxref.cpp
Examining data/gdal-3.0.4+dfsg/frmts/sdts/sdtsattrreader.cpp
Examining data/gdal-3.0.4+dfsg/frmts/sdts/sdtspolygonreader.cpp
Examining data/gdal-3.0.4+dfsg/frmts/sdts/sdtslib.cpp
Examining data/gdal-3.0.4+dfsg/frmts/sdts/sdtstransfer.cpp
Examining data/gdal-3.0.4+dfsg/frmts/sdts/sdtspointreader.cpp
Examining data/gdal-3.0.4+dfsg/frmts/sdts/sdtscatd.cpp
Examining data/gdal-3.0.4+dfsg/frmts/sdts/sdtsrasterreader.cpp
Examining data/gdal-3.0.4+dfsg/frmts/sdts/sdts_al.h
Examining data/gdal-3.0.4+dfsg/frmts/aigrid/aigopen.c
Examining data/gdal-3.0.4+dfsg/frmts/aigrid/aigrid.h
Examining data/gdal-3.0.4+dfsg/frmts/aigrid/aigccitt.c
Examining data/gdal-3.0.4+dfsg/frmts/aigrid/aigdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/aigrid/gridlib.c
Examining data/gdal-3.0.4+dfsg/frmts/aigrid/aitest.c
Examining data/gdal-3.0.4+dfsg/frmts/rs2/rs2dataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pdf/pdfcreatefromcomposition.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pdf/pdfio.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pdf/pdfwritabledataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pdf/pdfreadvectors.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pdf/pdfio.h
Examining data/gdal-3.0.4+dfsg/frmts/pdf/ogrpdflayer.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pdf/pdfdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pdf/gdal_pdf.h
Examining data/gdal-3.0.4+dfsg/frmts/pdf/pdfsdk_headers.h
Examining data/gdal-3.0.4+dfsg/frmts/pdf/pdfobject.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pdf/pdfcreatefromcomposition.h
Examining data/gdal-3.0.4+dfsg/frmts/pdf/pdfcreatecopy.h
Examining data/gdal-3.0.4+dfsg/frmts/pdf/pdfobject.h
Examining data/gdal-3.0.4+dfsg/frmts/pdf/pdfcreatecopy.cpp
Examining data/gdal-3.0.4+dfsg/frmts/sde/sderasterband.h
Examining data/gdal-3.0.4+dfsg/frmts/sde/sdedataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/sde/gdal_sde.h
Examining data/gdal-3.0.4+dfsg/frmts/sde/sdedataset.h
Examining data/gdal-3.0.4+dfsg/frmts/sde/sdeerror.cpp
Examining data/gdal-3.0.4+dfsg/frmts/sde/sderasterband.cpp
Examining data/gdal-3.0.4+dfsg/frmts/sde/sdeerror.h
Examining data/gdal-3.0.4+dfsg/frmts/ctg/ctgdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/png/pngdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/png/libpng/pngread.c
Examining data/gdal-3.0.4+dfsg/frmts/png/libpng/pngwutil.c
Examining data/gdal-3.0.4+dfsg/frmts/png/libpng/pngrtran.c
Examining data/gdal-3.0.4+dfsg/frmts/png/libpng/pngvcrd.c
Examining data/gdal-3.0.4+dfsg/frmts/png/libpng/pngpread.c
Examining data/gdal-3.0.4+dfsg/frmts/png/libpng/pngerror.c
Examining data/gdal-3.0.4+dfsg/frmts/png/libpng/pnggccrd.c
Examining data/gdal-3.0.4+dfsg/frmts/png/libpng/png.c
Examining data/gdal-3.0.4+dfsg/frmts/png/libpng/pngwrite.c
Examining data/gdal-3.0.4+dfsg/frmts/png/libpng/pngwio.c
Examining data/gdal-3.0.4+dfsg/frmts/png/libpng/pngtrans.c
Examining data/gdal-3.0.4+dfsg/frmts/png/libpng/pngrutil.c
Examining data/gdal-3.0.4+dfsg/frmts/png/libpng/pngwtran.c
Examining data/gdal-3.0.4+dfsg/frmts/png/libpng/pngconf.h
Examining data/gdal-3.0.4+dfsg/frmts/png/libpng/pngget.c
Examining data/gdal-3.0.4+dfsg/frmts/png/libpng/pngrio.c
Examining data/gdal-3.0.4+dfsg/frmts/png/libpng/pngmem.c
Examining data/gdal-3.0.4+dfsg/frmts/png/libpng/png.h
Examining data/gdal-3.0.4+dfsg/frmts/png/libpng/pngset.c
Examining data/gdal-3.0.4+dfsg/frmts/png/pngdataset.h
Examining data/gdal-3.0.4+dfsg/frmts/l1b/l1bdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/leveller/levellerdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/arg/argdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/map/mapdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/pcrasterutil.h
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/gnrcols.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/vsdef.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/kernlcsf.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/reseterr.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/angle.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/putsomec.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/ismv.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/csfsup.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/wattrblk.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/ruseas.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/_gsomece.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/mopen.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/csfattr.h
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/setvtmv.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/rcoords.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/puty0.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/gversion.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/putx0.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/delattr.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/_getrow.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/pmaxval.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/vsis.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/pminval.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/ggisfid.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/legend.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/gety0.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/dumconv.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/create2.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/rrowcol.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/getx0.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/csf.h
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/file.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/endian.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/_rputrow.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/gattrblk.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/pvalscal.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/csfimpl.h
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/vs2.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/swapio.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/mperror.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/csftypes.h
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/csfglob.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/_getcell.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/rextend.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/attrsize.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/_putcell.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/rattrblk.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/gproj.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/vsvers.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/gnrrows.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/cellsize.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/setmv.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/gattridx.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/gputproj.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/pgisfid.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/pcrtypes.h
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/moreattr.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/strconst.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/gcellrep.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/gdattype.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/strpad.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/gvartype.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/filename.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/rcomp.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/attravai.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/trackmm.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/rmalloc.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/putattr.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/getattr.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/rdup2.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/mclose.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/setangle.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/putallmv.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/gmaxval.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/gminval.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/gvalscal.c
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/pcrasterrasterband.h
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/pcrasterdataset.h
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/pcrastermisc.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/pcrasterutil.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/pcrasterdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pcraster/pcrasterrasterband.cpp
Examining data/gdal-3.0.4+dfsg/frmts/jpipkak/jpipkakdataset.h
Examining data/gdal-3.0.4+dfsg/frmts/jpipkak/jpipkakdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/jpipkak/jpipkak_headers.h
Examining data/gdal-3.0.4+dfsg/frmts/wmts/wmtsdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/cosar/cosar_dataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/bmp/bmpdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/elas/elasdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.h
Examining data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfwriterconfig.cpp
Examining data/gdal-3.0.4+dfsg/frmts/netcdf/netcdflayer.cpp
Examining data/gdal-3.0.4+dfsg/frmts/netcdf/gmtdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfuffd.h
Examining data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/ecw/jp2userbox.cpp
Examining data/gdal-3.0.4+dfsg/frmts/ecw/ecwdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/ecw/gdal_ecw.h
Examining data/gdal-3.0.4+dfsg/frmts/ecw/ecwasyncreader.cpp
Examining data/gdal-3.0.4+dfsg/frmts/ecw/ecwcreatecopy.cpp
Examining data/gdal-3.0.4+dfsg/frmts/ecw/ecwsdk_headers.h
Examining data/gdal-3.0.4+dfsg/frmts/tsx/tsxdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/ers/ershdrnode.cpp
Examining data/gdal-3.0.4+dfsg/frmts/ers/ersdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/ers/ershdrnode.h
Examining data/gdal-3.0.4+dfsg/frmts/nitf/nitfrasterband.cpp
Examining data/gdal-3.0.4+dfsg/frmts/nitf/nitfdump.c
Examining data/gdal-3.0.4+dfsg/frmts/nitf/rpftocdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/nitf/nitfdes.c
Examining data/gdal-3.0.4+dfsg/frmts/nitf/mgrs.c
Examining data/gdal-3.0.4+dfsg/frmts/nitf/rpftoclib.h
Examining data/gdal-3.0.4+dfsg/frmts/nitf/nitfwritejpeg_12.cpp
Examining data/gdal-3.0.4+dfsg/frmts/nitf/rpftocfile.cpp
Examining data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c
Examining data/gdal-3.0.4+dfsg/frmts/nitf/nitfwritejpeg.cpp
Examining data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c
Examining data/gdal-3.0.4+dfsg/frmts/nitf/nitfbilevel.cpp
Examining data/gdal-3.0.4+dfsg/frmts/nitf/ecrgtocdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/nitf/nitflib.h
Examining data/gdal-3.0.4+dfsg/frmts/nitf/mgrs.h
Examining data/gdal-3.0.4+dfsg/frmts/nitf/nitfaridpcm.cpp
Examining data/gdal-3.0.4+dfsg/frmts/nitf/nitf_gcprpc.cpp
Examining data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.h
Examining data/gdal-3.0.4+dfsg/frmts/jpegls/jpegls_header.h
Examining data/gdal-3.0.4+dfsg/frmts/jpegls/jpeglsdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/gif/gifdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/gif/gifabstractdataset.h
Examining data/gdal-3.0.4+dfsg/frmts/gif/biggifdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/gif/giflib/gif_lib_private.h
Examining data/gdal-3.0.4+dfsg/frmts/gif/giflib/gif_hash.h
Examining data/gdal-3.0.4+dfsg/frmts/gif/giflib/dgif_lib.c
Examining data/gdal-3.0.4+dfsg/frmts/gif/giflib/gif_lib.h
Examining data/gdal-3.0.4+dfsg/frmts/gif/giflib/egif_lib.c
Examining data/gdal-3.0.4+dfsg/frmts/gif/giflib/gif_hash.c
Examining data/gdal-3.0.4+dfsg/frmts/gif/giflib/gif_err.c
Examining data/gdal-3.0.4+dfsg/frmts/gif/giflib/gifalloc.c
Examining data/gdal-3.0.4+dfsg/frmts/gif/gifabstractdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/srtmhgt/srtmhgtdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/jdem/jdemdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/rasterlite/rasterlitedataset.h
Examining data/gdal-3.0.4+dfsg/frmts/rasterlite/rasterlitecreatecopy.cpp
Examining data/gdal-3.0.4+dfsg/frmts/rasterlite/rasterliteoverviews.cpp
Examining data/gdal-3.0.4+dfsg/frmts/rasterlite/rasterlitedataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/bpg/bpgdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp
Examining data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdemdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/dted/dted_create.c
Examining data/gdal-3.0.4+dfsg/frmts/dted/dted_ptstream.c
Examining data/gdal-3.0.4+dfsg/frmts/dted/dted_api.h
Examining data/gdal-3.0.4+dfsg/frmts/dted/dteddataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c
Examining data/gdal-3.0.4+dfsg/frmts/dted/dted_test.c
Examining data/gdal-3.0.4+dfsg/frmts/terragen/terragendataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/gff/gff_dataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/gsg/gs7bgdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/gsg/gsbgdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/gsg/gsagdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/airsar/airsardataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/rik/rikdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/coasp/coasp_dataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/jp2kak/jp2kakdataset.h
Examining data/gdal-3.0.4+dfsg/frmts/jp2kak/vsil_target.h
Examining data/gdal-3.0.4+dfsg/frmts/jp2kak/jp2kak_headers.h
Examining data/gdal-3.0.4+dfsg/frmts/jp2kak/jp2kakdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/jp2kak/subfile_source.h
Examining data/gdal-3.0.4+dfsg/frmts/bsb/bsb_read.h
Examining data/gdal-3.0.4+dfsg/frmts/bsb/bsb2raw.c
Examining data/gdal-3.0.4+dfsg/frmts/bsb/bsb_read.c
Examining data/gdal-3.0.4+dfsg/frmts/bsb/bsbdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/zlib/gzio.c
Examining data/gdal-3.0.4+dfsg/frmts/zlib/infback.c
Examining data/gdal-3.0.4+dfsg/frmts/zlib/trees.h
Examining data/gdal-3.0.4+dfsg/frmts/zlib/inflate.c
Examining data/gdal-3.0.4+dfsg/frmts/zlib/deflate.c
Examining data/gdal-3.0.4+dfsg/frmts/zlib/zutil.c
Examining data/gdal-3.0.4+dfsg/frmts/zlib/inffast.c
Examining data/gdal-3.0.4+dfsg/frmts/zlib/zconf.h
Examining data/gdal-3.0.4+dfsg/frmts/zlib/inftrees.c
Examining data/gdal-3.0.4+dfsg/frmts/zlib/crc32.c
Examining data/gdal-3.0.4+dfsg/frmts/zlib/compress.c
Examining data/gdal-3.0.4+dfsg/frmts/zlib/adler32.c
Examining data/gdal-3.0.4+dfsg/frmts/zlib/zutil.h
Examining data/gdal-3.0.4+dfsg/frmts/zlib/trees.c
Examining data/gdal-3.0.4+dfsg/frmts/zlib/inflate.h
Examining data/gdal-3.0.4+dfsg/frmts/zlib/deflate.h
Examining data/gdal-3.0.4+dfsg/frmts/zlib/uncompr.c
Examining data/gdal-3.0.4+dfsg/frmts/zlib/inftrees.h
Examining data/gdal-3.0.4+dfsg/frmts/zlib/crc32.h
Examining data/gdal-3.0.4+dfsg/frmts/zlib/inffixed.h
Examining data/gdal-3.0.4+dfsg/frmts/zlib/zlib.h
Examining data/gdal-3.0.4+dfsg/frmts/zlib/inffast.h
Examining data/gdal-3.0.4+dfsg/frmts/msg/msgdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/msg/reflectancecalculator.h
Examining data/gdal-3.0.4+dfsg/frmts/msg/xritheaderparser.h
Examining data/gdal-3.0.4+dfsg/frmts/msg/msgcommand.cpp
Examining data/gdal-3.0.4+dfsg/frmts/msg/reflectancecalculator.cpp
Examining data/gdal-3.0.4+dfsg/frmts/msg/PublicDecompWT_headers.h
Examining data/gdal-3.0.4+dfsg/frmts/msg/prologue.cpp
Examining data/gdal-3.0.4+dfsg/frmts/msg/msgdataset.h
Examining data/gdal-3.0.4+dfsg/frmts/msg/xritheaderparser.cpp
Examining data/gdal-3.0.4+dfsg/frmts/msg/msgcommand.h
Examining data/gdal-3.0.4+dfsg/frmts/msg/PublicDecompWT_all.cpp
Examining data/gdal-3.0.4+dfsg/frmts/msg/prologue.h
Examining data/gdal-3.0.4+dfsg/frmts/jpeg2000/jpeg2000_vsil_io.h
Examining data/gdal-3.0.4+dfsg/frmts/jpeg2000/jpeg2000_vsil_io.cpp
Examining data/gdal-3.0.4+dfsg/frmts/jpeg2000/jpeg2000dataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/vsidataio_12.cpp
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/vsidataio.h
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/vsidataio.cpp
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/jpgdataset.h
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/jpgdataset_12.cpp
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/jpgdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jdapistd.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jdhuff.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jutils.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jmemansi.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jidctred.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jidctint.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jversion.h
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jmemmgr.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jdcoefct.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jconfig.h
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jquant2.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jfdctfst.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jerror.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jdinput.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jdmarker.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jcmainct.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jdtrans.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jcparam.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jcdctmgr.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jccolor.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jdatasrc.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jchuff.h
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jdsample.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jinclude.h
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jidctflt.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jcphuff.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jdmerge.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jpegint.h
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jcmaster.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jdapimin.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jcomapi.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jquant1.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jcinit.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jdatadst.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jcprepct.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jdct.h
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jidctfst.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jccoefct.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jfdctint.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jcapistd.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jdhuff.h
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jmorecfg.h
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jfdctflt.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jpeglib.h
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jdphuff.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jcapimin.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jdmaster.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jmemsys.h
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jdcolor.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jdmainct.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jctrans.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jcmarker.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jchuff.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jerror.h
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jcsample.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jdpostct.c
Examining data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jddctmgr.c
Examining data/gdal-3.0.4+dfsg/frmts/hdf5/hdf5vfl.h
Examining data/gdal-3.0.4+dfsg/frmts/hdf5/bagdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/hdf5/iso19115_srs.cpp
Examining data/gdal-3.0.4+dfsg/frmts/hdf5/gh5_convenience.h
Examining data/gdal-3.0.4+dfsg/frmts/hdf5/hdf5dataset.h
Examining data/gdal-3.0.4+dfsg/frmts/hdf5/gh5_convenience.cpp
Examining data/gdal-3.0.4+dfsg/frmts/hdf5/hdf5_api.h
Examining data/gdal-3.0.4+dfsg/frmts/hdf5/iso19115_srs.h
Examining data/gdal-3.0.4+dfsg/frmts/hdf5/hdf5dataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/hdf5/hdf5imagedataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/ingr/IntergraphDataset.h
Examining data/gdal-3.0.4+dfsg/frmts/ingr/IngrTypes.h
Examining data/gdal-3.0.4+dfsg/frmts/ingr/IngrTypes.cpp
Examining data/gdal-3.0.4+dfsg/frmts/ingr/IntergraphDataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/ingr/IntergraphBand.cpp
Examining data/gdal-3.0.4+dfsg/frmts/ingr/IntergraphBand.h
Examining data/gdal-3.0.4+dfsg/frmts/ingr/JpegHelper.cpp
Examining data/gdal-3.0.4+dfsg/frmts/ingr/JpegHelper.h
Examining data/gdal-3.0.4+dfsg/frmts/derived/derivedlist.h
Examining data/gdal-3.0.4+dfsg/frmts/derived/deriveddataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/derived/derivedlist.c
Examining data/gdal-3.0.4+dfsg/frmts/grass/grass57dataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/grass/grassdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/eeda/eeda.h
Examining data/gdal-3.0.4+dfsg/frmts/eeda/eedacommon.cpp
Examining data/gdal-3.0.4+dfsg/frmts/eeda/eedadataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/eeda/eedaidataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/r/rdataset.h
Examining data/gdal-3.0.4+dfsg/frmts/r/rdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/r/rcreatecopy.cpp
Examining data/gdal-3.0.4+dfsg/frmts/saga/sagadataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/kmlsuperoverlay/kmlsuperoverlaydataset.h
Examining data/gdal-3.0.4+dfsg/frmts/kmlsuperoverlay/kmlsuperoverlaydataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/fits/fitsdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/tiledb/tiledb_headers.h
Examining data/gdal-3.0.4+dfsg/frmts/tiledb/tiledbdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pds/pds4dataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pds/nasakeywordhandler.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pds/nasakeywordhandler.h
Examining data/gdal-3.0.4+dfsg/frmts/pds/pds4dataset.h
Examining data/gdal-3.0.4+dfsg/frmts/pds/vicarkeywordhandler.h
Examining data/gdal-3.0.4+dfsg/frmts/pds/vicardataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pds/pds4vector.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pds/pdsdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pds/vicarkeywordhandler.cpp
Examining data/gdal-3.0.4+dfsg/frmts/pds/isis2dataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/plmosaic/plmosaicdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/blx/blx.c
Examining data/gdal-3.0.4+dfsg/frmts/blx/blxdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/blx/blx.h
Examining data/gdal-3.0.4+dfsg/frmts/idrisi/IdrisiDataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/idrisi/idrisi.h
Examining data/gdal-3.0.4+dfsg/frmts/ceos/ceosopen.h
Examining data/gdal-3.0.4+dfsg/frmts/ceos/ceosdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/ceos/ceostest.c
Examining data/gdal-3.0.4+dfsg/frmts/ceos/ceosopen.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/tif_lerc.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/gtiff.h
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/tif_float.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_swab.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_packbits.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_close.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_zstd.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_vsi.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_luv.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_aux.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_strip.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_print.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_tile.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tiff.h
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_fax3.h
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_flush.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_predict.h
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/uvcode.h
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_pixarlog.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_compress.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_ojpeg.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_dir.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_dirwrite.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_dirinfo.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_open.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tiffio.h
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_warning.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_webp.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_dirread.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_codec.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_lzw.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_error.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_jpeg_12.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_jpeg.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_config.h
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_write.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tiffiop.h
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_thunder.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_zip.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tiffconf.h
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tiffvers.h
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_getimage.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_dumpmode.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_dir.h
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_fax3sm.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_extension.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/t4.h
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/gdal_libtiff_symbol_rename.h
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_version.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_next.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_fax3.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_read.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_predict.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_lzma.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_color.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs_for_gdal.h
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/xtiffio.h
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_keyp.h
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_trans.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/xtiff.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_simpletags.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_config.h
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_get.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geovalues.h
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_extra.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geonames.h
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff.h
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_new.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_set.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_print.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_tiffp.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/cpl_serv.h
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_free.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geokeys.h
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_simpletags.h
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_tiffp.h
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_names.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_write.c
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/gdal_libgeotiff_symbol_rename.h
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.h
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiffio.h
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/gt_jpeg_copy.cpp
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/gt_overview.h
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/tif_lerc.h
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/tif_float.h
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs_priv.h
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.h
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/tifvsi.h
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.h
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/tifvsi.cpp
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/gt_overview.cpp
Examining data/gdal-3.0.4+dfsg/frmts/gtiff/gt_jpeg_copy.h
Examining data/gdal-3.0.4+dfsg/frmts/mrsid_lidar/gdal_MG4Lidar.cpp
Examining data/gdal-3.0.4+dfsg/frmts/mrsid_lidar/mg4lidar_headers.h
Examining data/gdal-3.0.4+dfsg/frmts/cals/calsdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/safe/safedataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/iso8211/ddfrecord.cpp
Examining data/gdal-3.0.4+dfsg/frmts/iso8211/iso8211.h
Examining data/gdal-3.0.4+dfsg/frmts/iso8211/8211dump.cpp
Examining data/gdal-3.0.4+dfsg/frmts/iso8211/ddfutils.cpp
Examining data/gdal-3.0.4+dfsg/frmts/iso8211/8211view.cpp
Examining data/gdal-3.0.4+dfsg/frmts/iso8211/ddfmodule.cpp
Examining data/gdal-3.0.4+dfsg/frmts/iso8211/ddfsubfielddefn.cpp
Examining data/gdal-3.0.4+dfsg/frmts/iso8211/ddffielddefn.cpp
Examining data/gdal-3.0.4+dfsg/frmts/iso8211/8211createfromxml.cpp
Examining data/gdal-3.0.4+dfsg/frmts/iso8211/mkcatalog.cpp
Examining data/gdal-3.0.4+dfsg/frmts/iso8211/ddffield.cpp
Examining data/gdal-3.0.4+dfsg/frmts/iso8211/timetest.cpp
Examining data/gdal-3.0.4+dfsg/frmts/epsilon/epsilondataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/jaxapalsar/jaxapalsardataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/aaigrid/aaigriddataset.h
Examining data/gdal-3.0.4+dfsg/frmts/aaigrid/aaigriddataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/ilwis/ilwisdataset.h
Examining data/gdal-3.0.4+dfsg/frmts/ilwis/ilwisdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/ilwis/ilwiscoordinatesystem.cpp
Examining data/gdal-3.0.4+dfsg/frmts/ignfheightasciigrid/ignfheightasciigrid.cpp
Examining data/gdal-3.0.4+dfsg/frmts/envisat/adsrange.cpp
Examining data/gdal-3.0.4+dfsg/frmts/envisat/records.c
Examining data/gdal-3.0.4+dfsg/frmts/envisat/adsrange.hpp
Examining data/gdal-3.0.4+dfsg/frmts/envisat/timedelta.hpp
Examining data/gdal-3.0.4+dfsg/frmts/envisat/unwrapgcps.cpp
Examining data/gdal-3.0.4+dfsg/frmts/envisat/EnvisatFile.c
Examining data/gdal-3.0.4+dfsg/frmts/envisat/records.h
Examining data/gdal-3.0.4+dfsg/frmts/envisat/dumpgeo.c
Examining data/gdal-3.0.4+dfsg/frmts/envisat/envisat_dump.c
Examining data/gdal-3.0.4+dfsg/frmts/envisat/EnvisatFile.h
Examining data/gdal-3.0.4+dfsg/frmts/envisat/envisatdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/ozi/ozidataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/kea/keadriver.cpp
Examining data/gdal-3.0.4+dfsg/frmts/kea/keaband.h
Examining data/gdal-3.0.4+dfsg/frmts/kea/keaband.cpp
Examining data/gdal-3.0.4+dfsg/frmts/kea/keacopy.cpp
Examining data/gdal-3.0.4+dfsg/frmts/kea/kearat.cpp
Examining data/gdal-3.0.4+dfsg/frmts/kea/keaoverview.h
Examining data/gdal-3.0.4+dfsg/frmts/kea/libkea_headers.h
Examining data/gdal-3.0.4+dfsg/frmts/kea/kearat.h
Examining data/gdal-3.0.4+dfsg/frmts/kea/keadataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/kea/keaoverview.cpp
Examining data/gdal-3.0.4+dfsg/frmts/kea/keamaskband.cpp
Examining data/gdal-3.0.4+dfsg/frmts/kea/keadataset.h
Examining data/gdal-3.0.4+dfsg/frmts/kea/keacopy.h
Examining data/gdal-3.0.4+dfsg/frmts/kea/keamaskband.h
Examining data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/null/nulldataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/mem/memdataset.h
Examining data/gdal-3.0.4+dfsg/frmts/mem/memdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/gxf/gxfopen.c
Examining data/gdal-3.0.4+dfsg/frmts/gxf/gxfdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/gxf/gxf_proj4.c
Examining data/gdal-3.0.4+dfsg/frmts/gxf/gxfopen.h
Examining data/gdal-3.0.4+dfsg/frmts/gxf/gxf_ogcwkt.c
Examining data/gdal-3.0.4+dfsg/frmts/dimap/dimapdataset.cpp
Examining data/gdal-3.0.4+dfsg/frmts/dds/ddsdataset.cpp
Examining data/gdal-3.0.4+dfsg/third_party/LercLib/Huffman.cpp
Examining data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc_c_api.h
Examining data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc_types.h
Examining data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc2.cpp
Examining data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc.cpp
Examining data/gdal-3.0.4+dfsg/third_party/LercLib/Defines.h
Examining data/gdal-3.0.4+dfsg/third_party/LercLib/BitStuffer2.h
Examining data/gdal-3.0.4+dfsg/third_party/LercLib/RLE.cpp
Examining data/gdal-3.0.4+dfsg/third_party/LercLib/BitStuffer2.cpp
Examining data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc_c_api_impl.cpp
Examining data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc.h
Examining data/gdal-3.0.4+dfsg/third_party/LercLib/BitMask.cpp
Examining data/gdal-3.0.4+dfsg/third_party/LercLib/Huffman.h
Examining data/gdal-3.0.4+dfsg/third_party/LercLib/RLE.h
Examining data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc2.h
Examining data/gdal-3.0.4+dfsg/third_party/LercLib/BitMask.h
Examining data/gdal-3.0.4+dfsg/apps/gdal_contour.cpp
Examining data/gdal-3.0.4+dfsg/apps/gdalflattenmask.c
Examining data/gdal-3.0.4+dfsg/apps/gnmmanage.cpp
Examining data/gdal-3.0.4+dfsg/apps/gnmanalyse.cpp
Examining data/gdal-3.0.4+dfsg/apps/dumpoverviews.cpp
Examining data/gdal-3.0.4+dfsg/apps/ogrtindex.cpp
Examining data/gdal-3.0.4+dfsg/apps/gdalinfo_lib.cpp
Examining data/gdal-3.0.4+dfsg/apps/gdalbuildvrt_lib.cpp
Examining data/gdal-3.0.4+dfsg/apps/multireadtest.cpp
Examining data/gdal-3.0.4+dfsg/apps/ogr2ogr_bin.cpp
Examining data/gdal-3.0.4+dfsg/apps/gdalserver.cpp
Examining data/gdal-3.0.4+dfsg/apps/commonutils.h
Examining data/gdal-3.0.4+dfsg/apps/gdalwarp_bin.cpp
Examining data/gdal-3.0.4+dfsg/apps/ogrdissolve.cpp
Examining data/gdal-3.0.4+dfsg/apps/gdaldem_bin.cpp
Examining data/gdal-3.0.4+dfsg/apps/gdaltorture.cpp
Examining data/gdal-3.0.4+dfsg/apps/gdaltransform.cpp
Examining data/gdal-3.0.4+dfsg/apps/gdalmanage.cpp
Examining data/gdal-3.0.4+dfsg/apps/commonutils.cpp
Examining data/gdal-3.0.4+dfsg/apps/gdal_rasterize_lib.cpp
Examining data/gdal-3.0.4+dfsg/apps/gdaltindex.cpp
Examining data/gdal-3.0.4+dfsg/apps/gdalenhance.cpp
Examining data/gdal-3.0.4+dfsg/apps/ogrinfo.cpp
Examining data/gdal-3.0.4+dfsg/apps/ogrlineref.cpp
Examining data/gdal-3.0.4+dfsg/apps/nearblack_bin.cpp
Examining data/gdal-3.0.4+dfsg/apps/gdal_grid_lib.cpp
Examining data/gdal-3.0.4+dfsg/apps/gdal_translate_lib.cpp
Examining data/gdal-3.0.4+dfsg/apps/testreprojmulti.cpp
Examining data/gdal-3.0.4+dfsg/apps/gdal_utils.h
Examining data/gdal-3.0.4+dfsg/apps/gdalwarpsimple.c
Examining data/gdal-3.0.4+dfsg/apps/gdal_translate_bin.cpp
Examining data/gdal-3.0.4+dfsg/apps/gdal_grid_bin.cpp
Examining data/gdal-3.0.4+dfsg/apps/nearblack_lib.cpp
Examining data/gdal-3.0.4+dfsg/apps/test_ogrsf.cpp
Examining data/gdal-3.0.4+dfsg/apps/gdal_rasterize_bin.cpp
Examining data/gdal-3.0.4+dfsg/apps/gdaladdo.cpp
Examining data/gdal-3.0.4+dfsg/apps/gdal_utils_priv.h
Examining data/gdal-3.0.4+dfsg/apps/gdaldem_lib.cpp
Examining data/gdal-3.0.4+dfsg/apps/gdal2ogr.c
Examining data/gdal-3.0.4+dfsg/apps/gdalwarp_lib.cpp
Examining data/gdal-3.0.4+dfsg/apps/ogr2ogr_lib.cpp
Examining data/gdal-3.0.4+dfsg/apps/gdalbuildvrt_bin.cpp
Examining data/gdal-3.0.4+dfsg/apps/testepsg.cpp
Examining data/gdal-3.0.4+dfsg/apps/gdalsrsinfo.cpp
Examining data/gdal-3.0.4+dfsg/apps/gdalinfo_bin.cpp
Examining data/gdal-3.0.4+dfsg/apps/gdallocationinfo.cpp
Examining data/gdal-3.0.4+dfsg/apps/gdalasyncread.cpp
Examining data/gdal-3.0.4+dfsg/fuzzers/gdal_translate_fuzzer.cpp
Examining data/gdal-3.0.4+dfsg/fuzzers/gdal_fuzzer.cpp
Examining data/gdal-3.0.4+dfsg/fuzzers/osr_set_from_user_input_fuzzer.cpp
Examining data/gdal-3.0.4+dfsg/fuzzers/fuzzingengine.cpp
Examining data/gdal-3.0.4+dfsg/fuzzers/gml_geom_import_fuzzer.cpp
Examining data/gdal-3.0.4+dfsg/fuzzers/wkb_import_fuzzer.cpp
Examining data/gdal-3.0.4+dfsg/fuzzers/wkt_import_fuzzer.cpp
Examining data/gdal-3.0.4+dfsg/fuzzers/ogr_fuzzer.cpp
Examining data/gdal-3.0.4+dfsg/fuzzers/tests/test_ogr_fuzzer.cpp
Examining data/gdal-3.0.4+dfsg/fuzzers/tests/test_osr_set_from_user_input_fuzzer.cpp
Examining data/gdal-3.0.4+dfsg/fuzzers/tests/test_gdal_fuzzer.cpp
Examining data/gdal-3.0.4+dfsg/fuzzers/tests/test_wkb_import_fuzzer.cpp
Examining data/gdal-3.0.4+dfsg/fuzzers/tests/test_wkt_import_fuzzer.cpp
Examining data/gdal-3.0.4+dfsg/fuzzers/get_jpeg2000_structure_fuzzer.cpp
Examining data/gdal-3.0.4+dfsg/fuzzers/spatialite_geom_import_fuzzer.cpp
Examining data/gdal-3.0.4+dfsg/fuzzers/gdal_vector_translate_fuzzer.cpp
Examining data/gdal-3.0.4+dfsg/gnm/gnm_frmts/gnmregisterall.cpp
Examining data/gdal-3.0.4+dfsg/gnm/gnm_frmts/db/gnmdbdriver.cpp
Examining data/gdal-3.0.4+dfsg/gnm/gnm_frmts/db/gnmdb.h
Examining data/gdal-3.0.4+dfsg/gnm/gnm_frmts/db/gnmdbnetwork.cpp
Examining data/gdal-3.0.4+dfsg/gnm/gnm_frmts/gnm_frmts.h
Examining data/gdal-3.0.4+dfsg/gnm/gnm_frmts/file/gnmfiledriver.cpp
Examining data/gdal-3.0.4+dfsg/gnm/gnm_frmts/file/gnmfilenetwork.cpp
Examining data/gdal-3.0.4+dfsg/gnm/gnm_frmts/file/gnmfile.h
Examining data/gdal-3.0.4+dfsg/gnm/gnm_priv.h
Examining data/gdal-3.0.4+dfsg/gnm/gnmnetwork.cpp
Examining data/gdal-3.0.4+dfsg/gnm/gnm_api.h
Examining data/gdal-3.0.4+dfsg/gnm/gnmrule.cpp
Examining data/gdal-3.0.4+dfsg/gnm/gnmresultlayer.cpp
Examining data/gdal-3.0.4+dfsg/gnm/gnmlayer.cpp
Examining data/gdal-3.0.4+dfsg/gnm/gnm.h
Examining data/gdal-3.0.4+dfsg/gnm/gnmgraph.h
Examining data/gdal-3.0.4+dfsg/gnm/gnmgraph.cpp
Examining data/gdal-3.0.4+dfsg/gnm/gnmgenericnetwork.cpp
Examining data/gdal-3.0.4+dfsg/alg/gdalwarpkernel_opencl.cpp
Examining data/gdal-3.0.4+dfsg/alg/gdallinearsystem.cpp
Examining data/gdal-3.0.4+dfsg/alg/gdalmatching.cpp
Examining data/gdal-3.0.4+dfsg/alg/gdal_rpc.cpp
Examining data/gdal-3.0.4+dfsg/alg/gdalrasterpolygonenumerator.cpp
Examining data/gdal-3.0.4+dfsg/alg/gdal_simplesurf.h
Examining data/gdal-3.0.4+dfsg/alg/gdalgridavx.cpp
Examining data/gdal-3.0.4+dfsg/alg/gdaldither.cpp
Examining data/gdal-3.0.4+dfsg/alg/gdalpansharpen.h
Examining data/gdal-3.0.4+dfsg/alg/gdalsimplewarp.cpp
Examining data/gdal-3.0.4+dfsg/alg/gdalrasterize.cpp
Examining data/gdal-3.0.4+dfsg/alg/gdalproximity.cpp
Examining data/gdal-3.0.4+dfsg/alg/gdaltransformer.cpp
Examining data/gdal-3.0.4+dfsg/alg/gvgcpfit.h
Examining data/gdal-3.0.4+dfsg/alg/gdal_alg.h
Examining data/gdal-3.0.4+dfsg/alg/gdal_simplesurf.cpp
Examining data/gdal-3.0.4+dfsg/alg/gdalcutline.cpp
Examining data/gdal-3.0.4+dfsg/alg/gdal_tps.cpp
Examining data/gdal-3.0.4+dfsg/alg/internal_libqhull/random.c
Examining data/gdal-3.0.4+dfsg/alg/internal_libqhull/rboxlib.c
Examining data/gdal-3.0.4+dfsg/alg/internal_libqhull/userprintf_rbox.c
Examining data/gdal-3.0.4+dfsg/alg/internal_libqhull/mem.c
Examining data/gdal-3.0.4+dfsg/alg/internal_libqhull/libqhull.h
Examining data/gdal-3.0.4+dfsg/alg/internal_libqhull/io.h
Examining data/gdal-3.0.4+dfsg/alg/internal_libqhull/qset.c
Examining data/gdal-3.0.4+dfsg/alg/internal_libqhull/stat.h
Examining data/gdal-3.0.4+dfsg/alg/internal_libqhull/qhull_a.h
Examining data/gdal-3.0.4+dfsg/alg/internal_libqhull/poly.c
Examining data/gdal-3.0.4+dfsg/alg/internal_libqhull/merge.h
Examining data/gdal-3.0.4+dfsg/alg/internal_libqhull/user.h
Examining data/gdal-3.0.4+dfsg/alg/internal_libqhull/geom.c
Examining data/gdal-3.0.4+dfsg/alg/internal_libqhull/geom2.c
Examining data/gdal-3.0.4+dfsg/alg/internal_libqhull/libqhull.c
Examining data/gdal-3.0.4+dfsg/alg/internal_libqhull/random.h
Examining data/gdal-3.0.4+dfsg/alg/internal_libqhull/global.c
Examining data/gdal-3.0.4+dfsg/alg/internal_libqhull/mem.h
Examining data/gdal-3.0.4+dfsg/alg/internal_libqhull/userprintf.c
Examining data/gdal-3.0.4+dfsg/alg/internal_libqhull/poly.h
Examining data/gdal-3.0.4+dfsg/alg/internal_libqhull/merge.c
Examining data/gdal-3.0.4+dfsg/alg/internal_libqhull/geom.h
Examining data/gdal-3.0.4+dfsg/alg/internal_libqhull/user.c
Examining data/gdal-3.0.4+dfsg/alg/internal_libqhull/poly2.c
Examining data/gdal-3.0.4+dfsg/alg/internal_libqhull/qset.h
Examining data/gdal-3.0.4+dfsg/alg/internal_libqhull/stat.c
Examining data/gdal-3.0.4+dfsg/alg/internal_libqhull/usermem.c
Examining data/gdal-3.0.4+dfsg/alg/internal_libqhull/io.c
Examining data/gdal-3.0.4+dfsg/alg/gdal_alg_priv.h
Examining data/gdal-3.0.4+dfsg/alg/polygonize.cpp
Examining data/gdal-3.0.4+dfsg/alg/gdalpansharpen.cpp
Examining data/gdal-3.0.4+dfsg/alg/gdalwarpkernel_opencl.h
Examining data/gdal-3.0.4+dfsg/alg/gdalwarpoperation.cpp
Examining data/gdal-3.0.4+dfsg/alg/thinplatespline.cpp
Examining data/gdal-3.0.4+dfsg/alg/contour.cpp
Examining data/gdal-3.0.4+dfsg/alg/gdal_octave.cpp
Examining data/gdal-3.0.4+dfsg/alg/rasterfill.cpp
Examining data/gdal-3.0.4+dfsg/alg/llrasterize.cpp
Examining data/gdal-3.0.4+dfsg/alg/gdalgeoloc.cpp
Examining data/gdal-3.0.4+dfsg/alg/gdalmediancut.cpp
Examining data/gdal-3.0.4+dfsg/alg/gdalsievefilter.cpp
Examining data/gdal-3.0.4+dfsg/alg/gdalchecksum.cpp
Examining data/gdal-3.0.4+dfsg/alg/gdalapplyverticalshiftgrid.cpp
Examining data/gdal-3.0.4+dfsg/alg/thinplatespline.h
Examining data/gdal-3.0.4+dfsg/alg/internal_qhull_headers.h
Examining data/gdal-3.0.4+dfsg/alg/gdallinearsystem.h
Examining data/gdal-3.0.4+dfsg/alg/gdal_crs.cpp
Examining data/gdal-3.0.4+dfsg/alg/gdalgrid_priv.h
Examining data/gdal-3.0.4+dfsg/alg/delaunay.c
Examining data/gdal-3.0.4+dfsg/alg/gdalgrid.h
Examining data/gdal-3.0.4+dfsg/alg/gdaltransformgeolocs.cpp
Examining data/gdal-3.0.4+dfsg/alg/gdalgridsse.cpp
Examining data/gdal-3.0.4+dfsg/alg/gdalwarper.cpp
Examining data/gdal-3.0.4+dfsg/alg/gdalwarpkernel.cpp
Examining data/gdal-3.0.4+dfsg/alg/gdalwarper.h
Examining data/gdal-3.0.4+dfsg/alg/gdalgrid.cpp
Examining data/gdal-3.0.4+dfsg/alg/marching_squares/segment_merger.h
Examining data/gdal-3.0.4+dfsg/alg/marching_squares/utility.h
Examining data/gdal-3.0.4+dfsg/alg/marching_squares/contour_generator.h
Examining data/gdal-3.0.4+dfsg/alg/marching_squares/square.h
Examining data/gdal-3.0.4+dfsg/alg/marching_squares/polygon_ring_appender.h
Examining data/gdal-3.0.4+dfsg/alg/marching_squares/level_generator.h
Examining data/gdal-3.0.4+dfsg/alg/marching_squares/point.h
Examining data/gdal-3.0.4+dfsg/gcore/gdalmultidomainmetadata.cpp
Examining data/gdal-3.0.4+dfsg/gcore/gdalgeorefpamdataset.cpp
Examining data/gdal-3.0.4+dfsg/gcore/gdalgeorefpamdataset.h
Examining data/gdal-3.0.4+dfsg/gcore/gdaldrivermanager.cpp
Examining data/gdal-3.0.4+dfsg/gcore/gdal_pam.h
Examining data/gdal-3.0.4+dfsg/gcore/rasterio.cpp
Examining data/gdal-3.0.4+dfsg/gcore/gdaljp2structure.cpp
Examining data/gdal-3.0.4+dfsg/gcore/gdalnodatamaskband.cpp
Examining data/gdal-3.0.4+dfsg/gcore/gdalallvalidmaskband.cpp
Examining data/gdal-3.0.4+dfsg/gcore/gdal.h
Examining data/gdal-3.0.4+dfsg/gcore/gdalpamproxydb.cpp
Examining data/gdal-3.0.4+dfsg/gcore/gdalpamdataset.cpp
Examining data/gdal-3.0.4+dfsg/gcore/rasterio_ssse3.cpp
Examining data/gdal-3.0.4+dfsg/gcore/gdaljp2metadatagenerator.cpp
Examining data/gdal-3.0.4+dfsg/gcore/gdalrescaledalphaband.cpp
Examining data/gdal-3.0.4+dfsg/gcore/gdaldefaultoverviews.cpp
Examining data/gdal-3.0.4+dfsg/gcore/gdalcolortable.cpp
Examining data/gdal-3.0.4+dfsg/gcore/gdal_rat.h
Examining data/gdal-3.0.4+dfsg/gcore/gdaljp2metadatagenerator.h
Examining data/gdal-3.0.4+dfsg/gcore/gdalrasterband.cpp
Examining data/gdal-3.0.4+dfsg/gcore/gdal_proxy.h
Examining data/gdal-3.0.4+dfsg/gcore/gdalopeninfo.cpp
Examining data/gdal-3.0.4+dfsg/gcore/gdalhashsetbandblockcache.cpp
Examining data/gdal-3.0.4+dfsg/gcore/gdaljp2abstractdataset.cpp
Examining data/gdal-3.0.4+dfsg/gcore/rawdataset.h
Examining data/gdal-3.0.4+dfsg/gcore/gdal_misc.cpp
Examining data/gdal-3.0.4+dfsg/gcore/gdaldllmain.cpp
Examining data/gdal-3.0.4+dfsg/gcore/gdaloverviewdataset.cpp
Examining data/gdal-3.0.4+dfsg/gcore/gdal_frmts.h
Examining data/gdal-3.0.4+dfsg/gcore/gdal_priv_templates.hpp
Examining data/gdal-3.0.4+dfsg/gcore/gdaljp2metadata.cpp
Examining data/gdal-3.0.4+dfsg/gcore/gdal_mdreader.h
Examining data/gdal-3.0.4+dfsg/gcore/gdalpamrasterband.cpp
Examining data/gdal-3.0.4+dfsg/gcore/gdalrasterblock.cpp
Examining data/gdal-3.0.4+dfsg/gcore/gdalnodatavaluesmaskband.cpp
Examining data/gdal-3.0.4+dfsg/gcore/gdal_priv.h
Examining data/gdal-3.0.4+dfsg/gcore/gdalarraybandblockcache.cpp
Examining data/gdal-3.0.4+dfsg/gcore/gdaljp2metadata.h
Examining data/gdal-3.0.4+dfsg/gcore/rawdataset.cpp
Examining data/gdal-3.0.4+dfsg/gcore/gdalexif.h
Examining data/gdal-3.0.4+dfsg/gcore/overview.cpp
Examining data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp
Examining data/gdal-3.0.4+dfsg/gcore/gdaldataset.cpp
Examining data/gdal-3.0.4+dfsg/gcore/gdal_rat.cpp
Examining data/gdal-3.0.4+dfsg/gcore/gdal_mdreader.cpp
Examining data/gdal-3.0.4+dfsg/gcore/gdaldriver.cpp
Examining data/gdal-3.0.4+dfsg/gcore/gdalmajorobject.cpp
Examining data/gdal-3.0.4+dfsg/gcore/gdalclientserver.cpp
Examining data/gdal-3.0.4+dfsg/gcore/gdaljp2abstractdataset.h
Examining data/gdal-3.0.4+dfsg/gcore/gdalvirtualmem.cpp
Examining data/gdal-3.0.4+dfsg/gcore/gdalabstractbandblockcache.cpp
Examining data/gdal-3.0.4+dfsg/gcore/gdaldefaultasync.cpp
Examining data/gdal-3.0.4+dfsg/gcore/gdalproxypool.cpp
Examining data/gdal-3.0.4+dfsg/gcore/gdalsse_priv.h
Examining data/gdal-3.0.4+dfsg/gcore/gdal_avx2_emulation.hpp
Examining data/gdal-3.0.4+dfsg/gcore/gdalproxydataset.cpp
Examining data/gdal-3.0.4+dfsg/gcore/mdreader/reader_orb_view.cpp
Examining data/gdal-3.0.4+dfsg/gcore/mdreader/reader_rdk1.cpp
Examining data/gdal-3.0.4+dfsg/gcore/mdreader/reader_digital_globe.cpp
Examining data/gdal-3.0.4+dfsg/gcore/mdreader/reader_orb_view.h
Examining data/gdal-3.0.4+dfsg/gcore/mdreader/reader_alos.h
Examining data/gdal-3.0.4+dfsg/gcore/mdreader/reader_digital_globe.h
Examining data/gdal-3.0.4+dfsg/gcore/mdreader/reader_pleiades.h
Examining data/gdal-3.0.4+dfsg/gcore/mdreader/reader_alos.cpp
Examining data/gdal-3.0.4+dfsg/gcore/mdreader/reader_rapid_eye.h
Examining data/gdal-3.0.4+dfsg/gcore/mdreader/reader_spot.cpp
Examining data/gdal-3.0.4+dfsg/gcore/mdreader/reader_spot.h
Examining data/gdal-3.0.4+dfsg/gcore/mdreader/reader_geo_eye.cpp
Examining data/gdal-3.0.4+dfsg/gcore/mdreader/reader_rdk1.h
Examining data/gdal-3.0.4+dfsg/gcore/mdreader/reader_kompsat.cpp
Examining data/gdal-3.0.4+dfsg/gcore/mdreader/reader_pleiades.cpp
Examining data/gdal-3.0.4+dfsg/gcore/mdreader/reader_landsat.h
Examining data/gdal-3.0.4+dfsg/gcore/mdreader/reader_geo_eye.h
Examining data/gdal-3.0.4+dfsg/gcore/mdreader/reader_landsat.cpp
Examining data/gdal-3.0.4+dfsg/gcore/mdreader/reader_kompsat.h
Examining data/gdal-3.0.4+dfsg/gcore/mdreader/reader_rapid_eye.cpp
Examining data/gdal-3.0.4+dfsg/gcore/mdreader/reader_eros.cpp
Examining data/gdal-3.0.4+dfsg/gcore/mdreader/reader_eros.h
Examining data/gdal-3.0.4+dfsg/gcore/gdaljp2box.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_multiproc.h
Examining data/gdal-3.0.4+dfsg/port/cpl_vsil_s3.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_findfile.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_auto_close.h
Examining data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_minizip_ioapi.h
Examining data/gdal-3.0.4+dfsg/port/cpl_quad_tree.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_vsil_plugin.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_vsil_curl_streaming.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_virtualmem.h
Examining data/gdal-3.0.4+dfsg/port/cpl_hash_set.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_http.h
Examining data/gdal-3.0.4+dfsg/port/cpl_azure.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_vsil_simple.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_vsil_cache.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_list.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_vsil_swift.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_cpu_features.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_vsil_stdin.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_vsil_stdout.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_vsil.cpp
Examining data/gdal-3.0.4+dfsg/port/cplstringlist.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_minixml.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_atomic_ops.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_csv.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_multiproc.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_swift.h
Examining data/gdal-3.0.4+dfsg/port/cpl_vsil_win32.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_hash_set.h
Examining data/gdal-3.0.4+dfsg/port/cpl_userfaultfd.h
Examining data/gdal-3.0.4+dfsg/port/cpl_json_header.h
Examining data/gdal-3.0.4+dfsg/port/cpl_google_cloud.h
Examining data/gdal-3.0.4+dfsg/port/cpl_string.h
Examining data/gdal-3.0.4+dfsg/port/cpl_worker_thread_pool.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_json.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_vsil_gs.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_spawn.h
Examining data/gdal-3.0.4+dfsg/port/cpl_vsil_unix_stdio_64.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_progress.h
Examining data/gdal-3.0.4+dfsg/port/cpl_mem_cache.h
Examining data/gdal-3.0.4+dfsg/port/cplkeywordparser.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_time.cpp
Examining data/gdal-3.0.4+dfsg/port/xmlreformat.cpp
Examining data/gdal-3.0.4+dfsg/port/cplkeywordparser.h
Examining data/gdal-3.0.4+dfsg/port/cpl_md5.h
Examining data/gdal-3.0.4+dfsg/port/cpl_vsi_error.h
Examining data/gdal-3.0.4+dfsg/port/cpl_vsil_buffered_reader.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_json.h
Examining data/gdal-3.0.4+dfsg/port/cpl_xml_validate.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_atomic_ops.h
Examining data/gdal-3.0.4+dfsg/port/cpl_vsi.h
Examining data/gdal-3.0.4+dfsg/port/cpl_vsil_curl_class.h
Examining data/gdal-3.0.4+dfsg/port/cpl_config_extras.h
Examining data/gdal-3.0.4+dfsg/port/cpl_vsil_webhdfs.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_odbc.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_vsil_plugin.h
Examining data/gdal-3.0.4+dfsg/port/cpl_vsil_tar.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_vsil_hdfs.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_recode_stub.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_recode.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_vsil_curl_priv.h
Examining data/gdal-3.0.4+dfsg/port/cpl_minizip_zip.h
Examining data/gdal-3.0.4+dfsg/port/cpl_path.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_csv.h
Examining data/gdal-3.0.4+dfsg/port/cpl_conv.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_error.h
Examining data/gdal-3.0.4+dfsg/port/cpl_vsisimple.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_aws.h
Examining data/gdal-3.0.4+dfsg/port/cpl_azure.h
Examining data/gdal-3.0.4+dfsg/port/cpl_md5.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_vsil_abstract_archive.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_quad_tree.h
Examining data/gdal-3.0.4+dfsg/port/cpl_minizip_unzip.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_userfaultfd.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_http.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_recode_iconv.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_strtod.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_odbc.h
Examining data/gdal-3.0.4+dfsg/port/cpl_conv.h
Examining data/gdal-3.0.4+dfsg/port/cpl_safemaths.hpp
Examining data/gdal-3.0.4+dfsg/port/cpl_google_oauth2.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_minizip_ioapi.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_time.h
Examining data/gdal-3.0.4+dfsg/port/cpl_vsil_az.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_vsil_crypt.cpp
Examining data/gdal-3.0.4+dfsg/port/gdal_csv.h
Examining data/gdal-3.0.4+dfsg/port/cpl_string.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_sha256.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_cpu_features.h
Examining data/gdal-3.0.4+dfsg/port/cpl_sha1.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_alibaba_oss.h
Examining data/gdal-3.0.4+dfsg/port/cpl_vsil_sparsefile.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_google_cloud.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_minixml.h
Examining data/gdal-3.0.4+dfsg/port/cpl_worker_thread_pool.h
Examining data/gdal-3.0.4+dfsg/port/cpl_sha1.h
Examining data/gdal-3.0.4+dfsg/port/cpl_spawn.cpp
Examining data/gdal-3.0.4+dfsg/port/cplgetsymbol.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_vsi_mem.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_port.h
Examining data/gdal-3.0.4+dfsg/port/vsipreload.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_error.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_vsi_virtual.h
Examining data/gdal-3.0.4+dfsg/port/cpl_json_streaming_parser.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_json_streaming_parser.h
Examining data/gdal-3.0.4+dfsg/port/cpl_vsil_subfile.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_progress.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_vsil_oss.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_minizip_unzip.h
Examining data/gdal-3.0.4+dfsg/port/cpl_aws.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_minizip_zip.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_list.h
Examining data/gdal-3.0.4+dfsg/port/cpl_vsi_error.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_vsil_gzip.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_swift.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_base64.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_alibaba_oss.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_virtualmem.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_getexecpath.cpp
Examining data/gdal-3.0.4+dfsg/port/cplstring.cpp
Examining data/gdal-3.0.4+dfsg/port/cpl_sha256.h
Examining data/gdal-3.0.4+dfsg/swig/java/add_javadoc.c
Examining data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp
Examining data/gdal-3.0.4+dfsg/swig/python/extensions/gdalconst_wrap.c
Examining data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp
Examining data/gdal-3.0.4+dfsg/swig/python/extensions/gnm_wrap.cpp
Examining data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_array_wrap.cpp
Examining data/gdal-3.0.4+dfsg/swig/python/extensions/osr_wrap.cpp
Examining data/gdal-3.0.4+dfsg/swig/perl/gnm_wrap.cpp
Examining data/gdal-3.0.4+dfsg/swig/perl/osr_wrap.cpp
Examining data/gdal-3.0.4+dfsg/swig/perl/ogr_wrap.cpp
Examining data/gdal-3.0.4+dfsg/swig/perl/gdalconst_wrap.c
Examining data/gdal-3.0.4+dfsg/swig/perl/gdal_wrap.cpp

FINAL RESULTS:

data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:859:35:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
    int nBytes = static_cast<int>(readlink(pszFilename, szPointerFilename,
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:2257:35:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
    int nBytes = static_cast<int>(readlink(pszFilename, szPointerFilename,
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:2345:35:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
    int nBytes = static_cast<int>(readlink(pszFilename, szPointerFilename,
data/gdal-3.0.4+dfsg/frmts/vrt/vrtdataset.cpp:786:17:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
                readlink( currentVrtFilename,
data/gdal-3.0.4+dfsg/frmts/vrt/vrtderivedrasterband.cpp:380:29:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
                            readlink( osPythonBinary, szPointerFilename,
data/gdal-3.0.4+dfsg/gcore/gdalopeninfo.cpp:323:17:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
                readlink( pszFilename, szPointerFilename, nBufSize ) );
data/gdal-3.0.4+dfsg/port/cpl_getexecpath.cpp:102:26:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
    ssize_t nResultLen = readlink( osExeLink, pszPathBuf, nMaxLength );
data/gdal-3.0.4+dfsg/alg/gdalpansharpen.cpp:1203:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        snprintf(szBuffer1, sizeof(szBuffer1), "PIXELOFFSET=" CPL_FRMT_GIB,
data/gdal-3.0.4+dfsg/alg/gdalpansharpen.cpp:1205:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        snprintf(szBuffer2, sizeof(szBuffer2), "LINEOFFSET=" CPL_FRMT_GIB,
data/gdal-3.0.4+dfsg/alg/internal_libqhull/global.c:2029:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(buf, "  %s", option);
data/gdal-3.0.4+dfsg/alg/internal_libqhull/random.c:52:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(command, s);
data/gdal-3.0.4+dfsg/alg/internal_libqhull/random.c:84:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(command, s);
data/gdal-3.0.4+dfsg/alg/internal_libqhull/rboxlib.c:353:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(t+1, t+3); /* remove " t " */
data/gdal-3.0.4+dfsg/alg/internal_libqhull/userprintf.c:58:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(fp, fmt, args);
data/gdal-3.0.4+dfsg/alg/internal_libqhull/userprintf_rbox.c:50:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(fp, fmt, args);
data/gdal-3.0.4+dfsg/apps/gdal2ogr.c:188:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(pszDstFilenameCSVT, pszDstFilename);
data/gdal-3.0.4+dfsg/apps/gdal_translate_bin.cpp:333:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy( pszSubDest, osTemp.c_str() );
data/gdal-3.0.4+dfsg/apps/gdalinfo_lib.cpp:170:9:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        vfprintf(stdout, pszFormat, args );
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:332:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(str, pszStr);
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:344:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf( str, size+1, formatStr, val);
data/gdal-3.0.4+dfsg/frmts/blx/blx.h:126:19:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define BLXdebug0 printf
data/gdal-3.0.4+dfsg/frmts/blx/blx.h:127:19:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define BLXdebug1 printf
data/gdal-3.0.4+dfsg/frmts/blx/blx.h:128:19:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define BLXdebug2 printf
data/gdal-3.0.4+dfsg/frmts/blx/blx.h:129:19:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define BLXerror0 printf
data/gdal-3.0.4+dfsg/frmts/blx/blx.h:130:20:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define BLXnotice1 printf
data/gdal-3.0.4+dfsg/frmts/blx/blx.h:131:20:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define BLXnotice2 printf
data/gdal-3.0.4+dfsg/frmts/ceos2/ceos.c:267:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf( temp_buf, field_size+1, szPrintfFormat, *(int *) value);
data/gdal-3.0.4+dfsg/frmts/ceos2/ceos.c:274:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf( temp_buf, field_size+1, szPrintfFormat, *(double *)value);
data/gdal-3.0.4+dfsg/frmts/ceos2/ceos.c:281:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf( temp_buf, field_size+1, szPrintfFormat, *(double *)value);
data/gdal-3.0.4+dfsg/frmts/ceos2/sar_ceosdataset.cpp:1719:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
                snprintf( szMadeBasename, sizeof(szMadeBasename),
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:115:13:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
            fprintf( stderr,
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:161:16:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
               fprintf( stderr,
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:179:13:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
            fprintf( stderr,
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:216:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        fprintf( stderr,
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:264:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        fprintf( stderr,
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:496:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        fprintf( stderr,
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:521:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        fprintf( stderr,
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:550:17:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
                fprintf( stderr,
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:609:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        fprintf( stderr,
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:624:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        fprintf( stderr,
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:657:21:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
                    fprintf( stderr,
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:693:17:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
                fprintf( stderr,
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:707:13:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
            fprintf( stderr,
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:739:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        fprintf( stderr,
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:791:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        fprintf( stderr,
data/gdal-3.0.4+dfsg/frmts/dted/dted_create.c:82:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf( (char*)achField + nOffset, nTargetLenSize - nOffset,
data/gdal-3.0.4+dfsg/frmts/envisat/EnvisatFile.c:1074:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf( string_value, sizeof(string_value), format, value );
data/gdal-3.0.4+dfsg/frmts/envisat/EnvisatFile.c:1190:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        snprintf( string_value, sizeof(string_value), format, value );
data/gdal-3.0.4+dfsg/frmts/envisat/envisatdataset.cpp:705:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy( szTrimmedName, pszFilename );
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:569:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
         strcpy (buffer, MonthName[month - 1]);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:572:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
         strcpy (buffer, DayName[(4 + totDay) % 7]);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:576:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
         strcpy (buffer, MonthName[month - 1]);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:580:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
         strcpy (buffer, DayName[(4 + totDay) % 7]);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:613:10:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
         strcat (buffer, temp);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:617:10:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
         strcat (buffer, temp);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:625:10:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
         strcat (buffer, temp);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:629:10:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
         strcat (buffer, temp);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:637:10:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
         strcat (buffer, temp);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:641:10:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
         strcat (buffer, temp);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:645:10:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
         strcat (buffer, temp);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:653:10:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
         strcat (buffer, temp);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:676:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy (buffer, temp);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1412:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy (buffer, MonthName[mon - 1]);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1440:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy (buffer, MonthName[mon - 1]);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib1.cpp:779:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy (inv->element, varName);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib1.cpp:1995:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy (meta->element, varName);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/hazard.c:808:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (haz->english[i], buffer);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/hazard.c:923:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (haz->english[0], data);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3428:19:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                  strcpy (*name, NDFD_Override[i].NDFDname);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3430:19:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                  strcpy (*comment, table[subcat].comment);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3459:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy (*name, table[subcat].name);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3461:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy (*comment, table[subcat].comment);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3497:16:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
               strcpy (*name, local[i].name);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3499:16:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
               strcpy (*comment, local[i].comment);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3581:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy (*unit, overrideUnit);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaparse.cpp:46:8:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef printf
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaparse.cpp:47:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define printf debug_printf
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaparse.cpp:492:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy (Wx->data[Wx->dataLen - 1], buffer);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaparse.cpp:527:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (Wx->data[Wx->dataLen - 1], buffer);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaparse.cpp:617:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy (Hazard->data[Hazard->dataLen - 1], buffer);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaparse.cpp:652:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (Hazard->data[Hazard->dataLen - 1], buffer);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaprint.cpp:775:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf (buffer, "%d %s", sect4->Interval[i].lenTime,
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaprint.cpp:780:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf (buffer, "%d %s", sect4->Interval[i].timeIncr,
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaprint.cpp:816:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf (buffer, "%d %s", sect4->Interval[i].lenTime,
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaprint.cpp:821:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf (buffer, "%d %s", sect4->Interval[i].timeIncr,
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaprint.cpp:872:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf (buffer, "%d %s", sect4->Interval[i].lenTime,
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaprint.cpp:877:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf (buffer, "%d %s", sect4->Interval[i].timeIncr,
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaprint.cpp:924:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf (buffer, "%d %s", sect4->Interval[i].lenTime,
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaprint.cpp:929:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf (buffer, "%d %s", sect4->Interval[i].timeIncr,
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaprint.cpp:1120:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf (buffer, "'%10s'", pds1->cluster.Member);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myerror.c:127:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
         strcpy (buffer + ipos, p1);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myerror.c:169:22:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
                     sprintf (bufpart, format, va_arg (ap, sInt4));
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myerror.c:183:22:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
                     sprintf (bufpart, format, va_arg (ap, int));
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myerror.c:192:16:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
               sprintf (bufpart, format, va_arg (ap, double));
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myerror.c:200:16:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
               sprintf (bufpart, format, va_arg (ap, double));
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myerror.c:208:16:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
               sprintf (bufpart, format, va_arg (ap, double));
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myerror.c:242:22:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                     strcpy (buffer + ipos, *Sval);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myerror.c:444:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat (preBuffer, errBuffer);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myerror.c:536:13:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
            strcat (buff, warnBuff);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myerror.c:550:13:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
            strcat (warnBuff, buff);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:194:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
         strcpy (argv[argc], head);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:516:10:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
         sprintf (argv[argc], "%s/%s", dirName, dp->d_name);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:622:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy (*tail, ptr);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/tdlpack.cpp:441:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy (*element, pds->Descriptor);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/weather.c:2265:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(target + target_length, string_to_append);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/weather.c:2310:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy (ugly->english[i], buffer);
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:15544:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(szOpeningFlag, bAppend ? "r+" : "w+");
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:18867:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat( pszModFmt, fmt );
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:267:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy (name, pStr);
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp:2370:13:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
            strcat(outPeStr, pszPEString);
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_config.h:9:8:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
#ifdef sprintf
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_config.h:10:8:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
#undef sprintf
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_config.h:12:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
#define sprintf CPLsprintf
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_names.c:224:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf(gtif->szTmpBufferForGTIFValueNameEx,
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_new.c:39:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr, msg, list);
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c:142:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf(szEPSGName, "%s / UTM zone %d%c",
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c:2751:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf( szFormat, "%%3dd%%2d\'%%%d.%df\"%s",
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c:2753:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf( szBuffer, szFormat, nDegrees, nMinutes, dfSeconds );
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_print.c:68:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(message,FMT_GEOTIFF "\n");
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_print.c:70:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(message, FMT_VERSION,gtif->gt_version);
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_print.c:72:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(message, FMT_REV,gtif->gt_rev_major,
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_print.c:76:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(message,"   %s\n",FMT_TAGS); print(message,aux);
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_print.c:78:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(message,"      %s\n",FMT_TAGEND); print(message,aux);
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_print.c:80:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(message,"   %s\n",FMT_KEYS); print(message,aux);
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_print.c:86:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(message,"      %s\n",FMT_KEYEND); print(message,aux);
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_print.c:88:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(message,"   %s\n",FMT_GEOEND); print(message,aux);
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_print.c:124:4:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
			sprintf(message,FMT_DOUBLE,*data++);
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_print.c:149:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(message," (%s,%d): ",GTIFTypeName(key->gk_type),count);
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_print.c:206:17:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
                sprintf(message,FMT_DOUBLE ,*dptr);
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_print.c:229:21:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
                    sprintf(message,FMT_SHORT,*sptr);
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_print.c:277:10:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
    if (!sscanf(message,FMT_VERSION,(short unsigned*)&gtif->gt_version)) return 0;
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_print.c:279:9:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
    if (sscanf(message,FMT_REV,(short unsigned*)&gtif->gt_rev_major,
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1364:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat( szProjection, szUnits );
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_compress.c:209:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(cd->info->name, name);
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_extension.c:105:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(psLink->name, name);
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_getimage.c:110:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(emsg, "Missing needed %s tag", photoTag);
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_getimage.c:121:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(emsg,
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_getimage.c:145:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(emsg, "Sorry, can not handle RGB image with %s=%d",
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_getimage.c:155:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
					sprintf(emsg,
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_getimage.c:161:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
					sprintf(emsg,
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_getimage.c:170:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(emsg, "Sorry, LogL data must have %s=%d",
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_getimage.c:178:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(emsg, "Sorry, LogLuv data must have %s=%d or %d",
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_getimage.c:183:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(emsg, "Sorry, can not handle LogLuv images with %s=%d",
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_getimage.c:188:33:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                                sprintf(emsg,
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_getimage.c:197:33:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                                sprintf(emsg,
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_getimage.c:206:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(emsg, "Sorry, can not handle image with %s=%d",
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_getimage.c:354:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(emsg, "Missing needed %s tag", photoTag);
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_getimage.c:386:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(emsg,
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_getimage.c:423:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(emsg, "Sorry, can not handle RGB image with %s=%d",
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_getimage.c:433:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
					sprintf(emsg, "Sorry, can not handle separated image with %s=%d",
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_getimage.c:438:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
					sprintf(emsg, "Sorry, can not handle separated image with %s=%d",
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_getimage.c:446:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(emsg, "Sorry, LogL data must have %s=%d",
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_getimage.c:456:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(emsg, "Sorry, LogLuv data must have %s=%d or %d",
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_getimage.c:461:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(emsg, "Sorry, can not handle LogLuv images with %s=%d",
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_getimage.c:472:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(emsg, "Sorry, can not handle image with %s=%d",
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_ojpeg.c:624:4:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			fprintf(fd," " TIFF_UINT64_FORMAT,(TIFF_UINT64_T)sp->qtable_offset[m]);
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_ojpeg.c:631:4:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			fprintf(fd," " TIFF_UINT64_FORMAT,(TIFF_UINT64_T)sp->dctable_offset[m]);
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_ojpeg.c:638:4:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			fprintf(fd," " TIFF_UINT64_FORMAT,(TIFF_UINT64_T)sp->actable_offset[m]);
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_open.c:124:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(tif->tif_name, name);
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_vsi.c:206:2:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	vfprintf(stderr, fmt, ap);
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_vsi.c:216:2:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	vfprintf(stderr, fmt, ap);
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tiffiop.h:59:8:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#undef snprintf
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tiffiop.h:60:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define snprintf _TIFF_snprintf_f
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tiffiop.h:61:12:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
extern int snprintf(char* str, size_t size, const char* format, ...);
data/gdal-3.0.4+dfsg/frmts/gtiff/tifvsi.cpp:323:10:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    char access[32] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/gtiff/tifvsi.cpp:333:13:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
            access[a_out++] = mode[i];
data/gdal-3.0.4+dfsg/frmts/gtiff/tifvsi.cpp:334:13:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
            access[a_out] = '\0';
data/gdal-3.0.4+dfsg/frmts/gtiff/tifvsi.cpp:344:13:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    strcat( access, "b" );
data/gdal-3.0.4+dfsg/frmts/gxf/gxf_ogcwkt.c:649:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy( szWKT, szGCS );
data/gdal-3.0.4+dfsg/frmts/gxf/gxfopen.c:139:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(pszTmp, papszReturn[nReturnLineCount-1]);
data/gdal-3.0.4+dfsg/frmts/gxf/gxfopen.c:143:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(pszTmp + (strlen(papszReturn[nReturnLineCount-1]) - 1), pszTrimmedLine);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:91:35:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
EHopen(const char *filename, intn access)
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:137:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access != DFACC_READ)
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:169:14:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	    switch (access)
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:375:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		    strcat(errbuf, filename);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:414:39:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		HEreport("Access Code: %d (%s).\n", access, filename);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:496:11:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	 uint8 * access)
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:625:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(filename, fname);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:665:21:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    uint8           access;	/* Access code */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:676:67:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    status = EHchkfid(fid, "EHgetversion", &dum, &sdInterfaceID, &access);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1129:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(liststr, dstr);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1177:21:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        const char *access)
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1234:38:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		    id = Vattach(fid, *(refs + i), access);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1264:39:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		    id = VSattach(fid, *(refs + i), access);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1339:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(tempdimlist, dimlist);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:2036:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(utlstr, colon2 + 1);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:2042:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(utlstr, utlstr2);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:2098:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(utlstr, colon2 + 1);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:2104:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(utlstr, utlstr2);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:2192:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(utlstr, colon + 1);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:2267:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(utlstr, metastr);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:2277:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(utlstr, metastr);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:2286:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(utlstr, metastr);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:2295:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(utlstr, metastr);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:2417:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(retstr, parameter);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:3310:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(attrnames, name);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:3314:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(attrnames, name);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:3431:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(objectlist, name);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:3435:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		    strcat(objectlist, name);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:1075:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(projparmbuf, utlbuf);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2033:7:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
		    sscanf(&utlstr[1], fmt,
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2664:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(dimlist, dimstr);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2808:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(errmsg, errmsg1);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2809:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(errmsg, errmsg2);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2865:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(dimbuf, dimlist);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2869:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(dimbuf, dimlist);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2875:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(dimbuf, dimlist);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2882:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dimlist0, dimbuf);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2958:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(utlbuf, dimcheck);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2963:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		    strcat(utlbuf, dimcheck);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:3081:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		    strcat(GDXSDname, fieldname);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:3128:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		    strcat(GDXSDdims, dimlist0);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:3191:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		    strcat(utlbuf, gridname);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:3354:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		    strcat(utlbuf2, parmbuf);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:3364:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		    strcat(utlbuf2, parmbuf);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:3367:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(utlbuf, utlbuf2);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:3393:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		    strcat(utlbuf2, parmbuf);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:3396:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(utlbuf, utlbuf2);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:4486:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(dimnames, utlstr);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:4661:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(fieldlist, utlstr);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:4836:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(utlstr, &valName[0][0]);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:5004:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(name, fieldname);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:5075:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(name, fieldname);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:5484:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(utlbuf, nambuf);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:5491:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(utlbuf, nambuf);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:5535:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(dimbuf2, gridname);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:8804:21:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                    strcpy(GDXRegion[i]->DimNamePtr[j],GDXRegion[oldregionID]->DimNamePtr[j]);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:409:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(utlbuf, utlbuf2);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:1646:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(dimlist, dimstr);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2232:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dimbuf, dimlist);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2274:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(utlbuf, dimcheck);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2279:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		    strcat(utlbuf, dimcheck);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2448:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(utlbuf, fieldname);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2561:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(SWXSDname, fieldname);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2607:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(SWXSDdims, dimlist);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2642:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(utlbuf, swathname);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2736:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		    strcat(utlbuf2, compparmbuf);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2746:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		    strcat(utlbuf2, compparmbuf);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2751:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(utlbuf, utlbuf2);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:3419:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(dimnames, utlstr);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:3569:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(dimmaps, utlstr);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:3576:8:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			    strcat(dimmaps, utlstr);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:3735:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(idxmaps, utlstr);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:3753:8:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			    strcat(idxmaps, utlstr);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:3930:8:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			    strcat(utlstr, utlstr2);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:3947:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(fieldlist, utlstr);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:4273:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(utlstr, &valName[0][0]);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:6029:16:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        (void) strcpy(geodim,dimlist);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:7080:23:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                      strcpy(geodim, tgeodim);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:7103:23:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                      strcpy(geodim,dimlist);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:7104:23:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                      strcpy(dimlist,dgeodim);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:8294:19:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                  strcpy(geodim, tgeodim);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:8319:23:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                      strcpy(geodim,dimlist);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:8320:23:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                      strcpy(dimlist,dgeodim);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:9514:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
       strcpy(tfieldname, dfieldlist);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:9520:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
       strcpy(tfieldname, fieldname);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:9739:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(name, fieldname);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:9806:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(name, fieldname);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:10303:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(utlbuf, nambuf);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:10314:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(utlbuf, nambuf);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:10373:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(dimbuf2, swathname);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4dataset.cpp:180:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat( pszString, pszField );
data/gdal-3.0.4+dfsg/frmts/hdf5/hdf5dataset.cpp:853:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(szValue, osVal.c_str());
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:1367:21:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                    strcpy(&pachColData[nNewMaxChars*i], papszStrList[i]);
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:2380:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        snprintf(szBuf, 31, CPL_FRMT_GUIB, panHistValues[nBin]);
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:2392:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(pszBinValues + nBinValuesLen, szBuf);
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:3233:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(&pachColData[nMaxNumChars * i],
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:6046:21:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
                    strcat(pszBinValues + nBinValuesLen,
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:1778:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(psInfo->pszDictionary, aszDefaultDD[iChunk]);
data/gdal-3.0.4+dfsg/frmts/idrisi/IdrisiDataset.cpp:484:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy( pszNewLine, pszKey );
data/gdal-3.0.4+dfsg/frmts/idrisi/IdrisiDataset.cpp:485:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat( pszNewLine, pszSeparator );
data/gdal-3.0.4+dfsg/frmts/idrisi/IdrisiDataset.cpp:486:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat( pszNewLine, pszValue );
data/gdal-3.0.4+dfsg/frmts/idrisi/IdrisiDataset.cpp:919:13:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
            sscanf( poDS->papszRDC[++nLine], rdcCODE_N, &nCode );//assign legend cats to nCode
data/gdal-3.0.4+dfsg/frmts/idrisi/IdrisiDataset.cpp:929:25:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
                        sscanf( poDS->papszRDC[++nLine], rdcCODE_N, &nCode );
data/gdal-3.0.4+dfsg/frmts/idrisi/IdrisiDataset.cpp:2470:9:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
        sscanf( pszRefSystemLower, rstUTM, &nZone, &cNorth );
data/gdal-3.0.4+dfsg/frmts/idrisi/IdrisiDataset.cpp:2487:9:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
        sscanf( pszRefSystemLower, rstSPC, &nNAD, szState, &nZone );
data/gdal-3.0.4+dfsg/frmts/idrisi/IdrisiDataset.cpp:3309:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(pOutput, pInput);
data/gdal-3.0.4+dfsg/frmts/iso8211/ddffielddefn.cpp:127:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy( pszNewFormatControls, _formatControls );
data/gdal-3.0.4+dfsg/frmts/iso8211/ddffielddefn.cpp:132:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat( pszNewFormatControls, poNewSFDefn->GetFormat() );
data/gdal-3.0.4+dfsg/frmts/iso8211/ddffielddefn.cpp:150:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat( _arrayDescr, poNewSFDefn->GetName() );
data/gdal-3.0.4+dfsg/frmts/iso8211/ddffielddefn.cpp:655:13:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
            strcat( pszDest + iDst, pszExpandedContents );
data/gdal-3.0.4+dfsg/frmts/iso8211/ddffielddefn.cpp:716:17:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
                strcat( pszDest + iDst, pszExpandedContents );
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfmodule.cpp:468:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy( achDirEntry, papoFieldDefns[iField]->GetName() );
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfmodule.cpp:470:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        snprintf( achDirEntry + _sizeFieldTag, sizeof(achDirEntry) - _sizeFieldTag,
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfmodule.cpp:473:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        snprintf( achDirEntry + _sizeFieldTag + _sizeFieldLength,
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfrecord.cpp:1566:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        snprintf( pachData + nEntrySize * iField,
data/gdal-3.0.4+dfsg/frmts/jp2kak/jp2kakdataset.h:198:13:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
            strcat(m_pszError, string);
data/gdal-3.0.4+dfsg/frmts/jp2kak/vsil_target.h:47:46:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    void open(const char *fname, const char *access )
data/gdal-3.0.4+dfsg/frmts/jp2kak/vsil_target.h:50:38:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
            file = VSIFOpenL( fname, access );
data/gdal-3.0.4+dfsg/frmts/jp2lura/jp2luradataset.cpp:883:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
                snprintf(pcMsg, sizeof(pcMsg), \
data/gdal-3.0.4+dfsg/frmts/jp2lura/jp2luradataset.cpp:1385:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
                snprintf(pcMsg, sizeof(pcMsg), \
data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jerror.c:200:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(buffer, msgtext, err->msg_parm.s);
data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jerror.c:202:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(buffer, msgtext,
data/gdal-3.0.4+dfsg/frmts/jpeg2000/jpeg2000dataset.cpp:1077:21:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
                    strcat( pszOptionBuf, papszOptions[i] );
data/gdal-3.0.4+dfsg/frmts/jpipkak/jpipkakdataset.cpp:84:13:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
            strcat( m_pszError, string );
data/gdal-3.0.4+dfsg/frmts/kea/keaband.cpp:246:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        snprintf( szBuf, 31, CPL_FRMT_GUIB, (GUIntBig)pTable->GetValueAsDouble(nBin, nCol) );
data/gdal-3.0.4+dfsg/frmts/kea/keaband.cpp:259:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat( pszBinValues+nBinValuesLen, szBuf );
data/gdal-3.0.4+dfsg/frmts/kmlsuperoverlay/kmlsuperoverlaydataset.cpp:2294:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(sDesc.szExtJ, szExt);
data/gdal-3.0.4+dfsg/frmts/kmlsuperoverlay/kmlsuperoverlaydataset.cpp:2297:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(sDesc.szExtI, szExt);
data/gdal-3.0.4+dfsg/frmts/kmlsuperoverlay/kmlsuperoverlaydataset.cpp:2310:21:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                    strcpy(aosDescs[level-1].szExtJ, szExt);
data/gdal-3.0.4+dfsg/frmts/kmlsuperoverlay/kmlsuperoverlaydataset.cpp:2318:21:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                    strcpy(aosDescs[level-1].szExtI, szExt);
data/gdal-3.0.4+dfsg/frmts/l1b/l1bdataset.cpp:1406:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(szDatasetName, pszFilename);
data/gdal-3.0.4+dfsg/frmts/leveller/levellerdataset.cpp:518:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(ds.m_szElevUnits, psz);
data/gdal-3.0.4+dfsg/frmts/leveller/levellerdataset.cpp:1339:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(m_pszProjection, szWKT);
data/gdal-3.0.4+dfsg/frmts/msg/msgdataset.cpp:155:29:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    bool fPrologueExists = (access(sPrologueFileName.c_str(), 0) == 0);
data/gdal-3.0.4+dfsg/frmts/msg/msgdataset.cpp:162:26:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
      fPrologueExists = (access(sPrologueFileName.c_str(), 0) == 0);
data/gdal-3.0.4+dfsg/frmts/msg/msgdataset.cpp:168:28:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        fPrologueExists = (access(sPrologueFileName.c_str(), 0) == 0);
data/gdal-3.0.4+dfsg/frmts/msg/msgdataset.cpp:349:29:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    bool fPrologueExists = (access(sPrologueFileName.c_str(), 0) == 0);
data/gdal-3.0.4+dfsg/frmts/msg/msgdataset.cpp:356:26:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
      fPrologueExists = (access(sPrologueFileName.c_str(), 0) == 0);
data/gdal-3.0.4+dfsg/frmts/msg/msgdataset.cpp:362:28:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        fPrologueExists = (access(sPrologueFileName.c_str(), 0) == 0);
data/gdal-3.0.4+dfsg/frmts/msg/msgdataset.cpp:383:13:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    while ((access(input_file.c_str(), 0) != 0) && (iStrip <= poDSIn->command.iNrStrips(iChannel))) // compensate for missing strips
data/gdal-3.0.4+dfsg/frmts/msg/msgdataset.cpp:522:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access(strip_input_file.c_str(), 0) == 0) // does it exist?
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:1445:25:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
                        snprintf(szMetaTemp, sizeof(szMetaTemp), CPL_FRMT_GIB, nData);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:1454:25:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
                        snprintf(szMetaTemp, sizeof(szMetaTemp), CPL_FRMT_GUIB, unData);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:8894:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(pszNewHist, strtime);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:8895:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(pszNewHist, pszAddHist);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:8902:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(pszNewHist, pszOldHist);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:9186:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(*ppszDest, pszSrc);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:9844:13:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
            snprintf(szTemp, sizeof(szTemp), CPL_FRMT_GIB ",", pnTemp[m]);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:9847:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        snprintf(szTemp, sizeof(szTemp), CPL_FRMT_GIB, pnTemp[m]);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:9861:13:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
            snprintf(szTemp, sizeof(szTemp), CPL_FRMT_GUIB ",", pnTemp[m]);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:9864:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        snprintf(szTemp, sizeof(szTemp), CPL_FRMT_GUIB, pnTemp[m]);
data/gdal-3.0.4+dfsg/frmts/nitf/mgrs.c:720:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy (Ellipsoid_Code, MGRS_Ellipsoid_Code);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:2945:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(szUniqueTag, szTag);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:3003:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(szUniqueTag, szTREName);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdes.c:488:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(szTREName, szTRETempName);
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:2469:29:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
                            snprintf(szTmp, nTmpLen, pszMDSubPrefix, iIter + 1);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfrasterband.cpp:682:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy( psBandInfo->szIREPBAND, pszREP );
data/gdal-3.0.4+dfsg/frmts/nitf/nitfrasterband.cpp:692:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy( szPadded, pszREP );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/cpcidskfile.h:53:25:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
            std::string access, const PCIDSKInterfaces *interfaces );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/edb_pcidsk.cpp:74:82:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
EDBFile *PCIDSK::DefaultOpenEDB( const std::string& filename, const std::string& access )
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/edb_pcidsk.cpp:79:48:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    PCIDSKFile *file = PCIDSK::Open( filename, access, nullptr );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidsk_utils.cpp:600:9:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
    if( vsprintf( pszBuffer, fmt, args) > 29998 )
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidsk_utils.cpp:624:11:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    nPR = vsnprintf( szModestBuffer, sizeof(szModestBuffer), fmt, 
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidsk_utils.cpp:637:21:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        while( (nPR=vsnprintf( pszWorkBuffer, nWorkBufferSize, fmt, wrk_args))
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidskbuffer.cpp:256:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf( wrk, sizeof(wrk), fmt, value );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidskexception.cpp:140:9:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
    if( vsprintf( pszBuffer, fmt, args) > 29998 )
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidskexception.cpp:164:11:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    nPR = vsnprintf( szModestBuffer, sizeof(szModestBuffer), fmt, 
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidskexception.cpp:177:21:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        while( (nPR=vsnprintf( pszWorkBuffer, nWorkBufferSize, fmt, wrk_args))
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidskopen.cpp:57:61:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
PCIDSKFile *PCIDSK::Open( std::string filename, std::string access,
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidskopen.cpp:72:55:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    void *io_handle = interfaces->io->Open( filename, access );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidskopen.cpp:96:16:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if( strstr(access.c_str(),"+") != nullptr )
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/pcidsk.h:56:64:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
PCIDSKFile PCIDSK_DLL *Open( std::string filename, std::string access,  
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/pcidsk_config.h:109:20:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
#define CPLsprintf sprintf
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/pcidsk_config.h:110:21:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define CPLsnprintf snprintf
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/pcidsk_edb.h:63:59:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
                                       const std::string& access);    
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/pcidsk_interfaces.h:50:87:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        EDBFile           *(*OpenEDB)(const std::string& filename, const std::string& access);
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/pcidsk_io.h:47:65:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        virtual void   *Open( std::string filename, std::string access ) const = 0;
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/port/io_stdio.cpp:39:61:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    virtual void   *Open( std::string filename, std::string access ) const override;
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/port/io_stdio.cpp:81:59:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
StdioIOInterface::Open( std::string filename, std::string access ) const
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/port/io_stdio.cpp:84:35:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    std::string adjusted_access = access;
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/port/io_win32.cpp:41:61:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    virtual void   *Open( std::string filename, std::string access ) const override;
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/port/io_win32.cpp:74:59:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
Win32IOInterface::Open( std::string filename, std::string access ) const
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/port/io_win32.cpp:80:16:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if( strchr(access.c_str(),'+') != NULL || strchr(access.c_str(),'w') != 0 )
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/port/io_win32.cpp:80:54:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if( strchr(access.c_str(),'+') != NULL || strchr(access.c_str(),'w') != 0 )
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/port/io_win32.cpp:85:16:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if( strstr(access.c_str(), "w") != NULL )
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/port/io_win32.cpp:100:49:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
                              filename.c_str(), access.c_str(), LastError() );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/metadatasegment_p.cpp:68:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        fprintf( stderr, /*ok*/
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/metadatasegment_p.cpp:74:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        fprintf( stderr, /*ok*/
data/gdal-3.0.4+dfsg/frmts/pcidsk/vsi_pcidsk_io.cpp:46:61:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    virtual void   *Open( std::string filename, std::string access ) const override;
data/gdal-3.0.4+dfsg/frmts/pcidsk/vsi_pcidsk_io.cpp:78:58:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
VSI_IOInterface::Open( std::string filename, std::string access ) const
data/gdal-3.0.4+dfsg/frmts/pcidsk/vsi_pcidsk_io.cpp:81:49:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    VSILFILE *fp = VSIFOpenL( filename.c_str(), access.c_str() );
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/create2.c:128:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	(void)strcpy(newMap->fileName, fileName);
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/create2.c:149:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	(void)strcpy(newMap->main.signature, CSF_SIG);
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/mopen.c:63:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
 (void)strcpy(m->fileName,fileName);
data/gdal-3.0.4+dfsg/frmts/pdf/pdfobject.cpp:271:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
                snprintf(szReal, sizeof(szReal), CPL_FRMT_GIB, (GIntBig)dfReal);
data/gdal-3.0.4+dfsg/frmts/png/libpng/png.h:2400:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
       fprintf(PNG_DEBUG_FILE,"%s" m PNG_STRING_NEWLINE,(num_tabs==1 ? "\t" : \
data/gdal-3.0.4+dfsg/frmts/png/libpng/png.h:2408:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
       fprintf(PNG_DEBUG_FILE,"%s" m PNG_STRING_NEWLINE,(num_tabs==1 ? "\t" : \
data/gdal-3.0.4+dfsg/frmts/png/libpng/png.h:2416:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
       fprintf(PNG_DEBUG_FILE,"%s" m PNG_STRING_NEWLINE,(num_tabs==1 ? "\t" : \
data/gdal-3.0.4+dfsg/frmts/png/libpng/png.h:2429:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
       fprintf(PNG_DEBUG_FILE,format); \
data/gdal-3.0.4+dfsg/frmts/png/libpng/png.h:2440:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
       fprintf(PNG_DEBUG_FILE,format,p1); \
data/gdal-3.0.4+dfsg/frmts/png/libpng/png.h:2451:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
       fprintf(PNG_DEBUG_FILE,format,p1,p2); \
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngconf.h:1639:28:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#      define png_snprintf _snprintf   /* Added to v 1.2.19 */
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngconf.h:1640:29:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#      define png_snprintf2 _snprintf
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngconf.h:1641:29:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#      define png_snprintf6 _snprintf
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngconf.h:1643:28:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#      define png_snprintf snprintf   /* Added to v 1.2.19 */
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngconf.h:1644:29:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#      define png_snprintf2 snprintf
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngconf.h:1645:29:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#      define png_snprintf6 snprintf
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngconf.h:1654:39:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
#    define png_snprintf(s1,n,fmt,x1) sprintf(s1,fmt,x1)
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngconf.h:1655:43:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
#    define png_snprintf2(s1,n,fmt,x1,x2) sprintf(s1,fmt,x1,x2)
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngconf.h:1657:9:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
        sprintf(s1,fmt,x1,x2,x3,x4,x5,x6)
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngerror.c:269:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
       fprintf(stderr, PNG_STRING_NEWLINE);
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngerror.c:275:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
       fprintf(stderr, PNG_STRING_NEWLINE);
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngerror.c:282:7:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      fprintf(stderr, PNG_STRING_NEWLINE);
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngerror.c:333:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
       fprintf(stderr, PNG_STRING_NEWLINE);
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngerror.c:339:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
       fprintf(stderr, PNG_STRING_NEWLINE);
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngerror.c:346:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
     fprintf(stderr, PNG_STRING_NEWLINE);
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngwutil.c:1515:7:  [4] (format) swprintf:
  Potential format string problem (CWE-134). Make format string constant.
      swprintf(wc_buf, TEXT("%12.12e"), width);
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngwutil.c:1520:7:  [4] (format) swprintf:
  Potential format string problem (CWE-134). Make format string constant.
      swprintf(wc_buf, TEXT("%12.12e"), height);
data/gdal-3.0.4+dfsg/frmts/rasdaman/rasdamandataset.cpp:399:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        access[xPos] = x;// base[xPos] + offsetX; TODO: check if required
data/gdal-3.0.4+dfsg/frmts/rasdaman/rasdamandataset.cpp:400:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        access[yPos] = y;// base[yPos] + offsetY;
data/gdal-3.0.4+dfsg/frmts/rasdaman/rasdamandataset.cpp:401:36:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        const char *data = (*gmdd)[access] + typeOffset;
data/gdal-3.0.4+dfsg/frmts/raw/lcpdataset.cpp:459:22:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
                     strcat(pszList, szTemp);
data/gdal-3.0.4+dfsg/frmts/raw/mffdataset.cpp:1139:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy( pszBaseFilename, pszFilenameIn );
data/gdal-3.0.4+dfsg/frmts/raw/mffdataset.cpp:1363:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy( pszBaseFilename, pszFilename );
data/gdal-3.0.4+dfsg/frmts/raw/pauxdataset.cpp:943:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy( pszAuxFilename, pszFilename );
data/gdal-3.0.4+dfsg/frmts/sdts/sdts2shp.cpp:251:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf( szDBFFilename, "%s.dbf", pszShapefile );
data/gdal-3.0.4+dfsg/frmts/sdts/sdts2shp.cpp:298:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf( szID, "%s:%d",
data/gdal-3.0.4+dfsg/frmts/sdts/sdts2shp.cpp:303:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf( szID, "%s:%d",
data/gdal-3.0.4+dfsg/frmts/sdts/sdts2shp.cpp:308:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf( szID, "%s:%d",
data/gdal-3.0.4+dfsg/frmts/sdts/sdts2shp.cpp:313:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf( szID, "%s:%d",
data/gdal-3.0.4+dfsg/frmts/sdts/sdts2shp.cpp:375:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf( szDBFFilename, "%s.dbf", pszShapefile );
data/gdal-3.0.4+dfsg/frmts/sdts/sdts2shp.cpp:420:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf( szID, "%s:%d",
data/gdal-3.0.4+dfsg/frmts/sdts/sdts2shp.cpp:468:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf( szDBFFilename, "%s.dbf", pszShapefile );
data/gdal-3.0.4+dfsg/frmts/sdts/sdts2shp.cpp:562:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf( szDBFFilename, "%s.dbf", pszShapefile );
data/gdal-3.0.4+dfsg/frmts/zlib/gzio.c:131:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(s->path, path); /* do this early for debugging */
data/gdal-3.0.4+dfsg/frmts/zlib/gzio.c:613:11:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
    (void)vsprintf(buf, format, va);
data/gdal-3.0.4+dfsg/frmts/zlib/gzio.c:618:11:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
    len = vsprintf(buf, format, va);
data/gdal-3.0.4+dfsg/frmts/zlib/gzio.c:623:11:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    (void)vsnprintf(buf, sizeof(buf), format, va);
data/gdal-3.0.4+dfsg/frmts/zlib/gzio.c:627:11:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    len = vsnprintf(buf, sizeof(buf), format, va);
data/gdal-3.0.4+dfsg/frmts/zlib/gzio.c:650:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(buf, format, a1, a2, a3, a4, a5, a6, a7, a8,
data/gdal-3.0.4+dfsg/frmts/zlib/gzio.c:655:11:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    len = sprintf(buf, format, a1, a2, a3, a4, a5, a6, a7, a8,
data/gdal-3.0.4+dfsg/frmts/zlib/gzio.c:660:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(buf, sizeof(buf), format, a1, a2, a3, a4, a5, a6, a7, a8,
data/gdal-3.0.4+dfsg/frmts/zlib/gzio.c:664:11:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    len = snprintf(buf, sizeof(buf), format, a1, a2, a3, a4, a5, a6, a7, a8,
data/gdal-3.0.4+dfsg/frmts/zlib/gzio.c:1008:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(s->msg, s->path);
data/gdal-3.0.4+dfsg/frmts/zlib/gzio.c:1010:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(s->msg, m);
data/gdal-3.0.4+dfsg/frmts/zlib/zutil.h:179:18:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#    if !defined(vsnprintf) && !defined(NO_vsnprintf) && (_MSC_VER < 1500)
data/gdal-3.0.4+dfsg/frmts/zlib/zutil.h:180:15:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#      define vsnprintf _vsnprintf
data/gdal-3.0.4+dfsg/frmts/zlib/zutil.h:226:39:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define Trace(x) {if (z_verbose>=0) fprintf x ;}
data/gdal-3.0.4+dfsg/frmts/zlib/zutil.h:227:39:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define Tracev(x) {if (z_verbose>0) fprintf x ;}
data/gdal-3.0.4+dfsg/frmts/zlib/zutil.h:228:40:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define Tracevv(x) {if (z_verbose>1) fprintf x ;}
data/gdal-3.0.4+dfsg/frmts/zlib/zutil.h:229:48:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define Tracec(c,x) {if (z_verbose>0 && (c)) fprintf x ;}
data/gdal-3.0.4+dfsg/frmts/zlib/zutil.h:230:49:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define Tracecv(c,x) {if (z_verbose>1 && (c)) fprintf x ;}
data/gdal-3.0.4+dfsg/gcore/gdaldrivermanager.cpp:761:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy( szPluginDir, CPLGetDirname( szExecPath ) );
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:269:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(pszDataEnd,szTemp);
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:281:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(pszDataEnd,szTemp);
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:299:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(pszDataEnd,szTemp);
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:312:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(pszDataEnd,szTemp);
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:325:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(pszDataEnd,szTemp);
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:338:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(pszDataEnd,szTemp);
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:359:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(pszDataEnd,szTemp);
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:378:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(pszDataEnd,szTemp);
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:391:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(pszDataEnd,szTemp);
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:404:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(pszDataEnd,szTemp);
data/gdal-3.0.4+dfsg/gcore/gdalopeninfo.cpp:198:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy( szAltPath, pszFilenameIn );
data/gdal-3.0.4+dfsg/gcore/gdalpamdataset.cpp:633:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy( psPam->pszPamFilename, pszPhysicalFile );
data/gdal-3.0.4+dfsg/gcore/gdalpamrasterband.cpp:1154:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        snprintf( pszHistCounts + iHistOffset,
data/gdal-3.0.4+dfsg/gcore/rasterio.cpp:905:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf( szBuffer1, sizeof(szBuffer1),
data/gdal-3.0.4+dfsg/gcore/rasterio.cpp:908:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf( szBuffer2, sizeof(szBuffer2),
data/gdal-3.0.4+dfsg/gcore/rasterio.cpp:1386:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        snprintf( szBuffer1, sizeof(szBuffer1),
data/gdal-3.0.4+dfsg/gcore/rasterio.cpp:1391:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        snprintf( szBuffer2, sizeof(szBuffer2),
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:115:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat( *ppszText + *pnLength, pszTextToAppend );
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:150:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat( *ppszText + *pnLength, szCoordinate );
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:551:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat( *ppszText + *pnLength, szCoordinate );
data/gdal-3.0.4+dfsg/ogr/ogr_srs_esri.cpp:420:13:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
            strcat( pszWKT, papszPrj[i] );
data/gdal-3.0.4+dfsg/ogr/ogr_srsnode.cpp:511:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat( *ppszResult, pszValue );  // Should we do quoting?
data/gdal-3.0.4+dfsg/ogr/ogr_srsnode.cpp:515:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat( *ppszResult, pszValue );
data/gdal-3.0.4+dfsg/ogr/ogr_srsnode.cpp:525:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat( *ppszResult, papszChildrenWkt[i] );
data/gdal-3.0.4+dfsg/ogr/ogr_srsnode.cpp:586:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat( *ppszResult, pszValue );  // Should we do quoting?
data/gdal-3.0.4+dfsg/ogr/ogr_srsnode.cpp:591:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat( *ppszResult, pszValue );
data/gdal-3.0.4+dfsg/ogr/ogr_srsnode.cpp:608:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat( *ppszResult, papszChildrenWkt[i] );
data/gdal-3.0.4+dfsg/ogr/ogrcurvecollection.cpp:349:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy( *ppszDstText, poGeom->getGeometryName() );
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:2484:13:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
            strcat( szTempBuffer, szItem );
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:2517:13:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
            strcat( szTempBuffer, szItem );
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:2559:13:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
            strcat( szTempBuffer, szItem );
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:2591:13:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
            strcat( szTempBuffer, pszItem );
data/gdal-3.0.4+dfsg/ogr/ogrgeometry.cpp:6036:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(pszTextBufCurrent, pszHex );
data/gdal-3.0.4+dfsg/ogr/ogrgeometry.cpp:6055:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(pszTextBufCurrent, pszHex );
data/gdal-3.0.4+dfsg/ogr/ogrgeometry.cpp:6065:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(pszTextBufCurrent, pszHex );
data/gdal-3.0.4+dfsg/ogr/ogrgeometry.cpp:6073:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(pszTextBufCurrent, pszHex );
data/gdal-3.0.4+dfsg/ogr/ogrgeometrycollection.cpp:914:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy( *ppszDstText, getGeometryName() );
data/gdal-3.0.4+dfsg/ogr/ogrpolygon.cpp:713:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy( *ppszDstText, (CPLString(getGeometryName()) + " ZM (").c_str() );
data/gdal-3.0.4+dfsg/ogr/ogrpolygon.cpp:715:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy( *ppszDstText, (CPLString(getGeometryName()) + " M (").c_str() );
data/gdal-3.0.4+dfsg/ogr/ogrpolygon.cpp:717:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy( *ppszDstText, (CPLString(getGeometryName()) + " Z (").c_str() );
data/gdal-3.0.4+dfsg/ogr/ogrpolygon.cpp:719:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy( *ppszDstText, (CPLString(getGeometryName()) + " (").c_str() );
data/gdal-3.0.4+dfsg/ogr/ogrpolygon.cpp:722:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy( *ppszDstText, (CPLString(getGeometryName()) + " (").c_str() );
data/gdal-3.0.4+dfsg/ogr/ogrpolyhedralsurface.cpp:554:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy( *ppszDstText, getGeometryName() );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_binwr.cpp:1984:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(psFile->pszFilename, pszPath);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00write.cpp:482:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(szOldName, psTableDef->szTableName);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_misc.cpp:281:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(pszFname, pszTmpPath);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_misc.cpp:297:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(pszFname, pszTmpPath);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_misc.cpp:306:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(pszTmpPath, pszFname);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_misc.cpp:375:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(pszTmpPath+iLastPartStart, papszDir[iEntry]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_misc.cpp:398:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(pszFname, pszTmpPath);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/ogravce00layer.cpp:68:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf( szTableName, "%s.PAT", poDS->GetCoverageName() );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/ogravce00layer.cpp:70:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf( szTableName, "%s.PAT%s", poDS->GetCoverageName(),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/ogravce00layer.cpp:73:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf( szTableName, "%s.AAT", poDS->GetCoverageName() );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/ogravce00layer.cpp:78:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf( szTableName, "%s.PAT", poDS->GetCoverageName() );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/ogravclayer.cpp:506:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy( szFieldName, psFInfo->szName );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/opencad.cpp:203:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf( stdout, format, argptr );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:214:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(pszWorkLine + nWorkLineLength, pszLine);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2cli.cpp:1190:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy( m_pszStatement + m_nStatementLen, pszText );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2cli.cpp:1303:16:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    bSuccess = vsnprintf( szFormattedText, sizeof(szFormattedText)-1,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2cli.cpp:1306:5:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
    vsprintf( szFormattedText, pszFormat, args );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:261:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(stime, ctime(&time2));   /* get current time as a string */
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:1252:21:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                    strcpy(DB2SpatialType, oStatement.GetColData(5));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:1253:21:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                    strcpy(OGCSpatialType, DB2SpatialType+3);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:1295:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(DB2SpatialType, oStatement.GetColData(6));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:1296:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(OGCSpatialType, DB2SpatialType+3);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnstroke.cpp:310:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(  // ok
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:1407:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy( psText->string, pszText );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/ogrdgnlayer.cpp:294:13:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
            strcat( szFullStyle, pszPen );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/fme2ogr_utils.cpp:52:5:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
    vsprintf( pszErrorBuf, pszFormat, hVaArgs );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmedatasource.cpp:143:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf( szFilename, "%s%c%s_%s",
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmedatasource.cpp:146:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf( szFilename, "%s%c%s_%s_%d",
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmedatasource.cpp:1366:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf( szDefinition, "%s::", pszDataset );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmedatasource.cpp:1379:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf( szDefinition + strlen(szDefinition), "%s=%s;",
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayerdb.cpp:195:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy( pszWorking, poMacros->data() );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayerdb.cpp:204:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf( pszWorking + strlen(pszWorking), "%s,%s",
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/debug.c:39:31:  [4] (format) syslog:
  If syslog's format strings can be influenced by an attacker, they can be
  exploited (CWE-134). Use a constant format string for syslog.
extern void mc_set_syslog(int syslog)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/debug.c:41:13:  [4] (format) syslog:
  If syslog's format strings can be influenced by an attacker, they can be
  exploited (CWE-134). Use a constant format string for syslog.
  _syslog = syslog;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/debug.c:53:4:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	  vprintf(msg, ap);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/debug.c:69:3:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		vprintf(msg, ap);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/debug.c:83:3:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		vfprintf(stderr, msg, ap);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/debug.c:96:3:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		vfprintf(stderr, msg, ap);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/debug.h:28:31:  [4] (format) syslog:
  If syslog's format strings can be influenced by an attacker, they can be
  exploited (CWE-134). Use a constant format string for syslog.
extern void mc_set_syslog(int syslog);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/json_object.c:31:8:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#undef snprintf
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/json_object.c:32:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define snprintf CPLsnprintf
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/json_object.c:38:40:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
# error You do not have strdup on your system.
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/json_tokener.c:54:45:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
# error You do not have strncasecmp on your system.
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/json_util.c:58:8:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#undef snprintf
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/json_util.c:59:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define snprintf CPLsnprintf
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/json_util.c:165:8:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	(void)sscanf(" -01234567890123456789012345", "%" SCNd64, &num64);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/json_util.c:169:8:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	(void)sscanf(" 01234567890123456789012345", "%" SCNd64, &num64);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/json_util.c:199:6:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	if (sscanf(buf, "%" SCNd64, &num64) != 1)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/json_util.c:228:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(buf_cmp_start, sizeof(buf_cmp), "%" PRId64, num64);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/linkhash.c:26:2:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	vprintf(msg, ap);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geomedia/ogrgeomediadatasource.cpp:130:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        snprintf( pszDSN,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlfeatureclass.cpp:858:13:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
            snprintf(szValue, sizeof(szValue), CPL_FRMT_GIB, m_nFeatureCount);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/ogrgmldatasource.cpp:70:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(pszTmp + nBeforeNeedle + strlen(";%20"),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/ogrgmldatasource.cpp:2786:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(pszXML, szStartTag);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/ogrgmllayer.cpp:238:27:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
            if( j < 20 && sscanf(pszGML_FID + i + 1, CPL_FRMT_GIB, &nFID) == 1)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/ogrgmllayer.cpp:258:17:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
                sscanf(pszGML_FID + nLenPrefix, CPL_FRMT_GIB, &nFID) == 1 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlaswriter.cpp:403:13:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
        if( sscanf( pszKey, szNAMESPACE_URI_FMT, &i ) == 1 && i > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlaswriter.cpp:407:18:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
        else if( sscanf( pszKey, szNAMESPACE_LOCATION_FMT, &i ) == 1 &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlaswriter.cpp:412:18:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
        else if( sscanf( pszKey, szNAMESPACE_PREFIX_FMT, &i ) == 1 &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gtm/ogrgtmdatasource.cpp:278:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy (pszLayerName, pszBaseFileName);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gtm/ogrgtmdatasource.cpp:294:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy (pszLayerName, pszBaseFileName);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gtm/ogrgtmdatasource.cpp:408:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy((char*)pCurrentPos, pszBaseFileName);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ili/ogrili2layer.cpp:277:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        snprintf( szTempBuffer, sizeof(szTempBuffer), CPL_FRMT_GIB,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringresdatasource.cpp:189:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(pszDBTarget, "@%s,%s,%s;%s[%s,%s]::%s ",
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringresdatasource.cpp:204:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(pszDBTarget, pszDBName);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringresdatasource.cpp:564:10:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
         sprintf( szCommand,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringresdatasource.cpp:600:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf( szCommand,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringresdatasource.cpp:674:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf( szCommand,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringresdatasource.cpp:681:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf( szCommand,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringresdatasource.cpp:808:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf( szCommand,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringreslayer.cpp:610:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf( szCommand,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringrestablelayer.cpp:371:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf( pszFieldList, "%s", osFIDColumn.c_str() );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringrestablelayer.cpp:380:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf( pszFieldList+strlen(pszFieldList),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringrestablelayer.cpp:386:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf( pszFieldList+strlen(pszFieldList),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringrestablelayer.cpp:398:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat( pszFieldList, pszName );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringrestablelayer.cpp:1142:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf( pszCommand,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/ogr2kmlgeometry.cpp:192:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat( *ppszText + *pnLength, pszTextToAppend );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/ogr2kmlgeometry.cpp:227:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat( *ppszText + *pnLength, szCoordinate );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mdb/ogrmdbjackcess.cpp:155:25:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        FILE *javaCmd = popen("\"${JAVA_HOME}${JAVA_HOME:+/bin/}java\" -XshowSettings 2>&1 | grep 'sun.boot.library.path'", "r");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mdb/ogrmdbjackcess.cpp:173:21:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
                    snprintf(jvmLib, sizeof(jvmLib), "%s/server/libjvm." SO_EXT, pszPtr);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:1755:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(m_szBuffer, ReadCharField(nWidth));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:1825:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(m_szBuffer, ReadCharField(nWidth));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:1906:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(m_szBuffer, ReadCharField(nWidth));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2173:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(szBuf, pszValue);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2282:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(szBuf, pszValue);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2407:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(szBuf, pszValue);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature.cpp:6164:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(pszTextString, GetTextString());
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature.cpp:6246:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(pszTextString, pszTmpTextString);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_utils.cpp:192:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(pszTmpPath+iLastPartStart, papszDir[iEntry]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_utils.cpp:211:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(pszFname, pszTmpPath);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialtablelayer.cpp:1744:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
                snprintf((char*)papstBindBuffer[iCol]->VarChar.pData, 8000, CPL_FRMT_GIB, nFID);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqltablelayer.cpp:587:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat( pszFieldList, pszName );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/nas/nashandler.cpp:211:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy( m_pszGeometry+m_nGeomLen+1, m_osElementName );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/nas/nashandler.cpp:216:13:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
            strcat( m_pszGeometry+m_nGeomLen, osAttributes );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/nas/nashandler.cpp:602:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy( m_pszGeometry+m_nGeomLen+2, m_osElementName );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/nas/ogrnasrelationlayer.cpp:189:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy( pszMerged, pszFromID );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/nas/ogrnasrelationlayer.cpp:190:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy( pszMerged + strlen(pszFromID) + 1, pszType );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/nas/ogrnasrelationlayer.cpp:191:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy( pszMerged + strlen(pszFromID) + strlen(pszType) + 2, pszToID );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocidatasource.cpp:240:21:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                    strcpy( szFullTableName, papszRow[0] );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocistringbuf.cpp:83:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat( pszString+nLen, pszNewText );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:1022:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat( pszCommand, pszGeomName );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:1030:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat( pszCommand, pszFIDName );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:1104:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat( pszCommand, szSDO_GEOMETRY );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:1132:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        snprintf( pszCommand+nOffset, nCommandBufSize - nOffset, CPL_FRMT_GIB, nFID );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:1169:17:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
                strcat( pszCommand+nOffset, pszStrValue );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/odbc/ogrodbcdatasource.cpp:128:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf( pszDSN,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/odbc/ogrodbcdatasource.cpp:146:13:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
            snprintf( pszDSN,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/odbc/ogrodbctablelayer.cpp:416:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf( szCommand,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ods/ods_formula_parser.cpp:742:21:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define YYFPRINTF fprintf
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/filegdbindex.cpp:1688:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(psField->String, pszOut);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:4390:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        snprintf( szVal, sizeof(szVal), CPL_FRMT_GUIB,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmlayer.cpp:601:13:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
            snprintf(szID, sizeof(szID), CPL_FRMT_GIB, nID );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmlayer.cpp:612:13:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
            snprintf(szID, sizeof(szID), CPL_FRMT_GIB, nID );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgresultlayer.cpp:173:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(pszQueryStatement, pszRawStatement);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumplayer.cpp:569:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
                snprintf( pszNeedToFree+nOff, nLen-nOff, CPL_FRMT_GIB, panItems[j] );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumplayer.cpp:596:21:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
                    snprintf( pszNeedToFree+nOff, nLen-nOff, (padfItems[j] > 0) ? "Infinity" : "-Infinity" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumplayer.cpp:1033:13:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
            snprintf( pszNeedToFree+nOff, nLen-nOff, CPL_FRMT_GIB, panItems[j] );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumplayer.cpp:1063:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
                snprintf( pszNeedToFree+nOff, nLen-nOff, (padfItems[j] > 0) ? "Infinity" : "-Infinity" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgeo/ogrpgeodatasource.cpp:129:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        snprintf( pszDSN,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgeo/ogrpgeodatasource.cpp:148:13:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
            snprintf( pszDSN,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/rec/ll_recio.cpp:100:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy( pszFieldname, RECGetField( pszLine, 2, 10 ) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57reader.cpp:1920:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        fprintf( stderr, /*ok*/
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57reader.cpp:3271:21:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                    strcpy( szUPDNUpdate, pszUPDN );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sde/ogrsdedatasource.cpp:933:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy( sColumnDef.column_name, pszExpectedFIDName );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sde/ogrsdelayer.cpp:694:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy( sConstraint.table, poFeatureDefn->GetName() );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sde/ogrsdelayer.cpp:695:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy( sConstraint.column, osShapeColumnName.c_str() );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:207:14:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#     define snprintf _snprintf
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:207:23:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#     define snprintf _snprintf
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:210:11:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#  ifndef snprintf
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:211:14:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#     define snprintf _snprintf
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:211:23:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#     define snprintf _snprintf
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:215:20:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
#define CPLsprintf sprintf
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:216:21:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define CPLsnprintf snprintf
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:638:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy( psDBF->pszCodePage, REINTERPRET_CAST(char *, pabyBuf) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:894:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy( psDBF->pszCodePage, pszCodePage );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/sbnsearch.c:53:14:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#     define snprintf _snprintf
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/sbnsearch.c:53:23:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#     define snprintf _snprintf
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/sbnsearch.c:56:11:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#  ifndef snprintf
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/sbnsearch.c:57:14:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#     define snprintf _snprintf
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/sbnsearch.c:57:23:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#     define snprintf _snprintf
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shape2ogr.cpp:1522:15:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
              snprintf(szValue, sizeof(szValue), szFormat,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shapefil.h:153:61:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    SAFile     (*FOpen) ( const char *filename, const char *access);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:324:14:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#     define snprintf _snprintf
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:324:23:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#     define snprintf _snprintf
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:327:11:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#  ifndef snprintf
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:328:14:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#     define snprintf _snprintf
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:328:23:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#     define snprintf _snprintf
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sosi/fyba_melding.cpp:45:16:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      case 2:  sprintf(szErrMsg,"%s","Observer følgende! \n\n");break;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sosi/fyba_melding.cpp:46:16:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      case 3:  sprintf(szErrMsg,"%s","Det er oppstått en feil! \n\n");break;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sosi/fyba_melding.cpp:47:16:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      case 4:  sprintf(szErrMsg,"%s","Alvorlig feil avslutt programmet! \n\n");break;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlite3ext.h:368:12:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  char * (*snprintf)(int,char*,const char*,...);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlite3ext.h:584:53:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define sqlite3_snprintf               sqlite3_api->snprintf
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:1665:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat( pszFieldListForSelect, SQLEscapeName(poGeomFieldDefn->GetNameRef()) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:1669:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat( pszNewFieldList, SQLEscapeName(poGeomFieldDefn->GetNameRef()) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/test_load_virtual_ogr.c:64:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define snprintf _snprintf
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/test_load_virtual_ogr.c:64:18:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define snprintf _snprintf
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerfilebase.cpp:297:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        snprintf( szValue, sizeof(szValue), szFormat, poFeature->GetFieldAsInteger( iField ) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerfilebase.cpp:302:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        snprintf( szValue, sizeof(szValue), szFormat, poFeature->GetFieldAsInteger( iField ) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerfilebase.cpp:316:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        snprintf( szValue, sizeof(szValue), szFormat, poFeature->GetFieldAsString( iField ) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vrt/ogrvrtlayer.cpp:1672:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        snprintf(pszFIDQuery, strlen(pszFID) + 64, "%s = " CPL_FRMT_GIB, pszFID,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogrwalkdatasource.cpp:84:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        snprintf( pszDSN,
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:309:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy( pszTarget + nLenX + 1 + nLenY + 1, szZ );
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:422:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy( target, szX );
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:426:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy( target, szY );
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:432:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy( target, szZ );
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:439:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy( target, szM );
data/gdal-3.0.4+dfsg/ogr/swq_parser.cpp:832:21:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define YYFPRINTF fprintf
data/gdal-3.0.4+dfsg/port/cpl_conv.cpp:1026:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(szBuffer, sizeof(szBuffer), CPL_FRMT_GIB, nVal);
data/gdal-3.0.4+dfsg/port/cpl_conv.cpp:3076:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy( pszFilename + strlen(pszFilename) - osFileOnly.size(),
data/gdal-3.0.4+dfsg/port/cpl_csv.cpp:694:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat( pszWorkLine + nWorkLineLength, pszLine );
data/gdal-3.0.4+dfsg/port/cpl_csv.cpp:776:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat( pszWorkLine + nWorkLineLength, pszLine );
data/gdal-3.0.4+dfsg/port/cpl_csv.cpp:1414:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy( pTLSData->szPath, GDAL_PREFIX "/Resources/epsg_csv/" );
data/gdal-3.0.4+dfsg/port/cpl_csv.cpp:1416:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy( pTLSData->szPath, GDAL_PREFIX "/share/epsg_csv/" );
data/gdal-3.0.4+dfsg/port/cpl_error.cpp:652:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat( pszMessage, VSICTime( static_cast<unsigned long>(tv.tv_sec) ) );
data/gdal-3.0.4+dfsg/port/cpl_error.cpp:674:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat( pszMessage, szVmSize );
data/gdal-3.0.4+dfsg/port/cpl_error.cpp:680:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat( pszMessage, pszCategory );
data/gdal-3.0.4+dfsg/port/cpl_error.cpp:1006:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(pszPath, cpl_log);
data/gdal-3.0.4+dfsg/port/cpl_minixml.cpp:405:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy( psContext->pszToken, pszUnescaped );
data/gdal-3.0.4+dfsg/port/cpl_minixml.cpp:433:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy( psContext->pszToken, pszUnescaped );
data/gdal-3.0.4+dfsg/port/cpl_minixml.cpp:458:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy( psContext->pszToken, pszUnescaped );
data/gdal-3.0.4+dfsg/port/cpl_minixml.cpp:812:21:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
                    strcat(sContext.papsStack[sContext.nStackSize - 1]
data/gdal-3.0.4+dfsg/port/cpl_minixml.cpp:1075:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat( *ppszText + *pnLength, pszEscaped );
data/gdal-3.0.4+dfsg/port/cpl_minixml.cpp:1101:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat( *ppszText + *pnLength, pszEscaped );
data/gdal-3.0.4+dfsg/port/cpl_minixml.cpp:1136:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy( *ppszText + *pnLength, psNode->pszValue );
data/gdal-3.0.4+dfsg/port/cpl_minizip_unzip.cpp:1009:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(szFileName, pszRecoded);
data/gdal-3.0.4+dfsg/port/cpl_odbc.cpp:1247:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy( m_pszStatement + m_nStatementLen, pszText );
data/gdal-3.0.4+dfsg/port/cpl_odbc.cpp:1364:9:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        vsnprintf( szFormattedText, sizeof(szFormattedText)-1,
data/gdal-3.0.4+dfsg/port/cpl_odbc.cpp:1368:5:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
    vsprintf( szFormattedText, pszFormat, args );
data/gdal-3.0.4+dfsg/port/cpl_port.h:1021:5:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
int vsnprintf(char *str, size_t size, const char* fmt, va_list args)
data/gdal-3.0.4+dfsg/port/cpl_port.h:1023:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
int snprintf(char *str, size_t size, const char* fmt, ...)
data/gdal-3.0.4+dfsg/port/cpl_port.h:1026:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
int sprintf(char *str, const char* fmt, ...)
data/gdal-3.0.4+dfsg/port/cpl_port.h:1030:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
int sprintf(char *str, const char* fmt, ...)
data/gdal-3.0.4+dfsg/port/cpl_spawn.cpp:783:13:  [4] (shell) execvp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
            execvp(papszArgvDup[0], papszArgvDup);
data/gdal-3.0.4+dfsg/port/cpl_string.cpp:1122:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    local_ret = snprintf(str + offset_out, size - offset_out, localfmt, \
data/gdal-3.0.4+dfsg/port/cpl_string.cpp:1144:16:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        return vsnprintf(str, size, fmt, args);
data/gdal-3.0.4+dfsg/port/cpl_string.cpp:1255:29:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
                local_ret = snprintf(str + offset_out, size - offset_out,
data/gdal-3.0.4+dfsg/port/cpl_string.cpp:1296:22:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        offset_out = vsnprintf(str, size, fmt_ori, wrk_args);
data/gdal-3.0.4+dfsg/port/cpl_string.cpp:1298:22:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
        offset_out = vsprintf(str, fmt_ori, wrk_args);
data/gdal-3.0.4+dfsg/port/cpl_string.cpp:1423:15:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        ret = vfprintf(stdout, fmt, wrk_args);
data/gdal-3.0.4+dfsg/port/cpl_string.cpp:1975:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy( pszNewLine, pszKey );
data/gdal-3.0.4+dfsg/port/cpl_string.cpp:1976:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat( pszNewLine, pszSeparator );
data/gdal-3.0.4+dfsg/port/cpl_string.cpp:1977:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat( pszNewLine, pszValue );
data/gdal-3.0.4+dfsg/port/cpl_string.h:222:21:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define CPLsnprintf snprintf
data/gdal-3.0.4+dfsg/port/cpl_userfaultfd.cpp:137:19:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
  if (variable && sscanf(variable, "%" PRId64, &retval))
data/gdal-3.0.4+dfsg/port/cpl_virtualmem.cpp:238:5:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    vsnprintf(buffer, sizeof(buffer), fmt, ap);
data/gdal-3.0.4+dfsg/port/cpl_vsi_error.cpp:93:13:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
            fprintf(stderr, /*ok*/
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:1269:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(rangeStr, sizeof(rangeStr),
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:1808:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        snprintf(rangeStr, sizeof(rangeStr),
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:1868:13:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
            snprintf(rangeStr, sizeof(rangeStr),
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:1886:13:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
            snprintf(rangeStr, sizeof(rangeStr),
data/gdal-3.0.4+dfsg/port/cpl_vsisimple.cpp:357:25:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    const int nReturn = vfprintf( fp, pszFormat, args );
data/gdal-3.0.4+dfsg/port/vsipreload.cpp:1506:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(mydir->ent64.d_name, mydir->ent.d_name);
data/gdal-3.0.4+dfsg/swig/java/add_javadoc.c:144:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(javadoc, szLine);
data/gdal-3.0.4+dfsg/swig/java/add_javadoc.c:147:13:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
            strcat(javadoc, szLine);
data/gdal-3.0.4+dfsg/swig/java/add_javadoc.c:187:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(szDstName, "%s/%s", argv[2], argv[i]);
data/gdal-3.0.4+dfsg/swig/java/add_javadoc.c:200:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(szPackage, szLine);
data/gdal-3.0.4+dfsg/swig/java/add_javadoc.c:204:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(szClass, stripline(szLine));
data/gdal-3.0.4+dfsg/swig/java/add_javadoc.c:221:21:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                    strcpy(szClass, szLine);
data/gdal-3.0.4+dfsg/swig/java/add_javadoc.c:228:17:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
                strcat(szLine, c + 13);
data/gdal-3.0.4+dfsg/swig/java/add_javadoc.c:234:21:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                    strcpy(szMethodName, szLine);
data/gdal-3.0.4+dfsg/swig/java/add_javadoc.c:238:25:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                        strcpy(szMethodName + strlen(szMethodName) - 1, szLine);
data/gdal-3.0.4+dfsg/swig/java/add_javadoc.c:240:21:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                    strcpy(szLine, szMethodName);
data/gdal-3.0.4+dfsg/swig/java/add_javadoc.c:246:21:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                    sprintf(szMethodName, "%s:%s", szClass, removeargnames(stripline(szLine)));
data/gdal-3.0.4+dfsg/swig/java/add_javadoc.c:248:21:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                    strcpy(szMethodName, szClass);
data/gdal-3.0.4+dfsg/swig/java/add_javadoc.c:276:29:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                            strcpy(szLine, szOriLine);
data/gdal-3.0.4+dfsg/swig/perl/gdal_wrap.cpp:671:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(r,name);
data/gdal-3.0.4+dfsg/swig/perl/gdal_wrap.cpp:1253:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(r,SWIG_Perl_TypeProxyName(type));
data/gdal-3.0.4+dfsg/swig/perl/gdal_wrap.cpp:1481:8:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
#ifdef access
data/gdal-3.0.4+dfsg/swig/perl/gdal_wrap.cpp:1482:10:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  #undef access
data/gdal-3.0.4+dfsg/swig/perl/gdal_wrap.cpp:3279:13:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
            snprintf(s, LENGTH_OF_GUIntBig_AS_STRING-1, CPL_FRMT_GUIB, *first);
data/gdal-3.0.4+dfsg/swig/perl/gdal_wrap.cpp:19728:11:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
          snprintf(s, LENGTH_OF_GUIntBig_AS_STRING-1, CPL_FRMT_GUIB, arg5[i]);
data/gdal-3.0.4+dfsg/swig/perl/gdalconst_wrap.c:647:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(r,name);
data/gdal-3.0.4+dfsg/swig/perl/gdalconst_wrap.c:1229:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(r,SWIG_Perl_TypeProxyName(type));
data/gdal-3.0.4+dfsg/swig/perl/gdalconst_wrap.c:1457:8:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
#ifdef access
data/gdal-3.0.4+dfsg/swig/perl/gdalconst_wrap.c:1458:10:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  #undef access
data/gdal-3.0.4+dfsg/swig/perl/gnm_wrap.cpp:671:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(r,name);
data/gdal-3.0.4+dfsg/swig/perl/gnm_wrap.cpp:1253:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(r,SWIG_Perl_TypeProxyName(type));
data/gdal-3.0.4+dfsg/swig/perl/gnm_wrap.cpp:1481:8:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
#ifdef access
data/gdal-3.0.4+dfsg/swig/perl/gnm_wrap.cpp:1482:10:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  #undef access
data/gdal-3.0.4+dfsg/swig/perl/ogr_wrap.cpp:671:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(r,name);
data/gdal-3.0.4+dfsg/swig/perl/ogr_wrap.cpp:1253:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(r,SWIG_Perl_TypeProxyName(type));
data/gdal-3.0.4+dfsg/swig/perl/ogr_wrap.cpp:1481:8:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
#ifdef access
data/gdal-3.0.4+dfsg/swig/perl/ogr_wrap.cpp:1482:10:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  #undef access
data/gdal-3.0.4+dfsg/swig/perl/ogr_wrap.cpp:2344:13:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
            snprintf(s, LENGTH_OF_GIntBig_AS_STRING-1, CPL_FRMT_GIB, *first);
data/gdal-3.0.4+dfsg/swig/perl/osr_wrap.cpp:671:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(r,name);
data/gdal-3.0.4+dfsg/swig/perl/osr_wrap.cpp:1253:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(r,SWIG_Perl_TypeProxyName(type));
data/gdal-3.0.4+dfsg/swig/perl/osr_wrap.cpp:1481:8:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
#ifdef access
data/gdal-3.0.4+dfsg/swig/perl/osr_wrap.cpp:1482:10:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  #undef access
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_array_wrap.cpp:699:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(r,name);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_array_wrap.cpp:839:25:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#  define PyOS_snprintf _snprintf
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_array_wrap.cpp:841:25:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#  define PyOS_snprintf snprintf
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_array_wrap.cpp:858:9:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  res = vsnprintf(buf, sizeof(buf), fmt, ap);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:700:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(r,name);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:840:25:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#  define PyOS_snprintf _snprintf
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:842:25:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#  define PyOS_snprintf snprintf
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:859:9:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  res = vsnprintf(buf, sizeof(buf), fmt, ap);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:8685:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(szTmp, CPL_FRMT_GIB, result);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:8720:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(szTmp, CPL_FRMT_GIB, result);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:10580:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(szTmp, CPL_FRMT_GIB, result);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:10615:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(szTmp, CPL_FRMT_GIB, result);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:11236:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(szTmp, CPL_FRMT_GIB, result);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:22828:9:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
        sprintf(szTmp, CPL_FRMT_GUIB, integerarray[i]);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:30411:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(szTmp, CPL_FRMT_GIB, result);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:30450:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(szTmp, CPL_FRMT_GIB, result);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdalconst_wrap.c:676:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(r,name);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdalconst_wrap.c:816:25:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#  define PyOS_snprintf _snprintf
data/gdal-3.0.4+dfsg/swig/python/extensions/gdalconst_wrap.c:818:25:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#  define PyOS_snprintf snprintf
data/gdal-3.0.4+dfsg/swig/python/extensions/gdalconst_wrap.c:835:9:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  res = vsnprintf(buf, sizeof(buf), fmt, ap);
data/gdal-3.0.4+dfsg/swig/python/extensions/gnm_wrap.cpp:700:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(r,name);
data/gdal-3.0.4+dfsg/swig/python/extensions/gnm_wrap.cpp:840:25:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#  define PyOS_snprintf _snprintf
data/gdal-3.0.4+dfsg/swig/python/extensions/gnm_wrap.cpp:842:25:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#  define PyOS_snprintf snprintf
data/gdal-3.0.4+dfsg/swig/python/extensions/gnm_wrap.cpp:859:9:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  res = vsnprintf(buf, sizeof(buf), fmt, ap);
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:700:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(r,name);
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:840:25:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#  define PyOS_snprintf _snprintf
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:842:25:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#  define PyOS_snprintf snprintf
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:859:9:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  res = vsnprintf(buf, sizeof(buf), fmt, ap);
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:11467:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(szTmp, CPL_FRMT_GIB, result);
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:12427:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(szTmp, CPL_FRMT_GIB, result);
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:15867:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(szTmp, CPL_FRMT_GIB, result);
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:15927:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(szTmp, CPL_FRMT_GIB, result);
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:16706:7:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
      sprintf(szTmp, CPL_FRMT_GIB, (*arg4)[i]);
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:17865:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(szTmp, CPL_FRMT_GIB, result);
data/gdal-3.0.4+dfsg/swig/python/extensions/osr_wrap.cpp:700:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(r,name);
data/gdal-3.0.4+dfsg/swig/python/extensions/osr_wrap.cpp:840:25:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#  define PyOS_snprintf _snprintf
data/gdal-3.0.4+dfsg/swig/python/extensions/osr_wrap.cpp:842:25:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#  define PyOS_snprintf snprintf
data/gdal-3.0.4+dfsg/swig/python/extensions/osr_wrap.cpp:859:9:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  res = vsnprintf(buf, sizeof(buf), fmt, ap);
data/gdal-3.0.4+dfsg/alg/internal_libqhull/user.h:249:22:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
#define qh_RANDOMint random()
data/gdal-3.0.4+dfsg/alg/internal_libqhull/user.h:250:30:  [3] (random) srandom:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
#define qh_RANDOMseed_(seed) srandom(seed);
data/gdal-3.0.4+dfsg/alg/internal_libqhull/user.h:259:30:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
#define qh_RANDOMseed_(seed) srand((unsigned)seed);
data/gdal-3.0.4+dfsg/alg/internal_libqhull/user.h:264:30:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
#define qh_RANDOMseed_(seed) srand((unsigned)seed);
data/gdal-3.0.4+dfsg/alg/internal_libqhull/user.h:268:22:  [3] (random) lrand48:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
#define qh_RANDOMint lrand48()
data/gdal-3.0.4+dfsg/alg/internal_libqhull/user.h:278:17:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
#error: unknown random option
data/gdal-3.0.4+dfsg/frmts/dods/dodsdataset2.cpp:337:12:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        && getenv("DODS_CONF") == nullptr )
data/gdal-3.0.4+dfsg/frmts/grass/grass57dataset.cpp:877:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ( !getenv( "GISBASE" ) ) {
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_dirread.c:5629:24:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		const char* pszMax = getenv("LIBTIFF_STRILE_ARRAY_MAX_RESIZE_COUNT");
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_jpeg.c:384:38:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        sz_max_allowed_scan_number = getenv("LIBTIFF_JPEG_MAX_ALLOWED_SCAN_NUMBER");
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_jpeg.c:1226:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
                getenv("LIBTIFF_ALLOW_LARGE_LIBJPEG_MEM_ALLOC") == NULL )
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_jpeg.c:2463:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            if (getenv("JPEGMEM") == NULL)
data/gdal-3.0.4+dfsg/frmts/iso8211/ddffield.cpp:77:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if( getenv("DDF_MAXDUMP") != nullptr )
data/gdal-3.0.4+dfsg/frmts/iso8211/ddffield.cpp:78:27:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        nMaxRepeat = atoi(getenv("DDF_MAXDUMP"));
data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jmemmgr.c:35:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
extern char * getenv JPP((const char * name));
data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jmemmgr.c:1110:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ((memenv = getenv("JPEGMEM")) != NULL) {
data/gdal-3.0.4+dfsg/frmts/openjpeg/openjpegdataset.cpp:889:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        if( getenv("OPJ_NUM_THREADS") == nullptr )
data/gdal-3.0.4+dfsg/frmts/openjpeg/openjpegdataset.cpp:1704:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if( getenv("OPJ_NUM_THREADS") == nullptr )
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidsk_utils.cpp:572:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        if( getenv( "PCIDSK_DEBUG" ) != nullptr )
data/gdal-3.0.4+dfsg/frmts/vrt/vrtderivedrasterband.cpp:340:25:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        char* pszPath = getenv("PATH");
data/gdal-3.0.4+dfsg/frmts/vrt/vrtderivedrasterband.cpp:530:25:  [3] (misc) LoadLibrary:
  Ensure that the full path to the library is specified, or current directory
  may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
  find library path, if you aren't already.
            libHandle = LoadLibrary(pszPythonSO);
data/gdal-3.0.4+dfsg/frmts/vrt/vrtderivedrasterband.cpp:559:21:  [3] (misc) LoadLibrary:
  Ensure that the full path to the library is specified, or current directory
  may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
  find library path, if you aren't already.
        libHandle = LoadLibrary(PYTHONSO_DEFAULT);
data/gdal-3.0.4+dfsg/frmts/vrt/vrtderivedrasterband.cpp:573:25:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        char* pszPath = getenv("PATH");
data/gdal-3.0.4+dfsg/frmts/vrt/vrtderivedrasterband.cpp:653:25:  [3] (misc) LoadLibrary:
  Ensure that the full path to the library is specified, or current directory
  may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
  find library path, if you aren't already.
            libHandle = LoadLibrary(osDLLName);
data/gdal-3.0.4+dfsg/frmts/vrt/vrtderivedrasterband.cpp:683:25:  [3] (misc) LoadLibrary:
  Ensure that the full path to the library is specified, or current directory
  may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
  find library path, if you aren't already.
            libHandle = LoadLibrary(apszPythonSO[i]);
data/gdal-3.0.4+dfsg/frmts/wcs/wcsutils.cpp:437:5:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    srand((unsigned int)time(nullptr)); // not to have the same names in the cache
data/gdal-3.0.4+dfsg/gcore/gdaljp2metadatagenerator.cpp:418:5:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    srand(static_cast<unsigned int>(time(nullptr)) + nCounter);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dods/ogrdodsdatasource.cpp:123:12:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        && getenv("DODS_CONF") == nullptr )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmedatasource.cpp:101:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    pszTmpDir = getenv("OGRFME_TMPDIR");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmedatasource.cpp:103:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        pszTmpDir = getenv("TMPDIR");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmedatasource.cpp:105:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        pszTmpDir = getenv("TEMPDIR");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmedatasource.cpp:107:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        pszTmpDir = getenv("TMP");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmedatasource.cpp:109:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        pszTmpDir = getenv("TEMP");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/grass/ogrgrassdatasource.cpp:158:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ( !getenv( "GISBASE" ) ) {
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/grass/ogrgrasslayer.cpp:201:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ( getenv("GISBASE") )  // We have some projection info in GISBASE
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ogrntfdatasource.cpp:74:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if( getenv("OGR_NTF_OPTIONS") != nullptr )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ogrntfdatasource.cpp:77:39:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            CSLTokenizeStringComplex( getenv("OGR_NTF_OPTIONS"), ",",
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:552:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    else if( getenv( "USER" ) != nullptr )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:553:32:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        pszDBName = CPLStrdup( getenv("USER") );
data/gdal-3.0.4+dfsg/ogr/ogrspatialreference.cpp:9683:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        getenv("PROJ_USE_PROJ4_INIT_RULES") == nullptr )
data/gdal-3.0.4+dfsg/port/cpl_conv.cpp:1716:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        pszResult = getenv(pszKey);
data/gdal-3.0.4+dfsg/port/cpl_multiproc.cpp:840:7:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
      EnterCriticalSection(pcs);
data/gdal-3.0.4+dfsg/port/cpl_multiproc.cpp:874:9:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
        EnterCriticalSection(pcs);
data/gdal-3.0.4+dfsg/port/cpl_odbc.cpp:97:32:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            char* pszEnvHome = getenv("HOME");
data/gdal-3.0.4+dfsg/port/cpl_recode_stub.cpp:1234:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        if( ((s = getenv("LC_CTYPE")) && *s) ||
data/gdal-3.0.4+dfsg/port/cpl_recode_stub.cpp:1235:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            ((s = getenv("LC_ALL"))   && *s) ||
data/gdal-3.0.4+dfsg/port/cpl_recode_stub.cpp:1236:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            ((s = getenv("LANG"))     && *s) )
data/gdal-3.0.4+dfsg/port/cpl_vsisimple.cpp:412:29:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char* pszShowMemStats = getenv("CPL_SHOW_MEM_STATS");
data/gdal-3.0.4+dfsg/port/cpl_vsisimple.cpp:463:37:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        char* pszMaxPeakAllocSize = getenv("CPL_MAX_PEAK_ALLOC_SIZE");
data/gdal-3.0.4+dfsg/port/cpl_vsisimple.cpp:465:38:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        char* pszMaxCumulAllocSize = getenv("CPL_MAX_CUMUL_ALLOC_SIZE");
data/gdal-3.0.4+dfsg/port/cpl_vsisimple.cpp:571:37:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        char* pszMaxPeakAllocSize = getenv("CPL_MAX_PEAK_ALLOC_SIZE");
data/gdal-3.0.4+dfsg/port/cpl_vsisimple.cpp:573:38:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        char* pszMaxCumulAllocSize = getenv("CPL_MAX_CUMUL_ALLOC_SIZE");
data/gdal-3.0.4+dfsg/port/cpl_vsisimple.cpp:698:37:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        char* pszMaxPeakAllocSize = getenv("CPL_MAX_PEAK_ALLOC_SIZE");
data/gdal-3.0.4+dfsg/port/vsipreload.cpp:172:24:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    DEBUG_VSIPRELOAD = getenv("DEBUG_VSIPRELOAD") != nullptr;
data/gdal-3.0.4+dfsg/alg/contour.cpp:580:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        idField = atoi( opt );
data/gdal-3.0.4+dfsg/alg/contour.cpp:586:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        elevField = atoi( opt );
data/gdal-3.0.4+dfsg/alg/contour.cpp:592:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        elevFieldMin = atoi( opt );
data/gdal-3.0.4+dfsg/alg/contour.cpp:598:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        elevFieldMax = atoi( opt );
data/gdal-3.0.4+dfsg/alg/gdal_crs.cpp:220:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( psInfo->sTI.abySignature, GDAL_GTI2_SIGNATURE, strlen(GDAL_GTI2_SIGNATURE) );
data/gdal-3.0.4+dfsg/alg/gdal_crs.cpp:539:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nReqOrder = atoi(CPLGetXMLValue(psTree,"Order","3"));
data/gdal-3.0.4+dfsg/alg/gdal_crs.cpp:540:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    bReversed = atoi(CPLGetXMLValue(psTree,"Reversed","0"));
data/gdal-3.0.4+dfsg/alg/gdal_crs.cpp:541:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    bRefine = atoi(CPLGetXMLValue(psTree,"Refine","0"));
data/gdal-3.0.4+dfsg/alg/gdal_crs.cpp:542:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nMinimumGcps = atoi(CPLGetXMLValue(psTree,"MinimumGcps","6"));
data/gdal-3.0.4+dfsg/alg/gdal_rpc.cpp:485:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&sRPC, &(psInfo->sRPC), sizeof(GDALRPCInfo));
data/gdal-3.0.4+dfsg/alg/gdal_rpc.cpp:787:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &(psTransform->sRPC), psRPCInfo, sizeof(GDALRPCInfo) );
data/gdal-3.0.4+dfsg/alg/gdal_rpc.cpp:800:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( psTransform->sTI.abySignature,
data/gdal-3.0.4+dfsg/alg/gdal_rpc.cpp:815:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(psTransform->padfCoeffs,
data/gdal-3.0.4+dfsg/alg/gdal_rpc.cpp:818:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(psTransform->padfCoeffs+20,
data/gdal-3.0.4+dfsg/alg/gdal_rpc.cpp:821:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(psTransform->padfCoeffs+40,
data/gdal-3.0.4+dfsg/alg/gdal_rpc.cpp:824:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(psTransform->padfCoeffs+60,
data/gdal-3.0.4+dfsg/alg/gdal_rpc.cpp:895:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    psTransform->nMaxIterations = atoi( CSLFetchNameValueDef(
data/gdal-3.0.4+dfsg/alg/gdal_rpc.cpp:1466:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( padfOut + i * nWidth,
data/gdal-3.0.4+dfsg/alg/gdal_rpc.cpp:1755:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(adfElevData,
data/gdal-3.0.4+dfsg/alg/gdal_rpc.cpp:1758:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(adfElevData + 2,
data/gdal-3.0.4+dfsg/alg/gdal_rpc.cpp:1900:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(CPLGetConfigOption("GDAL_RPC_DEM_BUFFER_MAX_RADIUS", "2"));
data/gdal-3.0.4+dfsg/alg/gdal_rpc.cpp:2360:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int bReversed = atoi(CPLGetXMLValue(psTree, "Reversed", "0"));
data/gdal-3.0.4+dfsg/alg/gdal_tps.cpp:173:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( psInfo->sTI.abySignature,
data/gdal-3.0.4+dfsg/alg/gdal_tps.cpp:270:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nThreads = atoi(pszWarpThreads);
data/gdal-3.0.4+dfsg/alg/gdal_tps.cpp:449:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int bReversed = atoi(CPLGetXMLValue(psTree, "Reversed", "0"));
data/gdal-3.0.4+dfsg/alg/gdalapplyverticalshiftgrid.cpp:564:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        atoi(CSLFetchNameValueDef(papszOptions, "BLOCKSIZE", "256")) );
data/gdal-3.0.4+dfsg/alg/gdalcutline.cpp:339:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szDataPointer[100] = {};
data/gdal-3.0.4+dfsg/alg/gdalgeoloc.cpp:170:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( psTransform->padfGeoLocX + j * nXSize,
data/gdal-3.0.4+dfsg/alg/gdalgeoloc.cpp:678:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( psTransform->sTI.abySignature,
data/gdal-3.0.4+dfsg/alg/gdalgeoloc.cpp:754:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        std::max(1, atoi(CSLFetchNameValue( papszGeolocationInfo, "X_BAND" )));
data/gdal-3.0.4+dfsg/alg/gdalgeoloc.cpp:758:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        std::max(1, atoi(CSLFetchNameValue( papszGeolocationInfo, "Y_BAND" )));
data/gdal-3.0.4+dfsg/alg/gdalgeoloc.cpp:1143:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int bReversed = atoi(CPLGetXMLValue(psTree, "Reversed", "0"));
data/gdal-3.0.4+dfsg/alg/gdalgrid.cpp:1760:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(poOptionsNew, poOptions,
data/gdal-3.0.4+dfsg/alg/gdalgrid.cpp:1868:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(poOptionsNew, poOptions,
data/gdal-3.0.4+dfsg/alg/gdalgrid.cpp:1879:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(poOptionsNew,
data/gdal-3.0.4+dfsg/alg/gdalgrid.cpp:1889:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(poOptionsNew, poOptions,
data/gdal-3.0.4+dfsg/alg/gdalgrid.cpp:1901:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(poOptionsNew, poOptions, sizeof(GDALGridDataMetricsOptions));
data/gdal-3.0.4+dfsg/alg/gdalgrid.cpp:1909:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(poOptionsNew, poOptions, sizeof(GDALGridDataMetricsOptions));
data/gdal-3.0.4+dfsg/alg/gdalgrid.cpp:1917:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(poOptionsNew, poOptions, sizeof(GDALGridDataMetricsOptions));
data/gdal-3.0.4+dfsg/alg/gdalgrid.cpp:1925:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(poOptionsNew, poOptions, sizeof(GDALGridDataMetricsOptions));
data/gdal-3.0.4+dfsg/alg/gdalgrid.cpp:1933:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(poOptionsNew, poOptions, sizeof(GDALGridDataMetricsOptions));
data/gdal-3.0.4+dfsg/alg/gdalgrid.cpp:1941:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(poOptionsNew, poOptions, sizeof(GDALGridDataMetricsOptions));
data/gdal-3.0.4+dfsg/alg/gdalgrid.cpp:1949:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(poOptionsNew, poOptions, sizeof(GDALGridLinearOptions));
data/gdal-3.0.4+dfsg/alg/gdalgrid.cpp:1976:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(padfXNew, padfX, nPoints * sizeof(double));
data/gdal-3.0.4+dfsg/alg/gdalgrid.cpp:1977:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(padfYNew, padfY, nPoints * sizeof(double));
data/gdal-3.0.4+dfsg/alg/gdalgrid.cpp:1978:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(padfZNew, padfZ, nPoints * sizeof(double));
data/gdal-3.0.4+dfsg/alg/gdalgrid.cpp:2049:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nThreads = atoi(pszThreads);
data/gdal-3.0.4+dfsg/alg/gdalgrid.cpp:2322:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&pasJobs[i], &sJob, sizeof(GDALGridJob));
data/gdal-3.0.4+dfsg/alg/gdalgrid.cpp:2671:55:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            poMetricsOptions->nMinPoints = pszValue ? atoi(pszValue) : 0;
data/gdal-3.0.4+dfsg/alg/gdalmatching.cpp:201:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nOctaveStart =atoi(CSLFetchNameValueDef(papszOptions, "OCTAVE_START", "2"));
data/gdal-3.0.4+dfsg/alg/gdalmatching.cpp:202:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nOctaveEnd = atoi(CSLFetchNameValueDef(papszOptions, "OCTAVE_END", "2"));
data/gdal-3.0.4+dfsg/alg/gdalpansharpen.cpp:125:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(psNewOptions->padfWeights,
data/gdal-3.0.4+dfsg/alg/gdalpansharpen.cpp:136:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(psNewOptions->pahInputSpectralBands,
data/gdal-3.0.4+dfsg/alg/gdalpansharpen.cpp:145:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(psNewOptions->panOutPansharpenedBands,
data/gdal-3.0.4+dfsg/alg/gdalpansharpen.cpp:377:54:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nThreads = std::max(0, std::min(128, atoi(pszNumThreads)));
data/gdal-3.0.4+dfsg/alg/gdalpansharpen.cpp:1200:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBuffer0[64] = {};
data/gdal-3.0.4+dfsg/alg/gdalpansharpen.cpp:1201:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBuffer1[64] = {};
data/gdal-3.0.4+dfsg/alg/gdalpansharpen.cpp:1202:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBuffer2[64] = {};
data/gdal-3.0.4+dfsg/alg/gdalpansharpen.cpp:1215:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szBuffer[32] = {};
data/gdal-3.0.4+dfsg/alg/gdalpansharpen.cpp:1401:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nBandBitDepth = atoi(pszNBITS);
data/gdal-3.0.4+dfsg/alg/gdalproximity.cpp:242:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            panTargetValues[i] = atoi(papszValuesTokens[i]);
data/gdal-3.0.4+dfsg/alg/gdalrasterize.cpp:846:57:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        if( pszYChunkSize == nullptr || ((nYChunkSize = atoi(pszYChunkSize))) == 0)
data/gdal-3.0.4+dfsg/alg/gdalrasterize.cpp:1204:44:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if( !(pszYChunkSize && ((nYChunkSize = atoi(pszYChunkSize))) != 0) )
data/gdal-3.0.4+dfsg/alg/gdalsievefilter.cpp:538:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( panThisLineWriteVal, panThisLineVal, 4 * nXSize );
data/gdal-3.0.4+dfsg/alg/gdalsimplewarp.cpp:90:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int nFromValue = atoi(papszTokens[0]);
data/gdal-3.0.4+dfsg/alg/gdalsimplewarp.cpp:91:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int nToValue = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/alg/gdalsimplewarp.cpp:154:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            panFromValue[iBand] = atoi(papszTokens[iBand]);
data/gdal-3.0.4+dfsg/alg/gdalsimplewarp.cpp:155:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            panToValue[iBand] = atoi(papszTokens[iBand+nMapBandCount]);
data/gdal-3.0.4+dfsg/alg/gdalsimplewarp.cpp:375:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    atoi(papszTokens[std::min(iBand, nTokenCount- 1)]);
data/gdal-3.0.4+dfsg/alg/gdaltransformer.cpp:542:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(padfXRevert, padfX, nSamplePoints * sizeof(double));
data/gdal-3.0.4+dfsg/alg/gdaltransformer.cpp:543:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(padfYRevert, padfY, nSamplePoints * sizeof(double));
data/gdal-3.0.4+dfsg/alg/gdaltransformer.cpp:544:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(padfZRevert, padfZ, nSamplePoints * sizeof(double));
data/gdal-3.0.4+dfsg/alg/gdaltransformer.cpp:978:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(psClonedInfo, psInfo, sizeof(GDALGenImgProjTransformInfo));
data/gdal-3.0.4+dfsg/alg/gdaltransformer.cpp:1170:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( psInfo->sTI.abySignature,
data/gdal-3.0.4+dfsg/alg/gdaltransformer.cpp:1483:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nOrder = pszValue ? atoi(pszValue) : 0;
data/gdal-3.0.4+dfsg/alg/gdaltransformer.cpp:1490:42:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nMinimumGcps =  pszValue ? atoi(pszValue) : -1;
data/gdal-3.0.4+dfsg/alg/gdaltransformer.cpp:1563:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( psInfo->adfSrcInvGeoTransform, psInfo->adfSrcGeoTransform,
data/gdal-3.0.4+dfsg/alg/gdaltransformer.cpp:1771:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( psInfo->adfDstInvGeoTransform, psInfo->adfDstGeoTransform,
data/gdal-3.0.4+dfsg/alg/gdaltransformer.cpp:2154:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( psInfo->adfSrcInvGeoTransform, psInfo->adfSrcGeoTransform,
data/gdal-3.0.4+dfsg/alg/gdaltransformer.cpp:2201:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( psInfo->adfDstInvGeoTransform, psInfo->adfDstGeoTransform,
data/gdal-3.0.4+dfsg/alg/gdaltransformer.cpp:2238:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( psInfo->adfDstGeoTransform, padfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/alg/gdaltransformer.cpp:2432:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szWork[200] = {};
data/gdal-3.0.4+dfsg/alg/gdaltransformer.cpp:2869:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( psInfo->sTI.abySignature,
data/gdal-3.0.4+dfsg/alg/gdaltransformer.cpp:3125:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(psClonedInfo, psInfo, sizeof(ApproxTransformInfo));
data/gdal-3.0.4+dfsg/alg/gdaltransformer.cpp:3256:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(psATInfo->sTI.abySignature,
data/gdal-3.0.4+dfsg/alg/gdaltransformer.cpp:4271:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( padfGeoTransform, psGenImgProjInfo->adfDstGeoTransform,
data/gdal-3.0.4+dfsg/alg/gdalwarper.cpp:1267:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
       memcpy( (psDstOptions->target), (psSrcOptions->target),          \
data/gdal-3.0.4+dfsg/alg/gdalwarper.cpp:1287:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( psDstOptions, psSrcOptions, sizeof(GDALWarpOptions) );
data/gdal-3.0.4+dfsg/alg/gdalwarper.cpp:1947:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            psWO->panSrcBands[iBand] = atoi(pszValue);
data/gdal-3.0.4+dfsg/alg/gdalwarper.cpp:1954:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            psWO->panDstBands[iBand] = atoi(pszValue);
data/gdal-3.0.4+dfsg/alg/gdalwarper.cpp:1997:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        atoi( CPLGetXMLValue( psTree, "SrcAlphaBand", "0" ) );
data/gdal-3.0.4+dfsg/alg/gdalwarper.cpp:1999:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        atoi( CPLGetXMLValue( psTree, "DstAlphaBand", "0" ) );
data/gdal-3.0.4+dfsg/alg/gdalwarpkernel.cpp:335:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nThreads = atoi(pszWarpThreads);
data/gdal-3.0.4+dfsg/alg/gdalwarpkernel.cpp:520:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nWarpChunkSize = atoi(
data/gdal-3.0.4+dfsg/alg/gdalwarpkernel.cpp:1140:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        atoi(CSLFetchNameValueDef(papszWarpOptions,
data/gdal-3.0.4+dfsg/alg/gdalwarpkernel.cpp:2731:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&i, ptr, 4);
data/gdal-3.0.4+dfsg/alg/gdalwarpkernel.cpp:2751:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&i, ptr, 8);
data/gdal-3.0.4+dfsg/alg/gdalwarpkernel.cpp:4511:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( padfX, padfX + nDstXSize, sizeof(double) * nDstXSize );
data/gdal-3.0.4+dfsg/alg/gdalwarpkernel.cpp:4636:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(&(pabyDst[iDstY*nDstXSize]),
data/gdal-3.0.4+dfsg/alg/gdalwarpkernel.cpp:4640:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(&(reinterpret_cast<GInt16 *>(pabyDst)[iDstY*nDstXSize]),
data/gdal-3.0.4+dfsg/alg/gdalwarpkernel.cpp:4644:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(&(reinterpret_cast<GUInt16 *>(pabyDst)[iDstY*nDstXSize]),
data/gdal-3.0.4+dfsg/alg/gdalwarpkernel.cpp:4648:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(&(reinterpret_cast<float *>(pabyDst)[iDstY*nDstXSize]),
data/gdal-3.0.4+dfsg/alg/gdalwarpkernel.cpp:4823:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( padfX, padfX + nDstXSize, sizeof(double) * nDstXSize );
data/gdal-3.0.4+dfsg/alg/gdalwarpkernel.cpp:5048:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( padfX, padfX + nDstXSize, sizeof(double) * nDstXSize );
data/gdal-3.0.4+dfsg/alg/gdalwarpkernel.cpp:5297:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( padfX, padfX + nDstXSize, sizeof(double) * nDstXSize );
data/gdal-3.0.4+dfsg/alg/gdalwarpkernel.cpp:5514:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( padfX, padfX + nDstXSize, sizeof(double) * nDstXSize );
data/gdal-3.0.4+dfsg/alg/gdalwarpkernel_opencl.cpp:1590:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char dummyImageData[16];
data/gdal-3.0.4+dfsg/alg/gdalwarpkernel_opencl.cpp:1880:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(realDst, srcImgData, width*height*sizeof(unsigned char));
data/gdal-3.0.4+dfsg/alg/gdalwarpkernel_opencl.cpp:1886:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(realDst, srcImgData, width*height*sizeof(char));
data/gdal-3.0.4+dfsg/alg/gdalwarpkernel_opencl.cpp:1892:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(realDst, srcImgData, width*height*sizeof(unsigned short));
data/gdal-3.0.4+dfsg/alg/gdalwarpkernel_opencl.cpp:1898:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(realDst, srcImgData, width*height*sizeof(short));
data/gdal-3.0.4+dfsg/alg/gdalwarpkernel_opencl.cpp:1904:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(realDst, srcImgData, width*height*sizeof(float));
data/gdal-3.0.4+dfsg/alg/gdalwarpkernel_opencl.cpp:2244:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&(warper->nBandSrcValid[bandNum*stride]), bandSrcValid, sizeof(int) * stride);
data/gdal-3.0.4+dfsg/alg/gdalwarpoperation.cpp:398:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        if( atoi(CSLFetchNameValue( psOptions->papszWarpOptions,
data/gdal-3.0.4+dfsg/alg/gdalwarpoperation.cpp:479:47:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        pszAlphaMax = CPLSPrintf("%u", (1U << atoi(pszNBits)) - 1U);
data/gdal-3.0.4+dfsg/alg/gdalwarpoperation.cpp:2437:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                atoi(CSLFetchNameValue( psOptions->papszWarpOptions,
data/gdal-3.0.4+dfsg/alg/gdalwarpoperation.cpp:2567:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(CSLFetchNameValue( psOptions->papszWarpOptions,
data/gdal-3.0.4+dfsg/alg/gdalwarpoperation.cpp:2835:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nResWinSize += atoi(
data/gdal-3.0.4+dfsg/alg/internal_libqhull/geom2.c:39:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((char *)newpoints, (char *)points, (size_t)size);
data/gdal-3.0.4+dfsg/alg/internal_libqhull/global.c:1313:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char filename[qh_FILENAMElen];
data/gdal-3.0.4+dfsg/alg/internal_libqhull/global.c:1333:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
              char filename[qh_FILENAMElen];
data/gdal-3.0.4+dfsg/alg/internal_libqhull/global.c:1892:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
  strcat(qh qhull, "qhull");
data/gdal-3.0.4+dfsg/alg/internal_libqhull/global.c:2026:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[200];
data/gdal-3.0.4+dfsg/alg/internal_libqhull/global.c:2031:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf+strlen(buf), " %d", *i);
data/gdal-3.0.4+dfsg/alg/internal_libqhull/global.c:2033:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf+strlen(buf), " %2.2g", *r);
data/gdal-3.0.4+dfsg/alg/internal_libqhull/io.c:3594:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *t, firstline[qh_MAXfirst+1];
data/gdal-3.0.4+dfsg/alg/internal_libqhull/libqhull.h:560:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char  qhull_command[256];/* command line that invoked this program */
data/gdal-3.0.4+dfsg/alg/internal_libqhull/libqhull.h:562:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char  rbox_command[256]; /* command line that produced the input points */
data/gdal-3.0.4+dfsg/alg/internal_libqhull/libqhull.h:563:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char  qhull_options[512];/* descriptive list of options */
data/gdal-3.0.4+dfsg/alg/internal_libqhull/libqhull.h:617:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char qhull[sizeof("qhull")]; /* "qhull" for checking ownership while debugging */
data/gdal-3.0.4+dfsg/alg/internal_libqhull/libqhull.h:619:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char jmpXtra[40];       /* extra bytes in case jmp_buf is defined wrong by compiler */
data/gdal-3.0.4+dfsg/alg/internal_libqhull/libqhull.h:621:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char jmpXtra2[40];      /* extra bytes in case jmp_buf is defined wrong by compiler*/
data/gdal-3.0.4+dfsg/alg/internal_libqhull/qset.c:185:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((char *)&((*setp)->e[size].p), (char *)&(setA->e[0].p), (size_t)(sizeA+1) * SETelemsize);
data/gdal-3.0.4+dfsg/alg/internal_libqhull/qset.c:318:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((char *)&(newset->e[0].p), (char *)&(set->e[0].p), (size_t)(size+1) * SETelemsize);
data/gdal-3.0.4+dfsg/alg/internal_libqhull/qset.c:556:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(newElem, elem, (size_t)elemsize);
data/gdal-3.0.4+dfsg/alg/internal_libqhull/qset.c:874:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((char *)newp, (char *)oldp, (size_t)(size+1) * SETelemsize);
data/gdal-3.0.4+dfsg/alg/internal_libqhull/qset.c:1009:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((char *)newp, (char *)oldp, (size_t)nth * SETelemsize);
data/gdal-3.0.4+dfsg/alg/internal_libqhull/qset.c:1037:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((char *)newp, (char *)oldp, (size_t)tailsize * SETelemsize);
data/gdal-3.0.4+dfsg/alg/internal_libqhull/rboxlib.c:104:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char command[200], seedbuf[200];
data/gdal-3.0.4+dfsg/alg/internal_libqhull/rboxlib.c:349:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(seedbuf, " t%d", seed);  /* appends an extra t, not worth removing */
data/gdal-3.0.4+dfsg/alg/internal_libqhull/stat.h:503:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned   char id[ZEND+10]; /* id's in print order */
data/gdal-3.0.4+dfsg/alg/internal_libqhull/stat.h:504:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  const char *doc[ZEND];       /* array of documentation strings */
data/gdal-3.0.4+dfsg/alg/internal_libqhull/stat.h:506:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char       type[ZEND];      /* type, see ztypes above */
data/gdal-3.0.4+dfsg/alg/internal_libqhull/stat.h:507:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char       printed[ZEND];   /* true, if statistic has been printed */
data/gdal-3.0.4+dfsg/alg/internal_qhull_headers.h:77:5:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
f = open('headers.txt')
data/gdal-3.0.4+dfsg/alg/polygonize.cpp:739:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&aInt, &A, 4);
data/gdal-3.0.4+dfsg/alg/polygonize.cpp:747:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&bInt, &B, 4);
data/gdal-3.0.4+dfsg/alg/rasterfill.cpp:275:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( pafThisPass + iThisOffset * nXSize,
data/gdal-3.0.4+dfsg/alg/thinplatespline.cpp:306:29:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define GET_HIGH_WORD(hx,x) memcpy(&hx, reinterpret_cast<char*>(&x)+4,4)
data/gdal-3.0.4+dfsg/alg/thinplatespline.cpp:307:29:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define SET_HIGH_WORD(x,hx) memcpy(reinterpret_cast<char*>(&x)+4, &hx,4)
data/gdal-3.0.4+dfsg/apps/dumpoverviews.cpp:81:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        else if( atoi(argv[iArg]) > 0 || EQUAL(argv[iArg],"0") )
data/gdal-3.0.4+dfsg/apps/dumpoverviews.cpp:83:51:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            anReqOverviews[nReqOverviewCount++] = atoi(argv[iArg]);
data/gdal-3.0.4+dfsg/apps/dumpoverviews.cpp:222:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( adfOvGeoTransform, adfGeoTransform,
data/gdal-3.0.4+dfsg/apps/gdal2ogr.c:108:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            iBand = atoi(argv[++i]);
data/gdal-3.0.4+dfsg/apps/gdal2ogr.c:128:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            xStep = yStep = atoi(argv[++i]);
data/gdal-3.0.4+dfsg/apps/gdal2ogr.c:179:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        fOut = fopen(pszDstFilename, "wt");
data/gdal-3.0.4+dfsg/apps/gdal2ogr.c:190:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        fOutCSVT = fopen(pszDstFilenameCSVT, "wt");
data/gdal-3.0.4+dfsg/apps/gdal2ogr.c:202:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(pszDstFilenameVRT + strlen(pszDstFilename) - 3, "vrt");
data/gdal-3.0.4+dfsg/apps/gdal2ogr.c:203:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        fOutVRT = fopen(pszDstFilenameVRT, "wt");
data/gdal-3.0.4+dfsg/apps/gdal_contour.cpp:121:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (atoi(GDALVersionInfo("VERSION_NUM")) < 1400)
data/gdal-3.0.4+dfsg/apps/gdal_contour.cpp:198:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nBandIn = atoi(argv[++i]);
data/gdal-3.0.4+dfsg/apps/gdal_grid_lib.cpp:1092:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            psOptions->nXSize = atoi(papszArgv[++i]);
data/gdal-3.0.4+dfsg/apps/gdal_grid_lib.cpp:1093:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            psOptions->nYSize = atoi(papszArgv[++i]);
data/gdal-3.0.4+dfsg/apps/gdal_rasterize_lib.cpp:885:53:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    psOptions->anBandList.push_back(atoi(*papszIter));
data/gdal-3.0.4+dfsg/apps/gdal_rasterize_lib.cpp:895:53:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    psOptions->anBandList.push_back(atoi(papszArgv[i+1]));
data/gdal-3.0.4+dfsg/apps/gdal_rasterize_lib.cpp:1070:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            psOptions->nXSize = atoi(papszArgv[++i]);
data/gdal-3.0.4+dfsg/apps/gdal_rasterize_lib.cpp:1071:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            psOptions->nYSize = atoi(papszArgv[++i]);
data/gdal-3.0.4+dfsg/apps/gdal_translate_lib.cpp:448:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(psOptions, psOptionsIn, sizeof(GDALTranslateOptions));
data/gdal-3.0.4+dfsg/apps/gdal_translate_lib.cpp:454:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(psOptions->panBandList, psOptionsIn->panBandList,
data/gdal-3.0.4+dfsg/apps/gdal_translate_lib.cpp:463:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(psOptions->pasScaleParams, psOptionsIn->pasScaleParams,
data/gdal-3.0.4+dfsg/apps/gdal_translate_lib.cpp:470:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(psOptions->padfExponent, psOptionsIn->padfExponent,
data/gdal-3.0.4+dfsg/apps/gdal_translate_lib.cpp:483:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(psOptions->panColorInterp, psOptionsIn->panColorInterp,
data/gdal-3.0.4+dfsg/apps/gdal_translate_lib.cpp:1285:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(adfSrcWinOri, psOptions->adfSrcWin, sizeof(psOptions->adfSrcWin));
data/gdal-3.0.4+dfsg/apps/gdal_translate_lib.cpp:1556:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    GInt32 nMin = atoi(pszMin);
data/gdal-3.0.4+dfsg/apps/gdal_translate_lib.cpp:2224:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            const int nBand = atoi(pszBand);
data/gdal-3.0.4+dfsg/apps/gdal_translate_lib.cpp:2263:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                const int nBand = atoi(pszBand);
data/gdal-3.0.4+dfsg/apps/gdal_translate_lib.cpp:2379:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nIndex = atoi(papszArgv[i] + 7);
data/gdal-3.0.4+dfsg/apps/gdal_translate_lib.cpp:2445:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nIndex = atoi(papszArgv[i] + 10);
data/gdal-3.0.4+dfsg/apps/gdal_translate_lib.cpp:2497:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                psOptions->nOXSizePixel = atoi(papszArgv[i]);
data/gdal-3.0.4+dfsg/apps/gdal_translate_lib.cpp:2503:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                psOptions->nOYSizePixel = atoi(papszArgv[i]);
data/gdal-3.0.4+dfsg/apps/gdal_translate_lib.cpp:2625:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nIndex = atoi(papszArgv[i] + strlen("-colorinterp_"));
data/gdal-3.0.4+dfsg/apps/gdal_translate_lib.cpp:2657:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            psOptions->nLimitOutSize = atoi(papszArgv[i+1]);
data/gdal-3.0.4+dfsg/apps/gdaladdo.cpp:117:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (atoi(GDALVersionInfo("VERSION_NUM")) < 1700)
data/gdal-3.0.4+dfsg/apps/gdaladdo.cpp:185:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            const int nBand = atoi(pszBand);
data/gdal-3.0.4+dfsg/apps/gdaladdo.cpp:207:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nMinSize = atoi(papszArgv[++iArg]);
data/gdal-3.0.4+dfsg/apps/gdaladdo.cpp:217:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        else if( atoi(papszArgv[iArg]) > 0 &&
data/gdal-3.0.4+dfsg/apps/gdaladdo.cpp:220:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            anLevels[nLevelCount++] = atoi(papszArgv[iArg]);
data/gdal-3.0.4+dfsg/apps/gdalasyncread.cpp:160:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            if( atoi(argv[i+1]) < 1 )
data/gdal-3.0.4+dfsg/apps/gdalasyncread.cpp:171:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            panBandList[nBandCount-1] = atoi(argv[++i]);
data/gdal-3.0.4+dfsg/apps/gdalasyncread.cpp:199:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            anSrcWin[0] = atoi(argv[++i]);
data/gdal-3.0.4+dfsg/apps/gdalasyncread.cpp:200:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            anSrcWin[1] = atoi(argv[++i]);
data/gdal-3.0.4+dfsg/apps/gdalasyncread.cpp:201:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            anSrcWin[2] = atoi(argv[++i]);
data/gdal-3.0.4+dfsg/apps/gdalasyncread.cpp:202:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            anSrcWin[3] = atoi(argv[++i]);
data/gdal-3.0.4+dfsg/apps/gdalasyncread.cpp:293:66:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                          ? CPLAtof(pszOXSize)/100*anSrcWin[2] : atoi(pszOXSize)));
data/gdal-3.0.4+dfsg/apps/gdalasyncread.cpp:295:66:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                          ? CPLAtof(pszOYSize)/100*anSrcWin[3] : atoi(pszOYSize)));
data/gdal-3.0.4+dfsg/apps/gdalbuildvrt_lib.cpp:295:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pahSrcDS, pahSrcDSIn, nInputFiles * sizeof(GDALDatasetH));
data/gdal-3.0.4+dfsg/apps/gdalbuildvrt_lib.cpp:309:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(panBandList, panBandListIn, nBands * sizeof(int));
data/gdal-3.0.4+dfsg/apps/gdalbuildvrt_lib.cpp:460:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char subdatasetNameKey[80];
data/gdal-3.0.4+dfsg/apps/gdalbuildvrt_lib.cpp:477:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char        subdatasetNameKey[80];
data/gdal-3.0.4+dfsg/apps/gdalbuildvrt_lib.cpp:1501:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(psOptions, psOptionsIn, sizeof(GDALBuildVRTOptions));
data/gdal-3.0.4+dfsg/apps/gdalbuildvrt_lib.cpp:1510:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(psOptions->panBandList, psOptionsIn->panBandList, sizeof(int) * psOptionsIn->nBandCount);
data/gdal-3.0.4+dfsg/apps/gdalbuildvrt_lib.cpp:1761:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            psOptions->nSubdataset = atoi(papszArgv[++iArg]);
data/gdal-3.0.4+dfsg/apps/gdalbuildvrt_lib.cpp:1808:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nBand = atoi(pszBand);
data/gdal-3.0.4+dfsg/apps/gdaldem_lib.cpp:1885:57:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            pasColorAssociation[nColorAssociation].nR = atoi(papszFields[1]);
data/gdal-3.0.4+dfsg/apps/gdaldem_lib.cpp:1886:57:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            pasColorAssociation[nColorAssociation].nG = atoi(papszFields[2]);
data/gdal-3.0.4+dfsg/apps/gdaldem_lib.cpp:1887:57:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            pasColorAssociation[nColorAssociation].nB = atoi(papszFields[3]);
data/gdal-3.0.4+dfsg/apps/gdaldem_lib.cpp:1892:57:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            pasColorAssociation[nColorAssociation].nR = atoi(papszFields[5]);
data/gdal-3.0.4+dfsg/apps/gdaldem_lib.cpp:1893:57:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            pasColorAssociation[nColorAssociation].nG = atoi(papszFields[6]);
data/gdal-3.0.4+dfsg/apps/gdaldem_lib.cpp:1894:57:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            pasColorAssociation[nColorAssociation].nB = atoi(papszFields[7]);
data/gdal-3.0.4+dfsg/apps/gdaldem_lib.cpp:1910:61:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                pasColorAssociation[nColorAssociation].nR = atoi(papszFields[1]);
data/gdal-3.0.4+dfsg/apps/gdaldem_lib.cpp:1911:61:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                pasColorAssociation[nColorAssociation].nG = atoi(papszFields[2]);
data/gdal-3.0.4+dfsg/apps/gdaldem_lib.cpp:1912:61:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                pasColorAssociation[nColorAssociation].nB = atoi(papszFields[3]);
data/gdal-3.0.4+dfsg/apps/gdaldem_lib.cpp:1950:61:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                pasColorAssociation[nColorAssociation].nR = atoi(papszFields[1]);
data/gdal-3.0.4+dfsg/apps/gdaldem_lib.cpp:1951:61:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                pasColorAssociation[nColorAssociation].nG = atoi(papszFields[2]);
data/gdal-3.0.4+dfsg/apps/gdaldem_lib.cpp:1952:61:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                pasColorAssociation[nColorAssociation].nB = atoi(papszFields[3]);
data/gdal-3.0.4+dfsg/apps/gdaldem_lib.cpp:1954:57:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        (CSLCount(papszFields) >= 5 ) ? atoi(papszFields[4]) : 255;
data/gdal-3.0.4+dfsg/apps/gdaldem_lib.cpp:1976:53:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    (CSLCount(papszFields) >= 3 ) ? atoi(papszFields[2]) : 255;
data/gdal-3.0.4+dfsg/apps/gdaldem_lib.cpp:4071:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            psOptions->nBand = atoi(papszArgv[++i]);
data/gdal-3.0.4+dfsg/apps/gdalenhance.cpp:320:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                || atoi(papszTokens[0]) != iBand+1 )
data/gdal-3.0.4+dfsg/apps/gdalenhance.cpp:346:42:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                papanLUTs[iBand][iLUT] = atoi(papszTokens[iLUT+3]);
data/gdal-3.0.4+dfsg/apps/gdalenhance.cpp:360:24:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            fpConfig = fopen( pszConfigFile, "w" );
data/gdal-3.0.4+dfsg/apps/gdalinfo_bin.cpp:192:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szKeyName[1024];
data/gdal-3.0.4+dfsg/apps/gdalinfo_lib.cpp:1881:51:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                psOptionsForBinary->nSubdataset = atoi(papszArgv[i]);
data/gdal-3.0.4+dfsg/apps/gdallocationinfo.cpp:248:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            anBandList.push_back( atoi(argv[++i]) );
data/gdal-3.0.4+dfsg/apps/gdallocationinfo.cpp:252:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nOverview = atoi(argv[++i]) - 1;
data/gdal-3.0.4+dfsg/apps/gdalmanage.cpp:184:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (atoi(GDALVersionInfo("VERSION_NUM")) < 1500)
data/gdal-3.0.4+dfsg/apps/gdalserver.cpp:211:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    sockAddrIn.sin_port = htons(atoi(pszService));
data/gdal-3.0.4+dfsg/apps/gdalserver.cpp:272:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szReady[5];
data/gdal-3.0.4+dfsg/apps/gdalserver.cpp:696:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            pipe_in = atoi(argv[i]);
data/gdal-3.0.4+dfsg/apps/gdalserver.cpp:700:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                close(atoi(pszComma + 1));
data/gdal-3.0.4+dfsg/apps/gdalserver.cpp:707:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            pipe_out = atoi(argv[i]);
data/gdal-3.0.4+dfsg/apps/gdalserver.cpp:711:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                close(atoi(pszComma + 1));
data/gdal-3.0.4+dfsg/apps/gdalsrsinfo.cpp:213:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    nEPSGCode = atoi(pszAuthorityCode);
data/gdal-3.0.4+dfsg/apps/gdaltindex.cpp:100:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if( atoi(GDALVersionInfo("VERSION_NUM")) < 1400 )
data/gdal-3.0.4+dfsg/apps/gdaltransform.cpp:112:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (atoi(GDALVersionInfo("VERSION_NUM")) < 1500)
data/gdal-3.0.4+dfsg/apps/gdaltransform.cpp:185:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nOrder = atoi(argv[++i]);
data/gdal-3.0.4+dfsg/apps/gdaltransform.cpp:332:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szLine[1024];
data/gdal-3.0.4+dfsg/apps/gdalwarp_lib.cpp:511:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(psOptions, psOptionsIn, sizeof(GDALWarpAppOptions));
data/gdal-3.0.4+dfsg/apps/gdalwarp_lib.cpp:2175:63:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                FILE* f = EQUAL(pszFile, "stderr") ? stderr : fopen(pszFile, "wb");
data/gdal-3.0.4+dfsg/apps/gdalwarp_lib.cpp:3524:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            if (i < argc-1 && atoi(papszArgv[i+1]) >= 0 && isdigit(papszArgv[i+1][0]))
data/gdal-3.0.4+dfsg/apps/gdalwarp_lib.cpp:3635:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            psOptions->nForcePixels = atoi(papszArgv[++i]);
data/gdal-3.0.4+dfsg/apps/gdalwarp_lib.cpp:3636:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            psOptions->nForceLines = atoi(papszArgv[++i]);
data/gdal-3.0.4+dfsg/apps/gdalwarp_lib.cpp:3782:42:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                psOptions->nOvLevel = -2-atoi(pszOvLevel + 5);
data/gdal-3.0.4+dfsg/apps/gdalwarp_lib.cpp:3786:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                psOptions->nOvLevel = atoi(pszOvLevel);
data/gdal-3.0.4+dfsg/apps/gdalwarpsimple.c:157:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nOrder = atoi(argv[++i]);
data/gdal-3.0.4+dfsg/apps/gdalwarpsimple.c:171:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nForcePixels = atoi(argv[++i]);
data/gdal-3.0.4+dfsg/apps/gdalwarpsimple.c:172:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nForceLines = atoi(argv[++i]);
data/gdal-3.0.4+dfsg/apps/gnmanalyse.cpp:439:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nFromFID = atoi(papszArgv[++iArg]);
data/gdal-3.0.4+dfsg/apps/gnmanalyse.cpp:440:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nToFID = atoi(papszArgv[++iArg]);
data/gdal-3.0.4+dfsg/apps/gnmanalyse.cpp:447:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nFromFID = atoi(papszArgv[++iArg]);
data/gdal-3.0.4+dfsg/apps/gnmanalyse.cpp:448:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nToFID = atoi(papszArgv[++iArg]);
data/gdal-3.0.4+dfsg/apps/gnmanalyse.cpp:449:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nK = atoi(papszArgv[++iArg]);
data/gdal-3.0.4+dfsg/apps/gnmmanage.cpp:284:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nSrcFID = atoi(papszArgv[++iArg]);
data/gdal-3.0.4+dfsg/apps/gnmmanage.cpp:285:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nTgtFID = atoi(papszArgv[++iArg]);
data/gdal-3.0.4+dfsg/apps/gnmmanage.cpp:286:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nConFID = atoi(papszArgv[++iArg]);
data/gdal-3.0.4+dfsg/apps/gnmmanage.cpp:302:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            eDir = atoi(papszArgv[++iArg]);
data/gdal-3.0.4+dfsg/apps/gnmmanage.cpp:309:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nSrcFID = atoi(papszArgv[++iArg]);
data/gdal-3.0.4+dfsg/apps/gnmmanage.cpp:310:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nTgtFID = atoi(papszArgv[++iArg]);
data/gdal-3.0.4+dfsg/apps/gnmmanage.cpp:311:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nConFID = atoi(papszArgv[++iArg]);
data/gdal-3.0.4+dfsg/apps/gnmmanage.cpp:341:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            anFIDsToBlock.push_back(atoi(papszArgv[++iArg]));
data/gdal-3.0.4+dfsg/apps/gnmmanage.cpp:347:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            anFIDsToUnblock.push_back(atoi(papszArgv[++iArg]));
data/gdal-3.0.4+dfsg/apps/multireadtest.cpp:138:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nIterations = atoi(argv[++iArg]);
data/gdal-3.0.4+dfsg/apps/multireadtest.cpp:142:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nOpenIterations = atoi(argv[++iArg]);
data/gdal-3.0.4+dfsg/apps/multireadtest.cpp:146:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nThreadCount = atoi(argv[++iArg]);
data/gdal-3.0.4+dfsg/apps/nearblack_lib.cpp:835:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    oColor.push_back( atoi( papszTokens[iToken] ) );
data/gdal-3.0.4+dfsg/apps/nearblack_lib.cpp:868:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            psOptions->nMaxNonBlack = atoi(papszArgv[++i]);
data/gdal-3.0.4+dfsg/apps/nearblack_lib.cpp:872:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            psOptions->nNearDist = atoi(papszArgv[++i]);
data/gdal-3.0.4+dfsg/apps/ogr2ogr_lib.cpp:1228:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(psOptions, psOptionsIn, sizeof(GDALVectorTranslateOptions));
data/gdal-3.0.4+dfsg/apps/ogr2ogr_lib.cpp:3893:50:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            panMap[iField] = bIdentity? iField : atoi(m_papszFieldMap[iField]);
data/gdal-3.0.4+dfsg/apps/ogr2ogr_lib.cpp:4115:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char szTry[32];
data/gdal-3.0.4+dfsg/apps/ogr2ogr_lib.cpp:5223:53:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    psOptions->nGroupTransactions = atoi(papszArgv[i]);
data/gdal-3.0.4+dfsg/apps/ogr2ogr_lib.cpp:5554:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                int nTemp = atoi(papszArgv[i+1]);
data/gdal-3.0.4+dfsg/apps/ogr2ogr_lib.cpp:5604:42:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            psOptions->nTransformOrder = atoi( papszArgv[++i] );
data/gdal-3.0.4+dfsg/apps/ogrdissolve.cpp:138:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nFIDToFetch = atoi(papszArgv[++iArg]);
data/gdal-3.0.4+dfsg/apps/ogrdissolve.cpp:184:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nGroupTransactions = atoi(papszArgv[++iArg]);
data/gdal-3.0.4+dfsg/apps/ogrinfo.cpp:183:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char pszDisplayedname[256];
data/gdal-3.0.4+dfsg/apps/ogrinfo.cpp:628:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nRepeatCount = atoi(papszArgv[++iArg]);
data/gdal-3.0.4+dfsg/apps/ogrtindex.cpp:360:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                && atoi(papszArgv[iArg+1]) == iLayer )
data/gdal-3.0.4+dfsg/apps/ogrtindex.cpp:449:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    const int iLayer = atoi(filename + j + 1);
data/gdal-3.0.4+dfsg/apps/ogrtindex.cpp:534:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    && atoi(papszArgv[iArg+1]) == iLayer )
data/gdal-3.0.4+dfsg/apps/ogrtindex.cpp:550:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szLocation[5000] = {};
data/gdal-3.0.4+dfsg/apps/ogrtindex.cpp:733:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szLocation[5000] = {};
data/gdal-3.0.4+dfsg/apps/test_ogrsf.cpp:80:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE* f = fopen(pszLogFilename, "at");
data/gdal-3.0.4+dfsg/apps/test_ogrsf.cpp:157:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nThreads = atoi(papszArgv[++iArg]);
data/gdal-3.0.4+dfsg/apps/test_ogrsf.cpp:161:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nLoops = atoi(papszArgv[++iArg]);
data/gdal-3.0.4+dfsg/apps/test_ogrsf.cpp:2345:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szFormat[32];
data/gdal-3.0.4+dfsg/apps/testreprojmulti.cpp:64:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(padfResultX, padfRefX, 1024 * sizeof(double));
data/gdal-3.0.4+dfsg/apps/testreprojmulti.cpp:65:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(padfResultY, padfRefY, 1024 * sizeof(double));
data/gdal-3.0.4+dfsg/apps/testreprojmulti.cpp:84:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nThreads = atoi(argv[++i]);
data/gdal-3.0.4+dfsg/apps/testreprojmulti.cpp:86:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nCountIter = atoi(argv[++i]);
data/gdal-3.0.4+dfsg/apps/testreprojmulti.cpp:109:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(padfRefResultX, padfRefX, 1024 * sizeof(double));
data/gdal-3.0.4+dfsg/apps/testreprojmulti.cpp:110:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(padfRefResultY, padfRefY, 1024 * sizeof(double));
data/gdal-3.0.4+dfsg/frmts/aaigrid/aaigriddataset.cpp:168:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szToken[500] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/aaigrid/aaigriddataset.cpp:203:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    static_cast<GInt32>(atoi(szToken));
data/gdal-3.0.4+dfsg/frmts/aaigrid/aaigriddataset.cpp:425:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nRasterXSize = atoi(papszTokens[i + 1]);
data/gdal-3.0.4+dfsg/frmts/aaigrid/aaigriddataset.cpp:432:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nRasterYSize = atoi(papszTokens[i + 1]);
data/gdal-3.0.4+dfsg/frmts/aaigrid/aaigriddataset.cpp:591:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nRasterXSize = atoi(papszTokens[i + 1]);
data/gdal-3.0.4+dfsg/frmts/aaigrid/aaigriddataset.cpp:598:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nRasterYSize = atoi(papszTokens[i + 1]);
data/gdal-3.0.4+dfsg/frmts/aaigrid/aaigriddataset.cpp:886:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(padfTransform, adfGeoTransform, sizeof(double) * 6);
data/gdal-3.0.4+dfsg/frmts/aaigrid/aaigriddataset.cpp:935:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szHeader[2000] = {};
data/gdal-3.0.4+dfsg/frmts/aaigrid/aaigriddataset.cpp:983:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szFormatFloat[32] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/aaigrid/aaigriddataset.cpp:984:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(szFormatFloat, " %.20g");
data/gdal-3.0.4+dfsg/frmts/aaigrid/aaigriddataset.cpp:999:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nPrecision = atoi(pszSignificantDigits);
data/gdal-3.0.4+dfsg/frmts/aaigrid/aaigriddataset.cpp:1007:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nPrecision = atoi(pszDecimalPrecision);
data/gdal-3.0.4+dfsg/frmts/aaigrid/aaigriddataset.cpp:1112:25:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
                        strcat(szHeader, ".0");
data/gdal-3.0.4+dfsg/frmts/aaigrid/aaigriddataset.h:90:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char achReadBuf[256];
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:342:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char formatStr[32];
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:366:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char str[11+1];
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:380:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char str[10+1];
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:409:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLeader[24+1];
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:463:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLeader[24+1];
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:694:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szName[80];
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:754:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfGeoTransform, adfGeoTransform, sizeof(double)*6 );
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:766:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( adfGeoTransform, padfGeoTransform, sizeof(double)*6 );
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:777:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ddd[3+1] = { 0 };
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:778:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mm[2+1] = { 0 };
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:779:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ssdotss[5+1] = { 0 };
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:796:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ddd[2+1] = { 0 };
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:797:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mm[2+1] = { 0 };
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:798:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ssdotss[5+1] = { 0 };
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:1104:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char offset[5+1]={0};
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:1109:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            TILEINDEX[i] = atoi(offset);
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:1125:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char recordName[3];
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:1255:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szValue[32];
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:1892:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[12+1];
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:2069:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[12+1] = {};
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:2080:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(tmp, "02");
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:2335:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char tmp[12+1] = {};
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:2352:13:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
            strcat(tmp, "02.IMG");
data/gdal-3.0.4+dfsg/frmts/adrg/srpdataset.cpp:568:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char offset[30] = {0};
data/gdal-3.0.4+dfsg/frmts/adrg/srpdataset.cpp:594:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            TILEINDEX[i] = atoi(offset);
data/gdal-3.0.4+dfsg/frmts/adrg/srpdataset.cpp:629:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char recordName[3] = {};
data/gdal-3.0.4+dfsg/frmts/adrg/srpdataset.cpp:679:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szValue[32] = {};
data/gdal-3.0.4+dfsg/frmts/adrg/srpdataset.cpp:753:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        char dat[9];
data/gdal-3.0.4+dfsg/frmts/adrg/srpdataset.cpp:773:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        char dat[9];
data/gdal-3.0.4+dfsg/frmts/adrg/srpdataset.cpp:910:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szName[80];
data/gdal-3.0.4+dfsg/frmts/adrg/srpdataset.cpp:1260:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char szValue[5];
data/gdal-3.0.4+dfsg/frmts/adrg/srpdataset.cpp:1276:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        char dat[9];
data/gdal-3.0.4+dfsg/frmts/aigrid/aigccitt.c:1137:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char aig_TIFFBitRevTable[256] = {
data/gdal-3.0.4+dfsg/frmts/aigrid/aigccitt.c:1173:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char aig_TIFFNoBitRevTable[256] = {
data/gdal-3.0.4+dfsg/frmts/aigrid/aigccitt.c:1877:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char runs_buf[4000];
data/gdal-3.0.4+dfsg/frmts/aigrid/aigdataset.cpp:824:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nIndex = atoi(papszTokens[0]);
data/gdal-3.0.4+dfsg/frmts/aigrid/aigdataset.cpp:825:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            sEntry.c1 = (short) atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/frmts/aigrid/aigdataset.cpp:826:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            sEntry.c2 = (short) atoi(papszTokens[2]);
data/gdal-3.0.4+dfsg/frmts/aigrid/aigdataset.cpp:827:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            sEntry.c3 = (short) atoi(papszTokens[3]);
data/gdal-3.0.4+dfsg/frmts/aigrid/aigopen.c:197:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBasename[32];
data/gdal-3.0.4+dfsg/frmts/aigrid/aitest.c:50:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char abyBlockSize[2];
data/gdal-3.0.4+dfsg/frmts/aigrid/aitest.c:134:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            iTestTileX = atoi(argv[2]);
data/gdal-3.0.4+dfsg/frmts/aigrid/aitest.c:135:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            iTestTileY = atoi(argv[3]);
data/gdal-3.0.4+dfsg/frmts/aigrid/aitest.c:196:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    while( argc > 2 && (atoi(argv[2]) > 0 || argv[2][0] == '0') )
data/gdal-3.0.4+dfsg/frmts/aigrid/aitest.c:198:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int	nBlock = atoi(argv[2]);
data/gdal-3.0.4+dfsg/frmts/aigrid/gridlib.c:147:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(panData + i, pabyCur, 4);
data/gdal-3.0.4+dfsg/frmts/aigrid/gridlib.c:387:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &nValue, pabyCur, 4 );
data/gdal-3.0.4+dfsg/frmts/aigrid/gridlib.c:693:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &nMin, pabyCur, 4 );
data/gdal-3.0.4+dfsg/frmts/aigrid/gridlib.c:846:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &(psInfo->nCellType), abyData+16, 4 );
data/gdal-3.0.4+dfsg/frmts/aigrid/gridlib.c:847:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &(psInfo->bCompressed), abyData+20, 4 );
data/gdal-3.0.4+dfsg/frmts/aigrid/gridlib.c:848:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &(psInfo->nBlocksPerRow), abyData+288, 4 );
data/gdal-3.0.4+dfsg/frmts/aigrid/gridlib.c:849:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &(psInfo->nBlocksPerColumn), abyData+292, 4 );
data/gdal-3.0.4+dfsg/frmts/aigrid/gridlib.c:850:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &(psInfo->nBlockXSize), abyData+296, 4 );
data/gdal-3.0.4+dfsg/frmts/aigrid/gridlib.c:851:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &(psInfo->nBlockYSize), abyData+304, 4 );
data/gdal-3.0.4+dfsg/frmts/aigrid/gridlib.c:852:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &(psInfo->dfCellSizeX), abyData+256, 8 );
data/gdal-3.0.4+dfsg/frmts/aigrid/gridlib.c:853:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &(psInfo->dfCellSizeY), abyData+264, 8 );
data/gdal-3.0.4+dfsg/frmts/airsar/airsardataset.cpp:379:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLine[51];
data/gdal-3.0.4+dfsg/frmts/airsar/airsardataset.cpp:415:28:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            if( ((unsigned char *) szLine)[i] > 127
data/gdal-3.0.4+dfsg/frmts/airsar/airsardataset.cpp:416:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                || ((unsigned char *) szLine)[i] < 10 )
data/gdal-3.0.4+dfsg/frmts/airsar/airsardataset.cpp:488:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szPrefixedKeyName[55];
data/gdal-3.0.4+dfsg/frmts/airsar/airsardataset.cpp:550:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        atoi(CSLFetchNameValue(papszMD,"MH_NUMBER_OF_SAMPLES_PER_RECORD"));
data/gdal-3.0.4+dfsg/frmts/airsar/airsardataset.cpp:552:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        atoi(CSLFetchNameValue(papszMD,"MH_NUMBER_OF_LINES_IN_IMAGE"));
data/gdal-3.0.4+dfsg/frmts/airsar/airsardataset.cpp:554:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poDS->nRecordLength = atoi(
data/gdal-3.0.4+dfsg/frmts/airsar/airsardataset.cpp:557:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poDS->nDataStart = atoi(
data/gdal-3.0.4+dfsg/frmts/airsar/airsardataset.cpp:575:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nPHOffset = atoi(CSLFetchNameValue(
data/gdal-3.0.4+dfsg/frmts/arg/argdataset.cpp:103:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfTransform, adfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/arg/argdataset.cpp:624:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nSrs = atoi(oSRS.GetAuthorityCode("PROJCS"));
data/gdal-3.0.4+dfsg/frmts/arg/argdataset.cpp:627:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nSrs = atoi(oSRS.GetAuthorityCode("GEOGCS"));
data/gdal-3.0.4+dfsg/frmts/blx/blx.c:494:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&result, *data, sizeof(double));
data/gdal-3.0.4+dfsg/frmts/blx/blx.c:508:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(*bufptr, &data, sizeof(double));
data/gdal-3.0.4+dfsg/frmts/blx/blx.c:672:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(p, tmpdata, cout-tmpdata);
data/gdal-3.0.4+dfsg/frmts/blx/blx.c:1074:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if(!ctx->open) {
data/gdal-3.0.4+dfsg/frmts/blx/blx.c:1118:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char header[102],*hptr;
data/gdal-3.0.4+dfsg/frmts/blx/blx.c:1242:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char header[102],*hptr;
data/gdal-3.0.4+dfsg/frmts/blx/blx.h:82:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int open;
data/gdal-3.0.4+dfsg/frmts/blx/blx.h:118:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#define BLXfopen fopen
data/gdal-3.0.4+dfsg/frmts/blx/blxdataset.cpp:310:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        zscale = atoi(CSLFetchNameValue(papszOptions,"ZSCALE"));
data/gdal-3.0.4+dfsg/frmts/blx/blxdataset.cpp:326:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        fillundefval = atoi(CSLFetchNameValue(papszOptions,"FILLUNDEFVAL"));
data/gdal-3.0.4+dfsg/frmts/bmp/bmpdataset.cpp:405:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pImage, pabyScan, nBlockXSize );
data/gdal-3.0.4+dfsg/frmts/bmp/bmpdataset.cpp:930:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pImage, pabyUncomprBuf +
data/gdal-3.0.4+dfsg/frmts/bmp/bmpdataset.cpp:986:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( padfTransform, adfGeoTransform, sizeof(adfGeoTransform[0])*6 );
data/gdal-3.0.4+dfsg/frmts/bmp/bmpdataset.cpp:1016:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( adfGeoTransform, padfTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/bsb/bsb_read.c:178:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	achTestBlock[1000];
data/gdal-3.0.4+dfsg/frmts/bsb/bsb_read.c:179:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        szLine[1000];
data/gdal-3.0.4+dfsg/frmts/bsb/bsb_read.c:290:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            psInfo->nXSize = atoi(papszTokens[nRAIndex+1]);
data/gdal-3.0.4+dfsg/frmts/bsb/bsb_read.c:291:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            psInfo->nYSize = atoi(papszTokens[nRAIndex+2]);
data/gdal-3.0.4+dfsg/frmts/bsb/bsb_read.c:306:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            psInfo->nXSize = atoi(papszTokens[nRAIndex+3]);
data/gdal-3.0.4+dfsg/frmts/bsb/bsb_read.c:307:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            psInfo->nYSize = atoi(papszTokens[nRAIndex+4]);
data/gdal-3.0.4+dfsg/frmts/bsb/bsb_read.c:312:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int	iPCT = atoi(papszTokens[0]);
data/gdal-3.0.4+dfsg/frmts/bsb/bsb_read.c:338:56:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            psInfo->pabyPCT[iPCT*3+0] = (unsigned char)atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/frmts/bsb/bsb_read.c:339:56:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            psInfo->pabyPCT[iPCT*3+1] = (unsigned char)atoi(papszTokens[2]);
data/gdal-3.0.4+dfsg/frmts/bsb/bsb_read.c:340:56:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            psInfo->pabyPCT[iPCT*3+2] = (unsigned char)atoi(papszTokens[3]);
data/gdal-3.0.4+dfsg/frmts/bsb/bsbdataset.cpp:234:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfTransform, adfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/bsb/bsbdataset.cpp:620:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szName[50];
data/gdal-3.0.4+dfsg/frmts/bsb/bsbdataset.cpp:682:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szName[50];
data/gdal-3.0.4+dfsg/frmts/bsb/bsbdataset.cpp:921:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char       abyPCT[771];
data/gdal-3.0.4+dfsg/frmts/cals/calsdataset.cpp:514:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBuffer[2048+1] = {};
data/gdal-3.0.4+dfsg/frmts/cals/calsdataset.cpp:534:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(szBuffer, osField, osField.size());
data/gdal-3.0.4+dfsg/frmts/cals/calsdataset.cpp:537:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(szBuffer + 128, osField, osField.size());
data/gdal-3.0.4+dfsg/frmts/cals/calsdataset.cpp:540:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(szBuffer + 128*2, osField, osField.size());
data/gdal-3.0.4+dfsg/frmts/cals/calsdataset.cpp:543:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(szBuffer + 128*3, osField, osField.size());
data/gdal-3.0.4+dfsg/frmts/cals/calsdataset.cpp:546:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(szBuffer + 128*4, osField, osField.size());
data/gdal-3.0.4+dfsg/frmts/cals/calsdataset.cpp:549:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(szBuffer + 128*5, osField, osField.size());
data/gdal-3.0.4+dfsg/frmts/cals/calsdataset.cpp:552:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(szBuffer + 128*6, osField, osField.size());
data/gdal-3.0.4+dfsg/frmts/cals/calsdataset.cpp:560:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nAngle1 = atoi(pszPixelPath);
data/gdal-3.0.4+dfsg/frmts/cals/calsdataset.cpp:561:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nAngle2 = atoi(pszLineProgression);
data/gdal-3.0.4+dfsg/frmts/cals/calsdataset.cpp:564:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(szBuffer + 128*7, osField, osField.size());
data/gdal-3.0.4+dfsg/frmts/cals/calsdataset.cpp:569:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(szBuffer + 128*8, osField, osField.size());
data/gdal-3.0.4+dfsg/frmts/cals/calsdataset.cpp:576:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        atoi(pszResUnit) == 2 )
data/gdal-3.0.4+dfsg/frmts/cals/calsdataset.cpp:578:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nDensity = atoi(pszXRes);
data/gdal-3.0.4+dfsg/frmts/cals/calsdataset.cpp:583:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(szBuffer + 128*9, osField, osField.size());
data/gdal-3.0.4+dfsg/frmts/cals/calsdataset.cpp:586:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(szBuffer + 128*10, osField, osField.size());
data/gdal-3.0.4+dfsg/frmts/ceos/ceosopen.c:47:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	szWorking[33] = { 0 };
data/gdal-3.0.4+dfsg/frmts/ceos/ceosopen.c:58:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    return( atoi(szWorking) );
data/gdal-3.0.4+dfsg/frmts/ceos/ceosopen.c:143:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( psRecord->pachData, abyHeader, 12 );
data/gdal-3.0.4+dfsg/frmts/ceos2/ceos.c:59:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(record->Buffer+TYPE_OFF, &( record->TypeCode.Int32Code ), sizeof( record->TypeCode.Int32Code ) );
data/gdal-3.0.4+dfsg/frmts/ceos2/ceos.c:87:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(record->Buffer,header,CEOS_HEADER_LENGTH);
data/gdal-3.0.4+dfsg/frmts/ceos2/ceos.c:90:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(record->Buffer+CEOS_HEADER_LENGTH,buffer,record->Length-CEOS_HEADER_LENGTH);
data/gdal-3.0.4+dfsg/frmts/ceos2/ceos.c:93:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&(record->TypeCode.Int32Code),header+TYPE_OFF,sizeof(record->TypeCode.Int32Code));
data/gdal-3.0.4+dfsg/frmts/ceos2/ceos.c:129:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(record->Buffer,struct_ptr,record->Length);
data/gdal-3.0.4+dfsg/frmts/ceos2/ceos.c:140:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(record->Buffer,struct_ptr,Length);
data/gdal-3.0.4+dfsg/frmts/ceos2/ceos.c:152:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    field_size = atoi(format+1);
data/gdal-3.0.4+dfsg/frmts/ceos2/ceos.c:170:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(mod_buf,record->Buffer+(start_byte-1), field_size);
data/gdal-3.0.4+dfsg/frmts/ceos2/ceos.c:183:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy( value, mod_buf, field_size );
data/gdal-3.0.4+dfsg/frmts/ceos2/ceos.c:190:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	*( (int *)value) = atoi(mod_buf);
data/gdal-3.0.4+dfsg/frmts/ceos2/ceos.c:214:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	( (char *)value)[field_size] = '\0';
data/gdal-3.0.4+dfsg/frmts/ceos2/ceos.c:215:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy( value, mod_buf, field_size );
data/gdal-3.0.4+dfsg/frmts/ceos2/ceos.c:230:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szPrintfFormat[ 20 ];
data/gdal-3.0.4+dfsg/frmts/ceos2/ceos.c:259:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(value,temp_buf,field_size);
data/gdal-3.0.4+dfsg/frmts/ceos2/ceos.c:296:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(record->Buffer + start_byte -1, temp_buf, field_size);
data/gdal-3.0.4+dfsg/frmts/ceos2/ceos.c:304:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char total_len[12];   /* 12 because 2^32 -> 4294967296 + I + null */
data/gdal-3.0.4+dfsg/frmts/ceos2/ceos.c:341:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&crec,list->object,sizeof(CeosRecord_t));
data/gdal-3.0.4+dfsg/frmts/ceos2/ceos.c:370:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&(record->TypeCode.Int32Code),record->Buffer+TYPE_OFF,sizeof(record->TypeCode.Int32Code));
data/gdal-3.0.4+dfsg/frmts/ceos2/ceos.c:410:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy( ( unsigned char * ) dst + i, ( unsigned char * ) src + i, l_remainder );
data/gdal-3.0.4+dfsg/frmts/ceos2/ceos.h:315:31:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define NativeToCeos(a,b,c,d) memcpy(a,b,c)
data/gdal-3.0.4+dfsg/frmts/ceos2/ceos.h:316:31:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define CeosToNative(a,b,c,d) memcpy(a,b,c)
data/gdal-3.0.4+dfsg/frmts/ceos2/ceosrecipe.c:312:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char temp_str[1024];
data/gdal-3.0.4+dfsg/frmts/ceos2/ceosrecipe.c:526:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szSARDataFormat[29];
data/gdal-3.0.4+dfsg/frmts/ceos2/ceosrecipe.c:593:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szSARDataFormat[29], szProduct[32];
data/gdal-3.0.4+dfsg/frmts/ceos2/ceosrecipe.c:695:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char format[32];
data/gdal-3.0.4+dfsg/frmts/ceos2/ceosrecipe.c:704:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	*value = atoi( buffer );
data/gdal-3.0.4+dfsg/frmts/ceos2/ceosrecipe.c:730:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char format[12];
data/gdal-3.0.4+dfsg/frmts/ceos2/sar_ceosdataset.cpp:294:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pImage, pabyRecord, nBytesPerSample * nBlockXSize );
data/gdal-3.0.4+dfsg/frmts/ceos2/sar_ceosdataset.cpp:851:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pszSafeCopy, record->Buffer, record->Length );
data/gdal-3.0.4+dfsg/frmts/ceos2/sar_ceosdataset.cpp:878:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szVolId[128];
data/gdal-3.0.4+dfsg/frmts/ceos2/sar_ceosdataset.cpp:880:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szField[128];
data/gdal-3.0.4+dfsg/frmts/ceos2/sar_ceosdataset.cpp:1494:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szField[100];
data/gdal-3.0.4+dfsg/frmts/ceos2/sar_ceosdataset.cpp:1516:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char         szId[32];
data/gdal-3.0.4+dfsg/frmts/ceos2/sar_ceosdataset.cpp:1599:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szId[32];
data/gdal-3.0.4+dfsg/frmts/ceos2/sar_ceosdataset.cpp:1699:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nBand = atoi( pszBasename + 4 );
data/gdal-3.0.4+dfsg/frmts/ceos2/sar_ceosdataset.cpp:1717:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char    szMadeBasename[32];
data/gdal-3.0.4+dfsg/frmts/ceos2/sar_ceosdataset.cpp:1739:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szThisExtension[32];
data/gdal-3.0.4+dfsg/frmts/ceos2/sar_ceosdataset.cpp:2051:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char      temp_buffer[CEOS_HEADER_LENGTH];
data/gdal-3.0.4+dfsg/frmts/coasp/coasp_dataset.cpp:194:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nPixels = atoi(papszMDTokens[2]);
data/gdal-3.0.4+dfsg/frmts/coasp/coasp_dataset.cpp:195:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nLines = atoi(papszMDTokens[3]);
data/gdal-3.0.4+dfsg/frmts/coasp/coasp_dataset.cpp:452:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poDS->nRasterYSize = atoi(nValue);
data/gdal-3.0.4+dfsg/frmts/coasp/coasp_dataset.cpp:466:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poDS->nRasterXSize = atoi(nValue);
data/gdal-3.0.4+dfsg/frmts/ctg/ctgdataset.cpp:200:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pImage,
data/gdal-3.0.4+dfsg/frmts/ctg/ctgdataset.cpp:284:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(szField, pszBuffer + nOffset, nLength);
data/gdal-3.0.4+dfsg/frmts/ctg/ctgdataset.cpp:300:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLine[81];
data/gdal-3.0.4+dfsg/frmts/ctg/ctgdataset.cpp:301:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szField[11];
data/gdal-3.0.4+dfsg/frmts/ctg/ctgdataset.cpp:308:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nZone = atoi(ExtractField(szField, szLine, 0, 3));
data/gdal-3.0.4+dfsg/frmts/ctg/ctgdataset.cpp:316:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nX = atoi(ExtractField(szField, szLine, 3, 8)) - nCellSize / 2;
data/gdal-3.0.4+dfsg/frmts/ctg/ctgdataset.cpp:317:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nY = atoi(ExtractField(szField, szLine, 11, 8)) + nCellSize / 2;
data/gdal-3.0.4+dfsg/frmts/ctg/ctgdataset.cpp:339:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nVal = atoi(ExtractField(szField, szLine, 20 + 10*i, 10));
data/gdal-3.0.4+dfsg/frmts/ctg/ctgdataset.cpp:395:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szField[11];
data/gdal-3.0.4+dfsg/frmts/ctg/ctgdataset.cpp:396:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nRows = atoi(ExtractField(szField, pszData, 0, 10));
data/gdal-3.0.4+dfsg/frmts/ctg/ctgdataset.cpp:397:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nCols = atoi(ExtractField(szField, pszData, 20, 10));
data/gdal-3.0.4+dfsg/frmts/ctg/ctgdataset.cpp:398:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nMinColIndex = atoi(ExtractField(szField, pszData+80, 0, 5));
data/gdal-3.0.4+dfsg/frmts/ctg/ctgdataset.cpp:399:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nMinRowIndex = atoi(ExtractField(szField, pszData+80, 5, 5));
data/gdal-3.0.4+dfsg/frmts/ctg/ctgdataset.cpp:400:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nMaxColIndex = atoi(ExtractField(szField, pszData+80, 10, 5));
data/gdal-3.0.4+dfsg/frmts/ctg/ctgdataset.cpp:401:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nMaxRowIndex = atoi(ExtractField(szField, pszData+80, 15, 5));
data/gdal-3.0.4+dfsg/frmts/ctg/ctgdataset.cpp:454:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szHeader[HEADER_LINE_COUNT * 80+1];
data/gdal-3.0.4+dfsg/frmts/ctg/ctgdataset.cpp:470:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szField[11];
data/gdal-3.0.4+dfsg/frmts/ctg/ctgdataset.cpp:471:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nRows = atoi(ExtractField(szField, szHeader, 0, 10));
data/gdal-3.0.4+dfsg/frmts/ctg/ctgdataset.cpp:472:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nCols = atoi(ExtractField(szField, szHeader, 20, 10));
data/gdal-3.0.4+dfsg/frmts/ctg/ctgdataset.cpp:485:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poDS->nCellSize = atoi(ExtractField(szField, szHeader, 35, 5));
data/gdal-3.0.4+dfsg/frmts/ctg/ctgdataset.cpp:491:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poDS->nNWEasting = atoi(ExtractField(szField, szHeader + 3*80, 40, 10));
data/gdal-3.0.4+dfsg/frmts/ctg/ctgdataset.cpp:492:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poDS->nNWNorthing = atoi(ExtractField(szField, szHeader + 3*80, 50, 10));
data/gdal-3.0.4+dfsg/frmts/ctg/ctgdataset.cpp:493:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poDS->nUTMZone = atoi(ExtractField(szField, szHeader, 50, 5));
data/gdal-3.0.4+dfsg/frmts/daas/daasdataset.cpp:468:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nHTTPStatus = atoi(psResult->pszErrBuf +
data/gdal-3.0.4+dfsg/frmts/daas/daasdataset.cpp:1246:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        atoi(CSLFetchNameValueDef(poOpenInfo->papszOpenOptions,
data/gdal-3.0.4+dfsg/frmts/daas/daasdataset.cpp:1249:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    m_nServerByteLimit = atoi(CPLGetConfigOption("GDAL_DAAS_SERVER_BYTE_LIMIT",
data/gdal-3.0.4+dfsg/frmts/daas/daasdataset.cpp:2477:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szBuffer0[128] = {};
data/gdal-3.0.4+dfsg/frmts/daas/daasdataset.cpp:2478:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szBuffer[64] = {};
data/gdal-3.0.4+dfsg/frmts/dimap/dimapdataset.cpp:241:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( padfGeoTransform, adfGeoTransform, sizeof(double)*6 );
data/gdal-3.0.4+dfsg/frmts/dimap/dimapdataset.cpp:879:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szID[32] = {};
data/gdal-3.0.4+dfsg/frmts/dimap/dimapdataset.cpp:973:42:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                            nBandIndex = atoi(psTag->psChild->pszValue);
data/gdal-3.0.4+dfsg/frmts/dimap/dimapdataset.cpp:1056:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        atoi(CPLGetXMLValue( psImageAttributes, "NBANDS", "-1" ));
data/gdal-3.0.4+dfsg/frmts/dimap/dimapdataset.cpp:1058:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        atoi(CPLGetXMLValue( psImageAttributes, "NCOLS", "-1" ));
data/gdal-3.0.4+dfsg/frmts/dimap/dimapdataset.cpp:1060:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        atoi(CPLGetXMLValue( psImageAttributes, "NROWS", "-1" ));
data/gdal-3.0.4+dfsg/frmts/dimap/dimapdataset.cpp:1061:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nTileWidth = atoi( CPLGetXMLValue( psImageAttributes,
data/gdal-3.0.4+dfsg/frmts/dimap/dimapdataset.cpp:1063:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nTileHeight = atoi( CPLGetXMLValue( psImageAttributes,
data/gdal-3.0.4+dfsg/frmts/dimap/dimapdataset.cpp:1065:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nOverlapRow = atoi( CPLGetXMLValue( psImageAttributes,
data/gdal-3.0.4+dfsg/frmts/dimap/dimapdataset.cpp:1067:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nOverlapCol = atoi( CPLGetXMLValue( psImageAttributes,
data/gdal-3.0.4+dfsg/frmts/dimap/dimapdataset.cpp:1069:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nBits = atoi(
data/gdal-3.0.4+dfsg/frmts/dimap/dimapdataset.cpp:1111:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    int nRow = atoi(pszR);
data/gdal-3.0.4+dfsg/frmts/dimap/dimapdataset.cpp:1112:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    int nCol = atoi(pszC);
data/gdal-3.0.4+dfsg/frmts/dimap/dimapdataset.cpp:1448:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                        atoi(&psTag->psChild->pszValue[1]) + 1;
data/gdal-3.0.4+dfsg/frmts/dods/dodsdataset2.cpp:339:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        static char szDODS_CONF[1000];
data/gdal-3.0.4+dfsg/frmts/dods/dodsdataset2.cpp:1084:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfTransform, adfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/dods/dodsdataset2.cpp:1383:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            sEntry.c1 = atoi(poColor->get_attr( "red" ).c_str());
data/gdal-3.0.4+dfsg/frmts/dods/dodsdataset2.cpp:1384:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            sEntry.c2 = atoi(poColor->get_attr( "green" ).c_str());
data/gdal-3.0.4+dfsg/frmts/dods/dodsdataset2.cpp:1385:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            sEntry.c3 = atoi(poColor->get_attr( "blue" ).c_str());
data/gdal-3.0.4+dfsg/frmts/dods/dodsdataset2.cpp:1389:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                sEntry.c4 = atoi(poColor->get_attr( "alpha" ).c_str());
data/gdal-3.0.4+dfsg/frmts/dods/dodsdataset2.cpp:1535:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyDataCopy, pImage, nBytesPerPixel * nXSize * nYSize );
data/gdal-3.0.4+dfsg/frmts/dods/dodsdataset2.cpp:1562:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyDataCopy, pImage, nBytesPerPixel * nXSize * nYSize );
data/gdal-3.0.4+dfsg/frmts/dods/dodsdataset2.cpp:1589:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyDataCopy, pImage, nBytesPerPixel * nXSize * nYSize );
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:55:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *DTEDGetField( char szResult[81], const char *pachRecord, int nStart, int nSize )
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:55:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *DTEDGetField( char szResult[81], const char *pachRecord, int nStart, int nSize )
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:59:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( szResult, pachRecord + nStart - 1, nSize );
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:137:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        achRecord[DTED_UHL_SIZE];
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:144:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szResult[81];
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:200:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( psDInfo->pachUHLRecord, achRecord, DTED_UHL_SIZE );
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:239:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(DTEDGetField(szResult,achRecord,21,4)) / 36000.0;
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:242:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(DTEDGetField(szResult,achRecord,25,4)) / 36000.0;
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:244:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        psDInfo->nXSize = atoi(DTEDGetField(szResult,achRecord,48,4));
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:245:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        psDInfo->nYSize = atoi(DTEDGetField(szResult,achRecord,52,4));
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:250:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(DTEDGetField(szResult,achRecord,41,4)) / 36000.0;
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:253:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(DTEDGetField(szResult,achRecord,45,4)) / 36000.0;
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:255:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        psDInfo->nXSize = atoi(DTEDGetField(szResult,psDInfo->pachDSIRecord,563,4));
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:256:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        psDInfo->nYSize = atoi(DTEDGetField(szResult,psDInfo->pachDSIRecord,567,4));
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:276:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        deg = atoi(stripLeadingZeros(DTEDGetField(szResult,achRecord,5,3)));
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:277:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        min = atoi(stripLeadingZeros(DTEDGetField(szResult,achRecord,8,2)));
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:278:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        sec = atoi(stripLeadingZeros(DTEDGetField(szResult,achRecord,10,2)));
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:283:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        deg = atoi(stripLeadingZeros(DTEDGetField(szResult,achRecord,9,3)));
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:284:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        min = atoi(stripLeadingZeros(DTEDGetField(szResult,achRecord,12,2)));
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:285:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        sec = atoi(stripLeadingZeros(DTEDGetField(szResult,achRecord,14,2)));
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:309:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        deg = atoi(stripLeadingZeros(DTEDGetField(szResult,achRecord,13,3)));
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:310:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        min = atoi(stripLeadingZeros(DTEDGetField(szResult,achRecord,16,2)));
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:311:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        sec = atoi(stripLeadingZeros(DTEDGetField(szResult,achRecord,18,2)));
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:316:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        deg = atoi(stripLeadingZeros(DTEDGetField(szResult,achRecord,25,3)));
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:317:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        min = atoi(stripLeadingZeros(DTEDGetField(szResult,achRecord,28,2)));
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:318:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        sec = atoi(stripLeadingZeros(DTEDGetField(szResult,achRecord,30,2)));
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:1040:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pszFieldSrc, pszNewValue, nLenToCopy);
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.h:75:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#define VSIFOpenL fopen
data/gdal-3.0.4+dfsg/frmts/dted/dted_create.c:120:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char achRecord[3601*2 + 12];
data/gdal-3.0.4+dfsg/frmts/dted/dted_ptstream.c:55:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *apszMetadata[DTEDMD_MAX+1];
data/gdal-3.0.4+dfsg/frmts/dted/dted_ptstream.c:122:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            szFile[128];
data/gdal-3.0.4+dfsg/frmts/dted/dted_test.c:72:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nFillDist = atoi(argv[++iArg]);
data/gdal-3.0.4+dfsg/frmts/dted/dted_test.c:75:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nOutLevel = atoi(argv[++iArg]);
data/gdal-3.0.4+dfsg/frmts/dted/dteddataset.cpp:792:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szPartialCell[3];
data/gdal-3.0.4+dfsg/frmts/e00grid/e00compr.h:114:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    szInBuf[E00_READ_BUF_SIZE]; /* compressed input buffer  */
data/gdal-3.0.4+dfsg/frmts/e00grid/e00compr.h:115:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    szOutBuf[E00_READ_BUF_SIZE];/* uncompressed output buffer   */
data/gdal-3.0.4+dfsg/frmts/e00grid/e00compr.h:142:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    szOutBuf[E00_WRITE_BUF_SIZE]; /* compressed output buffer */
data/gdal-3.0.4+dfsg/frmts/e00grid/e00griddataset.cpp:174:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szVal[E00_FLOAT_SIZE+1];
data/gdal-3.0.4+dfsg/frmts/e00grid/e00griddataset.cpp:247:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                panImage[i] = atoi(pszLine + (i%VALS_PER_LINE) * E00_FLOAT_SIZE);
data/gdal-3.0.4+dfsg/frmts/e00grid/e00griddataset.cpp:281:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            panImage[i] = atoi(szVal);
data/gdal-3.0.4+dfsg/frmts/e00grid/e00griddataset.cpp:586:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nRasterXSize = atoi(pszLine);
data/gdal-3.0.4+dfsg/frmts/e00grid/e00griddataset.cpp:587:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nRasterYSize = atoi(pszLine + E00_INT_SIZE);
data/gdal-3.0.4+dfsg/frmts/e00grid/e00griddataset.cpp:702:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(padfTransform, adfGeoTransform, 6 * sizeof(double));
data/gdal-3.0.4+dfsg/frmts/ecw/ecwasyncreader.cpp:128:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( poReader->panBandMap, panBandMap, sizeof(int) * nBandCount );
data/gdal-3.0.4+dfsg/frmts/ecw/ecwcreatecopy.cpp:47:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szProcessName[2048];
data/gdal-3.0.4+dfsg/frmts/ecw/ecwcreatecopy.cpp:65:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(szProcessName, "Unknown");
data/gdal-3.0.4+dfsg/frmts/ecw/ecwcreatecopy.cpp:226:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( ppInputArray[iBand],
data/gdal-3.0.4+dfsg/frmts/ecw/ecwcreatecopy.cpp:297:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szSRSName[100];
data/gdal-3.0.4+dfsg/frmts/ecw/ecwcreatecopy.cpp:308:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nEPSGCode = atoi(oSRS.GetAuthorityCode( "PROJCS" ));
data/gdal-3.0.4+dfsg/frmts/ecw/ecwcreatecopy.cpp:317:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nEPSGCode = atoi(oSRS.GetAuthorityCode( "GEOGCS" ));
data/gdal-3.0.4+dfsg/frmts/ecw/ecwcreatecopy.cpp:324:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy( szSRSName,
data/gdal-3.0.4+dfsg/frmts/ecw/ecwcreatecopy.cpp:330:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szDoc[4000];
data/gdal-3.0.4+dfsg/frmts/ecw/ecwcreatecopy.cpp:486:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &(poECWBox->m_nTBox), poBox->GetType(), 4 );
data/gdal-3.0.4+dfsg/frmts/ecw/ecwcreatecopy.cpp:634:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            bECWV3 = (3 == atoi(pszOption));
data/gdal-3.0.4+dfsg/frmts/ecw/ecwcreatecopy.cpp:747:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        if( pszNBITS && atoi(pszNBITS) > 0 )
data/gdal-3.0.4+dfsg/frmts/ecw/ecwcreatecopy.cpp:748:53:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            psClient->pBands[iBand].nBits = (UINT8) atoi(pszNBITS);
data/gdal-3.0.4+dfsg/frmts/ecw/ecwcreatecopy.cpp:793:48:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                      (UINT32) atoi(pszOption) );
data/gdal-3.0.4+dfsg/frmts/ecw/ecwcreatecopy.cpp:798:48:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                      (UINT32) atoi(pszOption) );
data/gdal-3.0.4+dfsg/frmts/ecw/ecwcreatecopy.cpp:803:48:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                      (UINT32) atoi(pszOption) );
data/gdal-3.0.4+dfsg/frmts/ecw/ecwcreatecopy.cpp:808:47:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                     (UINT32) atoi(pszOption) );
data/gdal-3.0.4+dfsg/frmts/ecw/ecwcreatecopy.cpp:813:48:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                      (UINT32) atoi(pszOption) );
data/gdal-3.0.4+dfsg/frmts/ecw/ecwcreatecopy.cpp:818:48:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                      (UINT32) atoi(pszOption) );
data/gdal-3.0.4+dfsg/frmts/ecw/ecwcreatecopy.cpp:864:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                (UINT32) atoi(pszOption) );
data/gdal-3.0.4+dfsg/frmts/ecw/ecwcreatecopy.cpp:899:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szProjection[128];
data/gdal-3.0.4+dfsg/frmts/ecw/ecwcreatecopy.cpp:900:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szDatum[128];
data/gdal-3.0.4+dfsg/frmts/ecw/ecwcreatecopy.cpp:901:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szUnits[128];
data/gdal-3.0.4+dfsg/frmts/ecw/ecwcreatecopy.cpp:903:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy( szProjection, "RAW" );
data/gdal-3.0.4+dfsg/frmts/ecw/ecwcreatecopy.cpp:904:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy( szDatum, "RAW" );
data/gdal-3.0.4+dfsg/frmts/ecw/ecwcreatecopy.cpp:918:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( szProjection, "GEODETIC" );
data/gdal-3.0.4+dfsg/frmts/ecw/ecwcreatecopy.cpp:1217:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            bECWV3 = (3 == atoi(pszOption));
data/gdal-3.0.4+dfsg/frmts/ecw/ecwcreatecopy.cpp:1397:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        bECWV3 = (3 == atoi(pszOption));
data/gdal-3.0.4+dfsg/frmts/ecw/ecwcreatecopy.cpp:1789:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfGeoTransform, adfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/ecw/ecwcreatecopy.cpp:1800:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( adfGeoTransform, padfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/ecw/ecwcreatecopy.cpp:2118:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( poGDS->pabyBILBuffer + (nBand-1) * nWordSize * nRasterXSize,
data/gdal-3.0.4+dfsg/frmts/ecw/ecwdataset.cpp:1183:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(adfGeoTransform, padfGeoTransform, 6 * sizeof(double));
data/gdal-3.0.4+dfsg/frmts/ecw/ecwdataset.cpp:1464:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szProjCode[32], szDatumCode[32], szUnits[32];
data/gdal-3.0.4+dfsg/frmts/ecw/ecwdataset.cpp:1594:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(m_panAdviseReadBandList, panBandList, sizeof(int) * nBandCount);
data/gdal-3.0.4+dfsg/frmts/ecw/ecwdataset.cpp:1680:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( panWinBandList, panBandList, sizeof(int)* nBandCount);
data/gdal-3.0.4+dfsg/frmts/ecw/ecwdataset.cpp:1959:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szBuffer[64];
data/gdal-3.0.4+dfsg/frmts/ecw/ecwdataset.cpp:3176:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy( pszProjection, "RAW" );
data/gdal-3.0.4+dfsg/frmts/ecw/ecwdataset.cpp:3177:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy( pszDatum, "RAW" );
data/gdal-3.0.4+dfsg/frmts/ecw/ecwdataset.cpp:3178:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy( pszUnits, "METERS" );
data/gdal-3.0.4+dfsg/frmts/ecw/ecwdataset.cpp:3207:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        && pszAuthorityCode != nullptr && atoi(pszAuthorityCode) > 0 )
data/gdal-3.0.4+dfsg/frmts/ecw/ecwdataset.cpp:3208:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nEPSGCode = (UINT32) atoi(pszAuthorityCode);
data/gdal-3.0.4+dfsg/frmts/ecw/ecwdataset.cpp:3214:53:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            CNCSJP2FileView::GetProjectionAndDatum( atoi(pszAuthorityCode),
data/gdal-3.0.4+dfsg/frmts/ecw/ecwdataset.cpp:3218:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                  atoi(pszAuthorityCode),
data/gdal-3.0.4+dfsg/frmts/ecw/ecwdataset.cpp:3413:55:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        NCSecwSetConfig(NCSCFG_CACHE_MAXMEM, (UINT32) atoi(pszEcwCacheSize) );
data/gdal-3.0.4+dfsg/frmts/ecw/ecwdataset.cpp:3435:61:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        NCSecwSetConfig( NCSCFG_ECWP_CACHE_SIZE_MB, (INT32) atoi( pszOpt ) );
data/gdal-3.0.4+dfsg/frmts/ecw/ecwdataset.cpp:3451:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                         (NCSTimeStampMs) atoi(pszOpt) );
data/gdal-3.0.4+dfsg/frmts/ecw/ecwdataset.cpp:3458:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                         (NCSTimeStampMs) atoi(pszOpt) );
data/gdal-3.0.4+dfsg/frmts/ecw/ecwdataset.cpp:3472:57:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        NCSecwSetConfig( NCSCFG_CACHE_MAXOPEN, (UINT32) atoi(pszOpt) );
data/gdal-3.0.4+dfsg/frmts/ecw/jp2userbox.cpp:76:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyData, pabyDataIn, nDataLength );
data/gdal-3.0.4+dfsg/frmts/eeda/eedacommon.cpp:358:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char abyBuffer[512];
data/gdal-3.0.4+dfsg/frmts/eeda/eedacommon.cpp:505:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nHTTPStatus = atoi(psResult->pszErrBuf + strlen("HTTP error code : "));
data/gdal-3.0.4+dfsg/frmts/eeda/eedaidataset.cpp:1245:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( adfGeoTransform, m_adfGeoTransform, 6 * sizeof(double) );
data/gdal-3.0.4+dfsg/frmts/eeda/eedaidataset.cpp:1287:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    m_nBlockSize = atoi(CSLFetchNameValueDef(poOpenInfo->papszOpenOptions,
data/gdal-3.0.4+dfsg/frmts/eeda/eedaidataset.cpp:1412:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(m_adfGeoTransform, aoBandDesc[i].adfGeoTransform.data(),
data/gdal-3.0.4+dfsg/frmts/eeda/eedaidataset.cpp:1577:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    atoi(osBandName.c_str() + 1) > 0 )
data/gdal-3.0.4+dfsg/frmts/elas/elasdataset.cpp:52:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        YLabel[4]; /* Should be "NOR" for UTM */
data/gdal-3.0.4+dfsg/frmts/elas/elasdataset.cpp:54:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        XLabel[4]; /* Should be "EAS" for UTM */
data/gdal-3.0.4+dfsg/frmts/elas/elasdataset.cpp:63:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        unused1[8];
data/gdal-3.0.4+dfsg/frmts/elas/elasdataset.cpp:66:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        Comment1[64];
data/gdal-3.0.4+dfsg/frmts/elas/elasdataset.cpp:67:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        Comment2[64];
data/gdal-3.0.4+dfsg/frmts/elas/elasdataset.cpp:68:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        Comment3[64];
data/gdal-3.0.4+dfsg/frmts/elas/elasdataset.cpp:69:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        Comment4[64];
data/gdal-3.0.4+dfsg/frmts/elas/elasdataset.cpp:70:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        Comment5[64];
data/gdal-3.0.4+dfsg/frmts/elas/elasdataset.cpp:71:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        Comment6[64];
data/gdal-3.0.4+dfsg/frmts/elas/elasdataset.cpp:73:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        unused2[32];
data/gdal-3.0.4+dfsg/frmts/elas/elasdataset.cpp:628:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfTransform, adfGeoTransform, sizeof(double)*6 );
data/gdal-3.0.4+dfsg/frmts/elas/elasdataset.cpp:657:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( adfGeoTransform, padfTransform, sizeof(double)*6 );
data/gdal-3.0.4+dfsg/frmts/elas/elasdataset.cpp:673:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( sHeader.YLabel, "NOR ", 4 );
data/gdal-3.0.4+dfsg/frmts/elas/elasdataset.cpp:674:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( sHeader.XLabel, "EAS ", 4 );
data/gdal-3.0.4+dfsg/frmts/envisat/EnvisatFile.c:147:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char header[68];
data/gdal-3.0.4+dfsg/frmts/envisat/EnvisatFile.c:226:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	mph_data[1248];
data/gdal-3.0.4+dfsg/frmts/envisat/EnvisatFile.c:255:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char	error_buf[2048];
data/gdal-3.0.4+dfsg/frmts/envisat/EnvisatFile.c:418:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        ds_info->ds_offset = atoi(
data/gdal-3.0.4+dfsg/frmts/envisat/EnvisatFile.c:421:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        ds_info->ds_size = atoi(
data/gdal-3.0.4+dfsg/frmts/envisat/EnvisatFile.c:424:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        ds_info->num_dsr = atoi(
data/gdal-3.0.4+dfsg/frmts/envisat/EnvisatFile.c:427:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        ds_info->dsr_size = atoi(
data/gdal-3.0.4+dfsg/frmts/envisat/EnvisatFile.c:484:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char	error_buf[2048];
data/gdal-3.0.4+dfsg/frmts/envisat/EnvisatFile.c:510:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char	error_buf[2048];
data/gdal-3.0.4+dfsg/frmts/envisat/EnvisatFile.c:945:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char	error_buf[2048];
data/gdal-3.0.4+dfsg/frmts/envisat/EnvisatFile.c:960:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( entries[key_index]->value, value, nEntryValueLen );
data/gdal-3.0.4+dfsg/frmts/envisat/EnvisatFile.c:964:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( entries[key_index]->value, value, nValueLen );
data/gdal-3.0.4+dfsg/frmts/envisat/EnvisatFile.c:1024:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        return atoi(entries[key_index]->value);
data/gdal-3.0.4+dfsg/frmts/envisat/EnvisatFile.c:1056:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char format[32], string_value[128];
data/gdal-3.0.4+dfsg/frmts/envisat/EnvisatFile.c:1063:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char	error_buf[2048];
data/gdal-3.0.4+dfsg/frmts/envisat/EnvisatFile.c:1169:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char format[32], string_value[128];
data/gdal-3.0.4+dfsg/frmts/envisat/EnvisatFile.c:1176:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char	error_buf[2048];
data/gdal-3.0.4+dfsg/frmts/envisat/EnvisatFile.c:1240:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	padded_ds_name[100];
data/gdal-3.0.4+dfsg/frmts/envisat/EnvisatFile.c:1756:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char	line[1024];
data/gdal-3.0.4+dfsg/frmts/envisat/adsrange.cpp:106:37:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    TimeDelta t_mds = mjd_m_first + atol ; /*time of the first MDSR + tolerance */
data/gdal-3.0.4+dfsg/frmts/envisat/adsrange.cpp:129:26:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    t_mds = mjd_m_last - atol ;  /* time of the last MDSR - tolerance */
data/gdal-3.0.4+dfsg/frmts/envisat/dumpgeo.c:98:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &unValue, abyRecord + 13, 4 );
data/gdal-3.0.4+dfsg/frmts/envisat/dumpgeo.c:103:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &unValue, abyRecord + 17, 4 );
data/gdal-3.0.4+dfsg/frmts/envisat/dumpgeo.c:107:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &fValue, abyRecord + 21, 4 );
data/gdal-3.0.4+dfsg/frmts/envisat/dumpgeo.c:116:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &unValue, abyRecord + 25 + sample*4, 4 );
data/gdal-3.0.4+dfsg/frmts/envisat/dumpgeo.c:119:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &fValue, abyRecord + 25 + 44 + sample * 4, 4 );
data/gdal-3.0.4+dfsg/frmts/envisat/dumpgeo.c:123:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &fValue, abyRecord + 25 + 88 + sample * 4, 4 );
data/gdal-3.0.4+dfsg/frmts/envisat/dumpgeo.c:127:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &unValue, abyRecord + 25 + 132 + sample*4, 4 );
data/gdal-3.0.4+dfsg/frmts/envisat/dumpgeo.c:130:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &unValue, abyRecord + 25 + 176 + sample*4, 4 );
data/gdal-3.0.4+dfsg/frmts/envisat/dumpgeo.c:148:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &unValue, abyRecord + 279 + sample*4, 4 );
data/gdal-3.0.4+dfsg/frmts/envisat/dumpgeo.c:151:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &fValue, abyRecord + 279 + 44 + sample * 4, 4 );
data/gdal-3.0.4+dfsg/frmts/envisat/dumpgeo.c:155:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &fValue, abyRecord + 279 + 88 + sample * 4, 4 );
data/gdal-3.0.4+dfsg/frmts/envisat/dumpgeo.c:159:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &unValue, abyRecord + 279 + 132 + sample*4, 4 );
data/gdal-3.0.4+dfsg/frmts/envisat/dumpgeo.c:162:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &unValue, abyRecord + 279 + 176 + sample*4, 4 );
data/gdal-3.0.4+dfsg/frmts/envisat/envisatdataset.cpp:321:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &unValue, abyRecord + 13, 4 );
data/gdal-3.0.4+dfsg/frmts/envisat/envisatdataset.cpp:338:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szId[128];
data/gdal-3.0.4+dfsg/frmts/envisat/envisatdataset.cpp:342:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &unValue, abyRecord + 25 + iGCP*4, 4 );
data/gdal-3.0.4+dfsg/frmts/envisat/envisatdataset.cpp:345:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &unValue, abyRecord + 25 + 176 + iGCP*4, 4 );
data/gdal-3.0.4+dfsg/frmts/envisat/envisatdataset.cpp:348:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &unValue, abyRecord + 25 + 132 + iGCP*4, 4 );
data/gdal-3.0.4+dfsg/frmts/envisat/envisatdataset.cpp:363:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &unValue, abyRecord + 17, 4 );
data/gdal-3.0.4+dfsg/frmts/envisat/envisatdataset.cpp:372:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szId[128];
data/gdal-3.0.4+dfsg/frmts/envisat/envisatdataset.cpp:376:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &unValue, abyRecord + 279 + iGCP*4, 4 );
data/gdal-3.0.4+dfsg/frmts/envisat/envisatdataset.cpp:379:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &unValue, abyRecord + 279 + 176 + iGCP*4, 4 );
data/gdal-3.0.4+dfsg/frmts/envisat/envisatdataset.cpp:382:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &unValue, abyRecord + 279 + 132 + iGCP*4, 4 );
data/gdal-3.0.4+dfsg/frmts/envisat/envisatdataset.cpp:547:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szId[128];
data/gdal-3.0.4+dfsg/frmts/envisat/envisatdataset.cpp:596:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szDSName[128];
data/gdal-3.0.4+dfsg/frmts/envisat/envisatdataset.cpp:606:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nRecord = atoi(szDSName+1);
data/gdal-3.0.4+dfsg/frmts/envisat/envisatdataset.cpp:686:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szKey[max_len];
data/gdal-3.0.4+dfsg/frmts/envisat/envisatdataset.cpp:688:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy( szKey, "DS_");
data/gdal-3.0.4+dfsg/frmts/envisat/envisatdataset.cpp:702:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat( szKey, "_NAME" );
data/gdal-3.0.4+dfsg/frmts/envisat/envisatdataset.cpp:704:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTrimmedName[max_len];
data/gdal-3.0.4+dfsg/frmts/envisat/envisatdataset.cpp:744:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szPrefix[128];
data/gdal-3.0.4+dfsg/frmts/envisat/envisatdataset.cpp:775:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char szValue[1024];
data/gdal-3.0.4+dfsg/frmts/envisat/envisatdataset.cpp:779:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        char szKey[256];
data/gdal-3.0.4+dfsg/frmts/envisat/envisatdataset.cpp:829:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szHeaderKey[128];
data/gdal-3.0.4+dfsg/frmts/envisat/envisatdataset.cpp:998:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBandName[128];
data/gdal-3.0.4+dfsg/frmts/envisat/records.c:1269:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy((void*)szBuf, pData, pField->nCount);
data/gdal-3.0.4+dfsg/frmts/epsilon/epsilondataset.cpp:288:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pImage,
data/gdal-3.0.4+dfsg/frmts/epsilon/epsilondataset.cpp:294:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char ** pTempData[3];
data/gdal-3.0.4+dfsg/frmts/epsilon/epsilondataset.cpp:321:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pImage,
data/gdal-3.0.4+dfsg/frmts/epsilon/epsilondataset.cpp:342:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(pabySrcBlock,
data/gdal-3.0.4+dfsg/frmts/epsilon/epsilondataset.cpp:709:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        atoi(CSLFetchNameValueDef(papszOptions, "BLOCKXSIZE", "256"));
data/gdal-3.0.4+dfsg/frmts/epsilon/epsilondataset.cpp:711:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        atoi(CSLFetchNameValueDef(papszOptions, "BLOCKYSIZE", "256"));
data/gdal-3.0.4+dfsg/frmts/ers/ersdataset.cpp:367:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szERSProj[32], szERSDatum[32], szERSUnits[32];
data/gdal-3.0.4+dfsg/frmts/ers/ersdataset.cpp:449:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szERSProj[32], szERSDatum[32], szERSUnits[32];
data/gdal-3.0.4+dfsg/frmts/ers/ersdataset.cpp:541:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( padfTransform, adfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/ers/ersdataset.cpp:566:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( adfGeoTransform, padfTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/ers/ersdataset.cpp:921:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nBands = atoi(poHeader->Find( "RasterInfo.NrOfBands" ));
data/gdal-3.0.4+dfsg/frmts/ers/ersdataset.cpp:922:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poDS->nRasterXSize = atoi(poHeader->Find( "RasterInfo.NrOfCellsPerLine" ));
data/gdal-3.0.4+dfsg/frmts/ers/ersdataset.cpp:923:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poDS->nRasterYSize = atoi(poHeader->Find( "RasterInfo.NrOfLines" ));
data/gdal-3.0.4+dfsg/frmts/ers/ersdataset.cpp:938:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nHeaderOffset = atoi(poHeader->Find( "HeaderOffset" ));
data/gdal-3.0.4+dfsg/frmts/fit/fitdataset.cpp:1095:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((char *) &head->magic, "IT", 2);
data/gdal-3.0.4+dfsg/frmts/fit/fitdataset.cpp:1096:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((char *) &head->version, "02", 2);
data/gdal-3.0.4+dfsg/frmts/fits/fitsdataset.cpp:551:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char key[100];
data/gdal-3.0.4+dfsg/frmts/fits/fitsdataset.cpp:552:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char value[100];
data/gdal-3.0.4+dfsg/frmts/fits/fitsdataset.cpp:1156:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfTransform, adfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/fits/fitsdataset.cpp:1173:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( adfGeoTransform, padfTransform, sizeof(double)*6 );
data/gdal-3.0.4+dfsg/frmts/fits/fitsdataset.cpp:1316:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char target[81], ctype[81];
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:502:45:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            poGeoRaster->nCompressQuality = atoi( pszFetched );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:644:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &nTBox, oBox.GetType(), 4 );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:659:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &nTBox, oBox.GetType(), 4 );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:924:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        poGRW->nColumnBlockSize = atoi( pszFetched );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:931:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        poGRW->nRowBlockSize = atoi( pszFetched );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:938:50:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        poGRW->sCellDepth = CPLSPrintf( "%dBIT", atoi( pszFetched ) );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:959:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        poGRW->nCompressQuality = atoi( pszFetched );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:996:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        poGRW->nBandBlockSize = atoi( pszFetched );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:1186:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szStringId[OWTEXT];
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:1220:46:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        poGRD->poGeoRaster->SetGeoReference( atoi( pszFetched ) );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:1230:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        poGRD->poGeoRaster->nExtentSRID = atoi( pszFetched );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:1280:46:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        poGRD->poGeoRaster->nPyramidLevels = atoi(pszFetched);
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:1512:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nBlockXSize = atoi( pszFetched );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:1517:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nBlockYSize = atoi( pszFetched );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:1828:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfTransform, adfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:2025:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( adfGeoTransform, padfTransform, sizeof( double ) * 6 );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:2079:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            poGeoRaster->SetGeoReference( atoi( pszAuthCode ) );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:2199:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pszStart, "Azimuth", strlen(SRS_PP_AZIMUTH) );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:2204:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pszStart, "Central_Meridian",
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:2210:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pszStart, "False_Easting", strlen(SRS_PP_FALSE_EASTING) );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:2215:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pszStart, "False_Northing",
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:2221:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pszStart, "Latitude_Of_Center",
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:2227:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pszStart, "Latitude_Of_Origin",
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:2233:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pszStart, "Longitude_Of_Center",
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:2239:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pszStart, "Pseudo_Standard_Parallel_1",
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:2245:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pszStart, "Scale_Factor", strlen(SRS_PP_SCALE_FACTOR) );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:2250:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pszStart, "Standard_Parallel_1",
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:2256:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pszStart, "Standard_Parallel_2",
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:2262:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pszStart, "Standard_Parallel_2",
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:2272:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pszStart, SRS_UL_METER, strlen(SRS_UL_METER) );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:2473:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTable[OWNAME];
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:2474:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szOwner[OWNAME];
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:2518:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szColumn[OWNAME];
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:2519:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szOwner[OWNAME];
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:2589:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szDataTable[OWNAME];
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:2590:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szRasterId[OWNAME];
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:2591:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szRows[OWNAME];
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:2592:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szColumns[OWNAME];
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:2593:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBands[OWNAME];
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:2594:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szCellDepth[OWNAME];
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:2595:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szSRID[OWNAME];
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:2795:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szMethod[OWNAME];
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:2799:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy( szMethod, "NN" );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:2803:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy( szMethod, "AVERAGE4" );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_rasterband.cpp:419:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szMin[MAX_DOUBLE_STR_REP + 1];
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_rasterband.cpp:420:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szMax[MAX_DOUBLE_STR_REP + 1];
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_rasterband.cpp:421:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szMean[MAX_DOUBLE_STR_REP + 1];
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_rasterband.cpp:422:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szMedian[MAX_DOUBLE_STR_REP + 1];
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_rasterband.cpp:423:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szMode[MAX_DOUBLE_STR_REP + 1];
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_rasterband.cpp:424:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szStdDev[MAX_DOUBLE_STR_REP + 1];
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_rasterband.cpp:425:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szSampling[MAX_DOUBLE_STR_REP + 1];
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_rasterband.cpp:817:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char  szField[OWNAME];
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:372:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szOwner[OWCODE];
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:373:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTable[OWCODE];
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:374:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szColumn[OWTEXT];
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:375:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szDataTable[OWCODE];
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:376:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szWhere[OWTEXT];
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:568:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szRDT[OWNAME];
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:569:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szRID[OWCODE];
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:592:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( szRID, "NULL" );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:600:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szDescription[OWTEXT];
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:854:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBindRDT[OWNAME];
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:989:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szCreateBlank[OWTEXT];
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:1218:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nCount      = atoi( CPLGetXMLValue( phMetadata,
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:1230:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nRasterRows = atoi( CPLGetXMLValue( phDimSize, "size", "0" ) );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:1235:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nRasterColumns = atoi( CPLGetXMLValue( phDimSize, "size", "0" ) );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:1240:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nRasterBands = atoi( CPLGetXMLValue( phDimSize, "size", "0" ) );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:1261:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    anULTCoordinate[0] = atoi(CPLGetXMLValue(
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:1264:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    anULTCoordinate[1] = atoi(CPLGetXMLValue(
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:1267:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    anULTCoordinate[2] = atoi(CPLGetXMLValue(
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:1281:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nRowBlockSize       = atoi( CPLGetXMLValue( phMetadata,
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:1285:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nColumnBlockSize    = atoi( CPLGetXMLValue( phMetadata,
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:1289:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nBandBlockSize      = atoi( CPLGetXMLValue( phMetadata,
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:1293:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nTotalColumnBlocks  = atoi( CPLGetXMLValue( phMetadata,
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:1296:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nTotalRowBlocks     = atoi( CPLGetXMLValue( phMetadata,
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:1299:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nTotalBandBlocks    = atoi( CPLGetXMLValue( phMetadata,
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:1328:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nCompressQuality = atoi( CPLGetXMLValue( phMetadata,
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:1341:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    iDefaultRedBand     = atoi( CPLGetXMLValue( phMetadata,
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:1344:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    iDefaultGreenBand   = atoi( CPLGetXMLValue( phMetadata,
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:1347:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    iDefaultBlueBand    = atoi( CPLGetXMLValue( phMetadata,
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:1354:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szPyramidType[OWCODE];
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:1362:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nPyramidMaxLevel = atoi( CPLGetXMLValue( phMetadata,
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:1604:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            iColor    = (short) atoi( CPLGetXMLValue( psColors, "value","0"));
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:1605:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            oEntry.c1 = (short) atoi( CPLGetXMLValue( psColors, "red",  "0"));
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:1606:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            oEntry.c2 = (short) atoi( CPLGetXMLValue( psColors, "green","0"));
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:1607:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            oEntry.c3 = (short) atoi( CPLGetXMLValue( psColors, "blue", "0"));
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:1608:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            oEntry.c4 = (short) atoi( CPLGetXMLValue( psColors, "alpha","0"));
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:2015:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pData, &pabyBlockBuf[nStart], nGDALBlockBytes );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:2036:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &pabyData[ii], &pabyBlockBuf[jj], nSize );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:2151:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &pabyBlockBuf[nStart], pabyInBuf, nGDALBlockBytes );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:2170:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &pabyBlockBuf[jj], &pabyInBuf[ii], nSize );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:2307:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nNumber = atoi( CPLGetXMLValue( phSubLayer, "layerNumber", "-1") );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:2366:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nNumCoeff = atoi( CPLGetXMLValue( phPolynomial, "nCoefficients", "0" ));
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:2687:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nNumCoeff = atoi( CPLGetXMLValue( phPolynomial, "nCoefficients", "0" ) );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:3152:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szRDT[OWCODE];
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:3153:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szNoData[OWTEXT];
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:3861:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pszDataTable[OWNAME];
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:3976:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyData, pabyBuffer, nPixCount );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:4281:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyBuf, pabyBlockBuf, nBufferSize );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:4322:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyBuf, pabyBlockBuf, nBlockBytes );
data/gdal-3.0.4+dfsg/frmts/georaster/oci_wrapper.cpp:80:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szUser[OWTEXT];
data/gdal-3.0.4+dfsg/frmts/georaster/oci_wrapper.cpp:81:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szSchema[OWTEXT];
data/gdal-3.0.4+dfsg/frmts/georaster/oci_wrapper.cpp:277:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szVersionTxt[OWTEXT];
data/gdal-3.0.4+dfsg/frmts/georaster/oci_wrapper.cpp:1892:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char  szUpcase[OWTEXT];
data/gdal-3.0.4+dfsg/frmts/georaster/oci_wrapper.cpp:1922:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBuffer[OWTEXT];
data/gdal-3.0.4+dfsg/frmts/georaster/oci_wrapper.cpp:1945:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    return atoi(OWParseValue( pszText, " .", "Release", 1 ));
data/gdal-3.0.4+dfsg/frmts/georaster/oci_wrapper.cpp:1961:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    return atoi(OWParseValue( pszText, " ()", "EPSG", 2 ));
data/gdal-3.0.4+dfsg/frmts/gif/gifabstractdataset.cpp:102:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char abyBuffer[2048+1];
data/gdal-3.0.4+dfsg/frmts/gif/gifabstractdataset.cpp:136:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pszXMP, abyBuffer + iFoundOffset, nSize);
data/gdal-3.0.4+dfsg/frmts/gif/gifabstractdataset.cpp:173:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(abyBuffer, abyBuffer + 1024, 1024);
data/gdal-3.0.4+dfsg/frmts/gif/gifabstractdataset.cpp:197:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char *apszMDList[2];
data/gdal-3.0.4+dfsg/frmts/gif/gifabstractdataset.cpp:255:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( padfTransform, adfGeoTransform, sizeof(double)*6 );
data/gdal-3.0.4+dfsg/frmts/gif/gifabstractdataset.cpp:552:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBackground[10];
data/gdal-3.0.4+dfsg/frmts/gif/gifdataset.cpp:153:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pImage, psImage->RasterBits + nBlockYOff * nBlockXSize,
data/gdal-3.0.4+dfsg/frmts/gif/gifdataset.cpp:538:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      unsigned char extensionData[4] = {
data/gdal-3.0.4+dfsg/frmts/gif/giflib/dgif_lib.c:74:23:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((FileHandle = open(FileName, O_RDONLY
data/gdal-3.0.4+dfsg/frmts/gif/giflib/dgif_lib.c:95:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char Buf[GIF_STAMP_LEN + 1];
data/gdal-3.0.4+dfsg/frmts/gif/giflib/dgif_lib.c:176:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char Buf[GIF_STAMP_LEN + 1];
data/gdal-3.0.4+dfsg/frmts/gif/giflib/dgif_lib.c:415:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&sp->ImageDesc, &GifFile->Image, sizeof(GifImageDesc));
data/gdal-3.0.4+dfsg/frmts/gif/giflib/dgif_lib.c:643:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char c[2];
data/gdal-3.0.4+dfsg/frmts/gif/giflib/egif_lib.c:58:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char GifVersionPrefix[GIF_STAMP_LEN + 1] = GIF87_STAMP;
data/gdal-3.0.4+dfsg/frmts/gif/giflib/egif_lib.c:87:22:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        FileHandle = open(FileName, O_WRONLY | O_CREAT | O_EXCL
data/gdal-3.0.4+dfsg/frmts/gif/giflib/egif_lib.c:93:22:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        FileHandle = open(FileName, O_WRONLY | O_CREAT | O_TRUNC
data/gdal-3.0.4+dfsg/frmts/gif/giflib/egif_lib.c:759:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char c[2];
data/gdal-3.0.4+dfsg/frmts/gif/giflib/egif_lib.c:1002:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char SavedStamp[GIF_STAMP_LEN + 1];
data/gdal-3.0.4+dfsg/frmts/gif/giflib/egif_lib.c:1017:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(SavedStamp, GifVersionPrefix, GIF_STAMP_LEN);
data/gdal-3.0.4+dfsg/frmts/gif/giflib/egif_lib.c:1019:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(GifVersionPrefix, GIF89_STAMP, GIF_STAMP_LEN);
data/gdal-3.0.4+dfsg/frmts/gif/giflib/egif_lib.c:1021:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(GifVersionPrefix, GIF87_STAMP, GIF_STAMP_LEN);
data/gdal-3.0.4+dfsg/frmts/gif/giflib/egif_lib.c:1029:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(GifVersionPrefix, SavedStamp, GIF_STAMP_LEN);
data/gdal-3.0.4+dfsg/frmts/gif/giflib/egif_lib.c:1032:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(GifVersionPrefix, SavedStamp, GIF_STAMP_LEN);
data/gdal-3.0.4+dfsg/frmts/gif/giflib/gifalloc.c:76:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((char *)Object->Colors,
data/gdal-3.0.4+dfsg/frmts/gif/giflib/gifalloc.c:291:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ep->Bytes, ExtData, Len);
data/gdal-3.0.4+dfsg/frmts/gif/giflib/gifalloc.c:376:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy((char *)sp, CopyFrom, sizeof(SavedImage));
data/gdal-3.0.4+dfsg/frmts/gif/giflib/gifalloc.c:403:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(sp->RasterBits, CopyFrom->RasterBits,
data/gdal-3.0.4+dfsg/frmts/gif/giflib/gifalloc.c:416:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(sp->ExtensionBlocks, CopyFrom->ExtensionBlocks,
data/gdal-3.0.4+dfsg/frmts/grass/grass57dataset.cpp:79:34:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define G_copy                   memcpy
data/gdal-3.0.4+dfsg/frmts/grass/grass57dataset.cpp:370:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char key[200], value[200];
data/gdal-3.0.4+dfsg/frmts/grass/grass57dataset.cpp:781:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfGeoTransform, adfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/grass/grass57dataset.cpp:799:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *ptr[5];
data/gdal-3.0.4+dfsg/frmts/grass/grass57dataset.cpp:882:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[2000];
data/gdal-3.0.4+dfsg/frmts/grass/grassdataset.cpp:434:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfGeoTransform, adfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:216:28:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                           char answer[100])
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:221:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy (answer, "New Years Day");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:224:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy (answer, "Martin Luther King Jr Day");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:230:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy (answer, "Presidents Day");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:236:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy (answer, "Memorial Day");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:242:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy (answer, "Independence Day");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:248:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy (answer, "Labor Day");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:254:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy (answer, "Columbus Day");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:260:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy (answer, "Veterans Day");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:263:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy (answer, "Thanksgiving Day");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:269:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy (answer, "Christmas Day");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:491:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static void Clock_FormatParse (char buffer[SIZEOF_BUFFER], sInt4 sec, float floatSec,
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:510:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char temp[100];      /* Helps parse the %D, %T, %r, and %R options. */
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:941:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char locBuff[100];
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1028:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char locBuff[100];
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1171:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy (ptr, "UTC");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1175:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
         strcpy (ptr, "EDT");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1177:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
         strcpy (ptr, "EST");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1182:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
         strcpy (ptr, "CDT");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1184:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
         strcpy (ptr, "CST");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1189:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
         strcpy (ptr, "MDT");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1191:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
         strcpy (ptr, "MST");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1196:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
         strcpy (ptr, "PDT");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1198:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
         strcpy (ptr, "PST");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1203:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
         strcpy (ptr, "YDT");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1205:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
         strcpy (ptr, "YST");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1532:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
   hour = atoi (ptr);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1537:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      min = atoi (ptr);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1541:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      min = atoi (ptr);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1586:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
   *mon = atoi (ptr);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1591:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      *day = atoi (ptr);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1596:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      *day = atoi (ptr);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1599:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      *year = atoi (ptr);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1641:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
   *year = atoi (ptr);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1647:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      *mon = atoi (ptr);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1656:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
   *mon = atoi (ptr);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1661:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      *day = atoi (ptr);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1669:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
   *day = atoi (ptr);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1680:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
   hour = atoi (ptr);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1686:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      min = atoi (ptr);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1690:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      min = atoi (ptr);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1709:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
               offset = atoi (ptr) * 3600;
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1712:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
               offset += atoi (ptr) * 60;
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1718:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
         offset = atoi (ptr) * 3600;
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1721:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
         offset += atoi (ptr) * 60;
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1839:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
   year = atoi (buffer);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1844:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      mon = atoi (buffer + 4);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1850:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      day = atoi (buffer + 6);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1856:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      hour = atoi (buffer + 8);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1862:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      min = atoi (buffer + 10);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1868:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      sec = atoi (buffer + 12);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1876:45:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void Clock_PrintDateNumber (double l_clock, char buffer[15])
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1921:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static int Clock_GetWord (char **Start, char **End, char word[30],
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1921:41:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static int Clock_GetWord (char **Start, char **End, char word[30],
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1921:53:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static int Clock_GetWord (char **Start, char **End, char word[30],
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:2021:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char word[30];
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:2095:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
         Stack[lenStack - 1].val = atoi (word);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:2149:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
               day = atoi (word);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:2156:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
               year = atoi (word);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:2159:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
               year = atoi (word);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.h:35:43:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void Clock_PrintDateNumber (double clock, char buffer[15]);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib1.cpp:426:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(&pow16, ptr, 8);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib1.cpp:661:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
         memcpy (pdsMeta->cluster.Member, pds, 10);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib1.cpp:1881:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char unitName[15];   /* Holds the string name of the current unit. */
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib1.cpp:1896:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy (c_ipack, sect0, SECT0LEN_WORD * 2);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib1.cpp:2018:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (meta->unitName, unitName, unitLen);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib1.cpp:2070:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy (&li_temp, c_ipack + curLoc, 4);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib2.cpp:118:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
int ReadSECT0 (VSILFILE *fp, char **buff, uInt4 *buffLen, sInt4 limit,
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib2.cpp:123:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      unsigned char buffer[4];
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib2.cpp:212:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy (&(sect0[0]), (*buff) + curLen, 4);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib2.cpp:220:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy (&(sect0[1]), *buff + curLen + 4, 4);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib2.cpp:398:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static int FindSectLen2to7 (unsigned char *c_ipack, sInt4 gribLen, sInt4 ns[8],
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib2.cpp:561:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static int FindSectLen (unsigned char *c_ipack, sInt4 gribLen, sInt4 ns[8],
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib2.cpp:606:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (&sectLen, c_ipack + curTot, 4);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib2.cpp:899:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char unitName[15];   /* Holds the string name of the current unit. */
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib2.cpp:993:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (c_ipack, sect0, SECT0LEN_WORD * 4);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib2.cpp:1130:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (&gribLen, &(c_ipack[12]), sizeof (sInt4));
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib2.cpp:1194:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      if ((l_fp = fopen ("dump.is0", "wt")) != nullptr) {
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib2.cpp:1232:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (meta->unitName, unitName, unitLen);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib2.cpp:1404:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char unitName[15];   /* Holds the string name of the current unit. */
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib2.cpp:1451:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (c_ipack, sect0, SECT0LEN_WORD * 4);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib2.cpp:1548:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (&gribLen, &(c_ipack[12]), sizeof (sInt4));
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib2.cpp:1615:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      if ((fp = fopen ("dump.is0", "wt")) != NULL) {
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib2.cpp:1669:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (&(meta->gds), &newGds, sizeof (gdsType));
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib2.h:63:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
int ReadSECT0 (VSILFILE *fp, char **buff, uInt4 *buffLen, sInt4 limit,
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/engribapi.c:293:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(en->sec2, sec2, lenSec2);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/engribapi.c:1256:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
         memcpy(&(en->drsTmpl[7]), &missPri, sizeof(float));
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/engribapi.c:1257:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
         memcpy(&(en->drsTmpl[8]), &missSec, sizeof(float));
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/engribapi.c:1280:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
         memcpy(&(en->drsTmpl[7]), &missPri, sizeof(float));
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/engribapi.c:1281:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
         memcpy(&(en->drsTmpl[8]), &missSec, sizeof(float));
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/grib2api.c:1134:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(&f_temp, &(is5[11]), sizeof (float));
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/grib2api.c:1138:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
         memcpy(&(f_temp), &(is5[23]), sizeof (float));
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/grib2api.c:1141:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
         memcpy(&(f_temp), &(is5[27]), sizeof (float));
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/hazard.c:783:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[400];    /* Temporary storage as we build up the phrase. */
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/hazard.c:788:10:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
         strcat (buffer, "<None>");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/hazard.c:793:16:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
               strcat (buffer, " Watch");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/hazard.c:796:16:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
               strcat (buffer, " Statement");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/hazard.c:799:16:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
               strcat (buffer, " Advisory");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/hazard.c:802:16:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
               strcat (buffer, " Warning");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/hazard.c:972:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[100];
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/hazard.c:977:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
   strcpy (buffer, "FW.W:2^RecHiPos");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/inventory.cpp:51:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[4];
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/inventory.cpp:122:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char refTime[25];    /* Used to store the formatted reference time. */
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/inventory.cpp:123:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char validTime[25];  /* Used to store the formatted valid time. */
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/meta.h:145:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char *english[NUM_UGLY_WORD]; /* The English translation of ugly string. */
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/meta.h:179:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char *english[NUM_HAZARD_WORD]; /* The english translation of ugly string. */
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/meta.h:392:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char Member[11];          /* Octet 77-86 */
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/meta.h:458:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char Descriptor[33];      /* Plain language Descriptor. */
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/meta.h:572:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char refTime[20];         /* When forecast was issued. */
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/meta.h:573:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char validTime[20];       /* When forecast is valid. */
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:2766:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
   strcpy (*unit, "[%]");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3102:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
   strcpy (*name, "ProbUnknown");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3251:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
   strcpy (*name, "unknown");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3255:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
   strcpy (*unit, "[-]");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3297:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
         strcpy (*name, "AVGOZCON");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3300:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
         strcpy (*comment, "Average Ozone Concentration");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3303:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy (*unit, "[PPB]");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3316:19:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                  strcpy (*name, "dusts");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3318:19:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                  strcpy (*comment, "Surface level dust");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3320:19:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                  strcpy (*unit, "[log10(10^-6g/m^3)]");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3325:19:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                  strcpy (*name, "dustc");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3327:19:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                  strcpy (*comment, "Average vertical column dust");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3329:19:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                  strcpy (*unit, "[log10(10^-6g/m^3)]");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3339:19:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                  strcpy (*name, "smokes");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3341:19:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                  strcpy (*comment, "Surface level smoke from fires");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3343:19:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                  strcpy (*unit, "[log10(10^-6g/m^3)]");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3348:19:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                  strcpy (*name, "smokec");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3350:19:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                  strcpy (*comment, "Average vertical column smoke from fires");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3352:19:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                  strcpy (*unit, "[log10(10^-6g/m^3)]");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3427:28:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                  *name = (char *) malloc (strlen (NDFD_Override[i].NDFDname) + 1);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3429:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                  *comment = (char *) malloc (strlen (table[subcat].comment) + 1);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3458:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            *name = (char *) malloc (strlen (table[subcat].name) + 1);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3460:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            *comment = (char *) malloc (strlen (table[subcat].comment) + 1);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3496:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
               *name = (char *) malloc (strlen (local[i].name) + 1);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3498:28:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
               *comment = (char *) malloc (strlen (local[i].comment) + 1);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3509:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
   strcpy (*name, "unknown");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3513:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
   strcpy (*unit, "[-]");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3803:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy (name, "[F]");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3809:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy (name, "[C]");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3817:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy (name, "[inch]");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3830:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy (name, "[feet]");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3838:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy (name, "[inch]");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3846:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy (name, "[statute mile]");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3858:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy (name, "[knots]");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3866:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy (name, "[UVI]");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3885:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
   strcpy (name, "[GRIB2 unit]");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:4169:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char valBuff[512];
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:4170:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char sndBuff[512];
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaparse.cpp:1144:14:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
             memcpy(&fTemp, &nTemp, 4);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaparse.cpp:3243:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char format[20];
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaprint.cpp:253:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[25];     /* Stores format of pds2->refTime. */
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaprint.cpp:310:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[25];     /* Assists with labeling. */
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaprint.cpp:318:16:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
               sprintf (buffer, "Elem %3d  Is Used", (int) i);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaprint.cpp:320:16:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
               sprintf (buffer, "Elem %3d NOT Used", (int) i);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaprint.cpp:329:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf (buffer, "Element %d", (int) i);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaprint.cpp:615:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[50];     /* Temp storage for various uses including time
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaprint.cpp:834:10:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
         sprintf (buffer, "%d, %d", sect4->lowerLimit.value,
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaprint.cpp:839:10:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
         sprintf (buffer, "%d, %d", sect4->upperLimit.value,
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaprint.cpp:890:10:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
         sprintf (buffer, "%d, %d", sect4->lowerLimit.value,
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaprint.cpp:895:10:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
         sprintf (buffer, "%d, %d", sect4->upperLimit.value,
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaprint.cpp:1034:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[25];     /* Stores format of pds1->refTime. */
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaprint.cpp:1166:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[50];     /* Temporary storage for info about scan flag. */
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaprint.cpp:1267:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
   sprintf (buffer, "%d%d%d%d", ((gds->scan & GRIB2BIT_1) / GRIB2BIT_1),
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myerror.c:89:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char bufpart[330];   /* Used for formatting the int / float options. */
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myerror.c:90:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char format[20];     /* Used to store the % option. */
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myerror.c:188:16:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
               memcpy (buffer + ipos, bufpart, slen);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myerror.c:196:16:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
               memcpy (buffer + ipos, bufpart, slen);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myerror.c:204:16:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
               memcpy (buffer + ipos, bufpart, slen);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myerror.c:212:16:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
               memcpy (buffer + ipos, bufpart, slen);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myerror.c:230:19:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                  memcpy (buffer + ipos, sval, slen);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:558:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
   if ((ifp = fopen (fileIn, "rb")) == NULL) {
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:564:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
   if ((ofp = fopen (fileOut, "wb")) == NULL) {
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:1122:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[5];      /* A temporary variable for parsing "is". */
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:1139:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
   year = atoi (buffer);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:1142:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
   mon = atoi (buffer);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:1144:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
   day = atoi (buffer);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:1146:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
   hour = atoi (buffer);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:1148:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
   min = atoi (buffer);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:1150:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
   sec = atoi (buffer);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:1212:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
   strcpy (buffer, "  0.95");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:1218:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
   strcpy (buffer, "0.95");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:1224:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
   strcpy (buffer, "+0.95");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:1230:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
   strcpy (buffer, "0.95,  ");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:1236:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
   strcpy (buffer, "0.95,");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:1242:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
   strcpy (buffer, "0.9.5");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:1248:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
   strcpy (buffer, "  alph 0.9.5");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:1254:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
   strcpy (buffer, "  ");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:1275:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
   strcpy (buffer, "  here  ");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:1279:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
   strcpy (buffer, "  here  ");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/tdlpack.cpp:335:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[25];     /* Stores format of pds1->refTime. */
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/tdlpack.cpp:450:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
         strcpy (*unitName, "[-]");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/tdlpack.cpp:459:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy (*unitName, "[-]");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/tdlpack.cpp:1522:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[24];     /* Read the trailing bytes in the TDLPack record. */
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/tdlpack.cpp:1537:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy (c_ipack, sect0, SECT0LEN_WORD * 2);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/tdlpack.cpp:1638:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy (&li_temp, c_ipack + curLoc, 4);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/tdlpack.cpp:3322:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy ((*lclGroup) + lclIndex, subGroup,
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/tdlpack.cpp:4101:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[6];      /* Used to write reserved values */
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/tendian.cpp:157:14:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      return memcpy (Dst, Src, num_elem);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/tendian.h:39:22:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  #define MEMCPY_BIG memcpy
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/tendian.h:43:22:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  #define MEMCPY_LIT memcpy
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/weather.c:2187:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
         ugly->vis[word] = atoi (WxVisib[ugly->vis[word]].name);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/weather.c:2272:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[400];    /* Temporary storage as we build up the phrase. */
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/weather.c:2636:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[100];
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/weather.c:2638:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
   strcpy (buffer, "Pds:R:+:<NoVis>:Mention^Ocnl:R:m:<NoVis>:^Sct:"
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/weather.c:2648:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
   strcpy (buffer, "Sct:SW:-:<NoVis>:");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/weather.c:2651:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
   strcpy (buffer, "Ocnl:R:-:<NoVis>:^Ocnl:S:-:<NoVis>:^SChc:ZR:-:<NoVis>:");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/weather.c:2654:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
   strcpy (buffer, "Wide:FR:-:<NoVis>:OLA");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/weather.c:2657:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
   strcpy (buffer, "<NoCov>:<NoWx>:<NoInten>:<NoVis>:");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/weather.c:2660:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
   strcpy (buffer, "Sct:RW:-:<NoVis>:^Iso:T:m:<NoVis>:");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/weather.c:2663:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
   strcpy (buffer, "Sct:T:+:<NoVis>:DmgW,LgA");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/dec_png.c:41:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(data,ptr+offset,length);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/enc_jpeg2000.c:103:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char opts[MAXOPTSSIZE];
data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/enc_jpeg2000.c:123:8:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
       strcat(opts,"\nnumgbits=4");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/enc_png.c:36:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
     memcpy(ptr+offset,data,length);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/g2_unpack7.c:135:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(lfld, cgrib+ipos, 4 * ndpts );
data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/g2_unpack7.c:162:28:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                  unsigned char temp[8];
data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/g2_unpack7.c:169:19:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                  memcpy(&d, temp, 8);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/g2_unpack7.c:178:19:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                  memcpy(&d, src + i * 8, 8);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/pack_gp.c:41:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cfeed[1];
data/gdal-3.0.4+dfsg/frmts/grib/degrib/g2clib/reduce.c:35:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cfeed[1];
data/gdal-3.0.4+dfsg/frmts/grib/gribcreatecopy.cpp:903:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&fRefValue, &idrstmpl[TMPL5_R_IDX], 4);
data/gdal-3.0.4+dfsg/frmts/grib/gribcreatecopy.cpp:1091:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&idrstmpl[TMPL5_PRIMARY_MISSING_VALUE_IDX], &fNoData, 4);
data/gdal-3.0.4+dfsg/frmts/grib/gribcreatecopy.cpp:1114:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&fRefValue, &idrstmpl[TMPL5_R_IDX], 4);
data/gdal-3.0.4+dfsg/frmts/grib/gribcreatecopy.cpp:1270:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szDataPointer[32];
data/gdal-3.0.4+dfsg/frmts/grib/gribcreatecopy.cpp:1576:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nCompressionRatio = atoi(GetBandOption(papszOptions,
data/gdal-3.0.4+dfsg/frmts/grib/gribcreatecopy.cpp:1842:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    m_nBits = std::max(0, atoi(pszBits));
data/gdal-3.0.4+dfsg/frmts/grib/gribcreatecopy.cpp:1854:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        m_nDecimalScaleFactor = atoi(pszDecimalScaleFactor);
data/gdal-3.0.4+dfsg/frmts/grib/gribcreatecopy.cpp:1876:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            m_nDecimalScaleFactor = atoi(pszDecimalScaleFactor);
data/gdal-3.0.4+dfsg/frmts/grib/gribcreatecopy.cpp:1906:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            pszSpatialDifferencingOrder ? atoi(pszSpatialDifferencingOrder) : 0;
data/gdal-3.0.4+dfsg/frmts/grib/gribcreatecopy.cpp:1964:44:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    GUInt16 nCenter = static_cast<GUInt16>(atoi(GetIDSOption(
data/gdal-3.0.4+dfsg/frmts/grib/gribcreatecopy.cpp:1969:47:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    GUInt16 nSubCenter = static_cast<GUInt16>(atoi(GetIDSOption(
data/gdal-3.0.4+dfsg/frmts/grib/gribcreatecopy.cpp:1974:45:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    GByte nMasterTable = static_cast<GByte>(atoi(GetIDSOption(
data/gdal-3.0.4+dfsg/frmts/grib/gribcreatecopy.cpp:1981:46:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    GByte nSignfRefTime = static_cast<GByte>(atoi(GetIDSOption(
data/gdal-3.0.4+dfsg/frmts/grib/gribcreatecopy.cpp:1997:44:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    GByte nProdStatus = static_cast<GByte>(atoi(GetIDSOption(
data/gdal-3.0.4+dfsg/frmts/grib/gribcreatecopy.cpp:2002:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    GByte nType = static_cast<GByte>(atoi(GetIDSOption(
data/gdal-3.0.4+dfsg/frmts/grib/gribcreatecopy.cpp:2023:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int nVal = atoi(papszTokens[i]);
data/gdal-3.0.4+dfsg/frmts/grib/gribcreatecopy.cpp:2094:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            WriteInt32(fp, atoi(papszTokens[i]));
data/gdal-3.0.4+dfsg/frmts/grib/gribcreatecopy.cpp:2113:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if( nTokens >= 2 && atoi(papszTokens[0]) == 0 )
data/gdal-3.0.4+dfsg/frmts/grib/gribcreatecopy.cpp:2117:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nParamNumber = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/frmts/grib/gribcreatecopy.cpp:2157:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nPDTN = atoi(GetBandOption(
data/gdal-3.0.4+dfsg/frmts/grib/gribcreatecopy.cpp:2229:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nVal = atoi(papszTokens[i]);
data/gdal-3.0.4+dfsg/frmts/grib/gribcreatecopy.cpp:2404:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nDiscipline = atoi(GetBandOption(
data/gdal-3.0.4+dfsg/frmts/grib/gribdataset.cpp:183:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nSectSize, abyHead, 4);
data/gdal-3.0.4+dfsg/frmts/grib/gribdataset.cpp:189:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pabyBody, abyHead, 5);
data/gdal-3.0.4+dfsg/frmts/grib/gribdataset.cpp:298:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nSectSize, abyHead, 4);
data/gdal-3.0.4+dfsg/frmts/grib/gribdataset.cpp:312:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nSectSize, abyHead, 4);
data/gdal-3.0.4+dfsg/frmts/grib/gribdataset.cpp:318:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pabyBody, abyHead, 5);
data/gdal-3.0.4+dfsg/frmts/grib/gribdataset.cpp:327:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&nCoordCount, pabyBody + 6-1, 2);
data/gdal-3.0.4+dfsg/frmts/grib/gribdataset.cpp:331:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&nPDTN, pabyBody + 8-1, 2);
data/gdal-3.0.4+dfsg/frmts/grib/gribdataset.cpp:341:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szByte[10] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/grib/gribdataset.cpp:448:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nSectSize, abyHead, 4);
data/gdal-3.0.4+dfsg/frmts/grib/gribdataset.cpp:460:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nSectSize, abyHead, 4);
data/gdal-3.0.4+dfsg/frmts/grib/gribdataset.cpp:466:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pabyBody, abyHead, 5);
data/gdal-3.0.4+dfsg/frmts/grib/gribdataset.cpp:470:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&nDRTN, pabyBody + 10-1, 2);
data/gdal-3.0.4+dfsg/frmts/grib/gribdataset.cpp:483:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(&fRef, pabyBody + 12 - 1, 4);
data/gdal-3.0.4+dfsg/frmts/grib/gribdataset.cpp:490:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(&nBinaryScaleFactorUnsigned, pabyBody + 16 - 1, 2);
data/gdal-3.0.4+dfsg/frmts/grib/gribdataset.cpp:499:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(&nDecimalScaleFactorUnsigned, pabyBody + 18 - 1, 2);
data/gdal-3.0.4+dfsg/frmts/grib/gribdataset.cpp:523:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy(&fTemp, &pabyBody[24-1], 4);
data/gdal-3.0.4+dfsg/frmts/grib/gribdataset.cpp:529:29:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                            memcpy(&fTemp, &pabyBody[28-1], 4);
data/gdal-3.0.4+dfsg/frmts/grib/gribdataset.cpp:537:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy(&iTemp, &pabyBody[24-1], 4);
data/gdal-3.0.4+dfsg/frmts/grib/gribdataset.cpp:543:29:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                            memcpy(&iTemp, &pabyBody[28-1], 4);
data/gdal-3.0.4+dfsg/frmts/grib/gribdataset.cpp:708:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pImage,
data/gdal-3.0.4+dfsg/frmts/grib/gribdataset.cpp:722:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pImage,
data/gdal-3.0.4+dfsg/frmts/grib/gribdataset.cpp:863:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        static_cast<GIntBig>(atoi(CPLGetConfigOption("GRIB_CACHEMAX", "100")))
data/gdal-3.0.4+dfsg/frmts/grib/gribdataset.cpp:897:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(padfTransform, adfGeoTransform, sizeof(double) * 6);
data/gdal-3.0.4+dfsg/frmts/gsg/gsagdataset.cpp:64:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char         szEOL[3];
data/gdal-3.0.4+dfsg/frmts/gsg/gsagdataset.cpp:846:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szEOL[3];
data/gdal-3.0.4+dfsg/frmts/gta/gtadataset.cpp:148:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int open( const char *pszFilename, const char *pszMode )
data/gdal-3.0.4+dfsg/frmts/gta/gtadataset.cpp:441:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nCatCount = atoi( pszCatCount );
data/gdal-3.0.4+dfsg/frmts/gta/gtadataset.cpp:722:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( (void *) pDst, (void *) pSrc, sComponentSize );
data/gdal-3.0.4+dfsg/frmts/gta/gtadataset.cpp:757:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( (void *) pDst, (void *) pSrc, sComponentSize );
data/gdal-3.0.4+dfsg/frmts/gta/gtadataset.cpp:920:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( padfTransform, adfGeoTransform, 6*sizeof(double) );
data/gdal-3.0.4+dfsg/frmts/gta/gtadataset.cpp:1024:22:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( poDS->oGTAIO.open( poOpenInfo->pszFilename,
data/gdal-3.0.4+dfsg/frmts/gta/gtadataset.cpp:1137:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        poDS->nGCPs = atoi( poDS->oHeader.global_taglist().get("GDAL/GCP_COUNT") );
data/gdal-3.0.4+dfsg/frmts/gta/gtadataset.cpp:1159:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char pszGCPTagName[64];
data/gdal-3.0.4+dfsg/frmts/gta/gtadataset.cpp:1160:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char pszGCPInfoTagName[64];
data/gdal-3.0.4+dfsg/frmts/gta/gtadataset.cpp:1464:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char pszGCPTagName[64];
data/gdal-3.0.4+dfsg/frmts/gta/gtadataset.cpp:1465:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char pszGCPInfoTagName[64];
data/gdal-3.0.4+dfsg/frmts/gta/gtadataset.cpp:1610:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( oGTAIO.open( pszFilename, "w" ) != 0 )
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:176:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nOvrBlockSize = atoi(pszVal);
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:698:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pabyJPEGTable, pJPEGTable, nJPEGTableSize);
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:701:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyJPEGTable + nJPEGTableSize, abyAdobeAPP14RGB,
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:886:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pabyBuffer, poGDS->pabyJPEGTable, poGDS->nJPEGTableSize);
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:2235:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pTempBuffer, pabySrcData + nOffset, nPixels * nDTSize);
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:2255:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pabyDstBuffer, pabySrcData + nOffset, nPixels * nDTSize);
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:3939:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:4058:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(CPLGetConfigOption("GDAL_MAX_RAW_BLOCK_CACHE_SIZE",
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:5149:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( pasNewExtraSamples, v + count - nNewExtraSamplesCount,
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:5192:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( pasNewExtraSamples + nNewExtraSamplesCount - count,
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:5254:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( pasNewExtraSamples, v, count * sizeof(uint16) );
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:6177:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&fVal, &iFloat32, 4);
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:8305:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pabyTempWriteBuffer, pabyData, cc);
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:8336:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( pabyData + (static_cast<GPtrDiff_t>(nBlockXSize) * iY + iX) * nComponents,
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:8346:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyData + static_cast<GPtrDiff_t>(nBlockXSize) * nComponents * iY,
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:8455:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pabyTempWriteBuffer, pabyData, cc);
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:8520:61:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            EQUAL(pszValue, "ALL_CPUS") ? CPLGetNumCPUs() : atoi(pszValue);
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:8834:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(psJob->pabyBuffer, pabyData, cc);
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:10043:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(poODS->anLercAddCompressionAndVersion, anLercAddCompressionAndVersion,
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:10171:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( panExtraSampleValuesNew, panExtraSampleValues,
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:10208:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                atoi(CPLGetConfigOption("JPEG_QUALITY_OVERVIEW","75"));
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:10554:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( panExtraSampleValuesNew, panExtraSampleValues,
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:10631:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    atoi(CPLGetConfigOption("JPEG_QUALITY_OVERVIEW","75"));
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:11165:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBandId[32] = {};
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:11276:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    int v = atoi(pszItemValue);
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:11306:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                      atoi(pszItemValue) );
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:11619:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szValue[128] = {};
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:11851:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( adfRPCTag + 12, sRPC.adfLINE_NUM_COEFF, sizeof(double) * 20 );
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:11852:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( adfRPCTag + 32, sRPC.adfLINE_DEN_COEFF, sizeof(double) * 20 );
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:11853:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( adfRPCTag + 52, sRPC.adfSAMP_NUM_COEFF, sizeof(double) * 20 );
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:11854:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( adfRPCTag + 72, sRPC.adfSAMP_DEN_COEFF, sizeof(double) * 20 );
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:12211:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nTmp, pabyBuffer + 8, 8);
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:12221:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nTmp, pabyBuffer + 16, 8);
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:12245:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&nTmp16, pabyBuffer + 24 + i * 20, 2);
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:12248:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&nTmp16, pabyBuffer + 24 + i * 20 + 2, 2);
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:12251:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&nTmp, pabyBuffer + 24 + i * 20 + 4, 8);
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:12268:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(&nTmp, pabyBuffer + 24 + i * 20 + 12, 8);
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:12286:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nTmp, pabyBuffer + 4, 4);
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:12297:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nTmp16, pabyBuffer + 8, 2);
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:12320:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&nTmp16, pabyBuffer + 10 + i * 12, 2);
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:12323:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&nTmp16, pabyBuffer + 10 + i * 12 + 2, 2);
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:12326:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&nTmp, pabyBuffer + 10 + i * 12 + 4, 4);
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:12341:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(&nTmp, pabyBuffer + 10 + i * 12 + 8, 4);
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:12720:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char csUnitStr[128];
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:12755:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(adfGeoTransform, adfPamGeoTransform, sizeof(double) * 6);
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:12836:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            pszTIFFTagYRes && atoi(pszTIFFTagResUnit) == 2 )
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:12972:22:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    toff_t nOffset = atol(pszFilename);
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:13459:45:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        static_cast<uint16>(atoi(papszTokensRed[i]));
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:13461:45:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        static_cast<uint16>(atoi(papszTokensGreen[i]));
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:13463:45:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        static_cast<uint16>(atoi(papszTokensBlue[i]));
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:13509:55:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                pTXR[i + j * 2] = static_cast<uint16>(atoi(papszTokens[j]));
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:13714:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szMessage[1024] = {};
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:14005:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szWorkMDI[200] = {};
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:14074:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pszXMP, pData, nTagSize);
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:14077:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char *apszMDList[2] = { pszXMP, nullptr };
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:14288:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                atoi(CPLGetXMLValue( psItem, "sample", "-1" ));
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:14311:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char *apszMD[2] = { pszUnescapedValue, nullptr };
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:14353:29:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                            char *apszMD[2] = { pszUnescapedValue, nullptr };
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:14426:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        atoi(CPLGetConfigOption("GDAL_READDIR_LIMIT_ON_OPEN", "1000"));
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:14733:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szID[32] = {};
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:15087:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nLZMAPreset = atoi( pszValue );
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:15105:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nZSTDLevel = atoi( pszValue );
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:15130:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nWebPLevel = atoi( pszValue );
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:15153:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nZLevel = atoi( pszValue );
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:15171:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nJpegQuality = atoi( pszValue );
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:15185:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    return atoi(CSLFetchNameValueDef( papszOptions, "JPEGTABLESMODE",
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:15219:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nBits = atoi(papszTokens[0]);
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:15232:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nBits = atoi(papszTokens[i]);
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:15304:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        l_nBlockXSize = atoi( pszValue );
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:15309:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        l_nBlockYSize = atoi( pszValue );
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:15346:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nPredictor = atoi( pszValue );
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:15543:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szOpeningFlag[5] = {};
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:15592:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        l_nBitsPerSample = atoi(CSLFetchNameValue(papszParmList, "NBITS"));
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:16082:53:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int l_nJpegQuality = pszJPEGQuality ? atoi(pszJPEGQuality) : 0;
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:16723:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        && atoi(poPBand->GetMetadataItem( "NBITS", "IMAGE_STRUCTURE" )) > 0
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:16961:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( pasNewExtraSamples, v, count * sizeof(uint16) );
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:18109:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfTransform, adfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:18161:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( adfGeoTransform, padfTransform, sizeof(double)*6 );
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:18165:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( adfGeoTransform, padfTransform, sizeof(double)*6 );
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:252:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[512] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:597:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szCTString[512] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:600:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char units[32] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:612:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(units, "us_survey_feet");
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:616:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(units, "international_feet");
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:618:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(units, "meters");
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:684:17:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                strcpy(units, "us_survey_feet");
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:686:17:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                strcpy(units, "international_feet");
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:688:17:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                strcpy(units, "meters");
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:694:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(units, "meters");
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:713:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int statePlaneZone = abs(atoi(pStr));
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:714:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char nad[32];
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:715:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(nad, "HARN");
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:717:17:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                strcpy(nad, "NAD83");
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:720:17:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                strcpy(nad, "NAD27");
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:755:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char datumName[128] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:780:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char utmName[64] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:812:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                if( psDefn->ProjCode != atoi(apszUtmProjCode[i+2]) )
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:815:45:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        static_cast<short>( atoi(apszUtmProjCode[i+2]) );
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_jpeg_copy.cpp:287:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        atoi(CSLFetchNameValueDef(papszCreateOptions, "BLOCKXSIZE", "0"));
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_jpeg_copy.cpp:289:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        atoi(CSLFetchNameValueDef(papszCreateOptions, "BLOCKYSIZE", "0"));
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_jpeg_copy.cpp:363:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[JMSG_LENGTH_MAX] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_jpeg_copy.cpp:384:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTmpFilename[128] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_jpeg_copy.cpp:714:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy( dst_buffer[offset_y],
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_jpeg_copy.cpp:741:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(dst_buffer[offset_y],
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_overview.cpp:394:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                atoi(hBand->GetMetadataItem("NBITS", "IMAGE_STRUCTURE"));
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_overview.cpp:624:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nPredictor = atoi( pszPredictor );
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_overview.cpp:897:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(CPLGetConfigOption("JPEG_QUALITY_OVERVIEW","75"));
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_overview.cpp:907:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(CPLGetConfigOption("JPEG_TABLESMODE_OVERVIEW",
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_overview.cpp:920:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( panOverviewListSorted, panOverviewList, sizeof(int) * nOverviews);
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp:338:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szPeStr[2400] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp:363:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szPCSName[300] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp:372:17:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                strcpy( szPCSName, "unnamed" );
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp:394:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char szUOMLength[12];
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp:415:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szName[300] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp:417:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy( szName, "unnamed" );
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp:439:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szUOMLength[12];
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp:513:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szCTString[512] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp:597:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szGCSName[512] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp:760:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szUOMLength[12];
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp:1116:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char citation[2048] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp:1128:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( citation, "unknown" );
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp:1180:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szCTString[512];
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp:1231:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szCode[12];
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp:1261:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szCode[12];
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp:1273:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szInMeters[128] = {};
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp:1389:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                            nReturn = atoi(pszCode);
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp:1443:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(poSRS->GetAuthorityCode("PROJCS|GEOGCS|DATUM|SPHEROID")) );
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp:1449:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(poSRS->GetAuthorityCode("GEOGCS|DATUM|SPHEROID")) );
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp:1468:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nDatum = atoi(poSRS->GetAuthorityCode("PROJCS|GEOGCS|DATUM"));
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp:1471:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nDatum = atoi(poSRS->GetAuthorityCode("GEOGCS|DATUM"));
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp:1483:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nGCS = atoi(poSRS->GetAuthorityCode("PROJCS|GEOGCS"));
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp:1486:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nGCS = atoi(poSRS->GetAuthorityCode("GEOGCS"));
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp:1503:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nUOMLengthCode = atoi(poSRS->GetAuthorityCode("PROJCS|UNIT"));
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp:1522:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nPCS = atoi(poSRS->GetAuthorityCode("PROJCS"));
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp:2369:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(outPeStr, "ESRI PE String = ");
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp:2610:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            if( oRefSRS.importFromEPSG(atoi(pszAuthCode)) == OGRERR_NONE )
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp:2654:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        if( pszValue && atoi(pszValue) )
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp:2656:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        atoi(pszValue) );
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp:2659:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        if( pszValue && atoi(pszValue) )
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp:2661:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        atoi(pszValue) );
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp:2664:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        if( pszValue && atoi(pszValue) )
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp:2666:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        atoi(pszValue) );
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp:2702:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szFilename[100] = {};
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp:2821:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szID[32] = {};
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp:2886:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szFilename[100] = {};
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_get.c:173:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
           ((char *)val)[count-1] = '\0'; /* replace last char with NULL */
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_keyp.h:116:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char        szTmpBufferForGTIFValueNameEx[160];
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_names.c:49:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   static char errmsg[80];
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_names.c:55:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	   sprintf(errmsg,"Unknown-%d", key );
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_names.c:131:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pszOut, pszName, nToCopy);
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_names.c:150:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(gtif->szTmpBufferForGTIFValueNameEx,"Unknown-%d", value );
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_names.c:162:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szCode[12];
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_names.c:163:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szName[120];
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_names.c:166:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(szCode, "%d", value);
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_new.c:129:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &gt->gt_methods, methods, sizeof(TIFFMethod) );
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_new.c:270:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&keyptr->gk_data, &(entptr->ent_val_offset), sizeof(pinfo_t));
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c:141:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szEPSGName[64];
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c:161:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szCode[12];
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c:164:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(szCode, "%d", nPCSCode);
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c:204:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                *pnProjOp = (short) atoi(pszConvCode);
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c:236:44:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                *pnUOMLengthCode = (short) atoi(pszUnitCode);
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c:254:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                *pnGeogCS = (short) atoi(pszGeodCode);
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c:292:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char	szAngleString[32];
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c:294:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf( szAngleString, "%12.7f", dfAngle );
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c:324:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        dfAngle = ABS(atoi(pszAngle));
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c:328:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char	szMinutes[3];
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c:329:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char	szSeconds[64];
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c:338:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            dfAngle += atoi(szMinutes) / 60.0;
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c:454:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szCode[12];
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c:457:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(szCode, "%d", nGCSCode);
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c:501:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                *pnDatum = (short) atoi(pszDatumCode);
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c:519:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                *pnPM = (short) atoi(pszPMCode);
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c:551:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                *pnUOMAngle = (short) atoi(pszUnitCode);
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c:641:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szCode[12];
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c:644:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(szCode, "%d", nEllipseCode);
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c:713:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szCode[12];
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c:716:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(szCode, "%d", nPMCode);
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c:812:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szCode[12];
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c:815:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(szCode, "%d", nDatumCode);
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c:854:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                *pnEllipsoid = (short) atoi(pszEllipsoidCode);
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c:928:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szCode[12];
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c:931:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(szCode, "%d", nUOMLengthCode);
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c:1034:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szCode[12];
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c:1038:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(szCode, "%d", nUOMAngleCode);
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c:1408:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szProjTRFName[64];
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c:1409:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(szProjTRFName, "UTM zone %d%c",
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c:1434:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char    szCode[12];
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c:1439:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(szCode, "%d", nProjTRFCode);
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c:1459:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nProjMethod = atoi(pszMethodCode);
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c:1514:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                if( atoi(pszParamCode) == nEPSGCode )
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c:1555:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    if( atoi(pszParamCode) == nEPSGCode )
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c:2720:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	szFormat[30];
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c:2721:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char szBuffer[50];
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_print.c:63:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char message[1024];
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_print.c:113:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char message[1024];
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_print.c:117:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(message," (%d,%d):\n",nrows,ncols);
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_print.c:144:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char message[40];
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_print.c:169:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
              char ch = ((char *) data)[in_char++];
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_print.c:238:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(message, "Unknown Type (%d)\n",key->gk_type);
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_print.c:269:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char message[1024];
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_print.c:309:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tagname[100];
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_print.c:312:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char message[1024];
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_print.c:360:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[1000];
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_print.c:361:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char type[20];
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_print.c:365:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char message[2048];
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_simpletags.c:215:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( st->key_list[i].data, data, count * item_size );
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_simpletags.c:231:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( st->key_list[st->key_count-1].data, data, item_size * count );
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_write.c:144:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&(entptr->ent_val_offset), &keyptr->gk_data, sizeof(pinfo_t));
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:49:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat( pszProjection, "+ellps=WGS84 " );
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:51:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat( pszProjection, "+ellps=clrk66 " );
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:53:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat( pszProjection, "+ellps=clrk80 " );
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:55:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat( pszProjection, "+ellps=GRS80 " );
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:60:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf( pszProjection+strlen(pszProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:108:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        char szAsBoolean[100];
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:111:25:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
                        strcat( szAsBoolean,"=yes" );
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:876:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	szProjection[512];
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:877:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	szUnits[64];
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:894:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy( szUnits, "+units=m " );
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:898:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy( szUnits, "+units=ft " );
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:902:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy( szUnits, "+units=us-ft " );
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:906:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy( szUnits, "+units=ind-ft " );
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:910:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy( szUnits, "+units=link " );
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:914:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy( szUnits, "+units=ind-yd " );
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:918:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy( szUnits, "+units=fath " );
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:922:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy( szUnits, "+units=kmi " );
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:926:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf( szUnits, "+to_meter=%.10f", psDefn->UOMLengthInMeters );
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:945:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(szProjection+strlen(szProjection),"+proj=latlong ");
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:954:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:964:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:978:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:994:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1001:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1015:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1029:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1043:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1057:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1066:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1081:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1095:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1108:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1121:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1134:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1147:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1160:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1173:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1189:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1205:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1217:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1229:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1241:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1257:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1273:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1287:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1313:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1330:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1341:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1383:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        szLongLat[256];
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1399:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(szLongLat, "+proj=longlat ");
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1445:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        szLongLat[256];
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1461:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(szLongLat, "+proj=longlat ");
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_codec.c:115:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char compression_code[20];
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_codec.c:117:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(compression_code, "%d",tif->tif_dir.td_compression );
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_dirread.c:4085:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16));
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_dirread.c:5632:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			max_nstrips = (uint32) atoi(pszMax);
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_dirwrite.c:2765:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &entry_tag, direntry_raw + 0, sizeof(uint16) );
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_dirwrite.c:2786:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &entry_type, direntry_raw + 2, sizeof(uint16) );
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_dirwrite.c:2794:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &value, direntry_raw + 4, sizeof(uint32) );
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_dirwrite.c:2799:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &value, direntry_raw + 8, sizeof(uint32) );
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_dirwrite.c:2806:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &entry_count, direntry_raw + 4, sizeof(uint64) );
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_dirwrite.c:2810:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &entry_offset, direntry_raw + 12, sizeof(uint64) );
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_dirwrite.c:2843:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( buf_to_write, data, count * TIFFDataWidth(datatype) );
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_dirwrite.c:2951:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &entry_offset, buf_to_write, count*TIFFDataWidth(datatype));
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_dirwrite.c:2961:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( direntry_raw + 2, &entry_type, sizeof(uint16) );
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_dirwrite.c:2970:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( direntry_raw + 4, &value, sizeof(uint32) );
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_dirwrite.c:2975:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( direntry_raw + 8, &value, sizeof(uint32) );
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_dirwrite.c:2981:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( direntry_raw + 4, &entry_count, sizeof(uint64) );
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_dirwrite.c:2985:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( direntry_raw + 12, &entry_offset, sizeof(uint64) );
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_fax3.c:789:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char zeroruns[256] = {
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_fax3.c:807:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char oneruns[256] = {
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_getimage.c:74:28:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
TIFFRGBAImageOK(TIFF* tif, char emsg[1024])
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_getimage.c:81:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(emsg, "Sorry, requested compression method is not configured");
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_getimage.c:92:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(emsg, "Sorry, can not handle images with %d-bit samples",
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_getimage.c:97:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                sprintf(emsg, "Sorry, can not handle images with IEEE floating-point samples");
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_getimage.c:265:61:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int stop, char emsg[1024])
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_getimage.c:304:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(emsg, "Sorry, can not handle images with %d-bit samples",
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_getimage.c:362:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(emsg, "Missing required \"Colormap\" tag");
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_getimage.c:372:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(emsg, "Out of memory for colormap copy");
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_getimage.c:483:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(emsg, "Sorry, can not handle image");
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_getimage.c:488:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(emsg, "Sorry, can not handle image");
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_getimage.c:523:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char emsg[1024] = "";
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_getimage.c:2899:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char 	emsg[1024] = "";
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_getimage.c:2957:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char 	emsg[1024] = "";
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_jpeg.c:220:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[JMSG_LENGTH_MAX];
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_jpeg.c:236:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[JMSG_LENGTH_MAX];
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_jpeg.c:386:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            sp->max_allowed_scan_number = atoi(sz_max_allowed_scan_number);
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_jpeg.c:1458:59:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                               ((unsigned char *) buf)[iValue] =
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_lzma.c:439:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&sp->stream, &tmp_stream, sizeof(lzma_stream));
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_ojpeg.c:2514:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[JMSG_LENGTH_MAX];
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_ojpeg.c:2522:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[JMSG_LENGTH_MAX];
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_predict.c:728:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( working_copy, bp0, cc0 );
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_print.c:79:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			    (unsigned int) ((unsigned char *) raw_data)[j]);
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_print.c:192:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				fputc(((char *)raw_data)[i], fd);
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_swab.c:208:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char TIFFBitRevTable[256] = {
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_swab.c:242:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char TIFFNoBitRevTable[256] = {
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_vsi.c:112:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char          szAccess[32];
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_vsi.c:191:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(d, s, (size_t) c);
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_webp.c:114:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(sp->pBuffer + sp->buffer_offset,
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_webp.c:163:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(op,   
data/gdal-3.0.4+dfsg/frmts/gtiff/tif_lerc.c:472:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( sp->uncompressed_buffer + i * dst_stride,
data/gdal-3.0.4+dfsg/frmts/gtiff/tif_lerc.c:520:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(op,
data/gdal-3.0.4+dfsg/frmts/gtiff/tif_lerc.c:587:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(sp->uncompressed_buffer + sp->uncompressed_offset,
data/gdal-3.0.4+dfsg/frmts/gtiff/tif_lerc.c:656:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( sp->uncompressed_buffer + i * dst_stride,
data/gdal-3.0.4+dfsg/frmts/gtiff/tifvsi.cpp:100:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( buf,
data/gdal-3.0.4+dfsg/frmts/gtiff/tifvsi.cpp:147:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( psGTH->abyWriteBuffer + psGTH->nWriteBufferSize,
data/gdal-3.0.4+dfsg/frmts/gtiff/tifvsi.cpp:155:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( psGTH->abyWriteBuffer + psGTH->nWriteBufferSize, pabyData,
data/gdal-3.0.4+dfsg/frmts/gtiff/tifvsi.cpp:302:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(psGTH->ppCachedData, ppData,
data/gdal-3.0.4+dfsg/frmts/gtiff/tifvsi.cpp:308:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(psGTH->panCachedOffsets, panOffsets,
data/gdal-3.0.4+dfsg/frmts/gtiff/tifvsi.cpp:314:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(psGTH->panCachedSizes, panSizes,
data/gdal-3.0.4+dfsg/frmts/gtiff/tifvsi.cpp:323:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char access[32] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/gxf/gxf_ogcwkt.c:210:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char	*apszParmNames[8] = { NULL };
data/gdal-3.0.4+dfsg/frmts/gxf/gxf_ogcwkt.c:293:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	szWKT[1024+32];
data/gdal-3.0.4+dfsg/frmts/gxf/gxf_ogcwkt.c:294:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	szGCS[512];
data/gdal-3.0.4+dfsg/frmts/gxf/gxf_ogcwkt.c:295:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	szProjection[512];
data/gdal-3.0.4+dfsg/frmts/gxf/gxf_proj4.c:78:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	szPROJ4[512] = { 0 };
data/gdal-3.0.4+dfsg/frmts/gxf/gxfopen.c:69:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy( pszHTitle, "#EOF" );
data/gdal-3.0.4+dfsg/frmts/gxf/gxfopen.c:103:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( pszHTitle, "#EOF" );
data/gdal-3.0.4+dfsg/frmts/gxf/gxfopen.c:196:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	szTitle[71];
data/gdal-3.0.4+dfsg/frmts/gxf/gxfopen.c:244:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            psGXF->nRawXSize = atoi(papszList[0]);
data/gdal-3.0.4+dfsg/frmts/gxf/gxfopen.c:248:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            psGXF->nRawYSize = atoi(papszList[0]);
data/gdal-3.0.4+dfsg/frmts/gxf/gxfopen.c:282:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            psGXF->nSense = atoi(papszList[0]);
data/gdal-3.0.4+dfsg/frmts/gxf/gxfopen.c:335:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            psGXF->nGType = atoi(papszList[0]);
data/gdal-3.0.4+dfsg/frmts/gxf/gxfopen.h:103:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        szDummy[64];
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:108:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            errbuf[256];/* Error report buffer */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:110:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            hdfeosVersion[32];	/* HDFEOS version string */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:206:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		    strcpy(metabuf, "GROUP=SwathStructure\n");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:207:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		    strcat(metabuf, "END_GROUP=SwathStructure\n");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:208:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		    strcat(metabuf, "GROUP=GridStructure\n");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:209:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		    strcat(metabuf, "END_GROUP=GridStructure\n");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:210:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		    strcat(metabuf, "GROUP=PointStructure\n");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:211:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		    strcat(metabuf, "END_GROUP=PointStructure\n");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:212:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		    strcat(metabuf, "END\n");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:302:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			  strcpy(metabuf, "GROUP=SwathStructure\n");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:303:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			  strcat(metabuf, "END_GROUP=SwathStructure\n");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:304:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			  strcat(metabuf, "GROUP=GridStructure\n");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:305:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			  strcat(metabuf, "END_GROUP=GridStructure\n");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:306:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			  strcat(metabuf, "GROUP=PointStructure\n");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:307:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			  strcat(metabuf, "END_GROUP=PointStructure\n");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:308:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			  strcat(metabuf, "END\n");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:376:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		    strcat(errbuf, "\" (opened for READONLY access)");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:377:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		    strcat(errbuf, " does not exist.");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:671:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            attrname[16];	/* Attribute name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1003:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            buffer[128];/* Buffer to hold "test" string entry */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1039:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffer, ptr[indx], slen[indx]);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1105:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            dstr[2];    /* string version of input variable "delim" */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1122:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(liststr + off, ptr[i], slen + 1);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1187:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            name[128];	/* Object name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1604:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(outstring + listlen, ptr[i], slen[i]);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1701:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char           *ptr[8];	/* String pointer array (for dim map parsing) */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1702:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            type[32];	/* Number type descriptor string */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1703:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char           *metaArr[2];	/* Array of metadata positions */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1786:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(utlstr, "GROUP=SwathStructure");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1789:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(utlstr, "GROUP=GridStructure");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1792:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(utlstr, "GROUP=PointStructure");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1845:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(type, "DFNT_UCHAR8");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1848:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(type, "DFNT_CHAR8");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1851:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(type, "DFNT_FLOAT32");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1854:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(type, "DFNT_FLOAT64");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1857:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(type, "DFNT_INT8");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1860:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(type, "DFNT_UINT8");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1863:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(type, "DFNT_INT16");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1866:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(type, "DFNT_UINT16");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1869:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(type, "DFNT_INT32");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1872:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(type, "DFNT_UINT32");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1887:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(utlstr, "\t\tGROUP=Dimension");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1890:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(utlstr, "\t\tEND_GROUP=Dimension");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1917:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(utlstr, "\t\tGROUP=DimensionMap");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1920:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(utlstr, "\t\tEND_GROUP=DimensionMap");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1955:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(utlstr, "\t\tGROUP=IndexDimensionMap");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1958:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(utlstr, "\t\tEND_GROUP=IndexDimensionMap");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1991:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(utlstr, "\t\tGROUP=GeoField");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1994:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(utlstr, "\t\tEND_GROUP=GeoField");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:2053:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(utlstr, "\t\tGROUP=DataField");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:2056:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(utlstr, "\t\tEND_GROUP=DataField");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:2115:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(utlstr, "\t\tGROUP=MergedFields");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:2118:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(utlstr, "\t\tEND_GROUP=MergedFields");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:2156:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(utlstr, "\t\tGROUP=Level");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:2159:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(utlstr, "\n\t\tEND_GROUP=Level");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:2191:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(utlstr, "\t\t\t\tLevelName=\"");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:2195:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(utlstr, "\t\t\tEND_GROUP=Level_");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:2224:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(utlstr, "\t\tGROUP=LevelLink");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:2227:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(utlstr, "\t\tEND_GROUP=LevelLink");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:2265:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(utlstr, "\t\tGROUP=Dimension");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:2275:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(utlstr, "END_GROUP=SwathStructure");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:2284:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(utlstr, "END_GROUP=GridStructure");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:2293:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(utlstr, "END_GROUP=PointStructure");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:2342:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(metaptr, utlstr, seglen);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:2440:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(retstr, metaptrs[0] + slen, newline - metaptrs[0] - slen);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:2577:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(utlstr, "GROUP=SwathStructure");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:2580:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(utlstr, "GROUP=GridStructure");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:2583:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(utlstr, "GROUP=PointStructure");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:2743:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(fillbuf + i * size, fillval, size);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:2783:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(fillbuf + i * size, fillval, size);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:2826:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	fillbuf = (char *) malloc(dims[rank - 1] * size * n);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:2838:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(fillbuf + i * size, fillval, size);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:3250:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            name[80];	        /* Attribute name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:3370:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            name[512];	/* Object name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:3371:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            class[80];	/* Object class */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:106:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char  GDXSDname[HDFE_NAMBUFSIZE];
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:107:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char  GDXSDdims[HDFE_DIMBUFSIZE];
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:145:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *DimNamePtr[8];
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:345:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            name[80];	/* Vgroup name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:346:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            class[80];	/* Vgroup class */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:347:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            errbuf[256];/* Buffer for error message */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:348:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            utlbuf[1024];	/* Utility buffer */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:349:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            header[128];/* Structural metadata header string */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:350:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            footer[256];/* Structural metadata footer string */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:351:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            refstr1[128];	/* Upper left ref string (metadata) */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:352:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            refstr2[128];	/* Lower right ref string (metadata) */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:492:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		    strcpy(refstr1, "DEFAULT");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:493:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		    strcpy(refstr2, "DEFAULT");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:521:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(errbuf,
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:523:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(errbuf, " (%s)");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:612:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            name[80];	/* Vgroup name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:613:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            class[80];	/* Vgroup class */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:614:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            errbuf[256];/* Buffer for error message */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:615:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            acsCode[1];	/* Read/Write l_access char: "r/w" */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:808:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(errbuf,
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:810:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(errbuf, " (%s)");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:951:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            gridname[80] /* Grid name */ ;
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:1030:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            utlbuf[1024];	/* Utility Buffer */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:1031:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            projparmbuf[512];	/* Projection parameter metadata
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:1033:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            gridname[80];	/* Grid Name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:1059:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		    strcpy(utlbuf, "0,");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:1175:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            utlbuf[128];/* Utility Buffer */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:1176:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            gridname[80];	/* Grid Name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:1423:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            utlbuf[64];	/* Utility buffer */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:1424:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            gridname[80];	/* Grid name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:1496:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            utlbuf[64];	/* Utility buffer */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:1497:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            gridname[80];	/* Grid name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:1577:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char           *metaptrs[2];/* Pointers to begin and end of SM section */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:1578:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            gridname[80];	/* Grid Name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:1635:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		size = atoi(utlstr);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:1707:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char           *metaptrs[2];/* Pointers to begin and end of SM section */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:1708:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            gridname[80];	/* Grid Name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:1749:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		*xdimsize = atoi(utlstr);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:1767:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		*ydimsize = atoi(utlstr);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:1899:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char           *metaptrs[2];/* Pointers to begin and end of SM section */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:1900:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            gridname[80];	/* Grid Name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:1902:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            fmt[96];	/* Format String */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:1985:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		    *zonecode = atoi(utlstr);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2025:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		    strcpy(fmt, "%lf,");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2027:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			strcat(fmt, "%lf,");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2028:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		    strcat(fmt, "%lf");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2067:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		    *spherecode = atoi(utlstr);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2123:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char           *metaptrs[2];/* Pointers to begin and end of SM section */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2124:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            gridname[80];	/* Grid Name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2245:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char           *metaptrs[2];/* Pointers to begin and end of SM section */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2246:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            gridname[80];	/* Grid Name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2354:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char           *metaptrs[2];/* Pointers to begin and end of SM section */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2355:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            gridname[80];	/* Grid Name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2549:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char           *metaptrs[2];    /* Pointers to begin and end of SM section */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2550:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            gridname[80];   /* Grid Name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2552:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char           *ptr[8];	    /* String pointers for parsed string */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2553:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            dimstr[64];	    /* Individual dimension entry string */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2636:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(dimstr, ptr[i] + 1, slen[i] - 2);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2772:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            utlbuf[512];/* Utility buffer */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2773:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            utlbuf2[256];	/* Utility buffer 1 */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2774:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char           *ptr[32];	/* String pointer array */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2775:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            gridname[80];	/* Grid name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2776:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            parmbuf[128];	/* Parameter string buffer */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2777:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            errbuf1[128];	/* Error buffer 1 */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2778:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            errbuf2[128];	/* Error buffer 2 */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2783:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            errmsg[128];/* Tiling error message */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2800:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(errbuf1, "GDXSDname array too small.\nPlease increase ");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2801:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(errbuf1, "size of HDFE_NAMBUFSIZE in \"HdfEosDef.h\".\n");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2802:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(errbuf2, "GDXSDdims array too small.\nPlease increase ");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2803:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(errbuf2, "size of HDFE_DIMBUFSIZE in \"HdfEosDef.h\".\n");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2864:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(dimbuf, "SOMBlockDim,");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2907:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(dimcheck, dimbuf, comma - dimbuf);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:3105:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			strcat(GDXSDdims, "ONE,");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:3188:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(utlbuf, ptr[i], slen[i]);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:3467:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            utlbuf[256];/* Utility buffer */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:3468:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            gridname[80];	/* Grid name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:3538:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            name[2048];	/* Merged-Field Names */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:3539:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            gridname[80];	/* Grid Name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:3542:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char           *metaptrs[2];/* Pointers to begin and end of SM section */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:4412:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char           *metaptrs[2];/* Pointers to begin and end of SM section */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:4413:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            gridname[80];	/* Grid Name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:4459:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(utlstr, "\t\tOBJECT=");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:4494:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			size = atoi(utlstr);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:4567:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char           *metaptrs[2];/* Pointers to begin and end of SM section */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:4568:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            gridname[80];	/* Grid Name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:4570:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char           *ptr[8];	/* String pointer array */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:4643:8:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			    strcpy(utlstr, "\t\t\t\t");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:4644:8:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			    strcat(utlstr, "DataFieldName");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:4757:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char           *metaptrs[2];/* Pointers to begin and end of SM section */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:4758:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            gridname[80];	/* Grid Name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:4760:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            valName[2][32];	/* Strings to search for */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:4798:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(&valName[0][0], "DimensionName");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:4813:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(&valName[0][0], "DataFieldName");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:4827:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(&valName[0][0], "\t\tOBJECT");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:4975:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            name[80];	/* Fill value "attribute" name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:5003:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(name, "_FV_");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:5061:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            name[80];	/* Fill value "attribute" name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:5074:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(name, "_FV_");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:5166:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char           *ptr1[3];	/* String pointer array */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:5167:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char           *ptr2[3];	/* String pointer array */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:5168:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            dimbuf1[128];	/* Dimension buffer 1 */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:5169:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            dimbuf2[128];	/* Dimension buffer 2 */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:5170:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            gridname[VGNAMELENMAX + 1];	/* Grid name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:5172:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            fillval[32];/* Fill value buffer */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:5407:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(match, &GDXSDcomb[5 * i], 20);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:5408:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(nambuf, nameptr[i], namelen[i]);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:5410:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(dimbuf1, dimptr[i], dimlen[i]);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:5425:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(dimbuf2, dimptr[j], dimlen[j]);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:5443:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(nambuf + strlen(nambuf),
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:5480:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(utlbuf, "MRGFLD_");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:5481:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(utlbuf + 7, nameptr0[0], namelen0[0]);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:5517:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(dimbuf2, ptr1[k + 1], slen1[k + 1]);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:5522:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(dimbuf2, ptr1[k], slen1[k]);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:5546:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(utlbuf, nameptr0[k], namelen0[k]);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:8240:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            dimlist[256];	/* Dimension list */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:8244:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            errbuf[256];/* Error buffer */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:8499:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            dimlist[256];	/* Dimension list */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:8503:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            errbuf[256];/* Error buffer */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:8890:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(GDXRegion[regionID]->DimNamePtr[j], \
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:8935:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dimlist, vertObj, 4);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:8959:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(GDXRegion[regionID]->DimNamePtr[j],
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:8987:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    vertArr = (char *) calloc(dims[0], size);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:9004:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			    memcpy(&vertINT16, vertArr + i * size, size);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:9024:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(&vertINT16, vertArr + i * size, size);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:9045:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			    memcpy(&vertINT32, vertArr + i * size, size);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:9065:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(&vertINT32, vertArr + i * size, size);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:9086:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			    memcpy(&vertFLT32, vertArr + i * size, size);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:9106:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(&vertFLT32, vertArr + i * size, size);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:9127:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			    memcpy(&vertFLT64, vertArr + i * size, size);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:9147:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(&vertFLT64, vertArr + i * size, size);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:10008:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				    memcpy(&i16[k],
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:10034:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				    memcpy(&i32[k],
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:10058:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				    memcpy(&f32[k],
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:10082:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				    memcpy(&f64[k],
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:92:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char  SWXSDname[HDFE_NAMBUFSIZE];
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:93:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char  SWXSDdims[HDFE_DIMBUFSIZE];
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:141:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *DimNamePtr[8];
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:265:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            name[80];	/* Vgroup name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:266:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            class[80];	/* Vgroup class */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:267:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            errbuf[256];/* Buffer for error message */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:268:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            utlbuf[512];/* Utility buffer */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:269:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            utlbuf2[32];/* Utility buffer 2 */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:395:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(utlbuf, "\t\tGROUP=Dimension\n");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:396:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(utlbuf, "\t\tEND_GROUP=Dimension\n");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:397:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(utlbuf, "\t\tGROUP=DimensionMap\n");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:398:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(utlbuf, "\t\tEND_GROUP=DimensionMap\n");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:399:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(utlbuf, "\t\tGROUP=IndexDimensionMap\n");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:400:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(utlbuf, "\t\tEND_GROUP=IndexDimensionMap\n");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:401:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(utlbuf, "\t\tGROUP=GeoField\n");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:402:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(utlbuf, "\t\tEND_GROUP=GeoField\n");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:403:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(utlbuf, "\t\tGROUP=DataField\n");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:404:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(utlbuf, "\t\tEND_GROUP=DataField\n");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:405:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(utlbuf, "\t\tGROUP=MergedFields\n");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:406:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(utlbuf, "\t\tEND_GROUP=MergedFields\n");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:421:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(errbuf,
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:423:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(errbuf, " (%s)");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:515:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            name[80];	/* Vgroup name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:516:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            class[80];	/* Vgroup class */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:517:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            errbuf[256];/* Buffer for error message */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:518:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            acsCode[1];	/* Read/Write access char: "r/w" */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:778:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(errbuf,
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:780:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(errbuf, " (%s)");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:914:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            swathname[80] /* Swath name */ ;
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:991:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char           *metaptrs[2];/* Pointers to begin and end of SM section */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:992:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            swathname[80];	/* Swath Name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:1041:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		size = atoi(utlstr);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:1111:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char           *metaptrs[2];/* Pointers to begin and end of SM section */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:1112:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            swathname[80];	/* Swath Name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:1160:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		*offset = atoi(utlstr);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:1174:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		*increment = atoi(utlstr);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:1242:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            utlbuf[256];/* Utility buffer */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:1322:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char           *metaptrs[2];/* Pointers to begin and end of SM section */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:1323:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            swathname[80];	/* Swath Name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:1326:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char           *HDFcomp[5] = {"HDFE_COMP_NONE", "HDFE_COMP_RLE",
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:1531:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char           *metaptrs[2];/* Pointers to begin and end of SM section */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:1532:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            swathname[80];	/* Swath Name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:1534:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char           *ptr[8];	/* String pointers for parsed string */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:1535:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            dimstr[64];	/* Individual dimension entry string */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:1637:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(dimstr, ptr[i] + 1, slen[i] - 2);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:1849:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            mapname[80];/* Mapping name (geodim/datadim) */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:1850:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            swathname[80];	/* Swath name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:1949:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            mapname[80];/* Mapping name (geodim/datadim) */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:1950:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            swathname[80];	/* Swath name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:1951:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            utlbuf[256];/* Utility buffer */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2012:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(buf, l_index, 4 * gsize);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2183:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            utlbuf[512];/* Utility buffer */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2184:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            utlbuf2[256];	/* Utility buffer 2 */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2185:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char           *ptr[32];	/* String pointer array */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2186:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            swathname[80];	/* Swath name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2187:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            errbuf1[128];	/* Error message buffer 1 */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2188:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            errbuf2[128];	/* Error message buffer 2 */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2189:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            compparmbuf[128];	/* Compression parameter string buffer */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2191:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char           *HDFcomp[5] = {"HDFE_COMP_NONE", "HDFE_COMP_RLE",
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2204:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(errbuf1, "SWXSDname array too small.\nPlease increase ");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2205:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(errbuf1, "size of HDFE_NAMBUFSIZE in \"HdfEosDef.h\".\n");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2206:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(errbuf2, "SWXSDdims array too small.\nPlease increase ");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2207:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(errbuf2, "size of HDFE_DIMBUFSIZE in \"HdfEosDef.h\".\n");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2253:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(dimcheck, dimbuf, comma - dimbuf);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2585:8:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			    strcat(SWXSDdims, "ONE,");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2639:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(utlbuf, ptr[i], slen[i]);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2926:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            utlbuf[256];/* Utility buffer */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2927:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            swathname[80];	/* Swath name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2991:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            utlbuf[256];/* Utility buffer */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2992:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            swathname[80];	/* Swath name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:3339:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char           *metaptrs[2];/* Pointers to begin and end of SM section */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:3340:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            swathname[80];	/* Swath Name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:3426:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			size = atoi(utlstr);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:3504:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char           *metaptrs[2];/* Pointers to begin and end of SM section */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:3505:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            swathname[80];	/* Swath Name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:3583:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			off = atoi(utlstr);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:3591:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			incr = atoi(utlstr);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:3669:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char           *metaptrs[2];/* Pointers to begin and end of SM section */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:3670:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            swathname[80];	/* Swath Name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:3832:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char           *metaptrs[2];/* Pointers to begin and end of SM section */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:3833:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            swathname[80];	/* Swath Name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:3836:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char           *ptr[8];	/* String pointer array */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:3880:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(utlstr2, "GeoFieldName");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:3892:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(utlstr2, "DataFieldName");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:3929:8:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			    strcpy(utlstr, "\t\t\t\t");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:4143:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char           *metaptrs[2];    /* Pointers to begin and end of SM section */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:4144:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            swathname[80];  /* Swath Name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:4146:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            valName[2][32]; /* Strings to search for */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:4186:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(&valName[0][0], "DimensionName");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:4201:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(&valName[0][0], "GeoDimension");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:4202:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(&valName[1][0], "DataDimension");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:4217:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(&valName[0][0], "GeoDimension");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:4218:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(&valName[1][0], "DataDimension");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:4233:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(&valName[0][0], "GeoFieldName");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:4248:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(&valName[0][0], "DataFieldName");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:4264:17:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                strcpy(&valName[0][0], "\t\tOBJECT");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:4507:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            name[2048];	/* Merged-Field Names */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:4508:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            swathname[80];	/* Swath Name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:4511:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char           *metaptrs[2];/* Pointers to begin and end of SM section */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:4748:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            attrName[80];	/* Name of fill value attribute */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:4749:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char           *ptr[64];	/* String pointer array */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:4750:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            fieldlist[256];	/* Vdata field list */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:5041:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			    memcpy(buf + i * recsize + mrgOffset,
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:5051:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(buf, datbuf, count[0] * recsize);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:5057:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			    memcpy(buf + i * recsize * incr[0] + mrgOffset,
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:5109:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(datbuf, buf, count[0] * fldsize);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:5115:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			    memcpy((uint8 *) datbuf + i * fldsize,
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:5326:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            dimlist[256];	/* Dimension list (geolocation
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:5328:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            latName[17];/* Latitude field name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:5388:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		  strcpy(latName, "GeodeticLatitude");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:5395:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(latName, "Colatitude");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:5402:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(latName, "Latitude");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:5506:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(&temp32, lonArr + 4 * i, 4);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:5508:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(lonArr + 8 * i, &temp64, 8);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:5510:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(&temp32, latArr + 4 * i, 4);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:5512:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(latArr + 8 * i, &temp64, 8);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:5542:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(&lonTestVal, &lonArr[8 * (i * edge[1] + j)], 8);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:5543:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(&latTestVal, &latArr[8 * (i * edge[1] + j)], 8);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:5608:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		lonArr = (char *) calloc(dims[1], sizeof(float64));
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:5615:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		latArr = (char *) calloc(dims[1], sizeof(float64));
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:5662:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(&temp32, lonArr + 4 * j, 4);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:5664:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(lonArr + 8 * j, &temp64, 8);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:5666:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(&temp32, latArr + 4 * j, 4);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:5668:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(latArr + 8 * j, &temp64, 8);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:5679:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			    memcpy(&lonTestVal, &lonArr[8 * j], 8);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:5680:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			    memcpy(&latTestVal, &latArr[8 * j], 8);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:5946:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            dimlist[256];	/* Dimension list (geolocation
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:5948:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            latName[17];/* Latitude field name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:6007:8:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		     strcpy(latName, "GeodeticLatitude");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:6014:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(latName, "Colatitude");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:6021:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(latName, "Latitude");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:6131:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(&temp32, lonArr + 4 * i, 4);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:6133:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(lonArr + 8 * i, &temp64, 8);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:6135:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(&temp32, latArr + 4 * i, 4);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:6137:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(latArr + 8 * i, &temp64, 8);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:6166:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(&lonTestVal, &lonArr[8 * (i * edge[1] + j)], 8);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:6167:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(&latTestVal, &latArr[8 * (i * edge[1] + j)], 8);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:6232:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		lonArr = (char *) calloc(dims[1], sizeof(float64));
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:6238:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		latArr = (char *) calloc(dims[1], sizeof(float64));
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:6284:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(&temp32, lonArr + 4 * j, 4);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:6286:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(lonArr + 8 * j, &temp64, 8);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:6288:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(&temp32, latArr + 4 * j, 4);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:6290:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(latArr + 8 * j, &temp64, 8);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:6301:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			    memcpy(&lonTestVal, &lonArr[8 * j], 8);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:6302:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			    memcpy(&latTestVal, &latArr[8 * j], 8);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:6563:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            dimlist[256];   /* Dimension list (geolocation fields) */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:6897:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            dimlist[256];	/* Dimension list */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:6898:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            geodim[256];/* Geolocation field dimension list */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:6899:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            tgeodim[256];/* Time field dimension list */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:6900:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            dgeodim[256];/* Data field dimension list for subsetting */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:6901:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            utlbuf[256];/* Utility buffer */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:6902:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char           *ptr[64];	/* String pointer array */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:7124:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(utlbuf, ptr[i], slen[i]);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:7207:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(utlbuf, ptr[i], slen[i]);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:8182:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            dimlist[256];	/* Dimension list */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:8183:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            geodim[256];/* Geolocation field dimension list */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:8184:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            tgeodim[256];/* Time Geolocation field dimension list */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:8185:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            dgeodim[256];/* Data Subsetting field dimension list */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:8186:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            utlbuf[256];/* Utility buffer */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:8187:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char           *ptr[64];	/* String pointer array */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:8340:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(utlbuf, ptr[i], slen[i]);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:8391:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(utlbuf, ptr[i], slen[i]);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:8896:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(SWXRegion[regionID]->DimNamePtr[j], \
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:8931:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            dimlist[256];	/* Dimension list */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:8943:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dimlist, vertObj, 4);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:8988:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(SWXRegion[regionID]->DimNamePtr[j],
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:9059:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		vertArr = (char *) calloc(dims[0], size);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:9081:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&vertINT16, vertArr + i * size, size);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:9119:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			    memcpy(&vertINT16, vertArr + i * size, size);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:9152:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&vertINT32, vertArr + i * size, size);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:9190:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			    memcpy(&vertINT32, vertArr + i * size, size);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:9223:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&vertFLT32, vertArr + i * size, size);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:9261:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			    memcpy(&vertFLT32, vertArr + i * size, size);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:9294:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&vertFLT64, vertArr + i * size, size);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:9332:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			    memcpy(&vertFLT64, vertArr + i * size, size);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:9450:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            dimlist[256];	/* Dimension list */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:9451:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	    swathname[80];
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:9710:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            name[80];	/* Fill value "attribute" name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:9738:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(name, "_FV_");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:9792:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            name[80];	/* Fill value "attribute" name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:9805:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(name, "_FV_");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:9891:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char           *ptr1[3];	/* String pointer array */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:9892:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char           *ptr2[3];	/* String pointer array */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:9893:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            dimbuf1[128];	/* Dimension buffer 1 */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:9894:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            dimbuf2[128];	/* Dimension buffer 2 */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:9895:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            swathname[VGNAMELENMAX + 1];	/* Swath name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:9897:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            fillval[32];/* Fill value buffer */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:10184:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(match, &SWXSDcomb[5 * i], 20);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:10185:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(nambuf, nameptr[i], namelen[i]);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:10187:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(dimbuf1, dimptr[i], dimlen[i]);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:10217:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(dimbuf2, dimptr[j], dimlen[j]);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:10241:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			    memcpy(nambuf + strlen(nambuf),
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:10299:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(utlbuf, "MRGFLD_");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:10300:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(utlbuf + 7, nameptr0[0], namelen0[0]);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:10347:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(dimbuf2, ptr1[k + 1], slen1[k + 1]);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:10354:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(dimbuf2, ptr1[k], slen1[k]);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:10389:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(utlbuf, nameptr0[k], namelen0[k]);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:10444:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&SWX1dcomb[3 * i],
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:11300:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char           *metaptrsr[2];/* Pointers to begin and end of SM section */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:11301:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char           *metaptrsi[2];/* Pointers to begin and end of SM section */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:11302:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            swathname[80];	/* Swath Name */
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4dataset.cpp:632:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szAttrName[H4_MAX_NC_NAME] = {};  // TODO: Get this off the stack.
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4dataset.cpp:962:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szTemp[256] = {'\0'};  // TODO: Get this off the stack.
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4dataset.cpp:1079:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szTemp[256];
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4dataset.cpp:1128:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szName[VSNAMELENMAX + 1];
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4dataset.cpp:1141:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTemp[256] = {'\0'};  // TODO: Get this off the stack.
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4dataset.cpp:1215:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTemp[256] = {'\0'};  // TODO: Get this off the stack.
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4imagedataset.cpp:123:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        szName[HDF4_SDS_MAXNAMELEN];
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4imagedataset.cpp:247:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi( CPLGetConfigOption("HDF4_BLOCK_PIXELS", "1000000") );
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4imagedataset.cpp:434:19:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                  memcpy( reinterpret_cast<GByte *>( pImage ) + i,
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4imagedataset.cpp:896:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfTransform, adfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4imagedataset.cpp:911:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( adfGeoTransform, padfTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4imagedataset.cpp:1442:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char l_szName[HDF4_SDS_MAXNAMELEN] = {};
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4imagedataset.cpp:1602:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        = atoi( CSLFetchNameValue( papszGlobalMetadata, "gctp_sys" ) );
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4imagedataset.cpp:1604:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        = atoi( CSLFetchNameValue( papszGlobalMetadata, "gctp_zone" ) );
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4imagedataset.cpp:1606:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        = atoi( CSLFetchNameValue( papszGlobalMetadata, "gctp_datum" ) );
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4imagedataset.cpp:1825:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char l_szName[HDF4_SDS_MAXNAMELEN] = {};
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4imagedataset.cpp:1833:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szAttrName[H4_MAX_NC_NAME] = {};
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4imagedataset.cpp:1936:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char l_szName[HDF4_SDS_MAXNAMELEN] = {};
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4imagedataset.cpp:1944:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szAttrName[H4_MAX_NC_NAME] = {};
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4imagedataset.cpp:2002:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char l_szName[HDF4_SDS_MAXNAMELEN] = {};
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4imagedataset.cpp:2171:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    szXGeo[N_BUF_SIZE] = "";
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4imagedataset.cpp:2172:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    szYGeo[N_BUF_SIZE] = "";
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4imagedataset.cpp:2173:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    szPixel[N_BUF_SIZE]= "";
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4imagedataset.cpp:2174:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    szLine[N_BUF_SIZE] = "";
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4imagedataset.cpp:2287:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szGeoDimList[N_BUF_SIZE] = "";
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4imagedataset.cpp:2548:62:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            const long iZone = (pszZone && iProjSys == 1L) ? atoi(pszZone): 0L;
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4imagedataset.cpp:2937:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        poDS->iDataset = atoi( papszSubdatasetName[3] );
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4imagedataset.cpp:3121:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szDimList[N_BUF_SIZE] = {};
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4imagedataset.cpp:3425:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
              char szAttrName[H4_MAX_NC_NAME] = {};
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4imagedataset.cpp:3590:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szAttrName[H4_MAX_NC_NAME] = {};
data/gdal-3.0.4+dfsg/frmts/hdf5/bagdataset.cpp:135:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        *apszMDList[2]{};
data/gdal-3.0.4+dfsg/frmts/hdf5/bagdataset.cpp:465:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char name[120] = {};
data/gdal-3.0.4+dfsg/frmts/hdf5/bagdataset.cpp:636:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pabyTemp, pbyImage + iY * nLineSize, nLineSize);
data/gdal-3.0.4+dfsg/frmts/hdf5/bagdataset.cpp:637:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pbyImage + iY * nLineSize,
data/gdal-3.0.4+dfsg/frmts/hdf5/bagdataset.cpp:640:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pbyImage + (nLinesToFlip - iY - 1) * nLineSize, pabyTemp,
data/gdal-3.0.4+dfsg/frmts/hdf5/bagdataset.cpp:755:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nBlockSize = std::max(1, atoi(
data/gdal-3.0.4+dfsg/frmts/hdf5/bagdataset.cpp:1532:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBuffer[32] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/hdf5/bagdataset.cpp:1536:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBuffer0[64] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/hdf5/bagdataset.cpp:1624:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(pafDstValues,
data/gdal-3.0.4+dfsg/frmts/hdf5/bagdataset.cpp:1712:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBuffer[32] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/hdf5/bagdataset.cpp:1716:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBuffer0[64] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/hdf5/bagdataset.cpp:1748:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pafValues + iY * nBlockXSize,
data/gdal-3.0.4+dfsg/frmts/hdf5/bagdataset.cpp:1978:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nY = atoi(papszTokens[3]);
data/gdal-3.0.4+dfsg/frmts/hdf5/bagdataset.cpp:1979:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nX = atoi(papszTokens[4]);
data/gdal-3.0.4+dfsg/frmts/hdf5/bagdataset.cpp:2418:45:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int nMinOvrSize = std::max(1, atoi(
data/gdal-3.0.4+dfsg/frmts/hdf5/bagdataset.cpp:2736:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&rgrid[i].nIndex, src_ptr, 4);
data/gdal-3.0.4+dfsg/frmts/hdf5/bagdataset.cpp:2737:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&rgrid[i].nWidth, src_ptr + 4, 4);
data/gdal-3.0.4+dfsg/frmts/hdf5/bagdataset.cpp:2738:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&rgrid[i].nHeight, src_ptr + 8, 4);
data/gdal-3.0.4+dfsg/frmts/hdf5/bagdataset.cpp:2739:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&rgrid[i].fResX, src_ptr + 12, 4);
data/gdal-3.0.4+dfsg/frmts/hdf5/bagdataset.cpp:2740:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&rgrid[i].fResY, src_ptr + 16, 4);
data/gdal-3.0.4+dfsg/frmts/hdf5/bagdataset.cpp:2741:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&rgrid[i].fSWX, src_ptr + 20, 4);
data/gdal-3.0.4+dfsg/frmts/hdf5/bagdataset.cpp:2742:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&rgrid[i].fSWY, src_ptr + 24, 4);
data/gdal-3.0.4+dfsg/frmts/hdf5/bagdataset.cpp:3001:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    nY = atoi(pszSUPERGRIDS + i);
data/gdal-3.0.4+dfsg/frmts/hdf5/bagdataset.cpp:3008:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    int nX = atoi(pszSUPERGRIDS + i);
data/gdal-3.0.4+dfsg/frmts/hdf5/bagdataset.cpp:3536:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(padfGeoTransform, adfGeoTransform, sizeof(double)*6);
data/gdal-3.0.4+dfsg/frmts/hdf5/bagdataset.cpp:4175:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nCompressionLevel = atoi(
data/gdal-3.0.4+dfsg/frmts/hdf5/bagdataset.cpp:4177:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nBlockSize = std::min(4096, atoi(
data/gdal-3.0.4+dfsg/frmts/hdf5/bagdataset.cpp:4418:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szVersion[knVersionLength] = {};
data/gdal-3.0.4+dfsg/frmts/hdf5/hdf5dataset.cpp:1176:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTemp[8192];  // TODO(schwehr): Get this off of the stack.
data/gdal-3.0.4+dfsg/frmts/hdf5/hdf5imagedataset.cpp:949:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(padfTransform, adfGeoTransform, sizeof(double) * 6);
data/gdal-3.0.4+dfsg/frmts/hdf5/iso19115_srs.cpp:92:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nZone = atoi(CPLGetXMLValue(
data/gdal-3.0.4+dfsg/frmts/hf2/hf2dataset.cpp:257:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pImage, pafBlockData + nBlockXOff * nBlockXSize +
data/gdal-3.0.4+dfsg/frmts/hf2/hf2dataset.cpp:455:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&nXSize, poOpenInfo->pabyHeader + 6, 4);
data/gdal-3.0.4+dfsg/frmts/hf2/hf2dataset.cpp:457:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&nYSize, poOpenInfo->pabyHeader + 10, 4);
data/gdal-3.0.4+dfsg/frmts/hf2/hf2dataset.cpp:461:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&nTileSize, poOpenInfo->pabyHeader + 14, 2);
data/gdal-3.0.4+dfsg/frmts/hf2/hf2dataset.cpp:465:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&fVertPres, poOpenInfo->pabyHeader + 16, 4);
data/gdal-3.0.4+dfsg/frmts/hf2/hf2dataset.cpp:467:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&fHorizScale, poOpenInfo->pabyHeader + 20, 4);
data/gdal-3.0.4+dfsg/frmts/hf2/hf2dataset.cpp:471:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&nExtendedHeaderLen, poOpenInfo->pabyHeader + 24, 4);
data/gdal-3.0.4+dfsg/frmts/hf2/hf2dataset.cpp:520:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szApplicationName[256] = { 0 };
data/gdal-3.0.4+dfsg/frmts/hf2/hf2dataset.cpp:525:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char pabyBlockHeader[24];
data/gdal-3.0.4+dfsg/frmts/hf2/hf2dataset.cpp:528:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBlockName[16 + 1];
data/gdal-3.0.4+dfsg/frmts/hf2/hf2dataset.cpp:529:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(szBlockName, pabyBlockHeader + 4, 16);
data/gdal-3.0.4+dfsg/frmts/hf2/hf2dataset.cpp:532:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nBlockSize, pabyBlockHeader + 20, 4);
data/gdal-3.0.4+dfsg/frmts/hf2/hf2dataset.cpp:542:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char pabyBlockData[34];
data/gdal-3.0.4+dfsg/frmts/hf2/hf2dataset.cpp:545:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&dfMinX, pabyBlockData + 2, 8);
data/gdal-3.0.4+dfsg/frmts/hf2/hf2dataset.cpp:547:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&dfMaxX, pabyBlockData + 2 + 8, 8);
data/gdal-3.0.4+dfsg/frmts/hf2/hf2dataset.cpp:549:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&dfMinY, pabyBlockData + 2 + 8 + 8, 8);
data/gdal-3.0.4+dfsg/frmts/hf2/hf2dataset.cpp:551:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&dfMaxY, pabyBlockData + 2 + 8 + 8 + 8, 8);
data/gdal-3.0.4+dfsg/frmts/hf2/hf2dataset.cpp:646:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szName[32];
data/gdal-3.0.4+dfsg/frmts/hf2/hf2dataset.cpp:698:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(padfTransform, adfGeoTransform, 6 * sizeof(double));
data/gdal-3.0.4+dfsg/frmts/hf2/hf2dataset.cpp:817:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nTileSize = atoi(pszBlockSize);
data/gdal-3.0.4+dfsg/frmts/hf2/hf2dataset.cpp:847:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nDatumCode = atoi(oSRS.GetAuthorityCode( "GEOGCS|DATUM" ));
data/gdal-3.0.4+dfsg/frmts/hf2/hf2dataset.cpp:858:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nEPSGCode = atoi(oSRS.GetAuthorityCode( "PROJCS" ));
data/gdal-3.0.4+dfsg/frmts/hf2/hf2dataset.cpp:923:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBlockName[16 + 1];
data/gdal-3.0.4+dfsg/frmts/hf2/hf2dataset.cpp:928:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(szBlockName, "georef-extents");
data/gdal-3.0.4+dfsg/frmts/hf2/hf2dataset.cpp:941:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(szBlockName, "georef-utm");
data/gdal-3.0.4+dfsg/frmts/hf2/hf2dataset.cpp:950:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(szBlockName, "georef-datum");
data/gdal-3.0.4+dfsg/frmts/hf2/hf2dataset.cpp:959:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(szBlockName, "georef-epsg-prj");
data/gdal-3.0.4+dfsg/frmts/hfa/hfa_overviews.cpp:95:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        const char *apszOptions[4] =
data/gdal-3.0.4+dfsg/frmts/hfa/hfa_p.h:245:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        szName[64];
data/gdal-3.0.4+dfsg/frmts/hfa/hfa_p.h:246:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        szType[32];
data/gdal-3.0.4+dfsg/frmts/hfa/hfa_p.h:356:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        szNumberString[36];  // Buffer used to return int as a string.
data/gdal-3.0.4+dfsg/frmts/hfa/hfaband.cpp:181:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szField[128] = {};
data/gdal-3.0.4+dfsg/frmts/hfa/hfaband.cpp:429:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szVarName[64] = {};
data/gdal-3.0.4+dfsg/frmts/hfa/hfaband.cpp:518:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szHeader[49] = {};
data/gdal-3.0.4+dfsg/frmts/hfa/hfaband.cpp:607:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&nTmp, pabyCData, 4);
data/gdal-3.0.4+dfsg/frmts/hfa/hfaband.cpp:610:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&nTmp, pabyCData + 4, 4);
data/gdal-3.0.4+dfsg/frmts/hfa/hfaband.cpp:613:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&nTmp, pabyCData + 8, 4);
data/gdal-3.0.4+dfsg/frmts/hfa/hfaband.cpp:685:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(&nRawValue, pabyValues, 4);
data/gdal-3.0.4+dfsg/frmts/hfa/hfaband.cpp:769:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(&(((float *)pabyDest)[nPixelsOutput]), &nDataValue,
data/gdal-3.0.4+dfsg/frmts/hfa/hfaband.cpp:885:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&nDataValue, pabyValues, 4);
data/gdal-3.0.4+dfsg/frmts/hfa/hfaband.cpp:985:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&fDataValue, &nDataValue, 4);
data/gdal-3.0.4+dfsg/frmts/hfa/hfaband.cpp:1100:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                  ((unsigned char *) abyTmp)[0] = 0xff;
data/gdal-3.0.4+dfsg/frmts/hfa/hfaband.cpp:1102:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                  ((unsigned char *) abyTmp)[0] = 0x00;
data/gdal-3.0.4+dfsg/frmts/hfa/hfaband.cpp:1110:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                  ((unsigned char *) abyTmp)[0] = 0x00;
data/gdal-3.0.4+dfsg/frmts/hfa/hfaband.cpp:1112:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                  ((unsigned char *) abyTmp)[0] = 0x55;
data/gdal-3.0.4+dfsg/frmts/hfa/hfaband.cpp:1114:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                  ((unsigned char *) abyTmp)[0] = 0xaa;
data/gdal-3.0.4+dfsg/frmts/hfa/hfaband.cpp:1116:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                  ((unsigned char *) abyTmp)[0] = 0xff;
data/gdal-3.0.4+dfsg/frmts/hfa/hfaband.cpp:1127:24:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            ((unsigned char *)abyTmp)[0] = byVal + (byVal << 4);
data/gdal-3.0.4+dfsg/frmts/hfa/hfaband.cpp:1132:24:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            ((unsigned char *)abyTmp)[0] = static_cast<unsigned char>(
data/gdal-3.0.4+dfsg/frmts/hfa/hfaband.cpp:1137:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            ((signed char *)abyTmp)[0] = static_cast<signed char>(
data/gdal-3.0.4+dfsg/frmts/hfa/hfaband.cpp:1144:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(abyTmp, &nTmp, sizeof(nTmp));
data/gdal-3.0.4+dfsg/frmts/hfa/hfaband.cpp:1151:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(abyTmp, &nTmp, sizeof(nTmp));
data/gdal-3.0.4+dfsg/frmts/hfa/hfaband.cpp:1158:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(abyTmp, &nTmp, sizeof(nTmp));
data/gdal-3.0.4+dfsg/frmts/hfa/hfaband.cpp:1165:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(abyTmp, &nTmp, sizeof(nTmp));
data/gdal-3.0.4+dfsg/frmts/hfa/hfaband.cpp:1172:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(abyTmp, &fTmp, sizeof(fTmp));
data/gdal-3.0.4+dfsg/frmts/hfa/hfaband.cpp:1178:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(abyTmp, &dfNoData, sizeof(dfNoData));
data/gdal-3.0.4+dfsg/frmts/hfa/hfaband.cpp:1185:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(abyTmp, &fTmp, sizeof(fTmp));
data/gdal-3.0.4+dfsg/frmts/hfa/hfaband.cpp:1192:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(abyTmp, &dfNoData, sizeof(dfNoData));
data/gdal-3.0.4+dfsg/frmts/hfa/hfaband.cpp:1199:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(((GByte *)pData) + nChunkSize * i, abyTmp, nChunkSize);
data/gdal-3.0.4+dfsg/frmts/hfa/hfaband.cpp:1398:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szVarName[64];
data/gdal-3.0.4+dfsg/frmts/hfa/hfaband.cpp:1563:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szVarName[64] = {};
data/gdal-3.0.4+dfsg/frmts/hfa/hfaband.cpp:1572:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szVarName[64];
data/gdal-3.0.4+dfsg/frmts/hfa/hfaband.cpp:1650:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szVarName[64];
data/gdal-3.0.4+dfsg/frmts/hfa/hfaband.cpp:1830:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(padfBins, pabyMIFObject + 24, sizeof(double) * nPCTColors);
data/gdal-3.0.4+dfsg/frmts/hfa/hfaband.cpp:1975:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const char *const apszColNames[4] =
data/gdal-3.0.4+dfsg/frmts/hfa/hfaband.cpp:2083:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nOvrBlockSize = atoi(pszVal);
data/gdal-3.0.4+dfsg/frmts/hfa/hfaband.cpp:2215:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szName[50];
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:589:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *apszStrList[1] = { nullptr };
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:782:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(pdfData, &padfBinValues[iStartRow],
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:1069:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    pnData[i] = atoi(papszColData[i]);
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:1133:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                panColData[i] = atoi(papszStrList[i]);
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:1169:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    panColData[i] = atoi(papszStrList[i]);
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:2132:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                  char szValueAsString[100] = {};
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:2167:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                  char szValueAsString[100] = {};
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:2379:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBuf[32] = {};
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:3421:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                sDatum.datumname = (char *)apszDatumMap[i];
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:4136:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            sMapInfo.units = (char *)apszUnitMap[iClosest];
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:5459:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(padfTransform, adfGeoTransform, sizeof(double) * 6);
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:5473:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(adfGeoTransform, padfTransform, sizeof(double) * 6);
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:5685:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        ? atoi(CSLFetchNameValue(papszParmList, "NBITS"))
data/gdal-3.0.4+dfsg/frmts/hfa/hfaentry.cpp:247:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&nMIFObjectSize, pszField - 8, 4);
data/gdal-3.0.4+dfsg/frmts/hfa/hfaentry.cpp:269:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(l_pabyData, pszField, nMIFObjectSize);
data/gdal-3.0.4+dfsg/frmts/hfa/hfaentry.cpp:789:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szFullFieldPath[1024];
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:111:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nItemCount = atoi(pszInput);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:198:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int nEnumCount = atoi(pszInput);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:447:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nOffset, pabyData, 4);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:453:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pabyData, &nOffset, 4);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:461:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pabyData + 4, &nOffset, 4);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:509:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nIntValue = atoi((char *)pValue);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:560:39:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            pabyData[nIndexValue] = ((char *)pValue)[0];
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:598:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(pabyData + nIndexValue * 2, &nNumber, 2);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:617:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(pabyData + nIndexValue * 2, &nNumber, 2);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:636:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(pabyData + nIndexValue * 4, &nNumber, 4);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:653:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(pabyData + nIndexValue * 4, &nNumber, 4);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:672:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(pabyData + nIndexValue * 4, &fNumber, 4);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:689:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(pabyData + nIndexValue * 8, &dfNumber, 8);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:697:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nRows, pabyData, 4);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:701:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nColumns, pabyData + 4, 4);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:705:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nBaseItemType, pabyData + 8, 2);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:723:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pabyData, &nRows, 4);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:725:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pabyData + 4, &nColumns, 4);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:727:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pabyData + 8, &nBaseItemType, 2);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:755:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(pabyData + 12 + nIndexValue * 8, &dfNumber, 8);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:762:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(pabyData + 12 + nIndexValue, &nNumber, 1);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:883:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nOffset, pabyData + 4, 4);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:941:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(&nNumber, pabyData + nIndexValue * 2, 2);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:962:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(&nNumber, pabyData + nIndexValue * 2, 2);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:978:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(&nNumber, pabyData + nIndexValue * 4, 4);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:994:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(&nNumber, pabyData + nIndexValue * 4, 4);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:1010:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(&fNumber, pabyData + nIndexValue * 4, 4);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:1033:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(&dfNumber, pabyData + nIndexValue * 8, 8);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:1054:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(&nRows, pabyData, 4);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:1058:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(&nColumns, pabyData + 4, 4);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:1062:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(&nBaseItemType, pabyData + 8, 2);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:1158:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
              dfDoubleRet = ((signed char *)pabyData)[nIndexValue];
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:1159:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
              nIntRet = ((signed char *)pabyData)[nIndexValue];
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:1169:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy(&nValue, pabyData + 2 * nIndexValue, 2);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:1183:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy(&nValue, pabyData + 2 * nIndexValue, 2);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:1197:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy(&nValue, pabyData + 4 * nIndexValue, 4);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:1211:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy(&nValue, pabyData + 4 * nIndexValue, 4);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:1225:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy(&fValue, pabyData + 4 * nIndexValue, 4);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:1239:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy(&dfValue, pabyData + 8 * nIndexValue, 8);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:1414:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nCount, pabyData, 4);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:1430:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nRows, pabyData, 4);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:1433:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nColumns, pabyData + 4, 4);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:1436:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nBaseItemType, pabyData + 8, 2);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:1519:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nRows, pabyData + 8, 4);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:1522:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nColumns, pabyData + 12, 4);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:1537:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&nCount, pabyData, 4);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:1672:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szLongFieldName[256] = {};
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:152:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szHeader[16] = {};
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:1270:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pabyData, &nSize, 4);
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:1274:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pabyData, &iOffset, 4);
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:1281:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pabyData, &nSize, 4);
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:1286:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pabyData, &iOffset, 4);
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:1290:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pabyData, pszPEString, strlen(pszPEString) + 1);
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:1331:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szFieldName[40] = {};
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:1463:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szFieldName[30] = {};
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:1991:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pabyData + 14, &nValue, 4);
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:1996:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pabyData + 18, &nValue, 4);
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:2006:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pabyData + nOffset, &nValue16, 2);
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:2019:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pabyData + nOffset + 2, &nValue, 4);
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:2032:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pabyData + nOffset + 6, &nValue, 4);
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:2037:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pabyData + nOffset + 10, &nValue16, 2);
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:2046:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pabyData + nOffset + 12, &nValue16, 2);
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:2126:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLDict[128] = {};
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:2160:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nBlockSize = atoi(pszValue);
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:2275:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szName[128] = {};
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:2599:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                int nValue = atoi(pszValue);
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:2746:42:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                            int nValue = atoi(pszWork);
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:3155:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(*ppasPolyListForward + nStepCount - 1, &sForward,
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:3160:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(*ppasPolyListReverse + nStepCount - 1, &sReverse,
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:3423:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szFieldName[60] = {};
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:3449:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szFieldName[40] = {};
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:3581:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(adfAdjTransform, padfGeoTransform, sizeof(double) * 6);
data/gdal-3.0.4+dfsg/frmts/hfa/hfatype.cpp:222:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nArrayIndex = atoi(pszEnd + 1);
data/gdal-3.0.4+dfsg/frmts/hfa/hfatype.cpp:392:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nArrayIndex = atoi(pszEnd + 1);
data/gdal-3.0.4+dfsg/frmts/idrisi/IdrisiDataset.cpp:59:51:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
#define atoi_nz(s) (s == nullptr ? (int)      0 : atoi(s))
data/gdal-3.0.4+dfsg/frmts/idrisi/IdrisiDataset.cpp:861:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char aucRGB[3];
data/gdal-3.0.4+dfsg/frmts/idrisi/IdrisiDataset.cpp:1401:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( padfTransform, adfGeoTransform, sizeof( double ) * 6 );
data/gdal-3.0.4+dfsg/frmts/idrisi/IdrisiDataset.cpp:1461:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( adfGeoTransform, padfTransform, sizeof( double ) * 6 );
data/gdal-3.0.4+dfsg/frmts/idrisi/IdrisiDataset.cpp:1587:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pImage, pabyScanLine, nRecordSize );
data/gdal-3.0.4+dfsg/frmts/idrisi/IdrisiDataset.cpp:1616:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyScanLine, pImage, nRecordSize );
data/gdal-3.0.4+dfsg/frmts/idrisi/IdrisiDataset.cpp:2486:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szState[3];
data/gdal-3.0.4+dfsg/frmts/idrisi/IdrisiDataset.cpp:2658:45:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                    nEPSG = atoi(crsCode);
data/gdal-3.0.4+dfsg/frmts/idrisi/IdrisiDataset.cpp:2697:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        nEPSG = atoi(crsCode);
data/gdal-3.0.4+dfsg/frmts/idrisi/IdrisiDataset.cpp:2934:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    nGCSCode = atoi( oSRS.GetAuthorityCode( "GEOGCS" ) );
data/gdal-3.0.4+dfsg/frmts/idrisi/IdrisiDataset.cpp:3002:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                int nSPCode    = atoi( osPCSCode );
data/gdal-3.0.4+dfsg/frmts/idrisi/IdrisiDataset.cpp:3056:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char pszOutRefSystem[9];
data/gdal-3.0.4+dfsg/frmts/idrisi/IdrisiDataset.cpp:3288:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            return (char *)SPCS83Origin[i].spcs;
data/gdal-3.0.4+dfsg/frmts/idrisi/IdrisiDataset.cpp:3306:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pOutput, "27", 2);
data/gdal-3.0.4+dfsg/frmts/ignfheightasciigrid/ignfheightasciigrid.cpp:144:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pData, &adfBuffer[ nBlockYOff * nBlockXSize ],
data/gdal-3.0.4+dfsg/frmts/ignfheightasciigrid/ignfheightasciigrid.cpp:166:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(padfGeoTransform, adfGeoTransform, 6 * sizeof(double));
data/gdal-3.0.4+dfsg/frmts/ignfheightasciigrid/ignfheightasciigrid.cpp:389:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nArrangementOrder = atoi(aosTokens[6]);
data/gdal-3.0.4+dfsg/frmts/ignfheightasciigrid/ignfheightasciigrid.cpp:399:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nCoordinatesAtNode = atoi(aosTokens[7]);
data/gdal-3.0.4+dfsg/frmts/ignfheightasciigrid/ignfheightasciigrid.cpp:406:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nValuesPerNode = atoi(aosTokens[8]);
data/gdal-3.0.4+dfsg/frmts/ignfheightasciigrid/ignfheightasciigrid.cpp:413:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nPrecisionCode = atoi(aosTokens[9]);
data/gdal-3.0.4+dfsg/frmts/ilwis/ilwisdataset.cpp:51:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int Num1 = atoi(s1.c_str());
data/gdal-3.0.4+dfsg/frmts/ilwis/ilwisdataset.cpp:52:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int Num2 = atoi(s2.c_str());
data/gdal-3.0.4+dfsg/frmts/ilwis/ilwisdataset.cpp:303:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char strdouble[45];
data/gdal-3.0.4+dfsg/frmts/ilwis/ilwisdataset.cpp:315:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char strdouble[45];
data/gdal-3.0.4+dfsg/frmts/ilwis/ilwisdataset.cpp:327:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        Row = atoi(str.substr(0, iPos).c_str());
data/gdal-3.0.4+dfsg/frmts/ilwis/ilwisdataset.cpp:338:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        Col = atoi(str.substr(iPos+1, str.length()-iPos).c_str());
data/gdal-3.0.4+dfsg/frmts/ilwis/ilwisdataset.cpp:591:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char szName[100];
data/gdal-3.0.4+dfsg/frmts/ilwis/ilwisdataset.cpp:633:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfTransform,  adfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/ilwis/ilwisdataset.cpp:698:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        iBandCount = atoi(sMaps.c_str());
data/gdal-3.0.4+dfsg/frmts/ilwis/ilwisdataset.cpp:703:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char cBandName[45];
data/gdal-3.0.4+dfsg/frmts/ilwis/ilwisdataset.cpp:906:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char strsize[45];
data/gdal-3.0.4+dfsg/frmts/ilwis/ilwisdataset.cpp:931:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szBandName[100];
data/gdal-3.0.4+dfsg/frmts/ilwis/ilwisdataset.cpp:960:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char strdouble[45];
data/gdal-3.0.4+dfsg/frmts/ilwis/ilwisdataset.cpp:1115:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szName[100];
data/gdal-3.0.4+dfsg/frmts/ilwis/ilwisdataset.cpp:1134:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char strdouble[45];
data/gdal-3.0.4+dfsg/frmts/ilwis/ilwisdataset.cpp:1257:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char cBandName[45];
data/gdal-3.0.4+dfsg/frmts/ilwis/ilwisdataset.cpp:1679:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( ((char*)pImage) + iItemSize * i, (char*)pImage + iItemSize * (i - 1), iItemSize);
data/gdal-3.0.4+dfsg/frmts/ilwis/ilwisdataset.cpp:2026:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[200];
data/gdal-3.0.4+dfsg/frmts/ingr/IngrTypes.cpp:1438:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pLSBHeaderOne, pHeaderOne, sizeof(INGR_HeaderOne));
data/gdal-3.0.4+dfsg/frmts/ingr/IngrTypes.cpp:1556:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pLSBHeaderTwo, pHeaderTwo, sizeof(INGR_HeaderTwoA));
data/gdal-3.0.4+dfsg/frmts/ingr/IngrTypes.cpp:1744:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dest + 0, src + 4, 4);
data/gdal-3.0.4+dfsg/frmts/ingr/IngrTypes.cpp:1745:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dest + 4, src + 0, 4);
data/gdal-3.0.4+dfsg/frmts/ingr/IngrTypes.cpp:1747:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( dbl, &dt, 8 );
data/gdal-3.0.4+dfsg/frmts/ingr/IngrTypes.h:256:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                DesignFileName[66];
data/gdal-3.0.4+dfsg/frmts/ingr/IngrTypes.h:257:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                DataBaseFileName[66];
data/gdal-3.0.4+dfsg/frmts/ingr/IngrTypes.h:258:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                ParentGridFileName[66];
data/gdal-3.0.4+dfsg/frmts/ingr/IngrTypes.h:259:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                FileDescription[80];
data/gdal-3.0.4+dfsg/frmts/ingr/IngrTypes.h:262:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                Reserved[3];
data/gdal-3.0.4+dfsg/frmts/ingr/IngrTypes.h:551:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pDest, &bb[nn], nSize );
data/gdal-3.0.4+dfsg/frmts/ingr/IngrTypes.h:559:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &bb[nn], pSrc, nSize );
data/gdal-3.0.4+dfsg/frmts/ingr/IntergraphBand.cpp:432:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pImage, pabyBlockBuf, nBlockXSize * nBlockYSize *
data/gdal-3.0.4+dfsg/frmts/ingr/IntergraphBand.cpp:848:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &pabyImage[i * nBlockXSize], &pabyBlockBuf[j], nBlockXSize );
data/gdal-3.0.4+dfsg/frmts/ingr/IntergraphBand.cpp:854:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pImage, pabyBlockBuf, nBlockBufSize );
data/gdal-3.0.4+dfsg/frmts/ingr/IntergraphBand.cpp:1163:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyTile, pabyBlock, nBlockBytes );
data/gdal-3.0.4+dfsg/frmts/ingr/IntergraphBand.cpp:1187:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyBlock + ( iRow * nCellBytes * nBlockXSize ),
data/gdal-3.0.4+dfsg/frmts/ingr/IntergraphBand.cpp:1281:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyBlockBuf, pImage, nBlockBufSize );
data/gdal-3.0.4+dfsg/frmts/ingr/IntergraphDataset.cpp:504:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nDeviceResolution = -atoi( pszValue );
data/gdal-3.0.4+dfsg/frmts/ingr/IntergraphDataset.cpp:840:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( padfTransform, adfGeoTransform, sizeof( double ) * 6 );
data/gdal-3.0.4+dfsg/frmts/ingr/IntergraphDataset.cpp:854:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( adfGeoTransform, padfTransform, sizeof( double ) * 6 );
data/gdal-3.0.4+dfsg/frmts/ingr/JpegHelper.cpp:205:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabNext, abQuantTables[i], 64 );
data/gdal-3.0.4+dfsg/frmts/ingr/JpegHelper.cpp:277:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabNext, pabHuffTab[i][j], nCodes );
data/gdal-3.0.4+dfsg/frmts/ingr/JpegHelper.cpp:279:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabNext, pabHuffTab[i][k], nSymbols );
data/gdal-3.0.4+dfsg/frmts/iris/irisdataset.cpp:687:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfTransform, adfGeoTransform, sizeof(double)*6 );
data/gdal-3.0.4+dfsg/frmts/iris/irisdataset.cpp:897:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szSiteName[17] = {};  // Must have one extra char for string end.
data/gdal-3.0.4+dfsg/frmts/iris/irisdataset.cpp:898:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szVersionName[9] = {};
data/gdal-3.0.4+dfsg/frmts/iris/irisdataset.cpp:913:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szConfigFile[13] = {};
data/gdal-3.0.4+dfsg/frmts/iris/irisdataset.cpp:917:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTaskName[13] = {};
data/gdal-3.0.4+dfsg/frmts/iris/irisdataset.cpp:1039:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szInputProductName[13] = "";
data/gdal-3.0.4+dfsg/frmts/iso8211/8211createfromxml.cpp:128:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szExtendedCharSet[4];
data/gdal-3.0.4+dfsg/frmts/iso8211/8211createfromxml.cpp:134:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nSizeFieldLength = atoi(CPLGetXMLValue(poXMLDDFModule, "_sizeFieldLength",
data/gdal-3.0.4+dfsg/frmts/iso8211/8211createfromxml.cpp:138:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nSizeFieldPos = atoi(CPLGetXMLValue(poXMLDDFModule, "_sizeFieldPos",
data/gdal-3.0.4+dfsg/frmts/iso8211/8211createfromxml.cpp:140:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nSizeFieldTag = atoi(CPLGetXMLValue(poXMLDDFModule, "_sizeFieldTag",
data/gdal-3.0.4+dfsg/frmts/iso8211/8211createfromxml.cpp:153:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    oModule.SetFieldControlLength(atoi(
data/gdal-3.0.4+dfsg/frmts/iso8211/8211createfromxml.cpp:252:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            poRec->SetSizeFieldLength(atoi(
data/gdal-3.0.4+dfsg/frmts/iso8211/8211createfromxml.cpp:255:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            poRec->SetSizeFieldPos(atoi(
data/gdal-3.0.4+dfsg/frmts/iso8211/8211createfromxml.cpp:258:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            poRec->SetSizeFieldTag(atoi(
data/gdal-3.0.4+dfsg/frmts/iso8211/8211createfromxml.cpp:341:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                        atoi(pszSubfieldValue) );
data/gdal-3.0.4+dfsg/frmts/iso8211/ddffield.cpp:78:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nMaxRepeat = atoi(getenv("DDF_MAXDUMP"));
data/gdal-3.0.4+dfsg/frmts/iso8211/ddffield.cpp:88:47:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            fprintf( fp, "\\%02X", ((unsigned char *) pachData)[i] );
data/gdal-3.0.4+dfsg/frmts/iso8211/ddffielddefn.cpp:668:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nRepeat = atoi(pszSrc+iSrc);
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfmodule.cpp:75:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy( _extendedCharSet, " ! " );
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfmodule.cpp:198:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        achLeader[nLeaderSize];
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfmodule.cpp:283:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pachRecord, achLeader, nLeaderSize );
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfmodule.cpp:317:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char    szTag[128];
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfmodule.cpp:436:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char achLeader[25];
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfmodule.cpp:446:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( achLeader+17, _extendedCharSet, 3 );
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfmodule.cpp:459:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char achDirEntry[255];
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfmodule.cpp:460:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szFormat[32];
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfrecord.cpp:192:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLeader[nLeaderSize+1];
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfrecord.cpp:266:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        achLeader[nLeaderSize];
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfrecord.cpp:424:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char    szTag[128];
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfrecord.cpp:533:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(newBuf, pachData, nDataSize);
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfrecord.cpp:536:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&newBuf[nDataSize], tmpBuf, nFieldEntryWidth);
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfrecord.cpp:602:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(newBuf, pachData, nDataSize);
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfrecord.cpp:604:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&newBuf[nDataSize], tmpBuf, nFieldLength);
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfrecord.cpp:624:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char    szTag[128];
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfrecord.cpp:978:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( poNR->pachData, pachData, nDataSize );
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfrecord.cpp:1220:41:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char *pszOldDataLocation = (char *) paoFields[i].GetData();
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfrecord.cpp:1231:41:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char *pszOldDataLocation = (char *) paoFields[i].GetData();
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfrecord.cpp:1273:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( paoNewFields, paoFields, sizeof(DDFField) * nFieldCount );
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfrecord.cpp:1362:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pachFieldData + nOldSize - 1,
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfrecord.cpp:1398:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pachNewImage, poField->GetData(), nPreBytes );
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfrecord.cpp:1399:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pachNewImage + nPreBytes + nRawDataSize,
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfrecord.cpp:1402:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pachNewImage + nPreBytes, pachRawData, nRawDataSize );
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfrecord.cpp:1409:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( (void *) poField->GetData(), pachNewImage, nNewFieldSize );
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfrecord.cpp:1460:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pachWrkData + nStartOffset, pachRawData, nRawDataSize );
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfrecord.cpp:1470:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( ((char*) poField->GetData()) + nPreBytes,
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfrecord.cpp:1493:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( ((char*) poField->GetData()) + nPreBytes,
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfrecord.cpp:1533:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pachNewData + nDirSize,
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfrecord.cpp:1561:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char      szFormat[128];
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfsubfielddefn.cpp:112:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nFormatWidth = atoi(pszFormatString+2);
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfsubfielddefn.cpp:153:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nFormatWidth = atoi(pszFormatString+2);
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfsubfielddefn.cpp:175:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nFormatWidth = atoi(pszFormatString+2);
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfsubfielddefn.cpp:422:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pachBuffer, pachSourceData, nLength );
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfsubfielddefn.cpp:473:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          unsigned char   abyData[8];
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfsubfielddefn.cpp:508:19:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                  memcpy( abyData, pachSourceData, nFormatWidth );
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfsubfielddefn.cpp:609:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        return atoi(ExtractStringData(pachSourceData, nMaxBytes,
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfsubfielddefn.cpp:615:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          unsigned char   abyData[8];
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfsubfielddefn.cpp:645:19:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                  memcpy( abyData, pachSourceData, nFormatWidth );
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfsubfielddefn.cpp:876:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pachData, pszValue, std::min(nValueLength, nSize) );
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfsubfielddefn.cpp:882:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pachData, pszValue, std::min(nValueLength, nSize) );
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfsubfielddefn.cpp:905:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szWork[30];
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfsubfielddefn.cpp:946:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pachData + nSize - strlen(szWork), szWork,
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfsubfielddefn.cpp:997:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szWork[120];
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfsubfielddefn.cpp:1034:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pachData + nSize - strlen(szWork), szWork,
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfutils.cpp:49:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szWorking[33] = {};
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfutils.cpp:54:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( szWorking, pszString, nMaxChars );
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfutils.cpp:57:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    return atoi(szWorking);
data/gdal-3.0.4+dfsg/frmts/iso8211/iso8211.h:142:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        _extendedCharSet[4];
data/gdal-3.0.4+dfsg/frmts/jaxapalsar/jaxapalsardataset.cpp:64:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char psBuf[(l+1)]; \
data/gdal-3.0.4+dfsg/frmts/jaxapalsar/jaxapalsardataset.cpp:73:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char psBuf[(n+1)]; \
data/gdal-3.0.4+dfsg/frmts/jaxapalsar/jaxapalsardataset.cpp:76:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                (x) = atoi(psBuf); \
data/gdal-3.0.4+dfsg/frmts/jaxapalsar/jaxapalsardataset.cpp:376:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szENL[17];
data/gdal-3.0.4+dfsg/frmts/jaxapalsar/jaxapalsardataset.cpp:387:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szPixelSpacing[33];
data/gdal-3.0.4+dfsg/frmts/jaxapalsar/jaxapalsardataset.cpp:388:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szLineSpacing[33];
data/gdal-3.0.4+dfsg/frmts/jaxapalsar/jaxapalsardataset.cpp:400:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szProjName[33];
data/gdal-3.0.4+dfsg/frmts/jaxapalsar/jaxapalsardataset.cpp:413:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szID[30];
data/gdal-3.0.4+dfsg/frmts/jdem/jdemdataset.cpp:45:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szWork[32] = {};
data/gdal-3.0.4+dfsg/frmts/jdem/jdemdataset.cpp:51:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    return atoi(szWork);
data/gdal-3.0.4+dfsg/frmts/jp2kak/jp2kakdataset.cpp:442:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(pImage, pabyWrkBuffer + nBandStart,
data/gdal-3.0.4+dfsg/frmts/jp2kak/jp2kakdataset.cpp:490:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(poBlock->GetDataRef(), pabyWrkBuffer + nBandStart,
data/gdal-3.0.4+dfsg/frmts/jp2kak/jp2kakdataset.cpp:872:29:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                poRawInput->open(poOpenInfo->pszFilename, bResilient,
data/gdal-3.0.4+dfsg/frmts/jp2kak/jp2kakdataset.cpp:909:25:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            poRawInput->open(poOpenInfo->pszFilename, bResilient, bBuffered);
data/gdal-3.0.4+dfsg/frmts/jp2kak/jp2kakdataset.cpp:965:21:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            family->open(jpip_client);
data/gdal-3.0.4+dfsg/frmts/jp2kak/jp2kakdataset.cpp:969:22:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            jp2_src->open(family);
data/gdal-3.0.4+dfsg/frmts/jp2kak/jp2kakdataset.cpp:1000:25:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                family->open(poRawInput);
data/gdal-3.0.4+dfsg/frmts/jp2kak/jp2kakdataset.cpp:1002:25:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                family->open(poOpenInfo->pszFilename, true);
data/gdal-3.0.4+dfsg/frmts/jp2kak/jp2kakdataset.cpp:1005:27:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            if( !jp2_src->open(family) || !jp2_src->read_header() )
data/gdal-3.0.4+dfsg/frmts/jp2kak/jp2kakdataset.cpp:1100:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nNumThreads = atoi(CPLGetConfigOption("JP2KAK_THREADS", "-1"));
data/gdal-3.0.4+dfsg/frmts/jp2kak/jp2kakdataset.cpp:1324:21:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        subfile_src.open(GetDescription(), bResilient, bCached);
data/gdal-3.0.4+dfsg/frmts/jp2kak/jp2kakdataset.cpp:1328:24:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            wrk_family.open(&subfile_src);
data/gdal-3.0.4+dfsg/frmts/jp2kak/jp2kakdataset.cpp:1329:25:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            wrk_jp2_src.open(&wrk_family);
data/gdal-3.0.4+dfsg/frmts/jp2kak/jp2kakdataset.cpp:1568:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szBuffer[64] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/jp2kak/jp2kakdataset.cpp:1784:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    jp2_out.open(jp2_family, nBoxType);
data/gdal-3.0.4+dfsg/frmts/jp2kak/jp2kakdataset.cpp:2077:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        layer_count = atoi(CSLFetchNameValue(papszOptions, "LAYERS"));
data/gdal-3.0.4+dfsg/frmts/jp2kak/jp2kakdataset.cpp:2079:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        layer_count = atoi(CSLFetchNameValue(papszOptions, "Clayers"));
data/gdal-3.0.4+dfsg/frmts/jp2kak/jp2kakdataset.cpp:2156:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nTileXSize = atoi(CSLFetchNameValue( papszOptions, "BLOCKXSIZE"));
data/gdal-3.0.4+dfsg/frmts/jp2kak/jp2kakdataset.cpp:2159:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nTileYSize = atoi(CSLFetchNameValue( papszOptions, "BLOCKYSIZE"));
data/gdal-3.0.4+dfsg/frmts/jp2kak/jp2kakdataset.cpp:2183:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nBits = atoi(CSLFetchNameValue(papszOptions, "NBITS"));
data/gdal-3.0.4+dfsg/frmts/jp2kak/jp2kakdataset.cpp:2187:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(poPrototypeBand->GetMetadataItem("NBITS", "IMAGE_STRUCTURE"));
data/gdal-3.0.4+dfsg/frmts/jp2kak/jp2kakdataset.cpp:2244:21:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        oVSILTarget.open(pszFilename, "w");
data/gdal-3.0.4+dfsg/frmts/jp2kak/jp2kakdataset.cpp:2249:20:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            family.open(&oVSILTarget);
data/gdal-3.0.4+dfsg/frmts/jp2kak/jp2kakdataset.cpp:2251:21:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            jp2_out.open(&family);
data/gdal-3.0.4+dfsg/frmts/jp2kak/jp2kakdataset.cpp:2257:24:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            jpx_family.open(pszFilename);
data/gdal-3.0.4+dfsg/frmts/jp2kak/jp2kakdataset.cpp:2259:21:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            jpx_out.open(&jpx_family);
data/gdal-3.0.4+dfsg/frmts/jp2kak/jp2kakdataset.cpp:2294:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        region.pos.x = atoi(papszTokens[0]);
data/gdal-3.0.4+dfsg/frmts/jp2kak/jp2kakdataset.cpp:2295:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        region.pos.y = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/frmts/jp2kak/jp2kakdataset.cpp:2296:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        region.size.x = atoi(papszTokens[2]);
data/gdal-3.0.4+dfsg/frmts/jp2kak/jp2kakdataset.cpp:2297:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        region.size.y = atoi(papszTokens[3]);
data/gdal-3.0.4+dfsg/frmts/jp2kak/jp2kakdataset.cpp:2425:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            if( atoi(poSrcDS->GetMetadataItem("TIFFTAG_RESOLUTIONUNIT")) == 2 )
data/gdal-3.0.4+dfsg/frmts/jp2kak/subfile_source.h:67:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    void open(const char *fname, int bSequential, int bCached )
data/gdal-3.0.4+dfsg/frmts/jp2kak/vsil_target.h:47:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    void open(const char *fname, const char *access )
data/gdal-3.0.4+dfsg/frmts/jp2lura/jp2luracallbacks.cpp:319:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pucStart, pucData, ulBytesFromLura * ulNum);
data/gdal-3.0.4+dfsg/frmts/jp2lura/jp2luracallbacks.cpp:496:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pucData, pucPos, ulBytes * ulNum);
data/gdal-3.0.4+dfsg/frmts/jp2lura/jp2luradataset.cpp:263:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                        pcMsg[255];
data/gdal-3.0.4+dfsg/frmts/jp2lura/jp2luradataset.cpp:365:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int RATE = atoi(CSLFetchNameValueDef(papszOptions, "RATE", "0"));
data/gdal-3.0.4+dfsg/frmts/jp2lura/jp2luradataset.cpp:366:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int QUALITY = atoi(CSLFetchNameValueDef(papszOptions, "QUALITY", "0"));
data/gdal-3.0.4+dfsg/frmts/jp2lura/jp2luradataset.cpp:367:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int PRECISION = atoi(CSLFetchNameValueDef(papszOptions, "PRECISION", "0"));
data/gdal-3.0.4+dfsg/frmts/jp2lura/jp2luradataset.cpp:371:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int LEVELS = atoi(CSLFetchNameValueDef(papszOptions, "LEVELS", "5"));
data/gdal-3.0.4+dfsg/frmts/jp2lura/jp2luradataset.cpp:374:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int TILEXSIZE = atoi(CSLFetchNameValueDef(papszOptions, "TILEXSIZE", "0"));
data/gdal-3.0.4+dfsg/frmts/jp2lura/jp2luradataset.cpp:375:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int TILEYSIZE = atoi(CSLFetchNameValueDef(papszOptions, "TILEYSIZE", "0"));
data/gdal-3.0.4+dfsg/frmts/jp2lura/jp2luradataset.cpp:377:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int CODEBLOCK_WIDTH = atoi(CSLFetchNameValueDef(papszOptions,
data/gdal-3.0.4+dfsg/frmts/jp2lura/jp2luradataset.cpp:379:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int CODEBLOCK_HEIGHT = atoi(CSLFetchNameValueDef(papszOptions,
data/gdal-3.0.4+dfsg/frmts/jp2lura/jp2luradataset.cpp:389:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int NBITS = atoi(CSLFetchNameValueDef(papszOptions, "NBITS", "0"));
data/gdal-3.0.4+dfsg/frmts/jp2lura/jp2luradataset.cpp:407:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        ulBps = atoi(poSrcDS->GetRasterBand(1)->GetMetadataItem( "NBITS",
data/gdal-3.0.4+dfsg/frmts/jp2lura/jp2luradataset.cpp:1108:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    atoi(poSrcDS->GetMetadataItem("TIFFTAG_RESOLUTIONUNIT"));
data/gdal-3.0.4+dfsg/frmts/jp2lura/jp2luradataset.cpp:2314:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&(poODS->sOutputData), &(poDS->sOutputData),
data/gdal-3.0.4+dfsg/frmts/jp2lura/jp2luradataset.cpp:2443:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&nTBox, poBox->GetType(), 4);
data/gdal-3.0.4+dfsg/frmts/jp2lura/jp2lurarasterband.cpp:229:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pData, poGDS->sOutputData.pDatacache[nBand - 1],
data/gdal-3.0.4+dfsg/frmts/jpeg/jpgdataset.cpp:220:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char *apszMDList[2] = { pszXMP, nullptr };
data/gdal-3.0.4+dfsg/frmts/jpeg/jpgdataset.cpp:299:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *apChunk[256] = {};
data/gdal-3.0.4+dfsg/frmts/jpeg/jpgdataset.cpp:444:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(pBufferPtr, apChunk[i], anChunkSize[i]);
data/gdal-3.0.4+dfsg/frmts/jpeg/jpgdataset.cpp:712:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pImage, poGDS->pabyScanline, nXSize * nWordSize);
data/gdal-3.0.4+dfsg/frmts/jpeg/jpgdataset.cpp:1746:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(padfTransform, adfGeoTransform, sizeof(double) * 6);
data/gdal-3.0.4+dfsg/frmts/jpeg/jpgdataset.cpp:1866:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy(&(((GByte *)pData)[(y * nLineSpace) +
data/gdal-3.0.4+dfsg/frmts/jpeg/jpgdataset.cpp:2084:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nQLevel = atoi(papszTokens[0]);
data/gdal-3.0.4+dfsg/frmts/jpeg/jpgdataset.cpp:2567:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[JMSG_LENGTH_MAX] = {};
data/gdal-3.0.4+dfsg/frmts/jpeg/jpgdataset.cpp:2609:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char buffer[JMSG_LENGTH_MAX] = {};
data/gdal-3.0.4+dfsg/frmts/jpeg/jpgdataset.cpp:2901:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nOvrWidth = atoi(pszThumbnailWidth);
data/gdal-3.0.4+dfsg/frmts/jpeg/jpgdataset.cpp:2909:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nOvrHeight = atoi(pszThumbnailHeight);
data/gdal-3.0.4+dfsg/frmts/jpeg/jpgdataset.cpp:3095:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nQuality = atoi(CSLFetchNameValue(papszOptions, "QUALITY"));
data/gdal-3.0.4+dfsg/frmts/jpeg/jpgdataset.cpp:3229:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        sCInfo.block_size = atoi(pszVal);
data/gdal-3.0.4+dfsg/frmts/jpeg/jpgdataset.h:145:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nMaxScans(atoi(
data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jchuff.c:185:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char huffsize[257];
data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jchuff.h:29:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char ehufsi[256];		/* length of code for each symbol */
data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jcmarker.c:232:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char dc_in_use[NUM_ARITH_TBLS];
data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jcmarker.c:233:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char ac_in_use[NUM_ARITH_TBLS];
data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jdhuff.c:160:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char huffsize[257];
data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jerror.c:107:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[JMSG_LENGTH_MAX];
data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jinclude.h:62:32:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define MEMCOPY(dest,src,size)	bcopy((const void *)(src), (void *)(dest), (size_t)(size))
data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jinclude.h:68:32:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define MEMCOPY(dest,src,size)	memcpy((void *)(dest), (const void *)(src), (size_t)(size))
data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jmemansi.c:90:9:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
#define tmpfile() _win32_tmpfile()
data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jmemansi.c:210:26:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
  if ((info->temp_file = tmpfile()) == NULL)
data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jmemsys.h:167:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char temp_name[TEMP_NAME_LENGTH]; /* name if it's a file */
data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jmemsys.h:173:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char temp_name[TEMP_NAME_LENGTH]; /* name if it's a file */
data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jmemsys.h:177:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char temp_name[TEMP_NAME_LENGTH]; /* name of temp file */
data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jpeglib.h:670:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s[JMSG_STR_PARM_MAX];
data/gdal-3.0.4+dfsg/frmts/jpeg2000/jpeg2000dataset.cpp:959:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        if( pszNBITS && atoi(pszNBITS) > 0 )
data/gdal-3.0.4+dfsg/frmts/jpeg2000/jpeg2000dataset.cpp:960:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            sComps[iBand].prec = atoi(pszNBITS);
data/gdal-3.0.4+dfsg/frmts/jpeg2000/jpeg2000dataset.cpp:1056:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pszOptionBuf[OPTSMAX + 1] = {};
data/gdal-3.0.4+dfsg/frmts/jpeg2000/jpeg2000dataset.cpp:1170:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( box->data.uuid.uuid, poBox->GetUUID(), 16 );
data/gdal-3.0.4+dfsg/frmts/jpeg2000/jpeg2000dataset.cpp:1174:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( box->data.uuid.data, poBox->GetWritableData() + 16,
data/gdal-3.0.4+dfsg/frmts/jpeg2000/jpeg2000dataset.cpp:1308:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(&nTBox, poBox->GetType(), 4);
data/gdal-3.0.4+dfsg/frmts/jpegls/jpeglsdataset.cpp:363:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char abyEmpty[128];
data/gdal-3.0.4+dfsg/frmts/jpegls/jpeglsdataset.cpp:682:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nLOSSFACTOR = atoi(pszLOSSFACTOR);
data/gdal-3.0.4+dfsg/frmts/jpegls/jpeglsdataset.cpp:696:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nBits = atoi(pszNBITS);
data/gdal-3.0.4+dfsg/frmts/jpipkak/jpipkakdataset.cpp:818:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(adfGeoTransform, oJP2Geo.adfGeoTransform,
data/gdal-3.0.4+dfsg/frmts/jpipkak/jpipkakdataset.cpp:838:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char *apszMDList[2];
data/gdal-3.0.4+dfsg/frmts/jpipkak/jpipkakdataset.cpp:1004:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pabyDataSegment,
data/gdal-3.0.4+dfsg/frmts/jpipkak/jpipkakdataset.cpp:1057:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nPSTTargetOffset = atoi(CPLGetConfigOption("PST_OFFSET","0"));
data/gdal-3.0.4+dfsg/frmts/jpipkak/jpipkakdataset.cpp:1062:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nPSTTargetInstance = atoi(CPLGetConfigOption("PST_INSTANCE","0"));
data/gdal-3.0.4+dfsg/frmts/jpipkak/jpipkakdataset.cpp:1134:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( padfTransform, adfGeoTransform, sizeof(double)*6 );
data/gdal-3.0.4+dfsg/frmts/jpipkak/jpipkakdataset.cpp:1401:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        ario->nQualityLayers = atoi(pszLayers);
data/gdal-3.0.4+dfsg/frmts/jpipkak/jpipkakdataset.cpp:1424:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        ario->nLevel = atoi(pszLevel);
data/gdal-3.0.4+dfsg/frmts/kea/keaband.cpp:167:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTemp[100];
data/gdal-3.0.4+dfsg/frmts/kea/keaband.cpp:244:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBuf[32];
data/gdal-3.0.4+dfsg/frmts/kea/keaband.cpp:410:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            pTable->SetRowCount(atoi(pszValue));
data/gdal-3.0.4+dfsg/frmts/kea/keadataset.cpp:214:42:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nimageblockSize = (unsigned int) atol( pszValue );
data/gdal-3.0.4+dfsg/frmts/kea/keadataset.cpp:219:40:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nattblockSize = (unsigned int) atol( pszValue );
data/gdal-3.0.4+dfsg/frmts/kea/keadataset.cpp:224:36:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nmdcElmts = (unsigned int) atol( pszValue );
data/gdal-3.0.4+dfsg/frmts/kea/keadataset.cpp:229:38:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nrdccNElmts = (unsigned int) atol( pszValue );
data/gdal-3.0.4+dfsg/frmts/kea/keadataset.cpp:234:38:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nrdccNBytes = (unsigned int) atol( pszValue );
data/gdal-3.0.4+dfsg/frmts/kea/keadataset.cpp:244:36:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nsieveBuf = (unsigned int) atol( pszValue );
data/gdal-3.0.4+dfsg/frmts/kea/keadataset.cpp:249:41:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nmetaBlockSize = (unsigned int) atol( pszValue );
data/gdal-3.0.4+dfsg/frmts/kea/keadataset.cpp:254:35:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        ndeflate = (unsigned int) atol( pszValue );
data/gdal-3.0.4+dfsg/frmts/kea/keadataset.cpp:724:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nimageBlockSize = atoi(pszValue);
data/gdal-3.0.4+dfsg/frmts/kea/keadataset.cpp:729:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nattBlockSize = atoi(pszValue);
data/gdal-3.0.4+dfsg/frmts/kea/keadataset.cpp:734:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            ndeflate = atoi(pszValue);
data/gdal-3.0.4+dfsg/frmts/kea/kearat.cpp:303:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *apszStrList[1];
data/gdal-3.0.4+dfsg/frmts/kea/kearat.cpp:667:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    pnData[i] = atoi(papszColData[i]);
data/gdal-3.0.4+dfsg/frmts/kea/kearat.cpp:724:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    panColData[i] = atoi(papszStrList[i]);
data/gdal-3.0.4+dfsg/frmts/kmlsuperoverlay/kmlsuperoverlaydataset.cpp:1099:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(padfGeoTransform, adfGeoTransform, 6 * sizeof(double));
data/gdal-3.0.4+dfsg/frmts/kmlsuperoverlay/kmlsuperoverlaydataset.cpp:1422:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy(oImageDesc.adfExtents, adfExtents, 4 * sizeof(double));
data/gdal-3.0.4+dfsg/frmts/kmlsuperoverlay/kmlsuperoverlaydataset.cpp:1874:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szExtJ[4];  /* extension of tile at which max j is realized */
data/gdal-3.0.4+dfsg/frmts/kmlsuperoverlay/kmlsuperoverlaydataset.cpp:1875:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szExtI[4];  /* extension of tile at which max i is realized */
data/gdal-3.0.4+dfsg/frmts/kmlsuperoverlay/kmlsuperoverlaydataset.cpp:1902:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(padfGeoTransform, adfGeoTransform, 6 * sizeof(double));
data/gdal-3.0.4+dfsg/frmts/kmlsuperoverlay/kmlsuperoverlaydataset.cpp:2269:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szExt[4];
data/gdal-3.0.4+dfsg/frmts/kmlsuperoverlay/kmlsuperoverlaydataset.cpp:2406:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(poDS->adfGlobalExtents, adfGlobalExtents, 4 * sizeof(double));
data/gdal-3.0.4+dfsg/frmts/l1b/l1bdataset.cpp:199:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        szString[L1B_TIMECODE_LENGTH];
data/gdal-3.0.4+dfsg/frmts/l1b/l1bdataset.cpp:674:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&iTemp, pabyData, 2);
data/gdal-3.0.4+dfsg/frmts/l1b/l1bdataset.cpp:683:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&iTemp, pabyData, 2);
data/gdal-3.0.4+dfsg/frmts/l1b/l1bdataset.cpp:692:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&lTemp, pabyData, 4);
data/gdal-3.0.4+dfsg/frmts/l1b/l1bdataset.cpp:701:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&lTemp, pabyData, 4);
data/gdal-3.0.4+dfsg/frmts/l1b/l1bdataset.cpp:1367:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    szDatasetName[L1B_DATASET_NAME_SIZE + 1];
data/gdal-3.0.4+dfsg/frmts/l1b/l1bdataset.cpp:1397:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( szDatasetName, abyTBMHeader + L1B_NOAA9_HDR_NAME_OFF,
data/gdal-3.0.4+dfsg/frmts/l1b/l1bdataset.cpp:1630:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( szDatasetName, abyRecHeader + L1B_NOAA15_HDR_REC_NAME_OFF,
data/gdal-3.0.4+dfsg/frmts/l1b/l1bdataset.cpp:1696:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szEllipsoid[8+1];
data/gdal-3.0.4+dfsg/frmts/l1b/l1bdataset.cpp:1697:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(szEllipsoid, abyRecHeader + L1B_NOAA15_HDR_REC_ELLIPSOID_OFF, 8);
data/gdal-3.0.4+dfsg/frmts/l1b/l1bdataset.cpp:1902:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    szRevolution[6];
data/gdal-3.0.4+dfsg/frmts/l1b/l1bdataset.cpp:1903:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( szRevolution, szDatasetName + 32, 5 );
data/gdal-3.0.4+dfsg/frmts/leveller/levellerdataset.cpp:251:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                m_szElevUnits[8];
data/gdal-3.0.4+dfsg/frmts/leveller/levellerdataset.cpp:329:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTag[32];
data/gdal-3.0.4+dfsg/frmts/leveller/levellerdataset.cpp:749:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szHeader[5];
data/gdal-3.0.4+dfsg/frmts/leveller/levellerdataset.cpp:750:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(szHeader, "trrn");
data/gdal-3.0.4+dfsg/frmts/leveller/levellerdataset.cpp:1008:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sz[kMaxTagNameLen + 1];
data/gdal-3.0.4+dfsg/frmts/leveller/levellerdataset.cpp:1042:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char descriptor[kMaxDescLen+1];
data/gdal-3.0.4+dfsg/frmts/leveller/levellerdataset.cpp:1114:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTag[65];
data/gdal-3.0.4+dfsg/frmts/leveller/levellerdataset.cpp:1334:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szWKT[1024];
data/gdal-3.0.4+dfsg/frmts/leveller/levellerdataset.cpp:1396:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char szWorldUnits[32];
data/gdal-3.0.4+dfsg/frmts/leveller/levellerdataset.cpp:1465:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(padfTransform, m_adfTransform, sizeof(m_adfTransform));
data/gdal-3.0.4+dfsg/frmts/map/mapdataset.cpp:313:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            const int x = atoi(papszTok[2]);
data/gdal-3.0.4+dfsg/frmts/map/mapdataset.cpp:314:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            const int y = atoi(papszTok[3]);
data/gdal-3.0.4+dfsg/frmts/map/mapdataset.cpp:438:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(padfTransform, adfGeoTransform, 6 * sizeof(double));
data/gdal-3.0.4+dfsg/frmts/mbtiles/mbtilesdataset.cpp:978:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(padfGeoTransform, m_adfGeoTransform, 6 * sizeof(double));
data/gdal-3.0.4+dfsg/frmts/mbtiles/mbtilesdataset.cpp:1105:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(m_adfGeoTransform, padfGeoTransform, 6 * sizeof(double));
data/gdal-3.0.4+dfsg/frmts/mbtiles/mbtilesdataset.cpp:1629:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(pabyDataDup, pabyData, nDataSize);
data/gdal-3.0.4+dfsg/frmts/mbtiles/mbtilesdataset.cpp:1715:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pabyDataDup, pabyData, nDataSize);
data/gdal-3.0.4+dfsg/frmts/mbtiles/mbtilesdataset.cpp:1831:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pabyDataDup, pabyData, nDataSize);
data/gdal-3.0.4+dfsg/frmts/mbtiles/mbtilesdataset.cpp:2277:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&nWidth, ptr, 4);
data/gdal-3.0.4+dfsg/frmts/mbtiles/mbtilesdataset.cpp:2282:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&nHeight, ptr, 4);
data/gdal-3.0.4+dfsg/frmts/mbtiles/mbtilesdataset.cpp:2324:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&nWidth, &(((GByte*)pabyBuffer)[sizeof(abyJPEG1CompSig)]), 2);
data/gdal-3.0.4+dfsg/frmts/mbtiles/mbtilesdataset.cpp:2327:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&nHeight, &(((GByte*)pabyBuffer)[sizeof(abyJPEG1CompSig) + 2]), 2);
data/gdal-3.0.4+dfsg/frmts/mbtiles/mbtilesdataset.cpp:2346:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&nWidth, &(((GByte*)pabyBuffer)[sizeof(abyJPEG3CompSig)]), 2);
data/gdal-3.0.4+dfsg/frmts/mbtiles/mbtilesdataset.cpp:2349:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&nHeight, &(((GByte*)pabyBuffer)[sizeof(abyJPEG3CompSig) + 2]), 2);
data/gdal-3.0.4+dfsg/frmts/mbtiles/mbtilesdataset.cpp:2653:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nMaxLevel = atoi(pszZoomLevel);
data/gdal-3.0.4+dfsg/frmts/mbtiles/mbtilesdataset.cpp:2736:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nTmpBands = atoi(pszBandCount);
data/gdal-3.0.4+dfsg/frmts/mbtiles/mbtilesdataset.cpp:2934:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        std::min(8192,atoi(CSLFetchNameValueDef(papszOptions,
data/gdal-3.0.4+dfsg/frmts/mbtiles/mbtilesdataset.cpp:3154:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        std::min(8192,atoi(CSLFetchNameValueDef(papszOptions,
data/gdal-3.0.4+dfsg/frmts/mbtiles/mbtilesdataset.cpp:3215:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(oSrcSRS.GetAuthorityCode(nullptr)) != 3857 )
data/gdal-3.0.4+dfsg/frmts/mbtiles/mbtilesdataset.cpp:3355:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        m_nZLevel = atoi(pszZLevel);
data/gdal-3.0.4+dfsg/frmts/mbtiles/mbtilesdataset.cpp:3359:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        m_nQuality = atoi(pszQuality);
data/gdal-3.0.4+dfsg/frmts/mem/memdataset.cpp:180:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pImage,
data/gdal-3.0.4+dfsg/frmts/mem/memdataset.cpp:191:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( reinterpret_cast<GByte *>(pImage) + iPixel*nWordSize,
data/gdal-3.0.4+dfsg/frmts/mem/memdataset.cpp:213:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyData+nLineOffset*(size_t)nBlockYOff,
data/gdal-3.0.4+dfsg/frmts/mem/memdataset.cpp:224:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyCur + iPixel*nPixelOffset,
data/gdal-3.0.4+dfsg/frmts/mem/memdataset.cpp:886:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfGeoTransform, adfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/mem/memdataset.cpp:900:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( adfGeoTransform, padfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/mem/memdataset.cpp:1368:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poDS->nRasterXSize = atoi(CSLFetchNameValue(papszOptions,"PIXELS"));
data/gdal-3.0.4+dfsg/frmts/mem/memdataset.cpp:1369:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poDS->nRasterYSize = atoi(CSLFetchNameValue(papszOptions,"LINES"));
data/gdal-3.0.4+dfsg/frmts/mem/memdataset.cpp:1379:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nBands = atoi(pszOption);
data/gdal-3.0.4+dfsg/frmts/mem/memdataset.cpp:1394:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        if( atoi(pszOption) > 0 && atoi(pszOption) < GDT_TypeCount )
data/gdal-3.0.4+dfsg/frmts/mem/memdataset.cpp:1394:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        if( atoi(pszOption) > 0 && atoi(pszOption) < GDT_TypeCount )
data/gdal-3.0.4+dfsg/frmts/mem/memdataset.cpp:1395:48:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            eType = static_cast<GDALDataType>( atoi(pszOption) );
data/gdal-3.0.4+dfsg/frmts/mrf/JPEG_band.cpp:109:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[JMSG_LENGTH_MAX];
data/gdal-3.0.4+dfsg/frmts/mrf/JPEG_band.cpp:118:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[JMSG_LENGTH_MAX];
data/gdal-3.0.4+dfsg/frmts/mrf/JPEG_band.cpp:306:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(buffer, CHUNK_NAME, CHUNK_NAME_SIZE);
data/gdal-3.0.4+dfsg/frmts/mrf/JPEG_band.cpp:608:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char *rp[2];
data/gdal-3.0.4+dfsg/frmts/mrf/JPNG_band.cpp:107:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&signature, src.buffer, sizeof(GUInt32));
data/gdal-3.0.4+dfsg/frmts/mrf/LERC_band.cpp:36:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&X, p, sizeof(GInt32));
data/gdal-3.0.4+dfsg/frmts/mrf/PNG_band.cpp:86:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(data, pmgr->buffer, length);
data/gdal-3.0.4+dfsg/frmts/mrf/PNG_band.cpp:95:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(mgr->buffer, data, length);
data/gdal-3.0.4+dfsg/frmts/mrf/Packer.h:36:14:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        std::memcpy(dst->buffer, src->buffer, src->size);
data/gdal-3.0.4+dfsg/frmts/mrf/Raw_band.cpp:51:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst.buffer, src.buffer, src.size);
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/BitStufferV1.cpp:80:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&dstValue, dstPtr, sizeof(unsigned int));
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/BitStufferV1.cpp:82:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(dstPtr, &dstValue, sizeof(unsigned int));
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/BitStufferV1.cpp:94:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&dstValue, dstPtr, sizeof(unsigned int));
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/BitStufferV1.cpp:96:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(dstPtr, &dstValue, sizeof(unsigned int));
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/BitStufferV1.cpp:98:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&dstValue, dstPtr, sizeof(unsigned int));
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/BitStufferV1.cpp:100:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(dstPtr, &dstValue, sizeof(unsigned int));
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/BitStufferV1.cpp:111:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&dstValue, dstPtr, sizeof(unsigned int));
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/BitStufferV1.cpp:113:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(dstPtr, &dstValue, sizeof(unsigned int));
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/BitStufferV1.cpp:190:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&lastUInt, srcPtr, sizeof(unsigned int));
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/BitStufferV1.cpp:196:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&srcValue, srcPtr, sizeof(unsigned int));
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/BitStufferV1.cpp:198:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(srcPtr, &srcValue, sizeof(unsigned int));
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/BitStufferV1.cpp:217:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&srcValue, srcPtr, sizeof(unsigned int));
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/BitStufferV1.cpp:237:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&srcValue, srcPtr, sizeof(unsigned int));
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/BitStufferV1.cpp:248:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&srcValue, srcPtr, sizeof(unsigned int));
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/BitStufferV1.cpp:254:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(srcPtr, &lastUInt, sizeof(unsigned int)); // restore the last UInt
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/BitStufferV1.cpp:304:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, &s, sizeof(unsigned short));
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/BitStufferV1.cpp:309:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, &k, sizeof(unsigned int));
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/BitStufferV1.cpp:341:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&s, ptr, sizeof(unsigned short));
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/BitStufferV1.cpp:352:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&k, ptr, sizeof(unsigned int));
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/CntZImage.cpp:242:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(ptr, getTypeString().c_str(), getTypeString().length());
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/CntZImage.cpp:245:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(ptr, &versionSwap, sizeof(int));  ptr += sizeof(int);
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/CntZImage.cpp:246:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(ptr, &typeSwap, sizeof(int));  ptr += sizeof(int);
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/CntZImage.cpp:247:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(ptr, &heightSwap, sizeof(int));  ptr += sizeof(int);
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/CntZImage.cpp:248:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(ptr, &widthSwap, sizeof(int));  ptr += sizeof(int);
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/CntZImage.cpp:249:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(ptr, &maxZErrorSwap, sizeof(double));  ptr += sizeof(double);
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/CntZImage.cpp:299:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, &numTilesVertSwap, sizeof(int));  ptr += sizeof(int);
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/CntZImage.cpp:300:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, &numTilesHoriSwap, sizeof(int));  ptr += sizeof(int);
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/CntZImage.cpp:301:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, &numBytesOptSwap, sizeof(int));  ptr += sizeof(int);
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/CntZImage.cpp:302:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, &maxValInImgSwap, sizeof(float));  ptr += sizeof(float);
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/CntZImage.cpp:362:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&typeStr[0], *ppByte, len);
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/CntZImage.cpp:382:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&version, ptr, sizeof(int));  ptr += sizeof(int);
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/CntZImage.cpp:383:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&type, ptr, sizeof(int));  ptr += sizeof(int);
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/CntZImage.cpp:384:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&height, ptr, sizeof(int));  ptr += sizeof(int);
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/CntZImage.cpp:385:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&width, ptr, sizeof(int));  ptr += sizeof(int);
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/CntZImage.cpp:386:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&maxZErrorInFile, ptr, sizeof(double));  ptr += sizeof(double);
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/CntZImage.cpp:435:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&numTilesVert, ptr, sizeof(int));  ptr += sizeof(int);
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/CntZImage.cpp:436:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&numTilesHori, ptr, sizeof(int));  ptr += sizeof(int);
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/CntZImage.cpp:437:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&numBytes, ptr, sizeof(int));  ptr += sizeof(int);
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/CntZImage.cpp:438:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&maxValInImg, ptr, sizeof(float));  ptr += sizeof(float);
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/DefinesV1.h:93:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, &val, sizeof(unsigned int));
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/DefinesV1.h:98:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&res, src, sizeof(unsigned int));
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/TImage.hpp:173:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(getData(), tImg.getData(), getSize() * sizeof(Element));
data/gdal-3.0.4+dfsg/frmts/mrf/marfa_dataset.cpp:101:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(GeoTransform, gt, sizeof(gt));
data/gdal-3.0.4+dfsg/frmts/mrf/marfa_dataset.cpp:283:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( panOverviewListNew, panOverviewList, sizeof(int) * nOverviews );
data/gdal-3.0.4+dfsg/frmts/mrf/marfa_dataset.cpp:558:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            return atoi(theStringVector[i].c_str() + 1);
data/gdal-3.0.4+dfsg/frmts/mrf/marfa_dataset.cpp:898:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    image.quality = atoi(CPLGetXMLValue(defimage, "Quality", "85"));
data/gdal-3.0.4+dfsg/frmts/mrf/marfa_dataset.cpp:1305:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    spacing = atoi(CPLGetXMLValue(config, "Raster.Spacing", "0"));
data/gdal-3.0.4+dfsg/frmts/mrf/marfa_dataset.cpp:1309:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        zslice = atoi(CPLGetXMLValue(config, "Raster.zslice", "0"));
data/gdal-3.0.4+dfsg/frmts/mrf/marfa_dataset.cpp:1886:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        zslice = atoi(val);
data/gdal-3.0.4+dfsg/frmts/mrf/marfa_dataset.cpp:1905:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (val) img.quality = atoi(val);
data/gdal-3.0.4+dfsg/frmts/mrf/marfa_dataset.cpp:1908:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (val) img.size.z = atoi(val);
data/gdal-3.0.4+dfsg/frmts/mrf/marfa_dataset.cpp:1911:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (val) img.pagesize.x = atoi(val);
data/gdal-3.0.4+dfsg/frmts/mrf/marfa_dataset.cpp:1914:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (val) img.pagesize.y = atoi(val);
data/gdal-3.0.4+dfsg/frmts/mrf/marfa_dataset.cpp:1917:48:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (val) img.pagesize.x = img.pagesize.y = atoi(val);
data/gdal-3.0.4+dfsg/frmts/mrf/marfa_dataset.cpp:1928:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (val) scale = atoi(val);
data/gdal-3.0.4+dfsg/frmts/mrf/marfa_dataset.cpp:1940:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (val) spacing = atoi(val);
data/gdal-3.0.4+dfsg/frmts/mrf/marfa_dataset.cpp:2251:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(GeoTransform, gt, 6 * sizeof(double));
data/gdal-3.0.4+dfsg/frmts/mrf/marfa_dataset.cpp:2272:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(gt, GeoTransform, 6 * sizeof(double));
data/gdal-3.0.4+dfsg/frmts/mrf/mrf_band.cpp:190:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(src.buffer, dbuff, src.size);
data/gdal-3.0.4+dfsg/frmts/mrf/mrf_band.cpp:1017:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(tbuffer, outbuff, dst.size);
data/gdal-3.0.4+dfsg/frmts/mrf/mrf_util.cpp:142:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *fp = fopen(fname, "wb");
data/gdal-3.0.4+dfsg/frmts/mrsid/mrsiddataset.cpp:529:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pImage, poGDS->poBuffer->myGetTotalBandData(static_cast<lt_uint16>(nBand - 1)),
data/gdal-3.0.4+dfsg/frmts/mrsid/mrsiddataset.cpp:994:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy( pabyDst, pabySrc, nTmpPixelSize );
data/gdal-3.0.4+dfsg/frmts/mrsid/mrsiddataset.cpp:1069:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    osTemp = ((const char **)pData)[k++];
data/gdal-3.0.4+dfsg/frmts/mrsid/mrsiddataset.cpp:1136:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        ((char *)pValue)[iSize - 1] = '\0';
data/gdal-3.0.4+dfsg/frmts/mrsid/mrsiddataset.cpp:1139:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pValue, poMetadataRec->getScalarData(), iSize );
data/gdal-3.0.4+dfsg/frmts/mrsid/mrsiddataset.cpp:1305:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    nUTMZone = atoi(pszLine + 15);
data/gdal-3.0.4+dfsg/frmts/mrsid/mrsiddataset.cpp:1460:34:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        eStat = poDS->oLTIStream.open();
data/gdal-3.0.4+dfsg/frmts/mrsid/mrsiddataset.cpp:1479:34:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        eStat = poDS->oVSIStream.open();
data/gdal-3.0.4+dfsg/frmts/mrsid/mrsiddataset.cpp:2691:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szPCSName[200];
data/gdal-3.0.4+dfsg/frmts/mrsid/mrsiddataset.cpp:2692:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( szPCSName, "unnamed" );
data/gdal-3.0.4+dfsg/frmts/mrsid/mrsiddataset.cpp:2708:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        szGCSName[200];
data/gdal-3.0.4+dfsg/frmts/mrsid/mrsiddataset.cpp:3168:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int iVersion = pszVersion ? atoi(pszVersion) : 4;
data/gdal-3.0.4+dfsg/frmts/mrsid/mrsiddataset.cpp:3170:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int iVersion = pszVersion ? atoi(pszVersion) : 3;
data/gdal-3.0.4+dfsg/frmts/mrsid/mrsiddataset.cpp:3305:59:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            poMG3ImageWriter->params().setTargetFilesize( atoi(pszValue) );
data/gdal-3.0.4+dfsg/frmts/mrsid/mrsiddataset.cpp:3346:59:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            poMG4ImageWriter->params().setTargetFilesize( atoi(pszValue) );
data/gdal-3.0.4+dfsg/frmts/mrsid/mrsidstream.cpp:138:25:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
LT_STATUS LTIVSIStream::open()
data/gdal-3.0.4+dfsg/frmts/mrsid/mrsidstream.h:51:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    LT_STATUS open() override;
data/gdal-3.0.4+dfsg/frmts/mrsid_lidar/gdal_MG4Lidar.cpp:321:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char bufCode[16];
data/gdal-3.0.4+dfsg/frmts/msg/msgcommand.cpp:146:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
              int iChan = atoi(l_sChannel.c_str());
data/gdal-3.0.4+dfsg/frmts/msg/msgcommand.cpp:154:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int iChan = atoi(l_sChannel.c_str());
data/gdal-3.0.4+dfsg/frmts/msg/msgcommand.cpp:168:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int iChan = atoi(l_sChannel.c_str());
data/gdal-3.0.4+dfsg/frmts/msg/msgcommand.cpp:182:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
          iNrCycles = atoi(sNrCycles.c_str());
data/gdal-3.0.4+dfsg/frmts/msg/msgcommand.cpp:186:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
          iStep = atoi(sStep.c_str());
data/gdal-3.0.4+dfsg/frmts/msg/msgcommand.cpp:405:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  int iYear = atoi(sYear.c_str());
data/gdal-3.0.4+dfsg/frmts/msg/msgcommand.cpp:406:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  int iMonth = atoi(sMonth.c_str());
data/gdal-3.0.4+dfsg/frmts/msg/msgcommand.cpp:407:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  int iDay = atoi(sDay.c_str());
data/gdal-3.0.4+dfsg/frmts/msg/msgcommand.cpp:408:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  int iHours = atoi(sHours.c_str());
data/gdal-3.0.4+dfsg/frmts/msg/msgcommand.cpp:409:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  int iMins = atoi(sMins.c_str());
data/gdal-3.0.4+dfsg/frmts/msg/msgcommand.cpp:437:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char sRet [100];
data/gdal-3.0.4+dfsg/frmts/msg/msgcommand.cpp:448:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char sRet [4096];
data/gdal-3.0.4+dfsg/frmts/msg/msgcommand.cpp:460:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char sRet [4096];
data/gdal-3.0.4+dfsg/frmts/msg/msgdataset.cpp:120:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfTransform,  adfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/msg/msgdataset.cpp:295:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( poDS->rCalibrationOffset,  pp.rpr()->Cal_Offset, sizeof(double) * 12 );
data/gdal-3.0.4+dfsg/frmts/msg/msgdataset.cpp:296:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( poDS->rCalibrationSlope,  pp.rpr()->Cal_Slope, sizeof(double) * 12 );
data/gdal-3.0.4+dfsg/frmts/msg/prologue.cpp:89:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf [8];
data/gdal-3.0.4+dfsg/frmts/msg/prologue.cpp:109:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf [4];
data/gdal-3.0.4+dfsg/frmts/msg/prologue.cpp:125:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf [4];
data/gdal-3.0.4+dfsg/frmts/msg/prologue.cpp:198:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char dummy [12];
data/gdal-3.0.4+dfsg/frmts/msg/prologue.h:88:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char PlannedChannelProcessing [12];
data/gdal-3.0.4+dfsg/frmts/msg/reflectancecalculator.cpp:52:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  m_iYear = atoi(sYear.c_str());
data/gdal-3.0.4+dfsg/frmts/msg/reflectancecalculator.cpp:53:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  int iMonth = atoi(sMonth.c_str());
data/gdal-3.0.4+dfsg/frmts/msg/reflectancecalculator.cpp:54:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  m_iDay = atoi(sDay.c_str());
data/gdal-3.0.4+dfsg/frmts/msg/reflectancecalculator.cpp:57:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  int iHours = atoi(sHours.c_str());
data/gdal-3.0.4+dfsg/frmts/msg/reflectancecalculator.cpp:58:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  int iMins = atoi(sMins.c_str());
data/gdal-3.0.4+dfsg/frmts/msg/xritheaderparser.cpp:55:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char probeBuf[probeSize];
data/gdal-3.0.4+dfsg/frmts/msg/xritheaderparser.cpp:64:12:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      std::memcpy(buf, probeBuf, probeSize); // save what we have already read when probing
data/gdal-3.0.4+dfsg/frmts/msg/xritheaderparser.cpp:89:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&i, num, 4);
data/gdal-3.0.4+dfsg/frmts/msgn/msg_basic_types.h:51:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef unsigned char   TIME_CDS_SHORT[6];
data/gdal-3.0.4+dfsg/frmts/msgn/msg_basic_types.h:52:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef unsigned char   TIME_CDS_EXPANDED[10];
data/gdal-3.0.4+dfsg/frmts/msgn/msg_basic_types.h:75:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[30];
data/gdal-3.0.4+dfsg/frmts/msgn/msg_basic_types.h:76:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char value[50];
data/gdal-3.0.4+dfsg/frmts/msgn/msg_basic_types.h:80:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[30];
data/gdal-3.0.4+dfsg/frmts/msgn/msg_basic_types.h:81:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char size[16];
data/gdal-3.0.4+dfsg/frmts/msgn/msg_basic_types.h:82:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char address[16];
data/gdal-3.0.4+dfsg/frmts/msgn/msg_reader_core.cpp:266:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((void*)_calibration, (void*)&rad.level1_5ImageCalibration,sizeof(_calibration));
data/gdal-3.0.4+dfsg/frmts/msgn/msg_reader_core.h:138:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char _bands[MSG_NUM_CHANNELS];
data/gdal-3.0.4+dfsg/frmts/msgn/msgndataset.cpp:105:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char band_description[30];
data/gdal-3.0.4+dfsg/frmts/msgn/msgndataset.cpp:447:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char band_map[MSG_NUM_CHANNELS+1];   // map GDAL band numbers to MSG channels
data/gdal-3.0.4+dfsg/frmts/msgn/msgndataset.cpp:514:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tagname[30];
data/gdal-3.0.4+dfsg/frmts/msgn/msgndataset.cpp:515:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char field[300];
data/gdal-3.0.4+dfsg/frmts/netcdf/gmtdataset.cpp:217:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfTransform, adfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:755:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTempPrivate[256 + 1];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:1303:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szVarName[NC_MAX_NAME + 1] = {};
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:1348:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szMetaName[NC_MAX_NAME + 1 + 32];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:1367:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szMetaTemp[256] = {};
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:1490:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szMetaName[NC_MAX_NAME + 1] = {};
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:2428:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szDimNameX[NC_MAX_NAME + 1];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:3583:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char szUnits[NC_MAX_NAME+1];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:3886:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szGeolocXName[NC_MAX_NAME + 1];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:3887:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szGeolocYName[NC_MAX_NAME + 1];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:4002:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTemp[ NC_MAX_NAME + 1 + 32 ] = {};
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:4106:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(adfGeoTransform, padfTransform, sizeof(double)*6);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:4399:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nBand = std::max(1, atoi(CSLFetchNameValueDef(
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:4402:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nBand = std::max(1, atoi(CSLFetchNameValueDef(papszGeolocationInfo,
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:5092:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(padfTransform, adfGeoTransform, sizeof(double) * 6);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:5125:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szAttrName[NC_MAX_NAME + 1];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:5169:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szVarStdName[NC_MAX_NAME + 1];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:5265:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szTemp[NC_MAX_NAME + 1];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:5587:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szName[NC_MAX_NAME + 1];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:5890:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szDimName[NC_MAX_NAME + 1];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:5925:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szVarName[NC_MAX_NAME + 1];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:6039:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szGroupName[NC_MAX_NAME + 1];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:6064:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szGroupName[NC_MAX_NAME + 1];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:6253:56:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                        NC_UNLIMITED : atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:6606:54:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                            static_cast<signed char>(atoi(osVal));
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:6613:48:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                            static_cast<short>(atoi(osVal));
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:6620:46:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                            static_cast<int>(atoi(osVal));
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:6745:57:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                                        atoi(papszTokens[i]));
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:7130:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szConventions[NC_MAX_NAME + 1];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:7285:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szDimName1[NC_MAX_NAME + 1] = {};
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:7286:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szDimName2[NC_MAX_NAME + 1] = {};
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:7314:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szDimName3[NC_MAX_NAME + 1] = {};
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:7319:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szDimName4[NC_MAX_NAME + 1] = {};
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:7442:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szTemp[NC_MAX_NAME + 1] = {};
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:7507:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szDimName[NC_MAX_NAME + 1] = {};
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:7540:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        char szExtraDimDef[NC_MAX_NAME + 1];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:7543:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        char szTemp[NC_MAX_NAME + 32 + 1];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:7580:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        atoi(CPLGetConfigOption("GDAL_MAX_BAND_COUNT", "32768"));
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:8083:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szTemp[NC_MAX_NAME + 32 + 1];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:8088:37:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            const size_t nDimSize = atol(papszExtraDimValues[0]);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:8126:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szTemp[NC_MAX_NAME + 32 + 1];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:8131:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            const int nDimSize = atoi(papszExtraDimValues[0]);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:8133:45:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nVarType = static_cast<nc_type>(atol(papszExtraDimValues[1]));
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:8199:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szTemp[NC_MAX_NAME + 32 + 1];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:8226:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBandName[NC_MAX_NAME + 1];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:8241:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szLongName[NC_MAX_NAME + 1];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:8477:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nZLevel = atoi(pszValue);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:8588:45:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                chunksize[nd - 1] = (size_t)atoi(pszBlockXSize);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:8592:45:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                chunksize[nd - 2] = (size_t)atoi(pszBlockYSize);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:8812:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nVersions[iToken] = atoi(papszTokens[iToken]);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:8874:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char strtime[32];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:9232:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTemp[256];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:9480:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szTemp[256];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:9512:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szTemp[256];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:9687:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTemp[256];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:9703:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTemp[256];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:9719:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTemp[256];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:9735:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTemp[256];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:9752:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTemp[256];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:9787:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTemp[256];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:9805:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTemp[256];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:9823:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTemp[256];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:9840:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTemp[256];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:9857:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTemp[256];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:10538:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szVarName[NC_MAX_NAME + 1];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:10541:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(szVarName, "NC_GLOBAL");
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:10772:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTemp[NC_MAX_NAME + 1];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:10820:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char szDimNameX[NC_MAX_NAME + 1];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:10821:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char szDimNameY[NC_MAX_NAME + 1];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:10861:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char szInstanceDimension[NC_MAX_NAME + 1];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:11159:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szTemp2[NC_MAX_NAME + 1] = {};
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdflayer.cpp:116:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nVal = atoi(oAtt.m_osValue);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdflayer.cpp:141:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    m_nDefaultWidth = atoi(
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdflayer.cpp:190:47:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        : static_cast<size_t>(atoi(pszProfileInitSize));
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdflayer.cpp:366:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            m_nWKTMaxWidth = atoi(CSLFetchNameValueDef(
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdflayer.cpp:491:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTemp[NC_MAX_NAME + 1];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdflayer.cpp:589:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szVarName[NC_MAX_NAME + 1];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdflayer.cpp:685:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTemp[NC_MAX_NAME + 1];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdflayer.cpp:797:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szVal[2] = { 0, 0 };
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdflayer.cpp:814:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char *pszVal = (char *)CPLCalloc(1, anCount[1] + 1);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdflayer.cpp:1117:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            pszWKT = (char *)CPLCalloc(1, anCount[1] + 1);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdflayer.cpp:1717:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szName[NC_MAX_NAME + 1];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdflayer.cpp:1750:53:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nodata.chVal = static_cast<signed char>(atoi(pszValue));
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdflayer.cpp:1763:56:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nodata.uchVal = static_cast<unsigned char>(atoi(pszValue));
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdflayer.cpp:1801:46:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nodata.sVal = static_cast<short>(atoi(pszValue));
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdflayer.cpp:1814:56:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nodata.usVal = static_cast<unsigned short>(atoi(pszValue));
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdflayer.cpp:1827:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nodata.nVal = atoi(pszValue);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdflayer.cpp:1966:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nWidth = atoi(pszValue);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdflayer.cpp:1975:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nPrecision = atoi(pszValue);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdflayer.cpp:2096:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szDimName[NC_MAX_NAME + 1];
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdflayer.cpp:2206:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            signed char anRange[2] = { 0, 1 };
data/gdal-3.0.4+dfsg/frmts/ngsgeoid/ngsgeoiddataset.cpp:188:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&nIKIND, pBuffer + HEADER_SIZE - 4, 4);
data/gdal-3.0.4+dfsg/frmts/ngsgeoid/ngsgeoiddataset.cpp:196:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nIKIND, pBuffer + HEADER_SIZE - 4, 4);
data/gdal-3.0.4+dfsg/frmts/ngsgeoid/ngsgeoiddataset.cpp:209:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&dfSLAT, pBuffer, 8);
data/gdal-3.0.4+dfsg/frmts/ngsgeoid/ngsgeoiddataset.cpp:221:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&dfWLON, pBuffer, 8);
data/gdal-3.0.4+dfsg/frmts/ngsgeoid/ngsgeoiddataset.cpp:233:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&dfDLAT, pBuffer, 8);
data/gdal-3.0.4+dfsg/frmts/ngsgeoid/ngsgeoiddataset.cpp:245:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&dfDLON, pBuffer, 8);
data/gdal-3.0.4+dfsg/frmts/ngsgeoid/ngsgeoiddataset.cpp:257:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&nNLAT, pBuffer, 4);
data/gdal-3.0.4+dfsg/frmts/ngsgeoid/ngsgeoiddataset.cpp:269:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&nNLON, pBuffer, 4);
data/gdal-3.0.4+dfsg/frmts/ngsgeoid/ngsgeoiddataset.cpp:384:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(padfTransform, adfGeoTransform, 6 * sizeof(double));
data/gdal-3.0.4+dfsg/frmts/nitf/ecrgtocdataset.cpp:110:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(padfGeoTransform, adfGeoTransform, 6 * sizeof(double));
data/gdal-3.0.4+dfsg/frmts/nitf/ecrgtocdataset.cpp:203:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szName[80];
data/gdal-3.0.4+dfsg/frmts/nitf/mgrs.c:162:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char   MGRS_Ellipsoid_Code[3] = {'W','E',0};
data/gdal-3.0.4+dfsg/frmts/nitf/mgrs.c:405:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    i = sprintf (MGRS+i,"%2.2ld",Zone);
data/gdal-3.0.4+dfsg/frmts/nitf/mgrs.c:407:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(MGRS, "  ", 2);  // 2 spaces
data/gdal-3.0.4+dfsg/frmts/nitf/mgrs.c:416:8:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  i += sprintf (MGRS+i, "%*.*ld", (int) Precision, (int) Precision, east);
data/gdal-3.0.4+dfsg/frmts/nitf/mgrs.c:421:12:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  /*i += */sprintf (MGRS+i, "%*.*ld", (int) Precision, (int) Precision, north);
data/gdal-3.0.4+dfsg/frmts/nitf/mgrs.c:459:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char zone_string[3];
data/gdal-3.0.4+dfsg/frmts/nitf/mgrs.c:498:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char east_string[6];
data/gdal-3.0.4+dfsg/frmts/nitf/mgrs.c:499:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char north_string[6];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfaridpcm.cpp:266:24:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
decode_block( unsigned char *srcdata, int nInputBytes,
data/gdal-3.0.4+dfsg/frmts/nitf/nitfaridpcm.cpp:394:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char L00[1000];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfaridpcm.cpp:521:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyOutputImage + iY * psImage->nBlockWidth,
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:311:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szField[11] = { 0 };
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:508:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nIMIndex = atoi(pszFilename);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:1036:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    zone=atoi(&(papszLines[8][6]));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:1311:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szIMODE[2];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:1439:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szValue[1280];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:1519:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szValue[1280];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:1734:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szExpanded[6];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:1828:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szParm[16];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:1835:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nParmCount = atoi(NITFGetField(szParm,pszPRJPSB,82,1));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:1934:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szName[81];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:1995:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( adfGeoTransform, adfGT, sizeof(double)*6 );
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:2065:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfGeoTransform, adfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:2084:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( adfGeoTransform, padfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:2417:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char buffer[20];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:2493:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szTemp[100];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:2494:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szTag[7];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:2496:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nThisTRESize = atoi(NITFGetField(szTemp, pszTREData, 6, 5 ));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:2575:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fieldHL[7];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:2581:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(fieldHL, pszFieldHL, 6);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:2583:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nHeaderLen = atoi(fieldHL);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:2652:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[20];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:2901:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szTemp[100];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:2902:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szTag[7];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:2903:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            const int nThisTRESize = atoi(NITFGetField(szTemp, pszTREData, 6, 5 ));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:2944:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szUniqueTag[32];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:2975:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTREName[7];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:3002:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szUniqueTag[32];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:3971:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nNUMS = atoi(pszNUMS);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:4447:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szGEOLOB[48+1];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:4467:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char szGEOPSB[443+1];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:4470:38:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    #define WRITE_STR_NOSZ(dst, src) memcpy(dst, src, strlen(src))
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:4650:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nBlockXSize = atoi(
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:4652:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nBlockYSize = atoi(
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:4682:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nBlockXSize = atoi(
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:4684:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nBlockYSize = atoi(
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5099:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char achNUM[4]; // buffer for segment size.  3 digits plus null character
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5102:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nIM = atoi(achNUM); // number of image segment
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5107:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nGS = atoi(achNUM); // number of graphic segment
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5112:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nTS = atoi(achNUM); // number of text segment
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5124:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char achNICOM[2];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5127:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nNICOM = atoi(achNICOM);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5131:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szICBuf[2];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5147:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szCOMRAT[5];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5162:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( szCOMRAT, "00.0" );
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5184:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char errorMessage[255] = "";
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5196:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nNUMS = atoi(pszNUMS);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5208:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char achNUMI[4]; // 3 digits plus null character
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5215:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nIM = atoi(achNUMI);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5227:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char achNUMS[4];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5233:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if( !bOK || atoi(achNUMS) != nNUMS )
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5257:40:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    #define PLACE(location,name,text)  memcpy(location,text,strlen(text))
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5301:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int nSlocCol = atoi(pszSlocRow);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5302:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int nSlocRow = atoi(pszSlocCol);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5303:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int nSdlvl = atoi(pszSdlvl);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5304:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int nSalvl = atoi(pszSalvl);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5308:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char achGSH[258];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5439:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char achNUMI[4]; // 3 digits plus null character
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5445:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nIM = atoi(achNUMI);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5447:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char achNUMG[4]; // 3 digits plus null character
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5454:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nGS = atoi(achNUMG);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5466:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char achNUMT[4];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5475:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if( !bOK || atoi(achNUMT) != nNUMT )
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5503:36:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define PLACE(location,name,text)  memcpy(location,text,strlen(text))
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5553:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char achTSH[282];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5571:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char achYear[3];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5576:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                const int nYear = atoi(achYear);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5583:33:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                if (nYear > 94) memcpy(achNewDate,"19",2);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5584:22:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                else memcpy(achNewDate,"20",2);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5586:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(achNewDate+6, achOrigDate,8); // copy cover DDhhmmss
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5587:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(achNewDate+2, achOrigDate+12,2); // copy over years
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5593:55:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                if (STARTS_WITH(pszOrigMonth, "JAN")) memcpy(pszNewMonth,"01",2);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5594:60:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                else if (STARTS_WITH(pszOrigMonth, "FEB")) memcpy(pszNewMonth,"02",2);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5595:60:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                else if (STARTS_WITH(pszOrigMonth, "MAR")) memcpy(pszNewMonth,"03",2);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5596:60:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                else if (STARTS_WITH(pszOrigMonth, "APR")) memcpy(pszNewMonth,"04",2);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5597:60:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                else if (STARTS_WITH(pszOrigMonth, "MAY")) memcpy(pszNewMonth,"05",2);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5598:60:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                else if (STARTS_WITH(pszOrigMonth, "JUN")) memcpy(pszNewMonth,"07",2);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5599:60:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                else if (STARTS_WITH(pszOrigMonth, "AUG")) memcpy(pszNewMonth,"08",2);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5600:60:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                else if (STARTS_WITH(pszOrigMonth, "SEP")) memcpy(pszNewMonth,"09",2);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5601:60:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                else if (STARTS_WITH(pszOrigMonth, "OCT")) memcpy(pszNewMonth,"10",2);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5602:60:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                else if (STARTS_WITH(pszOrigMonth, "NOV")) memcpy(pszNewMonth,"11",2);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5603:60:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                else if (STARTS_WITH(pszOrigMonth, "DEC")) memcpy(pszNewMonth,"12",2);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5756:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nQuality = atoi(CSLFetchNameValue(papszOptions,"QUALITY"));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5769:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nRestartInterval = atoi(CSLFetchNameValue(papszOptions,"RESTART_INTERVAL"));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5783:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nNPPBH = atoi(CSLFetchNameValue( papszOptions, "BLOCKXSIZE" ));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5786:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nNPPBV = atoi(CSLFetchNameValue( papszOptions, "BLOCKYSIZE" ));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5789:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nNPPBH = atoi(CSLFetchNameValue( papszOptions, "NPPBH" ));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5792:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nNPPBV = atoi(CSLFetchNameValue( papszOptions, "NPPBV" ));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5809:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(abyAPP6, "NITF", 4);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5816:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(abyAPP6 + nOffset, &nUInt16, sizeof(nUInt16));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5826:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(abyAPP6 + nOffset, &nUInt16, sizeof(nUInt16));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5832:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(abyAPP6 + nOffset, &nUInt16, sizeof(nUInt16));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:6133:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szFieldDescription[128];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:6136:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                apszFieldsBLOCKA[i], atoi(apszFieldsBLOCKA[i+2]));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdes.c:50:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char       szDESID[26];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdes.c:192:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nDESSHL = atoi(CSLFetchNameValue( psDES->papszMetadata, "NITF_DESSHL" ) );
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdes.c:330:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nNumAtt = atoi(CSLFetchNameValueDef(psDES->papszMetadata, "NITF_NUM_ATT", "0"));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdes.c:343:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        char szAttrNameValue[64+1+256+1];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdes.c:347:29:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                            memcpy(&dfVal, pachDataIter, 8);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdes.c:400:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                     char szTREName[7],
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdes.c:404:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTREHeader[12];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdes.c:405:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTRETempName[7];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdes.c:447:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(szTRETempName, szTREHeader, 6);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdes.c:450:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nTRESize = atoi(szTREHeader + 6);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdes.c:524:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    anOffset[0] = atoi(CSLFetchNameValue(psDES->papszMetadata, "NITF_SHAPE1_START"));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdes.c:526:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    anOffset[1] = atoi(CSLFetchNameValue(psDES->papszMetadata, "NITF_SHAPE2_START"));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdes.c:528:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    anOffset[2] = atoi(CSLFetchNameValue(psDES->papszMetadata, "NITF_SHAPE3_START"));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdump.c:60:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pszTarget, pszSource + nStart, nLength );
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdump.c:225:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char         szTemp[100];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdump.c:284:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                int nThisTRESize = atoi(NITFGetField(szTemp, pszTREData, 6, 5 ));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdump.c:306:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    int nThisTRESize = atoi(NITFGetField(szTemp, pszTREData, 6, 5 ));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdump.c:412:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    int nThisTRESize = atoi(NITFGetField(szTemp, pszTREData, 6, 5 ));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdump.c:434:44:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        int nThisTRESize = atoi(NITFGetField(szTemp, pszTREData, 6, 5 ));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdump.c:516:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char achSubheader[298];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdump.c:627:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szTREName[7];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdump.c:701:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szFilename[32];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdump.c:702:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szRadix[32];
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:53:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        const char szType[3],
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:96:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        szTemp[128], achFSDWNG[6];
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:146:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nHeaderLen = atoi(szTemp);
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:204:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szWork[100];
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:292:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int SFHL2 = atoi((const char*)(abyDELIM2_L2 + 4));
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:370:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        atoi(NITFGetField( szTemp, pachHeader, nOffset, 5 ));
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:403:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( psFile->pachTRE, pachHeader + nOffset,
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:413:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(NITFGetField( szTemp, pachHeader, nOffset, 5 ));
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:447:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( psFile->pachTRE, pachHeader + nOffset, nXHDL );
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:575:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nNUMT = atoi(pszNUMT);
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:587:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nIM = atoi(pszNUMI);
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:606:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nGS = atoi(pszNUMS);
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:624:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nNPPBH = atoi(CSLFetchNameValue( papszOptions, "BLOCKXSIZE" ));
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:627:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nNPPBV = atoi(CSLFetchNameValue( papszOptions, "BLOCKYSIZE" ));
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:630:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nNPPBH = atoi(CSLFetchNameValue( papszOptions, "NPPBH" ));
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:633:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nNPPBV = atoi(CSLFetchNameValue( papszOptions, "NPPBV" ));
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:1079:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nCount = atoi(CSLFetchNameValue(papszOptions,"LUT_SIZE"));
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:1236:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTemp[12];
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:1246:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nOldOffset = atoi(szTemp);
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:1376:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        atoi(CSLFetchNameValue( papszOptions, "BLOCKA_BLOCK_COUNT" ));
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:1384:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBLOCKA[123];
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:1392:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szFullFieldName[64];
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:1393:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int  iStart = atoi(apszFields[iField*3+1]);
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:1394:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int  iSize = atoi(apszFields[iField*3+2]);
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:1416:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( szBLOCKA + iStart + (iSize - (int)strlen(pszValue)),
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:1421:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( szBLOCKA + 118, "010.0", 5);
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:1442:82:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
NITFCollectSegmentInfo( NITFFile *psFile, int nFileHeaderLen, int nOffset, const char szType[3],
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:1446:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTemp[12];
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:1460:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nCount = atoi(szTemp);
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:1500:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(NITFGetField(szTemp, psFile->pachHeader,
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:1547:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pszTarget, pszSource + nStart, nLength );
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:1561:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTemp[100];
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:1565:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nThisTRESize = atoi(NITFGetField(szTemp, pszTREData, 6, 5 ));
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:1615:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTemp[100];
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:1619:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nThisTRESize = atoi(NITFGetField(szTemp, pszTREData, 6, 5 ));
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:1674:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szWork[400];
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:1689:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pszWork, pachHeader + nStart, nLength );
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:1932:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char seriesCode[3] = {0,0,0};
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:1995:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char achSubheader[298];
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:1997:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szTemp[100];
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:2021:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            psSegInfo->nDLVL = atoi(NITFGetField(szTemp,achSubheader,
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:2023:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            psSegInfo->nALVL = atoi(NITFGetField(szTemp,achSubheader,
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:2025:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            psSegInfo->nLOC_R = atoi(NITFGetField(szTemp,achSubheader,
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:2027:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            psSegInfo->nLOC_C = atoi(NITFGetField(szTemp,achSubheader,
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:2155:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nLength = atoi(pszLength);
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:2166:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        nLength = atoi(pszLengthValue);
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:2178:47:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                    nLength = atoi(pszEqual + 1);
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:2270:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nIterations = atoi(NITFFindValFromEnd(papszMD, *pnMDSize, pszMDItemName, "-1"));
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:2284:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nIterations = atoi(pszIterations);
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:2291:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                int NPART = atoi(NITFFindValFromEnd(papszMD, *pnMDSize, pszMDItemName, "-1"));
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:2309:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                int NUMOPG = atoi(NITFFindValFromEnd(papszMD, *pnMDSize, pszMDItemName, "-1"));
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:2327:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                int NPAR = atoi(NITFFindValFromEnd(papszMD, *pnMDSize, pszMDNPARName, "-1"));
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:2330:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                int NPARO= atoi(NITFFindValFromEnd(papszMD, *pnMDSize, pszMDNPAROName, "-1"));
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:2358:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                int NPLN = atoi(NITFFindValFromEnd(papszMD, *pnMDSize, pszMDItemName, "-1"));
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:2376:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                int NXPTS = atoi(NITFFindValFromEnd(papszMD, *pnMDSize, pszMDNPARName, "-1"));
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:2379:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                int NYPTS= atoi(NITFFindValFromEnd(papszMD, *pnMDSize, pszMDNPAROName, "-1"));
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:2432:49:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                            bHasValidPercentD = atoi(pszPercent + 1) <= 10;
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:2554:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(pszCondVar, pszCond, pszEqual - pszCond);
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:2668:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nTreLength = atoi(CPLGetXMLValue(psTreNode, "length", "-1"));
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:2669:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nTreMinLength = atoi(CPLGetXMLValue(psTreNode, "minlength", "-1"));
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:2804:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nTreLength = atoi(CPLGetXMLValue(psTreNode, "length", "-1"));
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:2805:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nTreMinLength = atoi(CPLGetXMLValue(psTreNode, "minlength", "-1"));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:74:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char       szTemp[128];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:226:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        psImage->nRows = atoi(NITFGetField(szTemp,pachHeader,nOffset,8));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:227:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        psImage->nCols = atoi(NITFGetField(szTemp,pachHeader,nOffset+8,8));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:235:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        psImage->nABPP = atoi(NITFGetField(szTemp,pachHeader,nOffset+35,2));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:281:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    atoi(NITFGetField( szTemp, pszCoordPair, 0, 2 ));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:360:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nNICOM = atoi(NITFGetField( szTemp, pachHeader, nOffset++, 1));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:391:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    psImage->nBands = atoi(NITFGetField(szTemp,pachHeader,nOffset,1));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:399:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        psImage->nBands = atoi(NITFGetField(szTemp,pachHeader,nOffset,5));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:439:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nLUTS = atoi(NITFGetField( szTemp, pachHeader, nOffset, 1 ));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:446:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(NITFGetField( szTemp, pachHeader, nOffset, 5 ));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:467:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( psBandInfo->pabyLUT, pachHeader + nOffset,
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:473:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( psBandInfo->pabyLUT+256, pachHeader + nOffset,
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:477:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( psBandInfo->pabyLUT+512, pachHeader + nOffset,
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:495:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( psBandInfo->pabyLUT+256, pachHeader + nOffset,
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:528:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( psBandInfo->pabyLUT+256, psBandInfo->pabyLUT, 256 );
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:529:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( psBandInfo->pabyLUT+512, psBandInfo->pabyLUT, 256 );
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:564:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(NITFGetField(szTemp, pachHeader, nOffset+2, 4));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:566:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(NITFGetField(szTemp, pachHeader, nOffset+6, 4));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:568:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(NITFGetField(szTemp, pachHeader, nOffset+10, 4));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:570:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(NITFGetField(szTemp, pachHeader, nOffset+14, 4));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:586:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(NITFGetField(szTemp, pachHeader, nOffset+18, 2));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:595:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        psImage->nIDLVL = atoi(NITFGetField(szTemp,pachHeader, nOffset+0, 3));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:596:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        psImage->nIALVL = atoi(NITFGetField(szTemp,pachHeader, nOffset+3, 3));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:597:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        psImage->nILOCRow = atoi(NITFGetField(szTemp,pachHeader,nOffset+6,5));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:599:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(NITFGetField(szTemp,pachHeader, nOffset+11,5));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:601:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( psImage->szIMAG, pachHeader+nOffset+16, 4 );
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:646:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nUserTREBytes = atoi(NITFGetField( szTemp, pachHeader, nOffset, 5 ));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:656:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( psImage->pachTRE, pachHeader + nOffset + 3,
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:675:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nExtendedTREBytes = atoi(NITFGetField(szTemp,pachHeader,nOffset,5));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:687:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( psImage->pachTRE + psImage->nTREBytes,
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:1201:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( pabyTarget, psImage->apanVQLUT[t] + val1, 4 );
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:1202:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( pabyTarget+4, psImage->apanVQLUT[t] + val2, 4);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:1366:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( pabyDst + iPixel * psImage->nWordSize,
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:1562:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    else if( atoi(psImage->szIC + 1) > 0 )
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:1745:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyDst + iPixel * psImage->nWordSize,
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:1865:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyDst + iPixel * psImage->nPixelOffset,
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:1978:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szIGEOLO[61];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:2289:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTemp[12+2+1];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:2332:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pszBuffer, szTemp, strlen(szTemp)+1);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:2353:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTemp[24];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:2695:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTemp[100];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:2703:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    psRPC->SUCCESS = atoi(NITFGetField(szTemp, pachTRE, 0, 1 ));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:2759:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTemp[32];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:2788:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    psICHIP->XFRM_FLAG = atoi(NITFGetField(szTemp, pachTRE, 0, 2 ));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:2800:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        psICHIP->ANAMORPH_CORR = atoi(NITFGetField(szTemp, pachTRE, 12, 2 ));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:2801:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        psICHIP->SCANBLK_NUM = atoi(NITFGetField(szTemp, pachTRE, 14, 2 ));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:2827:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        psICHIP->FI_ROW = atoi(NITFGetField(szTemp, pachTRE, 208, 8 ));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:2828:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        psICHIP->FI_COL = atoi(NITFGetField(szTemp, pachTRE, 216, 8 ));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:2863:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTemp[128];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:2930:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTemp[128];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:2992:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char       szTemp[128];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:3028:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nBlockaLines = atoi(NITFGetField( szTemp, pachTRE, 7, 5 ));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:3075:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char       szTemp[128];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:3103:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        double dfARV = atoi(NITFGetField( szTemp, pachTRE, 0, 9 ));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:3104:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        double dfBRV = atoi(NITFGetField( szTemp, pachTRE, 9, 9 ));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:3157:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &nAttrOffset, pabyOffsetRec+4, 4 );
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:3172:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyBuffer, pabyAttributeSubsection + nAttrOffset, nBytesToFetch );
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:3660:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTempFileName[32];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:3696:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char achHeaderChunk[1000];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:3984:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTemp[128];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:4027:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nNICOM = atoi(NITFGetField(szTemp,psImage->pachHeader,
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:4264:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        szTemp[100];
data/gdal-3.0.4+dfsg/frmts/nitf/nitflib.h:42:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szSegmentType[3]; /* one of "IM", ... */
data/gdal-3.0.4+dfsg/frmts/nitf/nitflib.h:63:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    szVersion[10];
data/gdal-3.0.4+dfsg/frmts/nitf/nitflib.h:104:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char      szIREPBAND[3];
data/gdal-3.0.4+dfsg/frmts/nitf/nitflib.h:105:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char      szISUBCAT[7];
data/gdal-3.0.4+dfsg/frmts/nitf/nitflib.h:148:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char       szPVType[4];
data/gdal-3.0.4+dfsg/frmts/nitf/nitflib.h:149:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char       szIREP[9];
data/gdal-3.0.4+dfsg/frmts/nitf/nitflib.h:150:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char       szICAT[9];
data/gdal-3.0.4+dfsg/frmts/nitf/nitflib.h:168:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char       szIC[3];
data/gdal-3.0.4+dfsg/frmts/nitf/nitflib.h:169:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char       szCOMRAT[5];
data/gdal-3.0.4+dfsg/frmts/nitf/nitflib.h:175:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char       szIMAG[5];
data/gdal-3.0.4+dfsg/frmts/nitf/nitflib.h:259:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                    char szTREName[7],
data/gdal-3.0.4+dfsg/frmts/nitf/nitfrasterband.cpp:517:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pImage,
data/gdal-3.0.4+dfsg/frmts/nitf/nitfrasterband.cpp:691:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szPadded[4];
data/gdal-3.0.4+dfsg/frmts/nitf/nitfrasterband.cpp:777:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(abyTempData, pData, n);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfrasterband.cpp:845:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(pData, pUnpackData, n);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfrasterband.cpp:881:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(pData, pUnpackData, n);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfrasterband.cpp:905:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(pData, pUnpackData, n);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfrasterband.cpp:941:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(pData, pUnpackData, n);
data/gdal-3.0.4+dfsg/frmts/nitf/rpftocdataset.cpp:116:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(padfGeoTransform, adfGeoTransform, 6 * sizeof(double));
data/gdal-3.0.4+dfsg/frmts/nitf/rpftocdataset.cpp:125:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(adfGeoTransform, padfGeoTransform, 6 * sizeof(double));
data/gdal-3.0.4+dfsg/frmts/nitf/rpftocdataset.cpp:221:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(cachedTileData, pData, dataSize);
data/gdal-3.0.4+dfsg/frmts/nitf/rpftocdataset.cpp:299:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char colorTable[256];
data/gdal-3.0.4+dfsg/frmts/nitf/rpftocdataset.cpp:472:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char remapLUT[256];
data/gdal-3.0.4+dfsg/frmts/nitf/rpftocdataset.cpp:696:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szName[80];
data/gdal-3.0.4+dfsg/frmts/nitf/rpftocdataset.cpp:1018:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[48];
data/gdal-3.0.4+dfsg/frmts/nitf/rpftocdataset.cpp:1057:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[48];
data/gdal-3.0.4+dfsg/frmts/nitf/rpftocfile.cpp:131:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&locationSectionPhysicalLocation, tocHeader, sizeof(unsigned int));
data/gdal-3.0.4+dfsg/frmts/nitf/rpftocfile.cpp:334:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                 atoi(CPLGetConfigOption("RPFTOC_MAX_FRAME_COUNT", "1000000")) )
data/gdal-3.0.4+dfsg/frmts/nitf/rpftocfile.cpp:341:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                     atoi(CPLGetConfigOption("RPFTOC_MAX_FRAME_COUNT", "1000000")),
data/gdal-3.0.4+dfsg/frmts/nitf/rpftoclib.h:47:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char             filename[12+1];
data/gdal-3.0.4+dfsg/frmts/nitf/rpftoclib.h:48:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char             georef[6+1];
data/gdal-3.0.4+dfsg/frmts/nitf/rpftoclib.h:54:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char          type[5+1];
data/gdal-3.0.4+dfsg/frmts/nitf/rpftoclib.h:55:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char          compression[5+1];
data/gdal-3.0.4+dfsg/frmts/nitf/rpftoclib.h:56:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char          scale[12+1];
data/gdal-3.0.4+dfsg/frmts/nitf/rpftoclib.h:57:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char          zone[1+1];
data/gdal-3.0.4+dfsg/frmts/nitf/rpftoclib.h:58:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char          producer[5+1];
data/gdal-3.0.4+dfsg/frmts/northwood/grddataset.cpp:284:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(reinterpret_cast<void *>(pabyRecord + 2 * i),
data/gdal-3.0.4+dfsg/frmts/northwood/grddataset.cpp:338:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(reinterpret_cast<void *>(&raw1),
data/gdal-3.0.4+dfsg/frmts/northwood/grddataset.cpp:351:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(reinterpret_cast<void *>(&raw1),
data/gdal-3.0.4+dfsg/frmts/northwood/grddataset.cpp:359:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(reinterpret_cast<void *>(&raw1),
data/gdal-3.0.4+dfsg/frmts/northwood/grddataset.cpp:367:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(reinterpret_cast<void *>(&raw1),
data/gdal-3.0.4+dfsg/frmts/northwood/grddataset.cpp:560:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nBandsToCreate = atoi(CSLFetchNameValueDef(poOpenInfo->papszOpenOptions, "BAND_COUNT", "4"));
data/gdal-3.0.4+dfsg/frmts/northwood/grddataset.cpp:912:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        poDS->pGrd->style.iBrightness = atoi(
data/gdal-3.0.4+dfsg/frmts/northwood/grddataset.cpp:919:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        poDS->pGrd->style.iContrast = atoi(
data/gdal-3.0.4+dfsg/frmts/northwood/grddataset.cpp:926:42:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        poDS->pGrd->style.iTransColour = atoi(
data/gdal-3.0.4+dfsg/frmts/northwood/grddataset.cpp:933:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        poDS->pGrd->style.iTranslucency = atoi(
data/gdal-3.0.4+dfsg/frmts/northwood/grddataset.cpp:999:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sMax[10] = {};
data/gdal-3.0.4+dfsg/frmts/northwood/grddataset.cpp:1000:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sMin[10] = {};
data/gdal-3.0.4+dfsg/frmts/northwood/northwood.cpp:50:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( reinterpret_cast<void *>( &pGrd->fVersion ),
data/gdal-3.0.4+dfsg/frmts/northwood/northwood.cpp:56:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( reinterpret_cast<void *>( &usTmp ),
data/gdal-3.0.4+dfsg/frmts/northwood/northwood.cpp:63:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( reinterpret_cast<void *>( &pGrd->nXSide ),
data/gdal-3.0.4+dfsg/frmts/northwood/northwood.cpp:71:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( reinterpret_cast<void *>( &usTmp ),
data/gdal-3.0.4+dfsg/frmts/northwood/northwood.cpp:78:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( reinterpret_cast<void *>( &pGrd->nYSide ),
data/gdal-3.0.4+dfsg/frmts/northwood/northwood.cpp:84:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( reinterpret_cast<void *>( &pGrd->dfMinX ),
data/gdal-3.0.4+dfsg/frmts/northwood/northwood.cpp:88:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( reinterpret_cast<void *>( &pGrd->dfMaxX ),
data/gdal-3.0.4+dfsg/frmts/northwood/northwood.cpp:92:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( reinterpret_cast<void *>( &pGrd->dfMinY ),
data/gdal-3.0.4+dfsg/frmts/northwood/northwood.cpp:96:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( reinterpret_cast<void *>( &pGrd->dfMaxY ),
data/gdal-3.0.4+dfsg/frmts/northwood/northwood.cpp:104:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( reinterpret_cast<void *>( &pGrd->fZMin ),
data/gdal-3.0.4+dfsg/frmts/northwood/northwood.cpp:108:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( reinterpret_cast<void *>( &pGrd->fZMax ),
data/gdal-3.0.4+dfsg/frmts/northwood/northwood.cpp:112:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( reinterpret_cast<void *>( &pGrd->fZMinScale ),
data/gdal-3.0.4+dfsg/frmts/northwood/northwood.cpp:116:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( reinterpret_cast<void *>( &pGrd->fZMaxScale ),
data/gdal-3.0.4+dfsg/frmts/northwood/northwood.cpp:121:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( reinterpret_cast<void *>( &pGrd->cDescription ),
data/gdal-3.0.4+dfsg/frmts/northwood/northwood.cpp:124:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( reinterpret_cast<void *>( &pGrd->cZUnits ),
data/gdal-3.0.4+dfsg/frmts/northwood/northwood.cpp:129:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( reinterpret_cast<void *>( &i ),
data/gdal-3.0.4+dfsg/frmts/northwood/northwood.cpp:143:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( reinterpret_cast<void *>( &pGrd->cMICoordSys ),
data/gdal-3.0.4+dfsg/frmts/northwood/northwood.cpp:159:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( reinterpret_cast<void *>( &pGrd->iNumColorInflections ),
data/gdal-3.0.4+dfsg/frmts/northwood/northwood.cpp:173:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( reinterpret_cast<void *>( &pGrd->stInflection[i].zVal ),
data/gdal-3.0.4+dfsg/frmts/northwood/northwood.cpp:176:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( reinterpret_cast<void *>( &pGrd->stInflection[i].r ),
data/gdal-3.0.4+dfsg/frmts/northwood/northwood.cpp:178:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( reinterpret_cast<void *>( &pGrd->stInflection[i].g ),
data/gdal-3.0.4+dfsg/frmts/northwood/northwood.cpp:180:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( reinterpret_cast<void *>( &pGrd->stInflection[i].b ),
data/gdal-3.0.4+dfsg/frmts/northwood/northwood.cpp:184:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( reinterpret_cast<void *>( &pGrd->fHillShadeAzimuth ),
data/gdal-3.0.4+dfsg/frmts/northwood/northwood.cpp:188:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( reinterpret_cast<void *>( &pGrd->fHillShadeAngle ),
data/gdal-3.0.4+dfsg/frmts/northwood/northwood.cpp:237:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char cTmp[256];
data/gdal-3.0.4+dfsg/frmts/northwood/northwood.cpp:244:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( reinterpret_cast<void *>( &psItem->usPixVal ),
data/gdal-3.0.4+dfsg/frmts/northwood/northwood.cpp:247:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( reinterpret_cast<void *>( &psItem->res1 ),
data/gdal-3.0.4+dfsg/frmts/northwood/northwood.cpp:249:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( reinterpret_cast<void *>( &psItem->r ),
data/gdal-3.0.4+dfsg/frmts/northwood/northwood.cpp:251:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( reinterpret_cast<void *>( &psItem->g ),
data/gdal-3.0.4+dfsg/frmts/northwood/northwood.cpp:253:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( reinterpret_cast<void *>( &psItem->b ),
data/gdal-3.0.4+dfsg/frmts/northwood/northwood.cpp:255:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( reinterpret_cast<void *>( &psItem->res2 ),
data/gdal-3.0.4+dfsg/frmts/northwood/northwood.cpp:257:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( reinterpret_cast<void *>( &psItem->usLen ),
data/gdal-3.0.4+dfsg/frmts/northwood/northwood.cpp:450:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char nwtHeader[1024];
data/gdal-3.0.4+dfsg/frmts/northwood/northwood.h:34:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#define VSIFOpenL   fopen
data/gdal-3.0.4+dfsg/frmts/northwood/northwood.h:81:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szClassName[256];
data/gdal-3.0.4+dfsg/frmts/northwood/northwood.h:104:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szFileName[256];
data/gdal-3.0.4+dfsg/frmts/northwood/northwood.h:121:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cDescription[32];        //??
data/gdal-3.0.4+dfsg/frmts/northwood/northwood.h:122:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cZUnits[32];                //??
data/gdal-3.0.4+dfsg/frmts/northwood/northwood.h:123:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cMICoordSys[256];
data/gdal-3.0.4+dfsg/frmts/null/nulldataset.cpp:289:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nXSize = atoi(CSLFetchNameValueDef(papszTokens, "width", "512"));
data/gdal-3.0.4+dfsg/frmts/null/nulldataset.cpp:290:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nYSize = atoi(CSLFetchNameValueDef(papszTokens, "height", "512"));
data/gdal-3.0.4+dfsg/frmts/null/nulldataset.cpp:291:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nBands = atoi(CSLFetchNameValueDef(papszTokens, "bands", "1"));
data/gdal-3.0.4+dfsg/frmts/openjpeg/openjpegdataset.cpp:493:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nThreads = atoi(pszThreads);
data/gdal-3.0.4+dfsg/frmts/openjpeg/openjpegdataset.cpp:1031:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(pDst + j*nBlockXSize,
data/gdal-3.0.4+dfsg/frmts/openjpeg/openjpegdataset.cpp:1519:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(adfGeoTransform, padfGeoTransform, 6* sizeof(double));
data/gdal-3.0.4+dfsg/frmts/openjpeg/openjpegdataset.cpp:2327:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&nTBox, poBox->GetType(), 4);
data/gdal-3.0.4+dfsg/frmts/openjpeg/openjpegdataset.cpp:2484:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        atoi(CSLFetchNameValueDef(papszOptions, "BLOCKXSIZE", "1024"));
data/gdal-3.0.4+dfsg/frmts/openjpeg/openjpegdataset.cpp:2486:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        atoi(CSLFetchNameValueDef(papszOptions, "BLOCKYSIZE", "1024"));
data/gdal-3.0.4+dfsg/frmts/openjpeg/openjpegdataset.cpp:2587:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nNumResolutions = atoi(pszResolutions);
data/gdal-3.0.4+dfsg/frmts/openjpeg/openjpegdataset.cpp:2682:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nCblockW = atoi(CSLFetchNameValueDef( papszOptions, "CODEBLOCK_WIDTH", "64" ));
data/gdal-3.0.4+dfsg/frmts/openjpeg/openjpegdataset.cpp:2683:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nCblockH = atoi(CSLFetchNameValueDef( papszOptions, "CODEBLOCK_HEIGHT", "64" ));
data/gdal-3.0.4+dfsg/frmts/openjpeg/openjpegdataset.cpp:2793:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nBits = atoi(CSLFetchNameValue(papszOptions,"NBITS"));
data/gdal-3.0.4+dfsg/frmts/openjpeg/openjpegdataset.cpp:2805:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nBits = atoi(poSrcDS->GetRasterBand(1)->GetMetadataItem( "NBITS",
data/gdal-3.0.4+dfsg/frmts/openjpeg/openjpegdataset.cpp:3083:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nVal = atoi(pszCodeBlockStyle);
data/gdal-3.0.4+dfsg/frmts/openjpeg/openjpegdataset.cpp:3145:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nPCRW = atoi(papszTokens[2*i]);
data/gdal-3.0.4+dfsg/frmts/openjpeg/openjpegdataset.cpp:3146:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nPCRH = atoi(papszTokens[2*i+1]);
data/gdal-3.0.4+dfsg/frmts/openjpeg/openjpegdataset.cpp:3443:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nCTComponentCount = atoi(CSLFetchNameValueDef(papszOptions, "CT_COMPONENTS", "0"));
data/gdal-3.0.4+dfsg/frmts/openjpeg/openjpegdataset.cpp:3556:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nResUnit = atoi(poSrcDS->GetMetadataItem("TIFFTAG_RESOLUTIONUNIT"));
data/gdal-3.0.4+dfsg/frmts/ozi/ozidataset.cpp:121:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&nVal, *pptr, 4);
data/gdal-3.0.4+dfsg/frmts/ozi/ozidataset.cpp:130:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&nVal, *pptr, 2);
data/gdal-3.0.4+dfsg/frmts/ozi/ozidataset.cpp:400:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(abyHeader, poOpenInfo->pabyHeader, 14);
data/gdal-3.0.4+dfsg/frmts/ozi/ozidataset.cpp:458:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(abyHeader2_Backup, abyHeader2, 40);
data/gdal-3.0.4+dfsg/frmts/ozi/ozidataset.cpp:489:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(abyHeader2, abyHeader2_Backup,40);
data/gdal-3.0.4+dfsg/frmts/pcidsk/ogrpcidsklayer.cpp:689:19:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                  memcpy( &(anList[0]), panList, 4 * anList.size() );
data/gdal-3.0.4+dfsg/frmts/pcidsk/pcidskdataset2.cpp:210:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int iClass = atoi(osKey.c_str() + 6);
data/gdal-3.0.4+dfsg/frmts/pcidsk/pcidskdataset2.cpp:285:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                atoi(strstr(osDefaultPCT.c_str(),"PCT:") + 4) );
data/gdal-3.0.4+dfsg/frmts/pcidsk/pcidskdataset2.cpp:291:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char abyPCT[768];
data/gdal-3.0.4+dfsg/frmts/pcidsk/pcidskdataset2.cpp:332:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            const int iClass = atoi(osKey.c_str() + 6);
data/gdal-3.0.4+dfsg/frmts/pcidsk/pcidskdataset2.cpp:449:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char abyPCT[768];
data/gdal-3.0.4+dfsg/frmts/pcidsk/pcidskdataset2.cpp:2052:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                int nBand = atoi(papszParmList[i] + 8 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cbandinterleavedchannel.cpp:196:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( ((char *) buffer) + pixel_size * i, 
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cbandinterleavedchannel.cpp:275:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( this_pixel, ((char *) buffer) + pixel_size * i, 
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cbandinterleavedchannel.cpp:356:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            link_segment = std::atoi( IHi2_filename.c_str() + 4 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cbandinterleavedchannel.cpp:360:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char link_filename[64];
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cbandinterleavedchannel.cpp:391:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int link_segment = std::atoi( IHi2_filename.c_str() + 4 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cbandinterleavedchannel.cpp:465:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        unsigned int seg_num = std::atoi(seg_str.c_str());
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cexternalchannel.cpp:73:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    exoff  = atoi(image_headerIn.Get( 250, 8 ));
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cexternalchannel.cpp:74:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    eyoff  = atoi(image_headerIn.Get( 258, 8 ));
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cexternalchannel.cpp:75:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    exsize = atoi(image_headerIn.Get( 266, 8 ));
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cexternalchannel.cpp:76:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    eysize = atoi(image_headerIn.Get( 274, 8 ));
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cexternalchannel.cpp:78:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    echannel = atoi(image_headerIn.Get( 282, 8 ));
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cexternalchannel.cpp:293:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( ((uint8*) buffer) + i_line * xsize * pixel_size, 
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cexternalchannel.cpp:331:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( ((uint8*) buffer) 
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cexternalchannel.cpp:370:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( ((uint8*) buffer) 
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cexternalchannel.cpp:409:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( ((uint8*) buffer) 
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cexternalchannel.cpp:524:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( temp_buffer 
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cexternalchannel.cpp:567:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( temp_buffer 
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cexternalchannel.cpp:611:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( temp_buffer 
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cexternalchannel.cpp:655:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( temp_buffer 
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cexternalchannel.cpp:723:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            link_segment = std::atoi( IHi2_filename.c_str() + 4 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cexternalchannel.cpp:727:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char link_filename[64];
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cexternalchannel.cpp:758:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int link_segment = std::atoi( IHi2_filename.c_str() + 4 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cpcidskchannel.cpp:152:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nFirst = atoi(first.c_str() + 10);
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cpcidskchannel.cpp:153:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nSecond = atoi(second.c_str() + 10);
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cpcidskchannel.cpp:181:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        overview_decimations.push_back( atoi(keys[i].c_str()+10) );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cpcidskchannel.cpp:230:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char  pseudo_filename[65];
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cpcidskchannel.cpp:233:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                 atoi(overview_infos[overview_index].c_str()) );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cpcidskchannel.cpp:283:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char resampling[17];
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cpcidskchannel.cpp:306:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char resampling[17];
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cpcidskchannel.cpp:315:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char new_info[48];
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cpcidskchannel.cpp:323:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char key[20];
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cpcidskchannel.cpp:468:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char current_time[17];
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cpcidskchannel.cpp:469:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char history[81];
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cpcidskchannel.cpp:476:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( history + 0, app.c_str(), MY_MIN(app.size(),7) );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cpcidskchannel.cpp:479:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( history + 8, message.c_str(), MY_MIN(message.size(),56) );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cpcidskchannel.cpp:480:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( history + 64, current_time, 16 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cpixelinterleavedchannel.cpp:114:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( buffer, pixel_buffer, pixel_size * win_xsize );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cpixelinterleavedchannel.cpp:205:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pixel_buffer, buffer, pixel_size * width );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/ctiledchannel.cpp:69:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    image = atoi(strstr(filename.c_str(),"SIS=") + 4);
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/ctiledchannel.cpp:234:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        tile_sizes[block][i] = atoi(target);
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/ctiledchannel.cpp:478:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( ((uint8 *) buffer) + iy * xsize * pixel_size,
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/ctiledchannel.cpp:580:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( oUncompressedData.buffer, buffer, 
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/ctiledchannel.cpp:754:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( dst + dst_offset, src + src_offset, 
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/ctiledchannel.cpp:877:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( oCompressedData.buffer + dst_offset, 
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/ctiledchannel.cpp:924:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        quality = atoi(compression.c_str() + 4);
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/cpcidskfile.cpp:370:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char type_str[4];
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/cpcidskfile.cpp:460:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    width = atoi(fh.Get(384,8));
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/cpcidskfile.cpp:461:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    height = atoi(fh.Get(392,8));
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/cpcidskfile.cpp:462:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    channel_count = atoi(fh.Get(376,8));
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/cpcidskfile.cpp:481:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int segment_block_count = atoi(fh.Get(456,8));
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/cpcidskfile.cpp:508:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            count_8u = atoi(fh.Get(464,4));
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/cpcidskfile.cpp:509:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            count_16s = atoi(fh.Get(468,4));
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/cpcidskfile.cpp:510:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            count_16u = atoi(fh.Get(472,4));
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/cpcidskfile.cpp:511:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            count_32r = atoi(fh.Get(476,4));
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/cpcidskfile.cpp:512:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            count_c16u = atoi(fh.Get(480,4));
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/cpcidskfile.cpp:513:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            count_c16s = atoi(fh.Get(484,4));
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/cpcidskfile.cpp:514:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            count_c32r = atoi(fh.Get(488,4));
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/cpcidskfile.cpp:1032:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( segptr.buffer, segment_pointers.buffer+(segment-1)*32, 32);
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/cpcidskfile.cpp:1054:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( segptr.buffer, segment_pointers.buffer+(segment-1)*32, 32);
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/cpcidskfile.cpp:1107:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( segment_pointers.buffer+(segment-1)*32, segptr.buffer, 32);
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/cpcidskfile.cpp:1118:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char current_time[17];
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/cpcidskfile.cpp:1374:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char overview_md_key[128];
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/cpcidskfile.cpp:1375:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char overview_md_value[128];
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/libjpeg_io.cpp:63:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[256];
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidsk_utils.cpp:61:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            ctime_out[25];
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidsk_utils.cpp:250:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char test_char_value[2];
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidsk_utils.cpp:252:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( test_char_value, &test_value, 2 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidsk_utils.cpp:288:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        block_size = atoi(next_text);
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidsk_utils.cpp:444:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char value[64];
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidsk_utils.cpp:614:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szModestBuffer[500];
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidsk_utils.cpp:652:17:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                strcpy( pszWorkBuffer, "(message too large)" );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidskbuffer.cpp:66:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( buffer, src, size );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidskbuffer.cpp:170:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    return atoi(value_str.c_str());
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidskbuffer.cpp:227:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( buffer + offset, value, v_size );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidskbuffer.cpp:242:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( buffer + offset, pszValue, 8 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidskbuffer.cpp:252:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fmt[64];
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidskbuffer.cpp:253:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char wrk[128];
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidskbuffer.cpp:272:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char wrk[128];
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidskbuffer.cpp:292:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( buffer, src.buffer, buffer_size );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidskcreate.cpp:240:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char current_time[17];
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidskcreate.cpp:389:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char sis_filename[65];
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidskcreate.cpp:511:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char ext[5];
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidskexception.cpp:154:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szModestBuffer[500];
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidskexception.cpp:192:17:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                strcpy( pszWorkBuffer, "(message too large)" );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidskopen.cpp:76:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char header_check[6];
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/sysvirtualfile.cpp:245:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( block_data + offset_in_block,
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/sysvirtualfile.cpp:298:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( ((uint8 *) buffer) + buffer_offset,
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/pcidsk_gcp.h:196:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char gcp_id_[65];
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/pcidsk_pct.h:55:40:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        virtual void ReadPCT( unsigned char pct[768] ) = 0;
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/pcidsk_pct.h:66:41:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        virtual void WritePCT( unsigned char pct[768] ) = 0;
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/pcidsk_shape.h:215:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( v.integer_list_val+1, &(val[0]), 
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/pcidsk_shape.h:254:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy( &(result[0]), &(v.integer_list_val[1]), 
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/port/io_stdio.cpp:88:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *fp = fopen( filename.c_str(), adjusted_access.c_str() );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidsk_array.cpp:116:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char uValue[8];
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidsk_array.cpp:117:14:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        std::memcpy(uValue,pdValue,8);
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidsk_array.cpp:120:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&dValue, uValue, 8);
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskbinarysegment.cpp:123:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(seg_data.buffer, pabyBuf, nBufSize);
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskephemerissegment.cpp:1330:22:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                std::memcpy((void *) currentindex,currentptr, 4); 
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskephemerissegment.cpp:1336:22:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                std::memcpy((void *) currentindex,currentptr, 4);
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskephemerissegment.cpp:1344:22:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                std::memcpy((void *) currentindex,currentptr, 4);
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskephemerissegment.cpp:1352:22:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                std::memcpy((void *) currentindex,currentptr, 4);
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskephemerissegment.cpp:1360:22:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                std::memcpy((void *) currentindex,currentptr, 4);
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskephemerissegment.cpp:1368:22:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                std::memcpy((void *) currentindex,currentptr, 4);
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskephemerissegment.cpp:1376:22:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                std::memcpy((void *) currentindex,currentptr, 4);
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskephemerissegment.cpp:1384:22:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                std::memcpy((void *) currentindex,currentptr, 4);
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskgcp2segment.cpp:249:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char unit_c[2];
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskgcp2segment.cpp:265:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char datum_c[2];
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskgeoref.cpp:405:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char local_buf[33];
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskgeoref.cpp:409:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat( local_buf, "                " );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskgeoref.cpp:415:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char earthmodel[5];
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskgeoref.cpp:440:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        i = atoi( cp+1 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskgeoref.cpp:471:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy( local_buf, "PIXEL           " );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskgeoref.cpp:479:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            zone = atoi(ptr);
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskgeoref.cpp:537:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nSPZone = atoi(ptr);
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskgeoref.cpp:540:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( local_buf, "SPCS " );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskgeoref.cpp:542:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( local_buf, "SPAF " );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskgeoref.cpp:544:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( local_buf, "SPIF " );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskgeoref.cpp:980:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        ProjectionZone = atoi(geosys_clean.c_str() + 5);
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskgeoref.cpp:993:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        Spheroid = atoi(geosys_clean.c_str() + 13);
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskpct.cpp:59:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void CPCIDSK_PCT::ReadPCT( unsigned char pct[768] )
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskpct.cpp:81:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void CPCIDSK_PCT::WritePCT( unsigned char pct[768] )
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskpct.h:54:40:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        virtual void ReadPCT( unsigned char pct[768] ) override;
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskpct.h:55:41:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        virtual void WritePCT( unsigned char pct[768] ) override;
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidsksegment.cpp:108:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    segment_type = (eSegType) (atoi(segptr.Get(1,3)));
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidsksegment.cpp:303:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char current_time[17];
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidsksegment.cpp:304:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char history[81];
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidsksegment.cpp:311:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( history + 0, app.c_str(), MY_MIN(app.size(),7) );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidsksegment.cpp:314:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( history + 8, message.c_str(), MY_MIN(message.size(),56) );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidsksegment.cpp:315:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( history + 64, current_time, 16 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskvectorsegment.cpp:207:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy( &value, GetData( section, offset, nullptr, 4), 4 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskvectorsegment.cpp:217:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy( &value, GetData( section, offset, nullptr, 4), 4 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskvectorsegment.cpp:227:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy( &value, GetData( section, offset, nullptr, 8), 8 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskvectorsegment.cpp:272:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy( &count, srcdata, 4 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskvectorsegment.cpp:281:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy( &(value[0]), GetData(section,offset+4,nullptr,4*count), 4*count );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskvectorsegment.cpp:357:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy( buffer.buffer+offset, &value, 4 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskvectorsegment.cpp:366:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy( buffer.buffer+offset, &value, 4 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskvectorsegment.cpp:375:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy( buffer.buffer+offset, &value, 8 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskvectorsegment.cpp:382:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy( buffer.buffer+offset, value.c_str(), item_size );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskvectorsegment.cpp:390:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy( buffer.buffer+offset, &count, 4 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskvectorsegment.cpp:393:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy( buffer.buffer+offset+4, &(value[0]), count * 4 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskvectorsegment.cpp:814:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &(shape_index_ids[i]), wrk_index.buffer + i*12, 4 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskvectorsegment.cpp:815:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &(shape_index_vertex_off[i]), wrk_index.buffer + i*12+4, 4 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskvectorsegment.cpp:816:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &(shape_index_record_off[i]), wrk_index.buffer + i*12+8, 4 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskvectorsegment.cpp:1006:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &vertex_count, GetData( sec_vert, vert_off+4, nullptr, 4 ), 4 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskvectorsegment.cpp:1026:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &(vertices[0]), 
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskvectorsegment.cpp:1382:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &chunk_size, GetData( sec_vert, vert_off, nullptr, 4 ), 4 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskvectorsegment.cpp:1407:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( vbuf.buffer, &chunk_size, 4 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskvectorsegment.cpp:1408:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( vbuf.buffer+4, &vert_count, 4 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskvectorsegment.cpp:1414:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( vbuf.buffer + 8 + i*24 +  0, &(list[i].x), 8 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskvectorsegment.cpp:1415:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( vbuf.buffer + 8 + i*24 +  8, &(list[i].y), 8 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskvectorsegment.cpp:1416:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( vbuf.buffer + 8 + i*24 + 16, &(list[i].z), 8 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskvectorsegment.cpp:1425:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( GetData( sec_vert, vert_off, nullptr, vbuf.buffer_size, true ),
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskvectorsegment.cpp:1497:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &chunk_size, GetData( sec_record, rec_off, nullptr, 4 ), 4 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskvectorsegment.cpp:1519:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( fbuf.buffer + 0, &chunk_size, 4 ); 
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskvectorsegment.cpp:1527:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( GetData( sec_record, rec_off, nullptr, fbuf.buffer_size, true ),
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskvectorsegment.cpp:1555:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( write_buffer.buffer, &shape_count, 4 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskvectorsegment.cpp:1564:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( write_buffer.buffer + 12*i, 
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskvectorsegment.cpp:1566:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( write_buffer.buffer + 12*i + 4, 
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskvectorsegment.cpp:1568:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( write_buffer.buffer + 12*i + 8, 
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskvectorsegment_consistencycheck.cpp:235:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char msg[100];
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskvectorsegment_consistencycheck.cpp:274:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char msg[100];
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskvectorsegment_consistencycheck.cpp:292:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &vertex_size, GetData( sec_vert, vert_off, nullptr, 4 ), 4 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskvectorsegment_consistencycheck.cpp:293:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &vertex_count, GetData( sec_vert, vert_off+4, nullptr, 4 ), 4 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskvectorsegment_consistencycheck.cpp:323:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &record_size, GetData( sec_record, rec_off, nullptr, 4 ), 4 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/metadatasegment_p.cpp:129:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char key_prefix[200];
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/metadatasegment_p.cpp:194:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char key_prefix[200];
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/metadatasegment_p.cpp:296:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    std::memcpy( seg_data.buffer, new_data.c_str(), new_data.size() );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/orbitstructures.h:392:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char abyScanLineQuality[10];
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/orbitstructures.h:393:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char aabyBadBandIndicators[5][2];
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/orbitstructures.h:394:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char abySatelliteTimeCode[8];
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/sysblockmap.cpp:538:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char bm_entry[29];
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/sysblockmap.cpp:542:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( bm_entry, blockmap_data.buffer + bm_index * 28, 28 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/sysblockmap.cpp:554:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int next_block = atoi( bm_entry+20 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/sysblockmap.cpp:557:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    block_in_segment = atoi(bm_entry+4);
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/sysblockmap.cpp:560:46:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    segmentOut = static_cast<PCIDSK::uint16>(atoi(bm_entry));
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/vecsegdataindex.cpp:93:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &block_count, vs->GetData(sec_raw,offset,nullptr,4), 4);
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/vecsegdataindex.cpp:94:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &bytes, vs->GetData(sec_raw,offset+4,nullptr,4), 4);
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/vecsegdataindex.cpp:178:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( wbuf.buffer + 0, &block_count, 4 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/vecsegdataindex.cpp:179:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( wbuf.buffer + 4, &bytes, 4 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/vecsegdataindex.cpp:180:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( wbuf.buffer + 8, &(block_index[0]), 4*block_count );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/vecsegheader.cpp:88:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( header.buffer + 0, &ivalue, 4 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/vecsegheader.cpp:89:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( header.buffer + 4, &ivalue, 4 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/vecsegheader.cpp:92:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( header.buffer + 8, &ivalue, 4 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/vecsegheader.cpp:94:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( header.buffer + 12, &ivalue, 4 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/vecsegheader.cpp:96:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( header.buffer + 16, &ivalue, 4 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/vecsegheader.cpp:98:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( header.buffer + 20, &ivalue, 4 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/vecsegheader.cpp:100:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( header.buffer + 24, &ivalue, 4 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/vecsegheader.cpp:104:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( header.buffer + 68, &ivalue, 4 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/vecsegheader.cpp:108:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( header.buffer + 72, &hoffset, 4 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/vecsegheader.cpp:113:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( header.buffer + hoffset, &dvalue, 8 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/vecsegheader.cpp:114:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( header.buffer + hoffset+8, &dvalue, 8 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/vecsegheader.cpp:116:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( header.buffer + hoffset+16, &dvalue, 8 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/vecsegheader.cpp:117:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( header.buffer + hoffset+24, &dvalue, 8 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/vecsegheader.cpp:123:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( header.buffer + 76, &hoffset, 4 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/vecsegheader.cpp:129:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( header.buffer + 80, &hoffset, 4 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/vecsegheader.cpp:135:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( header.buffer + 84, &hoffset, 4 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/vecsegheader.cpp:165:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const unsigned char magic[24] = 
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/vecsegheader.cpp:177:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &header_blocks, vs->GetData( sec_raw, 68, nullptr, 4 ), 4 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/vecsegheader.cpp:184:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( section_offsets, vs->GetData( sec_raw, 72, nullptr, 16 ), 16 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/vecsegheader.cpp:255:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &(vs->shape_count), vs->GetData(sec_raw,next_off,nullptr,4), 4);
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/create2.c:130:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	newMap->fp = fopen (fileName, S_CREATE);
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/csf.h:58:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char        signature[CSF_SIG_SPACE];
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/csfattr.h:22:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char    descr[60];
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/mclose.c:32:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filler[MAX_HEADER_FILL_SIZE];
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/mopen.c:7:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char * const openModes[3] = {
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/mopen.c:75:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
 m->fp = fopen(fileName, openModes[mode-1]);
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/mperror.c:5:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char * const errolist[ERRORNO]={
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/ruseas.c:345:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char  convTableIndex[12] = {
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/ruseas.c:377:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char  type2[12] = {
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/ruseas.c:452:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&useTypeNoEnum, &useTypeNoEnumIn, sizeof(int));
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/strconst.c:19:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char errorBuf[64];
data/gdal-3.0.4+dfsg/frmts/pcraster/pcrasterdataset.cpp:54:31:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
GDALDataset* PCRasterDataset::open(
data/gdal-3.0.4+dfsg/frmts/pcraster/pcrasterdataset.h:63:23:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  static GDALDataset* open             (GDALOpenInfo* info);
data/gdal-3.0.4+dfsg/frmts/pcraster/pcrastermisc.cpp:53:42:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    poDriver->pfnOpen = PCRasterDataset::open;
data/gdal-3.0.4+dfsg/frmts/pcraster/pcrasterrasterband.cpp:306:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buffer, source, nr_cols * 4);
data/gdal-3.0.4+dfsg/frmts/pdf/gdal_pdf.h:341:39:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                      char aszTokenStack[TOKEN_STACK_SIZE][MAX_TOKEN_SIZE],
data/gdal-3.0.4+dfsg/frmts/pdf/pdfcreatecopy.cpp:158:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nNum = atoi(pszStr);
data/gdal-3.0.4+dfsg/frmts/pdf/pdfcreatecopy.cpp:167:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nGen = atoi(pszStr);
data/gdal-3.0.4+dfsg/frmts/pdf/pdfcreatecopy.cpp:186:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBuf[1024+1];
data/gdal-3.0.4+dfsg/frmts/pdf/pdfcreatecopy.cpp:258:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    m_nLastXRefSize = atoi(pszSize);
data/gdal-3.0.4+dfsg/frmts/pdf/pdfcreatecopy.cpp:464:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[16];
data/gdal-3.0.4+dfsg/frmts/pdf/pdfcreatecopy.cpp:862:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nEPSGCode = atoi(pszAuthorityCode);
data/gdal-3.0.4+dfsg/frmts/pdf/pdfcreatecopy.cpp:957:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nEPSGDatum = atoi(poSRS->GetAuthorityCode( "DATUM" ));
data/gdal-3.0.4+dfsg/frmts/pdf/pdfcreatecopy.cpp:4033:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szTmp[64];
data/gdal-3.0.4+dfsg/frmts/pdf/pdfcreatecopy.cpp:4100:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTmp[64];
data/gdal-3.0.4+dfsg/frmts/pdf/pdfcreatecopy.cpp:4487:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nJpegQuality = atoi( pszValue );
data/gdal-3.0.4+dfsg/frmts/pdf/pdfcreatecopy.cpp:4525:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(padfGeoTransform, adfGeoTransform, 6 * sizeof(double));
data/gdal-3.0.4+dfsg/frmts/pdf/pdfcreatecopy.cpp:4643:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nBlockXSize = atoi( pszValue );
data/gdal-3.0.4+dfsg/frmts/pdf/pdfcreatecopy.cpp:4651:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nBlockYSize = atoi( pszValue );
data/gdal-3.0.4+dfsg/frmts/pdf/pdfcreatecopy.cpp:4679:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nPredictor = atoi(pszPredictor);
data/gdal-3.0.4+dfsg/frmts/pdf/pdfcreatecopy.cpp:4691:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nMargin = atoi(CSLFetchNameValueDef(papszOptions, "MARGIN", "0"));
data/gdal-3.0.4+dfsg/frmts/pdf/pdfcreatecopy.cpp:4700:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (pszLeftMargin) sMargins.nLeft = atoi(pszLeftMargin);
data/gdal-3.0.4+dfsg/frmts/pdf/pdfcreatecopy.cpp:4703:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (pszRightMargin) sMargins.nRight = atoi(pszRightMargin);
data/gdal-3.0.4+dfsg/frmts/pdf/pdfcreatecopy.cpp:4706:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (pszTopMargin) sMargins.nTop = atoi(pszTopMargin);
data/gdal-3.0.4+dfsg/frmts/pdf/pdfcreatecopy.cpp:4709:45:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (pszBottomMargin) sMargins.nBottom = atoi(pszBottomMargin);
data/gdal-3.0.4+dfsg/frmts/pdf/pdfcreatefromcomposition.cpp:857:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nEPSGCode = atoi(pszAuthorityCode);
data/gdal-3.0.4+dfsg/frmts/pdf/pdfcreatefromcomposition.cpp:887:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        atoi(CPLGetConfigOption("PDF_COORD_DOUBLE_PRECISION", "16"));
data/gdal-3.0.4+dfsg/frmts/pdf/pdfcreatefromcomposition.cpp:1372:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        atoi(CPLGetXMLValue(psNode, "tileSize", "256")));
data/gdal-3.0.4+dfsg/frmts/pdf/pdfcreatefromcomposition.cpp:1383:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nJPEGQuality = atoi(
data/gdal-3.0.4+dfsg/frmts/pdf/pdfdataset.cpp:364:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                f = fopen(CPLSPrintf("dump_%s.txt", CPLGetFilename(pszFilename)), "wt");
data/gdal-3.0.4+dfsg/frmts/pdf/pdfdataset.cpp:366:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                f = fopen(pszDumpFile, "wt");
data/gdal-3.0.4+dfsg/frmts/pdf/pdfdataset.cpp:828:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(poGDS->pabyCachedData, pabyStream, poStream->GetLength());
data/gdal-3.0.4+dfsg/frmts/pdf/pdfdataset.cpp:964:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pImage,
data/gdal-3.0.4+dfsg/frmts/pdf/pdfdataset.cpp:968:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pImage,
data/gdal-3.0.4+dfsg/frmts/pdf/pdfdataset.cpp:983:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        static char szPassword[81];
data/gdal-3.0.4+dfsg/frmts/pdf/pdfdataset.cpp:2143:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pImage,
data/gdal-3.0.4+dfsg/frmts/pdf/pdfdataset.cpp:2809:33:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                                memcpy(&(sTile.adfCM), adfVals, 6 * sizeof(double));
data/gdal-3.0.4+dfsg/frmts/pdf/pdfdataset.cpp:3244:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char *apszMDList[2];
data/gdal-3.0.4+dfsg/frmts/pdf/pdfdataset.cpp:3332:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szFormatName[64];
data/gdal-3.0.4+dfsg/frmts/pdf/pdfdataset.cpp:3997:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        iPage = atoi(pszFilename + 4);
data/gdal-3.0.4+dfsg/frmts/pdf/pdfdataset.cpp:4007:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        iPage = atoi(pszFilename + 10);
data/gdal-3.0.4+dfsg/frmts/pdf/pdfdataset.cpp:4013:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nImageNum = atoi(pszNext + 1);
data/gdal-3.0.4+dfsg/frmts/pdf/pdfdataset.cpp:4445:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szKey[32];
data/gdal-3.0.4+dfsg/frmts/pdf/pdfdataset.cpp:4845:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            const char * const apszMDList[2] = { pszContent, nullptr };
data/gdal-3.0.4+dfsg/frmts/pdf/pdfdataset.cpp:4914:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                  char *apszMDList[2];
data/gdal-3.0.4+dfsg/frmts/pdf/pdfdataset.cpp:4952:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nBands = atoi(pszPDFBands);
data/gdal-3.0.4+dfsg/frmts/pdf/pdfdataset.cpp:5380:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char    szID[32];
data/gdal-3.0.4+dfsg/frmts/pdf/pdfdataset.cpp:6583:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(padfTransform, adfGeoTransform, 6 * sizeof(double));
data/gdal-3.0.4+dfsg/frmts/pdf/pdfdataset.cpp:6612:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(adfGeoTransform, padfGeoTransform, 6 * sizeof(double));
data/gdal-3.0.4+dfsg/frmts/pdf/pdfio.cpp:228:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(abyBuffer + i, "/XXXXXXXXXX ", strlen("/Linearized "));
data/gdal-3.0.4+dfsg/frmts/pdf/pdfio.cpp:411:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( buffer + nRead, abyBuffer + nPosInBuffer, nToRead );
data/gdal-3.0.4+dfsg/frmts/pdf/pdfobject.cpp:267:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szReal[512];
data/gdal-3.0.4+dfsg/frmts/pdf/pdfobject.cpp:366:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            iElt = atoi(pszBracket + 1);
data/gdal-3.0.4+dfsg/frmts/pdf/pdfobject.cpp:1447:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pszContent, srcStr, nLength);
data/gdal-3.0.4+dfsg/frmts/pdf/pdfobject.cpp:1950:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pszContent, pBuffer, nLen);
data/gdal-3.0.4+dfsg/frmts/pdf/pdfobject.cpp:1995:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pszContent, pBuffer, nLen);
data/gdal-3.0.4+dfsg/frmts/pdf/pdfobject.cpp:2197:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBuffer[80];
data/gdal-3.0.4+dfsg/frmts/pdf/pdfobject.cpp:2495:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pszContent, m_pData, nLength);
data/gdal-3.0.4+dfsg/frmts/pdf/pdfobject.cpp:2536:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pszContent, m_pRawData, nLength);
data/gdal-3.0.4+dfsg/frmts/pdf/pdfreadvectors.cpp:122:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        szOpName[4];
data/gdal-3.0.4+dfsg/frmts/pdf/pdfreadvectors.cpp:555:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                    char aszTokenStack[TOKEN_STACK_SIZE][MAX_TOKEN_SIZE],
data/gdal-3.0.4+dfsg/frmts/pdf/pdfreadvectors.cpp:628:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(aszTokenStack[nTokenStackSize ++], str, strlen + 1); \
data/gdal-3.0.4+dfsg/frmts/pdf/pdfreadvectors.cpp:652:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szToken[MAX_TOKEN_SIZE];
data/gdal-3.0.4+dfsg/frmts/pdf/pdfreadvectors.cpp:655:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char aszTokenStack[TOKEN_STACK_SIZE][MAX_TOKEN_SIZE];
data/gdal-3.0.4+dfsg/frmts/pdf/pdfreadvectors.cpp:1674:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nMCID = atoi(pszMCID + 6);
data/gdal-3.0.4+dfsg/frmts/pdf/pdfreadvectors.cpp:1724:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pszConcatStr + nConcatLen, pszStr, nLen+1);
data/gdal-3.0.4+dfsg/frmts/pdf/pdfreadvectors.cpp:1775:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                int nNum = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/frmts/pdf/pdfreadvectors.cpp:1776:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                int nGen = atoi(papszTokens[2]);
data/gdal-3.0.4+dfsg/frmts/pdf/pdfwritabledataset.cpp:237:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nMargin = atoi(CSLFetchNameValueDef(papszOptions, "MARGIN", "0"));
data/gdal-3.0.4+dfsg/frmts/pdf/pdfwritabledataset.cpp:246:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (pszLeftMargin) sMargins.nLeft = atoi(pszLeftMargin);
data/gdal-3.0.4+dfsg/frmts/pdf/pdfwritabledataset.cpp:249:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (pszRightMargin) sMargins.nRight = atoi(pszRightMargin);
data/gdal-3.0.4+dfsg/frmts/pdf/pdfwritabledataset.cpp:252:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (pszTopMargin) sMargins.nTop = atoi(pszTopMargin);
data/gdal-3.0.4+dfsg/frmts/pdf/pdfwritabledataset.cpp:255:45:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (pszBottomMargin) sMargins.nBottom = atoi(pszBottomMargin);
data/gdal-3.0.4+dfsg/frmts/pds/isis2dataset.cpp:178:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( padfTransform, adfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/pds/isis2dataset.cpp:255:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nQube = atoi(poDS->GetKeywordSub("^QUBE",2,"1"));
data/gdal-3.0.4+dfsg/frmts/pds/isis2dataset.cpp:261:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nQube = atoi(pszQube);
data/gdal-3.0.4+dfsg/frmts/pds/isis2dataset.cpp:275:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int s_ix = atoi(poDS->GetKeywordSub( "QUBE.SUFFIX_ITEMS", 1 ));
data/gdal-3.0.4+dfsg/frmts/pds/isis2dataset.cpp:276:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int s_iy = atoi(poDS->GetKeywordSub( "QUBE.SUFFIX_ITEMS", 2 ));
data/gdal-3.0.4+dfsg/frmts/pds/isis2dataset.cpp:277:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int s_iz = atoi(poDS->GetKeywordSub( "QUBE.SUFFIX_ITEMS", 3 ));
data/gdal-3.0.4+dfsg/frmts/pds/isis2dataset.cpp:295:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLayout[10] = "BSQ"; //default to band seq.
data/gdal-3.0.4+dfsg/frmts/pds/isis2dataset.cpp:298:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(szLayout,"BSQ");
data/gdal-3.0.4+dfsg/frmts/pds/isis2dataset.cpp:300:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(szLayout,"BIP");
data/gdal-3.0.4+dfsg/frmts/pds/isis2dataset.cpp:302:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(szLayout,"BSQ");
data/gdal-3.0.4+dfsg/frmts/pds/isis2dataset.cpp:311:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nCols = atoi(poDS->GetKeywordSub("QUBE.CORE_ITEMS",1));
data/gdal-3.0.4+dfsg/frmts/pds/isis2dataset.cpp:312:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nRows = atoi(poDS->GetKeywordSub("QUBE.CORE_ITEMS",2));
data/gdal-3.0.4+dfsg/frmts/pds/isis2dataset.cpp:313:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nBands = atoi(poDS->GetKeywordSub("QUBE.CORE_ITEMS",3));
data/gdal-3.0.4+dfsg/frmts/pds/isis2dataset.cpp:316:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int record_bytes = atoi(poDS->GetKeyword("RECORD_BYTES"));
data/gdal-3.0.4+dfsg/frmts/pds/isis2dataset.cpp:340:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int itype = atoi(poDS->GetKeyword("QUBE.CORE_ITEM_BYTES",""));
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:1476:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( padfTransform, m_adfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:1500:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( m_adfGeoTransform, padfTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:1708:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nSkipBytes = atoi(poDS->GetKeyword("IsisCube.Core.StartByte", "1"));
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:1724:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
       tileSizeX = atoi(poDS->GetKeyword("IsisCube.Core.TileSamples"));
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:1725:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
       tileSizeY = atoi(poDS->GetKeyword("IsisCube.Core.TileLines"));
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:1745:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nCols = atoi(poDS->GetKeyword("IsisCube.Core.Dimensions.Samples"));
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:1746:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nRows = atoi(poDS->GetKeyword("IsisCube.Core.Dimensions.Lines"));
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:1747:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nBands = atoi(poDS->GetKeyword("IsisCube.Core.Dimensions.Bands"));
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:2391:45:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                oCore.Set( "StartByte", 1 + atoi(pszOffset) );
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:3019:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szFullFilename[2048] = { 0 };
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:3021:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(szFullFilename, "unknown_program");
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:3046:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szHostname[256] = { 0 };
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:3106:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pszStartByte, pszOffset, strlen(pszOffset));
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:3118:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pszLabelBytes, pszBytes, strlen(pszBytes));
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:3160:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pszHistoryStartBytes, pszStartByte, strlen(pszStartByte));
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:3179:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pszPlaceHolder, pszStartByte, strlen(pszStartByte));
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:3721:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(CSLFetchNameValueDef(papszOptions, "BLOCKXSIZE", "256")));
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:3723:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(CSLFetchNameValueDef(papszOptions, "BLOCKYSIZE", "256")));
data/gdal-3.0.4+dfsg/frmts/pds/nasakeywordhandler.cpp:105:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szChunk[513];
data/gdal-3.0.4+dfsg/frmts/pds/nasakeywordhandler.cpp:286:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                oArray.Add( atoi(osWord) );
data/gdal-3.0.4+dfsg/frmts/pds/nasakeywordhandler.cpp:371:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    oCur.Add( osName, atoi(osValue) );
data/gdal-3.0.4+dfsg/frmts/pds/nasakeywordhandler.cpp:420:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            newObject.Add( "value", atoi(osValueNoUnit) );
data/gdal-3.0.4+dfsg/frmts/pds/pds4dataset.cpp:592:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( padfTransform, m_adfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/pds/pds4dataset.cpp:615:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( m_adfGeoTransform, padfTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/pds/pds4dataset.cpp:895:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    int nZone = atoi(CPLGetXMLValue(psUTMZoneNumber, nullptr, ""));
data/gdal-3.0.4+dfsg/frmts/pds/pds4dataset.cpp:1442:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nFAOIdxLookup = atoi(papszTokens[3]);
data/gdal-3.0.4+dfsg/frmts/pds/pds4dataset.cpp:1443:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nArrayIdxLookup = atoi(papszTokens[4]);
data/gdal-3.0.4+dfsg/frmts/pds/pds4dataset.cpp:1450:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nFAOIdxLookup = atoi(papszTokens[3]);
data/gdal-3.0.4+dfsg/frmts/pds/pds4dataset.cpp:1451:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nArrayIdxLookup = atoi(papszTokens[4]);
data/gdal-3.0.4+dfsg/frmts/pds/pds4dataset.cpp:1456:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nFAOIdxLookup = atoi(papszTokens[2]);
data/gdal-3.0.4+dfsg/frmts/pds/pds4dataset.cpp:1457:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nArrayIdxLookup = atoi(papszTokens[3]);
data/gdal-3.0.4+dfsg/frmts/pds/pds4dataset.cpp:1554:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nDIM = atoi(CPLGetXMLValue(psSubIter, "axes", "0"));
data/gdal-3.0.4+dfsg/frmts/pds/pds4dataset.cpp:1677:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szOrder[4] = { 0 };
data/gdal-3.0.4+dfsg/frmts/pds/pds4dataset.cpp:1702:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                int nSeqNumber = atoi(pszSequenceNumber);
data/gdal-3.0.4+dfsg/frmts/pds/pds4dataset.cpp:1709:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                int nElements = atoi(pszElements);
data/gdal-3.0.4+dfsg/frmts/pds/pds4vector.cpp:563:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&osBuffer[0], &dfVal, sizeof(dfVal));
data/gdal-3.0.4+dfsg/frmts/pds/pds4vector.cpp:570:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&osBuffer[0], &dfVal, sizeof(dfVal));
data/gdal-3.0.4+dfsg/frmts/pds/pds4vector.cpp:577:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&osBuffer[0], &fVal, sizeof(fVal));
data/gdal-3.0.4+dfsg/frmts/pds/pds4vector.cpp:584:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&osBuffer[0], &fVal, sizeof(fVal));
data/gdal-3.0.4+dfsg/frmts/pds/pds4vector.cpp:591:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&osBuffer[0], &bVal, sizeof(bVal));
data/gdal-3.0.4+dfsg/frmts/pds/pds4vector.cpp:598:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&osBuffer[0], &ubVal, sizeof(ubVal));
data/gdal-3.0.4+dfsg/frmts/pds/pds4vector.cpp:606:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&osBuffer[0], &sVal, sizeof(sVal));
data/gdal-3.0.4+dfsg/frmts/pds/pds4vector.cpp:614:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&osBuffer[0], &sVal, sizeof(sVal));
data/gdal-3.0.4+dfsg/frmts/pds/pds4vector.cpp:622:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&osBuffer[0], &usVal, sizeof(usVal));
data/gdal-3.0.4+dfsg/frmts/pds/pds4vector.cpp:630:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&osBuffer[0], &usVal, sizeof(usVal));
data/gdal-3.0.4+dfsg/frmts/pds/pds4vector.cpp:637:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&osBuffer[0], &nVal, sizeof(nVal));
data/gdal-3.0.4+dfsg/frmts/pds/pds4vector.cpp:644:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&osBuffer[0], &nVal, sizeof(nVal));
data/gdal-3.0.4+dfsg/frmts/pds/pds4vector.cpp:652:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&osBuffer[0], &nVal, sizeof(nVal));
data/gdal-3.0.4+dfsg/frmts/pds/pds4vector.cpp:660:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&osBuffer[0], &nVal, sizeof(nVal));
data/gdal-3.0.4+dfsg/frmts/pds/pds4vector.cpp:667:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&osBuffer[0], &nVal, sizeof(nVal));
data/gdal-3.0.4+dfsg/frmts/pds/pds4vector.cpp:674:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&osBuffer[0], &nVal, sizeof(nVal));
data/gdal-3.0.4+dfsg/frmts/pds/pds4vector.cpp:683:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&osBuffer[0], &nVal, sizeof(nVal));
data/gdal-3.0.4+dfsg/frmts/pds/pds4vector.cpp:692:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&osBuffer[0], &nVal, sizeof(nVal));
data/gdal-3.0.4+dfsg/frmts/pds/pds4vector.cpp:721:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&m_osBuffer[m_aoFields[i].m_nOffset +
data/gdal-3.0.4+dfsg/frmts/pds/pds4vector.cpp:733:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(&m_osBuffer[m_aoFields[i].m_nOffset],
data/gdal-3.0.4+dfsg/frmts/pds/pds4vector.cpp:1110:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    m_nRecordSize = atoi(CPLGetXMLValue(psRecord, "record_length", "0"));
data/gdal-3.0.4+dfsg/frmts/pds/pds4vector.cpp:1162:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            f.m_nOffset = nBaseOffset + atoi(pszLoc) - 1; // Location is 1-based
data/gdal-3.0.4+dfsg/frmts/pds/pds4vector.cpp:1168:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            f.m_nLength = atoi(pszFieldLength);
data/gdal-3.0.4+dfsg/frmts/pds/pds4vector.cpp:1223:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                oFieldDefn.SetWidth(atoi(pszFieldFormat+1));
data/gdal-3.0.4+dfsg/frmts/pds/pds4vector.cpp:1245:47:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nRepetitions = std::min(1000, atoi(pszRepetitions));
data/gdal-3.0.4+dfsg/frmts/pds/pds4vector.cpp:1250:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nGroupOffset = atoi(pszGroupLocation) - 1; // Location is 1-based
data/gdal-3.0.4+dfsg/frmts/pds/pds4vector.cpp:1256:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nGroupLength = atoi(pszGroupLength);
data/gdal-3.0.4+dfsg/frmts/pds/pds4vector.cpp:1836:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szDelimiter[2] = { m_chFieldDelimiter, 0 };
data/gdal-3.0.4+dfsg/frmts/pds/pds4vector.cpp:2163:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                atoi(CPLGetXMLValue(psIter, "maximum_field_length", "0"));
data/gdal-3.0.4+dfsg/frmts/pds/pds4vector.cpp:2221:47:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nRepetitions = std::min(1000, atoi(pszRepetitions));
data/gdal-3.0.4+dfsg/frmts/pds/pdsdataset.cpp:282:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( padfTransform, adfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/pds/pdsdataset.cpp:695:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nQube = atoi(osQube);
data/gdal-3.0.4+dfsg/frmts/pds/pdsdataset.cpp:704:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nDetachedOffset = atoi(GetKeywordSub( osPrefix + "^" + osImageKeyword, 2, "1"));
data/gdal-3.0.4+dfsg/frmts/pds/pdsdataset.cpp:763:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nCols = atoi(GetKeywordSub(osPrefix+osImageKeyword+".CORE_ITEMS",1));
data/gdal-3.0.4+dfsg/frmts/pds/pdsdataset.cpp:764:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nRows = atoi(GetKeywordSub(osPrefix+osImageKeyword+".CORE_ITEMS",2));
data/gdal-3.0.4+dfsg/frmts/pds/pdsdataset.cpp:765:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        l_nBands = atoi(GetKeywordSub(osPrefix+osImageKeyword+".CORE_ITEMS",3));
data/gdal-3.0.4+dfsg/frmts/pds/pdsdataset.cpp:769:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        l_nBands = atoi(GetKeywordSub(osPrefix+osImageKeyword+".CORE_ITEMS",1));
data/gdal-3.0.4+dfsg/frmts/pds/pdsdataset.cpp:770:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nRows = atoi(GetKeywordSub(osPrefix+osImageKeyword+".CORE_ITEMS",2));
data/gdal-3.0.4+dfsg/frmts/pds/pdsdataset.cpp:771:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nCols = atoi(GetKeywordSub(osPrefix+osImageKeyword+".CORE_ITEMS",3));
data/gdal-3.0.4+dfsg/frmts/pds/pdsdataset.cpp:775:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nCols = atoi(GetKeywordSub(osPrefix+osImageKeyword+".CORE_ITEMS",1));
data/gdal-3.0.4+dfsg/frmts/pds/pdsdataset.cpp:776:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        l_nBands = atoi(GetKeywordSub(osPrefix+osImageKeyword+".CORE_ITEMS",2));
data/gdal-3.0.4+dfsg/frmts/pds/pdsdataset.cpp:777:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nRows = atoi(GetKeywordSub(osPrefix+osImageKeyword+".CORE_ITEMS",3));
data/gdal-3.0.4+dfsg/frmts/pds/pdsdataset.cpp:781:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nCols = atoi(GetKeyword(osPrefix+osImageKeyword+".LINE_SAMPLES",""));
data/gdal-3.0.4+dfsg/frmts/pds/pdsdataset.cpp:782:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nRows = atoi(GetKeyword(osPrefix+osImageKeyword+".LINES",""));
data/gdal-3.0.4+dfsg/frmts/pds/pdsdataset.cpp:783:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        l_nBands = atoi(GetKeyword(osPrefix+osImageKeyword+".BANDS","1"));
data/gdal-3.0.4+dfsg/frmts/pds/pdsdataset.cpp:811:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int record_bytes = atoi(GetKeyword(osPrefix+"IMAGE.RECORD_BYTES"));
data/gdal-3.0.4+dfsg/frmts/pds/pdsdataset.cpp:813:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        record_bytes = atoi(GetKeyword(osPrefix+"RECORD_BYTES"));
data/gdal-3.0.4+dfsg/frmts/pds/pdsdataset.cpp:848:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        = atoi(GetKeyword(osPrefix+"IMAGE.LINE_PREFIX_BYTES",""));
data/gdal-3.0.4+dfsg/frmts/pds/pdsdataset.cpp:886:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int itype = atoi(osSB);
data/gdal-3.0.4+dfsg/frmts/pds/pdsdataset.cpp:925:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int itype = atoi(osSB);
data/gdal-3.0.4+dfsg/frmts/pds/pdsdataset.cpp:952:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nSuffixBytes = atoi( value );
data/gdal-3.0.4+dfsg/frmts/pds/pdsdataset.cpp:954:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nSuffixItems = atoi(
data/gdal-3.0.4+dfsg/frmts/pds/pdsdataset.cpp:956:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nSuffixLines = atoi(
data/gdal-3.0.4+dfsg/frmts/pds/pdsdataset.cpp:992:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&fVal, &nVal, 4);
data/gdal-3.0.4+dfsg/frmts/pds/vicardataset.cpp:153:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( padfTransform, adfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/pds/vicardataset.cpp:244:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLayout[10] = "BSQ"; //default to band seq.
data/gdal-3.0.4+dfsg/frmts/pds/vicardataset.cpp:254:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(szLayout,"BSQ");
data/gdal-3.0.4+dfsg/frmts/pds/vicardataset.cpp:255:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nCols = atoi(poDS->GetKeyword("NS"));
data/gdal-3.0.4+dfsg/frmts/pds/vicardataset.cpp:256:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nRows = atoi(poDS->GetKeyword("NL"));
data/gdal-3.0.4+dfsg/frmts/pds/vicardataset.cpp:257:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nBands = atoi(poDS->GetKeyword("NB"));
data/gdal-3.0.4+dfsg/frmts/pds/vicardataset.cpp:591:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nNBB = atoi(poDS->GetKeyword("NBB"));
data/gdal-3.0.4+dfsg/frmts/pds/vicardataset.cpp:601:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nSkipBytes = atoi(poDS->GetKeyword("LBLSIZE"));
data/gdal-3.0.4+dfsg/frmts/pds/vicarkeywordhandler.cpp:94:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char keyval[100];
data/gdal-3.0.4+dfsg/frmts/pds/vicarkeywordhandler.cpp:99:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    LabelSize = atoi( keyval );
data/gdal-3.0.4+dfsg/frmts/pds/vicarkeywordhandler.cpp:154:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const vsi_l_offset nCols = atoi( CSLFetchNameValueDef( papszKeywordList, "NS", "" ) );
data/gdal-3.0.4+dfsg/frmts/pds/vicarkeywordhandler.cpp:155:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const vsi_l_offset nRows = atoi( CSLFetchNameValueDef( papszKeywordList, "NL", "" ) );
data/gdal-3.0.4+dfsg/frmts/pds/vicarkeywordhandler.cpp:156:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nBands = atoi( CSLFetchNameValueDef( papszKeywordList, "NB", "" ) );
data/gdal-3.0.4+dfsg/frmts/pds/vicarkeywordhandler.cpp:157:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nBB = atoi( CSLFetchNameValueDef( papszKeywordList, "NBB", "" ) );
data/gdal-3.0.4+dfsg/frmts/pds/vicarkeywordhandler.cpp:197:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int EOLabelSize = atoi( keyval );
data/gdal-3.0.4+dfsg/frmts/plmosaic/plmosaicdataset.cpp:481:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(psResult->pabyData, pabyBuf, static_cast<size_t>( nDataLength ) );
data/gdal-3.0.4+dfsg/frmts/plmosaic/plmosaicdataset.cpp:1178:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(padfGeoTransform, adfGeoTransform, 6 * sizeof(double));
data/gdal-3.0.4+dfsg/frmts/png/libpng/png.c:28:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
PNG_CONST char png_libpng_ver[18] = PNG_LIBPNG_VER_STRING;
data/gdal-3.0.4+dfsg/frmts/png/libpng/png.c:678:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   static PNG_CONST char short_months[12][4] =
data/gdal-3.0.4+dfsg/frmts/png/libpng/png.c:693:7:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      wchar_t time_buf[29];
data/gdal-3.0.4+dfsg/frmts/png/libpng/png.c:704:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char near_time_buf[29];
data/gdal-3.0.4+dfsg/frmts/png/libpng/png.h:2425:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
       char format[256]; \
data/gdal-3.0.4+dfsg/frmts/png/libpng/png.h:2436:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
       char format[256]; \
data/gdal-3.0.4+dfsg/frmts/png/libpng/png.h:2447:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
       char format[256]; \
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngconf.h:1661:23:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#  define png_memcpy  memcpy
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngerror.c:43:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char msg[16];
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngerror.c:154:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static PNG_CONST char png_digit[16] = {
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngerror.c:203:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char msg[18+PNG_MAX_ERROR_TEXT];
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngerror.c:219:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char msg[18+PNG_MAX_ERROR_TEXT];
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngerror.c:257:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
     char error_number[16];
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngerror.c:321:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
     char warning_number[16] = { 0 };
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngread.c:134:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
         char msg[80];
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngread.c:221:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char msg[80];
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngrtran.c:1354:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char msg[50];
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngrutil.c:36:10:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
   len = MultiByteToWideChar(CP_ACP, 0, nptr, -1, NULL, 0);
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngrutil.c:40:7:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
      MultiByteToWideChar(CP_ACP, 0, nptr, -1, str, len);
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngrutil.c:280:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char umsg[52];
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngrutil.c:395:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char umsg[50];
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngset.c:1305:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
         char msg[40];
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngwrite.c:558:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char msg[80];
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngwrite.c:625:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char msg[80];
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngwutil.c:198:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char msg[50];
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngwutil.c:1270:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buf[1];
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngwutil.c:1504:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buf[64];
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngwutil.c:1513:7:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      wchar_t wc_buf[32];
data/gdal-3.0.4+dfsg/frmts/png/pngdataset.cpp:142:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pImage, pabyScanline, nPixelSize * nXSize );
data/gdal-3.0.4+dfsg/frmts/png/pngdataset.cpp:365:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(&(reinterpret_cast<GByte*>( pData )[(y*nLineSpace)]),
data/gdal-3.0.4+dfsg/frmts/png/pngdataset.cpp:372:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy(&(reinterpret_cast<GByte*>(pData)[(y*nLineSpace) + (x*nPixelSpace)]),
data/gdal-3.0.4+dfsg/frmts/png/pngdataset.cpp:437:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( padfTransform, adfGeoTransform, sizeof(double)*6 );
data/gdal-3.0.4+dfsg/frmts/png/pngdataset.cpp:757:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char pszChunkType[5];
data/gdal-3.0.4+dfsg/frmts/png/pngdataset.cpp:784:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char *apszMDList[2] = { pszContent + 22, nullptr };
data/gdal-3.0.4+dfsg/frmts/png/pngdataset.cpp:1487:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nBitDepth = atoi(pszNbits);
data/gdal-3.0.4+dfsg/frmts/png/pngdataset.cpp:1502:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nBitDepth = atoi(pszNbits);
data/gdal-3.0.4+dfsg/frmts/png/pngdataset.cpp:1529:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int nLevel = atoi(pszLevel);
data/gdal-3.0.4+dfsg/frmts/png/pngdataset.cpp:1582:49:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
               sTRNSColor.red   = (png_uint_16) atoi(papszValues[0]);
data/gdal-3.0.4+dfsg/frmts/png/pngdataset.cpp:1583:49:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
               sTRNSColor.green = (png_uint_16) atoi(papszValues[1]);
data/gdal-3.0.4+dfsg/frmts/png/pngdataset.cpp:1584:49:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
               sTRNSColor.blue  = (png_uint_16) atoi(papszValues[2]);
data/gdal-3.0.4+dfsg/frmts/png/pngdataset.cpp:2163:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( m_adfGeoTransform, padfTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/png/pngdataset.cpp:2265:62:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                sTRNSColor.red   = static_cast<png_uint_16>( atoi(papszValues[0] ) );
data/gdal-3.0.4+dfsg/frmts/png/pngdataset.cpp:2266:62:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                sTRNSColor.green = static_cast<png_uint_16>( atoi(papszValues[1] ) );
data/gdal-3.0.4+dfsg/frmts/png/pngdataset.cpp:2267:62:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                sTRNSColor.blue  = static_cast<png_uint_16>( atoi(papszValues[2] ) );
data/gdal-3.0.4+dfsg/frmts/postgisraster/postgisrasterdataset.cpp:665:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(PQgetvalue(poResult, iOVerview, 1));
data/gdal-3.0.4+dfsg/frmts/postgisraster/postgisrasterdataset.cpp:897:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nTileXSize = atoi(papszParams[POS_WIDTH]);
data/gdal-3.0.4+dfsg/frmts/postgisraster/postgisrasterdataset.cpp:898:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nTileYSize = atoi(papszParams[POS_HEIGHT]);
data/gdal-3.0.4+dfsg/frmts/postgisraster/postgisrasterdataset.cpp:998:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(poBlock->GetDataRef(), pbyDataToRead,
data/gdal-3.0.4+dfsg/frmts/postgisraster/postgisrasterdataset.cpp:1738:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int l_nTileWidth = atoi(papszParams[POS_WIDTH]);
data/gdal-3.0.4+dfsg/frmts/postgisraster/postgisrasterdataset.cpp:1739:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int l_nTileHeight = atoi(papszParams[POS_HEIGHT]);
data/gdal-3.0.4+dfsg/frmts/postgisraster/postgisrasterdataset.cpp:1745:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nTileBands = atoi(papszParams[POS_NBANDS]);
data/gdal-3.0.4+dfsg/frmts/postgisraster/postgisrasterdataset.cpp:2419:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nSrid = atoi(PQgetvalue(poResult, 0, 0));
data/gdal-3.0.4+dfsg/frmts/postgisraster/postgisrasterdataset.cpp:2420:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nBandsToCreate = atoi(PQgetvalue(poResult, 0, 1));
data/gdal-3.0.4+dfsg/frmts/postgisraster/postgisrasterdataset.cpp:2462:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nTileWidth = atoi(PQgetvalue(poResult, 0, 8));
data/gdal-3.0.4+dfsg/frmts/postgisraster/postgisrasterdataset.cpp:2463:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nTileHeight = atoi(PQgetvalue(poResult, 0, 9));
data/gdal-3.0.4+dfsg/frmts/postgisraster/postgisrasterdataset.cpp:2750:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        tmp = atoi(CPLParseNameValue(papszParams[nPos], nullptr));
data/gdal-3.0.4+dfsg/frmts/postgisraster/postgisrasterdataset.cpp:3308:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nFetchedSrid = atoi(PQgetvalue(poResult, 0, 0));
data/gdal-3.0.4+dfsg/frmts/postgisraster/postgisrasterdataset.cpp:3339:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nFetchedSrid = atoi(PQgetvalue(poResult, 0, 0));
data/gdal-3.0.4+dfsg/frmts/postgisraster/postgisrasterdataset.cpp:3377:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(adfGeoTransform, padfGeoTransform, 6 * sizeof(double));
data/gdal-3.0.4+dfsg/frmts/postgisraster/postgisrasterdataset.cpp:3388:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(padfGeoTransform, adfGeoTransform, 6 * sizeof(double));
data/gdal-3.0.4+dfsg/frmts/postgisraster/postgisrasterrasterband.cpp:75:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nBlockXSize = atoi(CPLGetConfigOption("PR_BLOCKXSIZE",
data/gdal-3.0.4+dfsg/frmts/postgisraster/postgisrasterrasterband.cpp:77:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nBlockYSize = atoi(CPLGetConfigOption("PR_BLOCKYSIZE",
data/gdal-3.0.4+dfsg/frmts/postgisraster/postgisrastertilerasterband.cpp:226:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pImage, pbyDataToRead, nExpectedDataSize);
data/gdal-3.0.4+dfsg/frmts/prf/phprfdataset.cpp:345:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nDataTypeSize = atoi( osBytesPS );
data/gdal-3.0.4+dfsg/frmts/prf/phprfdataset.cpp:477:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nSizeX = atoi( osValue );
data/gdal-3.0.4+dfsg/frmts/prf/phprfdataset.cpp:481:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nSizeY = atoi( osValue );
data/gdal-3.0.4+dfsg/frmts/prf/phprfdataset.cpp:485:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nBandCount = atoi( osValue );
data/gdal-3.0.4+dfsg/frmts/prf/phprfdataset.cpp:552:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nWidth = atoi( osValue );
data/gdal-3.0.4+dfsg/frmts/prf/phprfdataset.cpp:557:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nHeight = atoi( osValue );
data/gdal-3.0.4+dfsg/frmts/prf/phprfdataset.cpp:562:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nOffsetX = atoi( osValue );
data/gdal-3.0.4+dfsg/frmts/prf/phprfdataset.cpp:567:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nOffsetY = atoi( osValue );
data/gdal-3.0.4+dfsg/frmts/prf/phprfdataset.cpp:572:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nScale = atoi( osValue );
data/gdal-3.0.4+dfsg/frmts/r/rcreatecopy.cpp:67:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szOutput[50] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/r/rcreatecopy.cpp:189:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char szValue[128] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/r/rdataset.cpp:130:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pImage, padfMatrixValues + nBlockYOff * nBlockXSize,
data/gdal-3.0.4+dfsg/frmts/r/rdataset.cpp:198:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        return atoi(ASCIIFGets());
data/gdal-3.0.4+dfsg/frmts/rasdaman/rasdamandataset.cpp:164:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  database.open(databasename);
data/gdal-3.0.4+dfsg/frmts/rasdaman/rasdamandataset.cpp:259:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char x_lo[11], x_hi[11], y_lo[11], y_hi[11];
data/gdal-3.0.4+dfsg/frmts/rasdaman/rasdamandataset.cpp:402:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(resultPtr, data, typeSize);
data/gdal-3.0.4+dfsg/frmts/rasdaman/rasdamandataset.cpp:437:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  int nRet = atoi(result);
data/gdal-3.0.4+dfsg/frmts/rasdaman/rasdamandataset.cpp:562:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char errbuffer[4096];
data/gdal-3.0.4+dfsg/frmts/rasterlite/rasterlitecreatecopy.cpp:133:52:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            if (pszAuthorityCode) nAuthorityCode = atoi(pszAuthorityCode);
data/gdal-3.0.4+dfsg/frmts/rasterlite/rasterlitecreatecopy.cpp:384:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nBlockXSize = atoi(CSLFetchNameValueDef(papszOptions, "BLOCKXSIZE", "256"));
data/gdal-3.0.4+dfsg/frmts/rasterlite/rasterlitecreatecopy.cpp:385:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nBlockYSize = atoi(CSLFetchNameValueDef(papszOptions, "BLOCKYSIZE", "256"));
data/gdal-3.0.4+dfsg/frmts/rasterlite/rasterlitecreatecopy.cpp:623:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szTmp[64];
data/gdal-3.0.4+dfsg/frmts/rasterlite/rasterlitedataset.cpp:656:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(adfGeoTransform, poMainDS->adfGeoTransform, 6 * sizeof(double));
data/gdal-3.0.4+dfsg/frmts/rasterlite/rasterlitedataset.cpp:735:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szName[80];
data/gdal-3.0.4+dfsg/frmts/rasterlite/rasterlitedataset.cpp:809:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(padfGeoTransform, adfGeoTransform, 6 * sizeof(double));
data/gdal-3.0.4+dfsg/frmts/rasterlite/rasterlitedataset.cpp:1052:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nLevel = atoi(papszTokens[i] + 6);
data/gdal-3.0.4+dfsg/frmts/rasterlite/rasterlitedataset.cpp:1075:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nReqBands = atoi(papszTokens[i] + 6);
data/gdal-3.0.4+dfsg/frmts/rasterlite/rasterliteoverviews.cpp:291:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nBlockXSize = atoi(CSLFetchNameValueDef(papszOptions, "BLOCKXSIZE", "256"));
data/gdal-3.0.4+dfsg/frmts/rasterlite/rasterliteoverviews.cpp:292:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nBlockYSize = atoi(CSLFetchNameValueDef(papszOptions, "BLOCKYSIZE", "256"));
data/gdal-3.0.4+dfsg/frmts/rasterlite/rasterliteoverviews.cpp:472:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char szTmp[64];
data/gdal-3.0.4+dfsg/frmts/rasterlite/rasterliteoverviews.cpp:509:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szTmp[64];
data/gdal-3.0.4+dfsg/frmts/raw/ace2dataset.cpp:159:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfTransform, adfGeoTransform, sizeof(double)*6 );
data/gdal-3.0.4+dfsg/frmts/raw/ace2dataset.cpp:251:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pszLatLonValueString[4] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/ace2dataset.cpp:255:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int southWestLat = atoi(pszLatLonValueString);
data/gdal-3.0.4+dfsg/frmts/raw/ace2dataset.cpp:259:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int southWestLon = atoi(pszLatLonValueString);
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:59:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char abyHeader[256];
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:181:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( abyWrk, reinterpret_cast<GByte *>(pImage) + i * nDataSize,
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:183:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( reinterpret_cast<GByte *>(pImage) + i * nDataSize,
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:187:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( reinterpret_cast<GByte *>(pImage) + (nRasterYSize - i - 1) *
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:233:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyWrkBlock + (nRasterYSize - i - 1) * nDataSize,
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:353:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ds.abyHeader + 62, &fScale, sizeof(fScale));
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:431:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfTransform, adfGeoTransform, sizeof(double)*6 );
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:448:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( adfGeoTransform, padfTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:465:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyHeader + 28, &dfLeft, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:466:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyHeader + 36, &dfRight, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:467:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyHeader + 44, &dfBottom, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:468:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyHeader + 52, &dfTop, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:534:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyHeader + 22, &nShortTemp, 2 );
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:546:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyHeader + 24, &nShortTemp, 2 );
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:554:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(oSRS.GetAuthorityCode( "GEOGCS|DATUM" )) + 2000);
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:558:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyHeader + 26, &nShortTemp, 2 );
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:602:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( poDS->abyHeader, poOpenInfo->pabyHeader, 256 );
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:607:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szVersion[4] = {};
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:619:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &nIntTemp, poDS->abyHeader + 10, 4 );
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:622:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &nIntTemp, poDS->abyHeader + 14, 4 );
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:632:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &nDataSize, poDS->abyHeader+18, 2 );
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:656:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &poDS->m_fVscale, poDS->abyHeader + 62, 4 );
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:698:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &nUTMZone, poDS->abyHeader + 24, 2 );
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:702:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &nDatum, poDS->abyHeader + 26, 2 );
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:706:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &nHUnits, poDS->abyHeader + 22, 2 );
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:755:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szName[32];
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:776:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &dfLeft, poDS->abyHeader + 28, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:780:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &dfRight, poDS->abyHeader + 36, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:784:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &dfBottom, poDS->abyHeader + 44, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:788:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &dfTop, poDS->abyHeader + 52, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:881:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char abyHeader[256] = {};
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:883:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyHeader, "binterr1.3", 10 );
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:886:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyHeader+10, &nTemp, 4 );
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:889:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyHeader+14, &nTemp, 4 );
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:893:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyHeader + 18, &nShortTemp, 2 );
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:901:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyHeader + 22, &nShortTemp, 2 );
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:904:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyHeader + 24, &nShortTemp, 2 );
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:907:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyHeader + 26, &nShortTemp, 2 );
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:917:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyHeader + 28, &dfLeft, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:918:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyHeader + 36, &dfRight, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:919:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyHeader + 44, &dfBottom, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:920:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyHeader + 52, &dfTop, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:932:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyHeader + 62, &fScale, 4 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:379:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfTransform, adfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:396:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( adfGeoTransform, padfTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:515:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi( pszAuthCode ) == BYN_DATUM_1_VDATUM_2 )
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:571:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &pohHeader->nSouth,     pabyBuf,      4 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:572:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &pohHeader->nNorth,     pabyBuf + 4,  4 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:573:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &pohHeader->nWest,      pabyBuf + 8,  4 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:574:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &pohHeader->nEast,      pabyBuf + 12, 4 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:575:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &pohHeader->nDLat,      pabyBuf + 16, 2 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:576:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &pohHeader->nDLon,      pabyBuf + 18, 2 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:577:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &pohHeader->nGlobal,    pabyBuf + 20, 2 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:578:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &pohHeader->nType,      pabyBuf + 22, 2 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:579:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &pohHeader->dfFactor,   pabyBuf + 24, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:580:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &pohHeader->nSizeOf,    pabyBuf + 32, 2 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:581:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &pohHeader->nVDatum,    pabyBuf + 34, 2 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:582:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &pohHeader->nDescrip,   pabyBuf + 40, 2 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:583:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &pohHeader->nSubType,   pabyBuf + 42, 2 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:584:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &pohHeader->nDatum,     pabyBuf + 44, 2 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:585:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &pohHeader->nEllipsoid, pabyBuf + 46, 2 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:586:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &pohHeader->nByteOrder, pabyBuf + 48, 2 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:587:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &pohHeader->nScale,     pabyBuf + 50, 2 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:588:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &pohHeader->dfWo,       pabyBuf + 52, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:589:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &pohHeader->dfGM,       pabyBuf + 60, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:590:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &pohHeader->nTideSys,   pabyBuf + 68, 2 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:591:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &pohHeader->nRealiz,    pabyBuf + 70, 2 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:592:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &pohHeader->dEpoch,     pabyBuf + 72, 4 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:593:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &pohHeader->nPtType,    pabyBuf + 76, 2 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:655:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyBuf,      &pohHeader->nSouth,     4 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:656:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyBuf + 4,  &pohHeader->nNorth,     4 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:657:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyBuf + 8,  &pohHeader->nWest,      4 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:658:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyBuf + 12, &pohHeader->nEast,      4 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:659:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyBuf + 16, &pohHeader->nDLat,      2 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:660:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyBuf + 18, &pohHeader->nDLon,      2 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:661:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyBuf + 20, &pohHeader->nGlobal,    2 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:662:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyBuf + 22, &pohHeader->nType,      2 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:663:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyBuf + 24, &pohHeader->dfFactor,   8 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:664:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyBuf + 32, &pohHeader->nSizeOf,    2 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:665:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyBuf + 34, &pohHeader->nVDatum,    2 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:666:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyBuf + 40, &pohHeader->nDescrip,   2 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:667:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyBuf + 42, &pohHeader->nSubType,   2 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:668:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyBuf + 44, &pohHeader->nDatum,     2 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:669:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyBuf + 46, &pohHeader->nEllipsoid, 2 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:670:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyBuf + 48, &pohHeader->nByteOrder, 2 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:671:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyBuf + 50, &pohHeader->nScale,     2 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:672:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyBuf + 52, &pohHeader->dfWo,       8 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:673:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyBuf + 60, &pohHeader->dfGM,       8 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:674:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyBuf + 68, &pohHeader->nTideSys,   2 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:675:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyBuf + 70, &pohHeader->nRealiz,    2 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:676:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyBuf + 72, &pohHeader->dEpoch,     4 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:677:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyBuf + 76, &pohHeader->nPtType,    2 );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:825:49:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        hHeader.nGlobal  = static_cast<GInt16>( atoi( pszValue ) );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:829:49:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        hHeader.nType    = static_cast<GInt16>( atoi( pszValue ) );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:833:49:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        hHeader.nDescrip = static_cast<GInt16>( atoi( pszValue ) );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:837:49:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        hHeader.nSubType = static_cast<GInt16>( atoi( pszValue ) );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:849:49:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        hHeader.nTideSys = static_cast<GInt16>( atoi( pszValue ) );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:853:49:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        hHeader.nRealiz  = static_cast<GInt16>( atoi( pszValue ) );
data/gdal-3.0.4+dfsg/frmts/raw/byndataset.cpp:861:49:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        hHeader.nPtType  = static_cast<GInt16>( atoi( pszValue ) );
data/gdal-3.0.4+dfsg/frmts/raw/cpgdataset.cpp:522:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            iUTMZone = atoi(papszTokens[4]);
data/gdal-3.0.4+dfsg/frmts/raw/cpgdataset.cpp:534:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nLines = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/frmts/raw/cpgdataset.cpp:537:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nSamples = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/frmts/raw/cpgdataset.cpp:540:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                  && atoi(papszTokens[1]) != 0)
data/gdal-3.0.4+dfsg/frmts/raw/cpgdataset.cpp:542:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                     && (atoi(papszTokens[1]) != 1)
data/gdal-3.0.4+dfsg/frmts/raw/cpgdataset.cpp:543:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                     && (atoi(papszTokens[1]) != 10))
data/gdal-3.0.4+dfsg/frmts/raw/cpgdataset.cpp:545:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                     && atoi(papszTokens[1]) != 1)
data/gdal-3.0.4+dfsg/frmts/raw/cpgdataset.cpp:580:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            itransposed = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/frmts/raw/cpgdataset.cpp:617:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const char * const apszPolarizations[4] = { "hh", "hv", "vv", "vh" };
data/gdal-3.0.4+dfsg/frmts/raw/cpgdataset.cpp:736:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szID[32];
data/gdal-3.0.4+dfsg/frmts/raw/cpgdataset.cpp:885:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            iUTMZone = atoi(papszTokens[4]);
data/gdal-3.0.4+dfsg/frmts/raw/cpgdataset.cpp:919:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nSamples = atoi(papszTokens[3]);
data/gdal-3.0.4+dfsg/frmts/raw/cpgdataset.cpp:926:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nLines = atoi(papszTokens[3]);
data/gdal-3.0.4+dfsg/frmts/raw/cpgdataset.cpp:933:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nBands = atoi(papszTokens[3]);
data/gdal-3.0.4+dfsg/frmts/raw/cpgdataset.cpp:948:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            iBytesPerPixel = atoi(papszTokens[3]);
data/gdal-3.0.4+dfsg/frmts/raw/cpgdataset.cpp:1214:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfTransform,  adfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/raw/cpgdataset.cpp:1370:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const char * const apszPolarizations[16] = {
data/gdal-3.0.4+dfsg/frmts/raw/ctable2dataset.cpp:170:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char achHeader[160] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/ctable2dataset.cpp:192:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &nRasterXSize, achHeader + 128, 4 );
data/gdal-3.0.4+dfsg/frmts/raw/ctable2dataset.cpp:193:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &nRasterYSize, achHeader + 132, 4 );
data/gdal-3.0.4+dfsg/frmts/raw/ctable2dataset.cpp:206:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( adfValues, achHeader + 96, sizeof(double)*4 );
data/gdal-3.0.4+dfsg/frmts/raw/ctable2dataset.cpp:260:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfTransform, adfGeoTransform, sizeof(double)*6 );
data/gdal-3.0.4+dfsg/frmts/raw/ctable2dataset.cpp:286:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( adfGeoTransform, padfTransform, sizeof(double)*6 );
data/gdal-3.0.4+dfsg/frmts/raw/ctable2dataset.cpp:296:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char achHeader[160] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/ctable2dataset.cpp:302:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( achHeader + 96, &dfValue, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ctable2dataset.cpp:308:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( achHeader + 104, &dfValue, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ctable2dataset.cpp:313:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( achHeader + 112, &dfValue, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ctable2dataset.cpp:318:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( achHeader + 120, &dfValue, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ctable2dataset.cpp:373:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char achHeader[160] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/ctable2dataset.cpp:377:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( achHeader+0, "CTABLE V2.0     ", 16 );
data/gdal-3.0.4+dfsg/frmts/raw/ctable2dataset.cpp:387:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( achHeader + 96, &dfValue, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ctable2dataset.cpp:392:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( achHeader + 104, &dfValue, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ctable2dataset.cpp:397:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( achHeader + 112, &dfValue, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ctable2dataset.cpp:402:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( achHeader + 120, &dfValue, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ctable2dataset.cpp:407:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( achHeader + 128, &nValue32, 4 );
data/gdal-3.0.4+dfsg/frmts/raw/ctable2dataset.cpp:412:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( achHeader + 132, &nValue32, 4 );
data/gdal-3.0.4+dfsg/frmts/raw/dipxdataset.cpp:59:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char        unused1[40];
data/gdal-3.0.4+dfsg/frmts/raw/dipxdataset.cpp:63:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char        unused2[12]{};
data/gdal-3.0.4+dfsg/frmts/raw/dipxdataset.cpp:69:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char        unused3[344];
data/gdal-3.0.4+dfsg/frmts/raw/dipxdataset.cpp:71:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char        unused4[32];
data/gdal-3.0.4+dfsg/frmts/raw/dipxdataset.cpp:376:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfTransform, adfGeoTransform, sizeof(double)*6 );
data/gdal-3.0.4+dfsg/frmts/raw/doq1dataset.cpp:64:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szWork[128] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/doq1dataset.cpp:85:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szWork[128] = { ' ' };
data/gdal-3.0.4+dfsg/frmts/raw/doq1dataset.cpp:88:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( szWork, pszDescBegin, strlen(pszDescBegin) );
data/gdal-3.0.4+dfsg/frmts/raw/doq1dataset.cpp:89:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( szWork + strlen(pszDescBegin),
data/gdal-3.0.4+dfsg/frmts/raw/doq1dataset.cpp:98:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(
data/gdal-3.0.4+dfsg/frmts/raw/doq1dataset.cpp:100:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(
data/gdal-3.0.4+dfsg/frmts/raw/doq1dataset.cpp:354:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char abyRecordData[500] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/doq2dataset.cpp:211:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nWidth = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/frmts/raw/doq2dataset.cpp:212:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nHeight = atoi(papszTokens[2]);
data/gdal-3.0.4+dfsg/frmts/raw/doq2dataset.cpp:216:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nSkipBytes = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/frmts/raw/doq2dataset.cpp:259:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nBytesPerPixel = atoi(papszTokens[1]) / 8;
data/gdal-3.0.4+dfsg/frmts/raw/doq2dataset.cpp:272:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nZone = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/frmts/raw/ehdrdataset.cpp:97:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nSkipBytes = atoi(poEDS->GetKeyValue("SKIPBYTES"));
data/gdal-3.0.4+dfsg/frmts/raw/ehdrdataset.cpp:478:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szNewLine[82] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/ehdrdataset.cpp:645:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(padfTransform, adfGeoTransform, sizeof(double) * 6);
data/gdal-3.0.4+dfsg/frmts/raw/ehdrdataset.cpp:667:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(adfGeoTransform, padfGeoTransform, sizeof(double) * 6);
data/gdal-3.0.4+dfsg/frmts/raw/ehdrdataset.cpp:805:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            const int i = atoi(papszTokens[0]);
data/gdal-3.0.4+dfsg/frmts/raw/ehdrdataset.cpp:1039:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLayout[10] = "BIL";
data/gdal-3.0.4+dfsg/frmts/raw/ehdrdataset.cpp:1067:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nCols = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/frmts/raw/ehdrdataset.cpp:1071:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nRows = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/frmts/raw/ehdrdataset.cpp:1075:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nSkipBytes = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/frmts/raw/ehdrdataset.cpp:1111:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nBands = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/frmts/raw/ehdrdataset.cpp:1125:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nBits = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/frmts/raw/ehdrdataset.cpp:1439:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szResult[80] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/ehdrdataset.cpp:1493:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                            utmZone = atoi(c);
data/gdal-3.0.4+dfsg/frmts/raw/ehdrdataset.cpp:1519:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                            utmZone = atoi(c);
data/gdal-3.0.4+dfsg/frmts/raw/ehdrdataset.cpp:1572:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char projCSStr[64] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/ehdrdataset.cpp:1632:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                const int nIndex = atoi(papszValues[0]);
data/gdal-3.0.4+dfsg/frmts/raw/ehdrdataset.cpp:1634:45:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                poRat->SetValue(nRatRow, 1, atoi(papszValues[1]));
data/gdal-3.0.4+dfsg/frmts/raw/ehdrdataset.cpp:1635:45:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                poRat->SetValue(nRatRow, 2, atoi(papszValues[2]));
data/gdal-3.0.4+dfsg/frmts/raw/ehdrdataset.cpp:1636:45:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                poRat->SetValue(nRatRow, 3, atoi(papszValues[3]));
data/gdal-3.0.4+dfsg/frmts/raw/ehdrdataset.cpp:1643:44:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        static_cast<short>(atoi(papszValues[1])),  // Red
data/gdal-3.0.4+dfsg/frmts/raw/ehdrdataset.cpp:1644:44:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        static_cast<short>(atoi(papszValues[2])),  // Green
data/gdal-3.0.4+dfsg/frmts/raw/ehdrdataset.cpp:1645:44:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        static_cast<short>(atoi(papszValues[3])),  // Blue
data/gdal-3.0.4+dfsg/frmts/raw/ehdrdataset.cpp:1767:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nBits = atoi(CSLFetchNameValue(papszParmList, "NBITS"));
data/gdal-3.0.4+dfsg/frmts/raw/eirdataset.cpp:165:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szNewLine[82] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/eirdataset.cpp:195:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( padfTransform, adfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/raw/eirdataset.cpp:285:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLayout[10] = "BIL";
data/gdal-3.0.4+dfsg/frmts/raw/eirdataset.cpp:323:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nCols = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/frmts/raw/eirdataset.cpp:327:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nRows = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/frmts/raw/eirdataset.cpp:331:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nBands = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/frmts/raw/eirdataset.cpp:392:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nSkipBytes = atoi(papszTokens[1]); // TBD: is this mapping right?
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:552:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        return atoi(poThis->GetAuthorityCode("GEOGCS"));
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:595:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int nDatum = atoi(poThis->GetAuthorityCode("GEOGCS|DATUM"));
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:1023:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *papszVal[93] = { nullptr };
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:1170:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(padfTransform, adfGeoTransform, sizeof(double) * 6);
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:1184:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(adfGeoTransform, padfTransform, sizeof(double) * 6);
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:1446:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            oSRS.SetUTM(atoi(papszFields[7]), !EQUAL(papszFields[8], "South"));
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:1456:49:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            oSRS.SetStatePlane(ITTVISToUSGSZone(atoi(papszFields[7])), FALSE);
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:1462:49:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            oSRS.SetStatePlane(ITTVISToUSGSZone(atoi(papszFields[7])), TRUE);
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:1474:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        else if( nPICount > 8 && atoi(papszPI[0]) == 3 )  // TM
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:1480:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        else if( nPICount > 8 && atoi(papszPI[0]) == 4 )
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:1487:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        else if( nPICount > 10 && atoi(papszPI[0]) == 5 )
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:1496:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        else if( nPICount > 8 && atoi(papszPI[0]) == 6 )  // Oblique Merc
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:1503:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        else if( nPICount > 8 && atoi(papszPI[0]) == 7 ) // Stereographic
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:1509:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        else if( nPICount > 8 && atoi(papszPI[0]) == 9 )  // Albers Equal Area
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:1515:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        else if( nPICount > 6 && atoi(papszPI[0]) == 10 )  // Polyconic
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:1520:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        else if( nPICount > 6 && atoi(papszPI[0]) == 11 )  // LAEA
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:1525:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        else if( nPICount > 6 && atoi(papszPI[0]) == 12 )  // Azimuthal Equid.
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:1530:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        else if( nPICount > 6 && atoi(papszPI[0]) == 31 )  // Polar Stereographic
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:1660:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sVal[1280] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:2079:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTestHdr[4] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:2133:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nLines = atoi(poDS->m_aosHeader.FetchNameValueDef("lines", "0"));
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:2136:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        atoi(poDS->m_aosHeader.FetchNameValueDef("samples", "0"));
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:2138:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nBands = atoi(poDS->m_aosHeader.FetchNameValueDef("bands", "0"));
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:2168:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        atoi(poDS->m_aosHeader.FetchNameValueDef("header_offset", "0"));
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:2176:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        switch( atoi(pszDataType) )
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:2232:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        bNativeOrder = atoi(pszByteOrder) == 0;
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:2234:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        bNativeOrder = atoi(pszByteOrder) != 0;
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:2272:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const bool bIsCompressed = atoi(
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:2368:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nOffset1 = atoi(papszMajorFrameOffsets[0]);
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:2369:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nOffset2 = atoi(papszMajorFrameOffsets[1]);
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:2524:44:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            sEntry.c1 = static_cast<short>(atoi(papszClassColors[i * 3 + 0]));
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:2525:44:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            sEntry.c2 = static_cast<short>(atoi(papszClassColors[i * 3 + 1]));
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:2526:44:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            sEntry.c3 = static_cast<short>(atoi(papszClassColors[i * 3 + 2]));
data/gdal-3.0.4+dfsg/frmts/raw/fastdataset.cpp:225:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfTransform, adfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/raw/fastdataset.cpp:423:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        const char apchLISSFilenames[7][5] = {
data/gdal-3.0.4+dfsg/frmts/raw/fastdataset.cpp:807:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        poDS->nRasterXSize = atoi( pszTemp );
data/gdal-3.0.4+dfsg/frmts/raw/fastdataset.cpp:823:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        poDS->nRasterYSize = atoi( pszTemp );
data/gdal-3.0.4+dfsg/frmts/raw/fastdataset.cpp:844:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        switch( atoi(pszTemp) )
data/gdal-3.0.4+dfsg/frmts/raw/fastdataset.cpp:968:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        iZone = atoi( pszTemp );
data/gdal-3.0.4+dfsg/frmts/raw/fujibasdataset.cpp:147:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nYSize = atoi(CSLFetchNameValue(papszHeader,"width"));
data/gdal-3.0.4+dfsg/frmts/raw/fujibasdataset.cpp:148:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nXSize = atoi(CSLFetchNameValue(papszHeader,"height"));
data/gdal-3.0.4+dfsg/frmts/raw/genbindataset.cpp:403:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( padfTransform, adfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/raw/genbindataset.cpp:446:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nZone = atoi(CSLFetchNameValue( papszHdr, "PROJECTION_ZONE" ));
data/gdal-3.0.4+dfsg/frmts/raw/genbindataset.cpp:595:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char achHeader[1000] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/genbindataset.cpp:682:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nBands = atoi(CSLFetchNameValue( papszHdr, "BANDS" ));
data/gdal-3.0.4+dfsg/frmts/raw/genbindataset.cpp:684:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poDS->nRasterXSize = atoi(CSLFetchNameValue( papszHdr, "COLS" ));
data/gdal-3.0.4+dfsg/frmts/raw/genbindataset.cpp:685:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poDS->nRasterYSize = atoi(CSLFetchNameValue( papszHdr, "ROWS" ));
data/gdal-3.0.4+dfsg/frmts/raw/genbindataset.cpp:722:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nBits = atoi(pszDataType+1);
data/gdal-3.0.4+dfsg/frmts/raw/gscdataset.cpp:93:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfTransform, adfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/raw/gtxdataset.cpp:320:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfTransform, adfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/raw/gtxdataset.cpp:338:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( adfGeoTransform, padfTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/raw/gtxdataset.cpp:346:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char header[32] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/gtxdataset.cpp:347:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( header + 0, &dfYOrigin, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/gtxdataset.cpp:350:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( header + 8, &dfXOrigin, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/gtxdataset.cpp:353:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( header + 16, &dfHeight, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/gtxdataset.cpp:356:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( header + 24, &dfWidth, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/gtxdataset.cpp:422:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char header[40] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/gtxdataset.cpp:424:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( header + 0, &dfYOrigin, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/gtxdataset.cpp:428:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( header + 8, &dfXOrigin, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/gtxdataset.cpp:432:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( header + 16, &dfYSize, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/gtxdataset.cpp:436:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( header + 24, &dfXSize, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/gtxdataset.cpp:440:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( header + 32, &nYSize32, 4 );
data/gdal-3.0.4+dfsg/frmts/raw/gtxdataset.cpp:444:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( header + 36, &nXSize32, 4 );
data/gdal-3.0.4+dfsg/frmts/raw/hkvdataset.cpp:463:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfTransform,  adfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/raw/hkvdataset.cpp:481:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( adfGeoTransform, padfTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/raw/hkvdataset.cpp:580:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szValue[128] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/hkvdataset.cpp:628:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char szValue[128] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/hkvdataset.cpp:676:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szValue[128] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/hkvdataset.cpp:724:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char szValue[128] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/hkvdataset.cpp:761:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szValue[128] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/hkvdataset.cpp:925:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szFieldName[128] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/hkvdataset.cpp:1336:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poDS->nRasterXSize = atoi(CSLFetchNameValue(papszAttrib,"extent.cols"));
data/gdal-3.0.4+dfsg/frmts/raw/hkvdataset.cpp:1337:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poDS->nRasterYSize = atoi(CSLFetchNameValue(papszAttrib,"extent.rows"));
data/gdal-3.0.4+dfsg/frmts/raw/hkvdataset.cpp:1368:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nRawBands = atoi(pszValue);
data/gdal-3.0.4+dfsg/frmts/raw/hkvdataset.cpp:1402:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nSize = atoi(CSLFetchNameValue(papszAttrib,"pixel.size"))/8;
data/gdal-3.0.4+dfsg/frmts/raw/idadataset.cpp:123:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        szTitle[81];
data/gdal-3.0.4+dfsg/frmts/raw/idadataset.cpp:494:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfGeoTransform, adfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/raw/idadataset.cpp:508:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( adfGeoTransform, padfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/raw/idadataset.cpp:687:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            poRAT->SetValue( iRow, 0, atoi(papszTokens[0]) );
data/gdal-3.0.4+dfsg/frmts/raw/idadataset.cpp:688:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            poRAT->SetValue( iRow, 1, atoi(papszTokens[1]) );
data/gdal-3.0.4+dfsg/frmts/raw/idadataset.cpp:689:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            poRAT->SetValue( iRow, 2, atoi(papszTokens[2]) );
data/gdal-3.0.4+dfsg/frmts/raw/idadataset.cpp:690:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            poRAT->SetValue( iRow, 3, atoi(papszTokens[3]) );
data/gdal-3.0.4+dfsg/frmts/raw/idadataset.cpp:691:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            poRAT->SetValue( iRow, 4, atoi(papszTokens[4]) );
data/gdal-3.0.4+dfsg/frmts/raw/idadataset.cpp:804:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( poDS->abyHeader, poOpenInfo->pabyHeader, 512 );
data/gdal-3.0.4+dfsg/frmts/raw/iscedataset.cpp:209:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sBuf[64] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/iscedataset.cpp:567:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        char szPropName[32];
data/gdal-3.0.4+dfsg/frmts/raw/iscedataset.cpp:597:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nWidth = atoi( CSLFetchNameValue( papszXmlProps, "WIDTH" ) );
data/gdal-3.0.4+dfsg/frmts/raw/iscedataset.cpp:598:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nHeight = atoi( CSLFetchNameValue( papszXmlProps, "LENGTH" ) );
data/gdal-3.0.4+dfsg/frmts/raw/iscedataset.cpp:599:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nBands = atoi( CSLFetchNameValue( papszXmlProps, "NUMBER_BANDS" ) );
data/gdal-3.0.4+dfsg/frmts/raw/iscedataset.cpp:864:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sBuf[64] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/krodataset.cpp:123:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char achHeader[20] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/krodataset.cpp:127:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&nXSize, achHeader + 4, 4);
data/gdal-3.0.4+dfsg/frmts/raw/krodataset.cpp:131:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&nYSize, achHeader + 8, 4);
data/gdal-3.0.4+dfsg/frmts/raw/krodataset.cpp:135:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&nDepth, achHeader + 12, 4);
data/gdal-3.0.4+dfsg/frmts/raw/krodataset.cpp:139:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&nComp, achHeader + 16, 4);
data/gdal-3.0.4+dfsg/frmts/raw/landataset.cpp:142:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        pachHeader[ERD_HEADER_SIZE];
data/gdal-3.0.4+dfsg/frmts/raw/landataset.cpp:392:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( poDS->pachHeader, poOpenInfo->pabyHeader, ERD_HEADER_SIZE );
data/gdal-3.0.4+dfsg/frmts/raw/landataset.cpp:427:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&fTmp, poDS->pachHeader + 16, 4);
data/gdal-3.0.4+dfsg/frmts/raw/landataset.cpp:429:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&fTmp, poDS->pachHeader + 20, 4);
data/gdal-3.0.4+dfsg/frmts/raw/landataset.cpp:435:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nTmp, poDS->pachHeader + 16, 4);
data/gdal-3.0.4+dfsg/frmts/raw/landataset.cpp:437:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nTmp, poDS->pachHeader + 20, 4);
data/gdal-3.0.4+dfsg/frmts/raw/landataset.cpp:442:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&nTmp16, poDS->pachHeader + 6, 2);
data/gdal-3.0.4+dfsg/frmts/raw/landataset.cpp:471:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&nTmp16, poDS->pachHeader + 8, 2);
data/gdal-3.0.4+dfsg/frmts/raw/landataset.cpp:533:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&fTmp, poDS->pachHeader + 112, 4);
data/gdal-3.0.4+dfsg/frmts/raw/landataset.cpp:535:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&fTmp, poDS->pachHeader + 120, 4);
data/gdal-3.0.4+dfsg/frmts/raw/landataset.cpp:538:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&fTmp, poDS->pachHeader + 116, 4);
data/gdal-3.0.4+dfsg/frmts/raw/landataset.cpp:541:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&fTmp, poDS->pachHeader + 124, 4);
data/gdal-3.0.4+dfsg/frmts/raw/landataset.cpp:563:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&nTmp16, poDS->pachHeader + 88, 2);
data/gdal-3.0.4+dfsg/frmts/raw/landataset.cpp:599:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTRLData[896] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/landataset.cpp:641:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( padfTransform, adfGeoTransform, sizeof(double)*6 );
data/gdal-3.0.4+dfsg/frmts/raw/landataset.cpp:655:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char abyHeader[128] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/landataset.cpp:657:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( adfGeoTransform, padfTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/raw/landataset.cpp:665:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyHeader + 112, &f32Val, 4 );
data/gdal-3.0.4+dfsg/frmts/raw/landataset.cpp:670:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyHeader + 116, &f32Val, 4 );
data/gdal-3.0.4+dfsg/frmts/raw/landataset.cpp:674:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyHeader + 120, &f32Val, 4 );
data/gdal-3.0.4+dfsg/frmts/raw/landataset.cpp:678:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyHeader + 124, &f32Val, 4 );
data/gdal-3.0.4+dfsg/frmts/raw/landataset.cpp:718:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char abyHeader[128] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/landataset.cpp:794:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyHeader + 88, &nProjCode, 2 );
data/gdal-3.0.4+dfsg/frmts/raw/landataset.cpp:864:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &nMin, abyBandInfo + 28, 2 );
data/gdal-3.0.4+dfsg/frmts/raw/landataset.cpp:865:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &nMax, abyBandInfo + 30, 2 );
data/gdal-3.0.4+dfsg/frmts/raw/landataset.cpp:877:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &fMean, abyBandInfo + 12, 4 );
data/gdal-3.0.4+dfsg/frmts/raw/landataset.cpp:878:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &fStdDev, abyBandInfo + 24, 4 );
data/gdal-3.0.4+dfsg/frmts/raw/landataset.cpp:922:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char abyHeader[128] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/landataset.cpp:926:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyHeader + 0, "HEAD74", 6 );
data/gdal-3.0.4+dfsg/frmts/raw/landataset.cpp:934:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyHeader + 6, &n16Val, 2 );
data/gdal-3.0.4+dfsg/frmts/raw/landataset.cpp:938:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyHeader + 8, &n16Val, 2 );
data/gdal-3.0.4+dfsg/frmts/raw/landataset.cpp:944:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyHeader + 16, &n32Val, 4 );
data/gdal-3.0.4+dfsg/frmts/raw/landataset.cpp:948:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyHeader + 20, &n32Val, 4 );
data/gdal-3.0.4+dfsg/frmts/raw/landataset.cpp:957:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyHeader + 88, &n16Val, 2 );
data/gdal-3.0.4+dfsg/frmts/raw/landataset.cpp:961:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyHeader + 90, &n16Val, 2 );
data/gdal-3.0.4+dfsg/frmts/raw/landataset.cpp:967:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyHeader + 106, &n16Val, 2 );
data/gdal-3.0.4+dfsg/frmts/raw/landataset.cpp:971:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyHeader + 108, &f32Val, 4 );
data/gdal-3.0.4+dfsg/frmts/raw/landataset.cpp:975:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyHeader + 112, &f32Val, 4 );
data/gdal-3.0.4+dfsg/frmts/raw/landataset.cpp:979:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyHeader + 116, &f32Val, 4 );
data/gdal-3.0.4+dfsg/frmts/raw/landataset.cpp:983:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyHeader + 120, &f32Val, 4 );
data/gdal-3.0.4+dfsg/frmts/raw/landataset.cpp:987:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyHeader + 124, &f32Val, 4 );
data/gdal-3.0.4+dfsg/frmts/raw/lcpdataset.cpp:54:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        pachHeader[LCP_HEADER_SIZE];
data/gdal-3.0.4+dfsg/frmts/raw/lcpdataset.cpp:131:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &dfEast, pachHeader + 4172, sizeof(double) );
data/gdal-3.0.4+dfsg/frmts/raw/lcpdataset.cpp:132:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &dfWest, pachHeader + 4180, sizeof(double) );
data/gdal-3.0.4+dfsg/frmts/raw/lcpdataset.cpp:133:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &dfNorth, pachHeader + 4188, sizeof(double) );
data/gdal-3.0.4+dfsg/frmts/raw/lcpdataset.cpp:134:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &dfSouth, pachHeader + 4196, sizeof(double) );
data/gdal-3.0.4+dfsg/frmts/raw/lcpdataset.cpp:135:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &dfCellX, pachHeader + 4208, sizeof(double) );
data/gdal-3.0.4+dfsg/frmts/raw/lcpdataset.cpp:136:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &dfCellY, pachHeader + 4216, sizeof(double) );
data/gdal-3.0.4+dfsg/frmts/raw/lcpdataset.cpp:280:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char szTemp[32] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/lcpdataset.cpp:1188:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nLatitude = atoi( CSLFetchNameValue( papszOptions, "LATITUDE" ) );
data/gdal-3.0.4+dfsg/frmts/raw/loslasdataset.cpp:257:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfTransform, adfGeoTransform, sizeof(double)*6 );
data/gdal-3.0.4+dfsg/frmts/raw/mffdataset.cpp:352:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfTransform,  adfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/raw/mffdataset.cpp:376:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        NUM_GCPS = atoi(CSLFetchNameValue(papszHdrLines, "NUM_GCPS"));
data/gdal-3.0.4+dfsg/frmts/raw/mffdataset.cpp:423:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szLatName[40] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/mffdataset.cpp:424:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szLongName[40] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/mffdataset.cpp:458:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szName[25] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/mffdataset.cpp:768:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        poDS->nRasterXSize = atoi(CSLFetchNameValue(papszHdrLines,"no_columns"));
data/gdal-3.0.4+dfsg/frmts/raw/mffdataset.cpp:769:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        poDS->nRasterYSize = atoi(CSLFetchNameValue(papszHdrLines,"no_rows"));
data/gdal-3.0.4+dfsg/frmts/raw/mffdataset.cpp:774:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(CSLFetchNameValue(papszHdrLines, "LINE_SAMPLES"));
data/gdal-3.0.4+dfsg/frmts/raw/mffdataset.cpp:776:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(CSLFetchNameValue(papszHdrLines, "IMAGE_LINES"));
data/gdal-3.0.4+dfsg/frmts/raw/mffdataset.cpp:807:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                atoi(CSLFetchNameValue(papszHdrLines,"tile_size_rows"));
data/gdal-3.0.4+dfsg/frmts/raw/mffdataset.cpp:810:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                atoi(CSLFetchNameValue(papszHdrLines,"tile_size_columns") );
data/gdal-3.0.4+dfsg/frmts/raw/mffdataset.cpp:852:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                && atoi(pszExtension+1) == nRawBand
data/gdal-3.0.4+dfsg/frmts/raw/mffdataset.cpp:1188:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szExtension[4] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/mffdataset.cpp:1225:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat( pszBaseFilename, ".hdr" );
data/gdal-3.0.4+dfsg/frmts/raw/ndfdataset.cpp:117:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfTransform, adfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/raw/ndfdataset.cpp:261:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poDS->nRasterXSize = atoi(poDS->Get("PIXELS_PER_LINE",""));
data/gdal-3.0.4+dfsg/frmts/raw/ndfdataset.cpp:262:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poDS->nRasterYSize = atoi(poDS->Get("LINES_PER_DATA_FILE",""));
data/gdal-3.0.4+dfsg/frmts/raw/ndfdataset.cpp:275:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nBands = atoi(pszBand);
data/gdal-3.0.4+dfsg/frmts/raw/ndfdataset.cpp:286:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szKey[100];
data/gdal-3.0.4+dfsg/frmts/raw/ndfdataset.cpp:293:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szBandExtension[15];
data/gdal-3.0.4+dfsg/frmts/raw/ndfdataset.cpp:354:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nUSGSProjection = atoi(poDS->Get( "USGS_PROJECTION_NUMBER", "" ));
data/gdal-3.0.4+dfsg/frmts/raw/ndfdataset.cpp:355:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nZone = atoi(poDS->Get("USGS_MAP_ZONE","0"));
data/gdal-3.0.4+dfsg/frmts/raw/ntv1dataset.cpp:160:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char achHeader[192];
data/gdal-3.0.4+dfsg/frmts/raw/ntv1dataset.cpp:161:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(achHeader, poOpenInfo->pabyHeader, 192);
data/gdal-3.0.4+dfsg/frmts/raw/ntv1dataset.cpp:174:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &s_lat,  achHeader + 24, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv1dataset.cpp:175:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &n_lat,  achHeader + 40, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv1dataset.cpp:176:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &e_long, achHeader + 56, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv1dataset.cpp:177:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &w_long, achHeader + 72, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv1dataset.cpp:178:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &lat_inc, achHeader + 88, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv1dataset.cpp:179:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &long_inc, achHeader + 104, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv1dataset.cpp:281:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfTransform, adfGeoTransform, sizeof(double)*6 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:217:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char achFileHeader[nRecords*nRecordSize] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:218:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char achGridHeader[nRecords*nRecordSize] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:246:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( achFileHeader + 3*16+8, "        ", 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:247:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( achFileHeader + 3*16+8,
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:253:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( achFileHeader + 4*16+8, "        ", 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:254:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( achFileHeader + 4*16+8,
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:260:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( achFileHeader + 5*16+8, "        ", 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:261:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( achFileHeader + 5*16+8,
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:267:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( achFileHeader + 6*16+8, "        ", 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:268:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( achFileHeader + 6*16+8,
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:276:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( achFileHeader + 7*16+8, &dfValue, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:282:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( achFileHeader + 8*16+8, &dfValue, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:288:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( achFileHeader + 9*16+8, &dfValue, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:294:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( achFileHeader + 10*16+8, &dfValue, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:298:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( achGridHeader + 0*16+8, "        ", 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:299:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( achGridHeader + 0*16+8,
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:305:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( achGridHeader + 1*16+8, "        ", 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:306:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( achGridHeader + 1*16+8,
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:312:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( achGridHeader + 2*16+8, "        ", 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:313:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( achGridHeader + 2*16+8,
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:319:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( achGridHeader + 3*16+8, "        ", 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:320:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( achGridHeader + 3*16+8,
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:397:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        iTargetGrid = atoi(pszRest);
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:434:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char achHeader[11*16] = { 0 };
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:462:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &nSubFileCount, achHeader + 2*16 + 8, 4 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:477:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &dfValue, achHeader + 7*16 + 8, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:483:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &dfValue, achHeader + 8*16 + 8, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:488:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &dfValue, achHeader + 9*16 + 8, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:493:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &dfValue, achHeader + 10*16 + 8, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:520:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &nGSCount, achHeader + 10*16 + 8, 4 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:588:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &s_lat,  pachHeader + 4*16 + 8, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:589:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &n_lat,  pachHeader + 5*16 + 8, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:590:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &e_long, pachHeader + 6*16 + 8, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:591:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &w_long, pachHeader + 7*16 + 8, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:592:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &lat_inc, pachHeader + 8*16 + 8, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:593:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &long_inc, pachHeader + 9*16 + 8, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:674:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfTransform, adfGeoTransform, sizeof(double)*6 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:699:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( adfGeoTransform, padfTransform, sizeof(double)*6 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:704:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char achHeader[11*16] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:714:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( achHeader +  4*16 + 8, &dfValue, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:719:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( achHeader +  5*16 + 8, &dfValue, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:725:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( achHeader +  6*16 + 8, &dfValue, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:730:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( achHeader +  7*16 + 8, &dfValue, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:735:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( achHeader +  8*16 + 8, &dfValue, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:740:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( achHeader +  9*16 + 8, &dfValue, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:810:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char achHeader[11*16] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:827:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( achHeader +  0*16, "NUM_OREC", 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:830:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( achHeader + 0*16 + 8, &nNumOrec, 4 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:832:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( achHeader +  1*16, "NUM_SREC", 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:835:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( achHeader + 1*16 + 8, &nNumSrec, 4 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:837:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( achHeader +  2*16, "NUM_FILE", 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:839:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( achHeader + 2*16 + 8, &nNumFile, 4 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:843:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( achHeader +  3*16, "GS_TYPE         ", 16 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:845:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( achHeader +  3*16+8,
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:849:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( achHeader +  4*16, "VERSION         ", 16 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:851:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( achHeader +  4*16+8, pszValue, std::min(nMinLen, strlen(pszValue)) );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:853:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( achHeader +  5*16, "SYSTEM_F        ", 16 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:855:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( achHeader +  5*16+8, pszValue, std::min(nMinLen, strlen(pszValue)) );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:857:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( achHeader +  6*16, "SYSTEM_T        ", 16 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:859:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( achHeader +  6*16+8, pszValue, std::min(nMinLen, strlen(pszValue)) );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:861:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( achHeader +  7*16, "MAJOR_F ", 8);
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:862:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( achHeader +  8*16, "MINOR_F ", 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:863:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( achHeader +  9*16, "MAJOR_T ", 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:864:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( achHeader + 10*16, "MINOR_T ", 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:922:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( achHeader +  0*16, "SUB_NAME        ", 16 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:924:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( achHeader +  0*16+8,
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:928:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( achHeader +  1*16, "PARENT          ", 16 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:930:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( achHeader +  1*16+8,
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:934:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( achHeader +  2*16, "CREATED         ", 16 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:936:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( achHeader +  2*16+8,
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:940:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( achHeader +  3*16, "UPDATED         ", 16 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:942:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( achHeader + 3*16+8,
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:948:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( achHeader +  4*16, "S_LAT   ", 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:951:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( achHeader +  4*16 + 8, &dfValue, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:953:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( achHeader +  5*16, "N_LAT   ", 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:956:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( achHeader +  5*16 + 8, &dfValue, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:958:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( achHeader +  6*16, "E_LONG  ", 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:961:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( achHeader +  6*16 + 8, &dfValue, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:963:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( achHeader +  7*16, "W_LONG  ", 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:966:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( achHeader +  7*16 + 8, &dfValue, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:968:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( achHeader +  8*16, "LAT_INC ", 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:971:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( achHeader +  8*16 + 8, &dfValue, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:973:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( achHeader +  9*16, "LONG_INC", 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:974:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( achHeader +  9*16 + 8, &dfValue, 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:976:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( achHeader + 10*16, "GS_COUNT", 8 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:979:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( achHeader + 10*16+8, &nGSCount, 4 );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:1000:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( achHeader, "END     ", 8 );
data/gdal-3.0.4+dfsg/frmts/raw/pauxdataset.cpp:140:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTarget[128] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/pauxdataset.cpp:204:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTarget[128] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/pauxdataset.cpp:234:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTarget[128] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/pauxdataset.cpp:235:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szValue[128] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/pauxdataset.cpp:262:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTarget[128] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/pauxdataset.cpp:440:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szName[50] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/pauxdataset.cpp:579:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szUpLeftX[128] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/pauxdataset.cpp:580:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szUpLeftY[128] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/pauxdataset.cpp:581:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLoRightX[128] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/pauxdataset.cpp:582:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLoRightY[128] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/pauxdataset.cpp:646:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szAuxTarget[1024] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/pauxdataset.cpp:742:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poDS->nRasterXSize = atoi(papszTokens[0]);
data/gdal-3.0.4+dfsg/frmts/raw/pauxdataset.cpp:743:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poDS->nRasterYSize = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/frmts/raw/pauxdataset.cpp:744:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poDS->nBands = atoi(papszTokens[2]);
data/gdal-3.0.4+dfsg/frmts/raw/pauxdataset.cpp:793:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szDefnName[32] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/pauxdataset.cpp:833:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int nPixelOffset = atoi(papszTokens[2]);
data/gdal-3.0.4+dfsg/frmts/raw/pauxdataset.cpp:834:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int nLineOffset = atoi(papszTokens[3]);
data/gdal-3.0.4+dfsg/frmts/raw/pauxdataset.cpp:954:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat( pszAuxFilename, ".aux" );
data/gdal-3.0.4+dfsg/frmts/raw/pnmdataset.cpp:104:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( padfTransform, adfGeoTransform, sizeof(double)*6 );
data/gdal-3.0.4+dfsg/frmts/raw/pnmdataset.cpp:157:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szToken[512] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/pnmdataset.cpp:182:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    nWidth = atoi(szToken);
data/gdal-3.0.4+dfsg/frmts/raw/pnmdataset.cpp:184:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    nHeight = atoi(szToken);
data/gdal-3.0.4+dfsg/frmts/raw/pnmdataset.cpp:186:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    nMaxValue = atoi(szToken);
data/gdal-3.0.4+dfsg/frmts/raw/pnmdataset.cpp:361:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nMaxValue = atoi( pszMaxValue );
data/gdal-3.0.4+dfsg/frmts/raw/pnmdataset.cpp:375:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szHeader[500] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/raw/roipacdataset.cpp:252:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nWidth = atoi( CSLFetchNameValue( papszRsc, "WIDTH" ) );
data/gdal-3.0.4+dfsg/frmts/raw/roipacdataset.cpp:254:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        atoi( CSLFetchNameValue( papszRsc, "FILE_LENGTH" ) );
data/gdal-3.0.4+dfsg/frmts/raw/roipacdataset.cpp:459:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            oSRS.SetUTM( atoi( pszZone ), TRUE ); /* FIXME: north/south? */
data/gdal-3.0.4+dfsg/frmts/raw/roipacdataset.cpp:866:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfTransform, adfGeoTransform, sizeof(adfGeoTransform) );
data/gdal-3.0.4+dfsg/frmts/raw/rrasterdataset.cpp:834:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( padfGeoTransform, m_adfGeoTransform, 6 * sizeof(double) );
data/gdal-3.0.4+dfsg/frmts/raw/rrasterdataset.cpp:864:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(m_adfGeoTransform, padfGeoTransform, sizeof(double) * 6);
data/gdal-3.0.4+dfsg/frmts/raw/rrasterdataset.cpp:1092:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nCols = atoi(pszValue);
data/gdal-3.0.4+dfsg/frmts/raw/rrasterdataset.cpp:1094:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nRows = atoi(pszValue);
data/gdal-3.0.4+dfsg/frmts/raw/rrasterdataset.cpp:1106:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                l_nBands = atoi(pszValue);
data/gdal-3.0.4+dfsg/frmts/raw/rrasterdataset.cpp:1298:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    const int nIndex = atoi(aosRatValues[i]);
data/gdal-3.0.4+dfsg/frmts/raw/rrasterdataset.cpp:1301:42:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        const int nRed = atoi(aosRatValues[nValues+i]);
data/gdal-3.0.4+dfsg/frmts/raw/rrasterdataset.cpp:1302:44:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        const int nGreen = atoi(aosRatValues[2*nValues+i]);
data/gdal-3.0.4+dfsg/frmts/raw/rrasterdataset.cpp:1303:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        const int nBlue = atoi(aosRatValues[3*nValues+i]);
data/gdal-3.0.4+dfsg/frmts/raw/rrasterdataset.cpp:1305:45:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                            atoi(aosRatValues[4*nValues+i]);
data/gdal-3.0.4+dfsg/frmts/raw/rrasterdataset.cpp:1351:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                    atoi(aosRatValues[j * nValues + i]));
data/gdal-3.0.4+dfsg/frmts/raw/snodasdataset.cpp:210:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( padfTransform, adfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/raw/snodasdataset.cpp:329:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nStartYear = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/frmts/raw/snodasdataset.cpp:331:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nStartMonth = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/frmts/raw/snodasdataset.cpp:333:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nStartDay = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/frmts/raw/snodasdataset.cpp:335:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nStartHour = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/frmts/raw/snodasdataset.cpp:337:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nStartMinute = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/frmts/raw/snodasdataset.cpp:339:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nStartSecond = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/frmts/raw/snodasdataset.cpp:342:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nStopYear = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/frmts/raw/snodasdataset.cpp:344:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nStopMonth = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/frmts/raw/snodasdataset.cpp:346:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nStopDay = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/frmts/raw/snodasdataset.cpp:348:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nStopHour = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/frmts/raw/snodasdataset.cpp:350:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nStopMinute = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/frmts/raw/snodasdataset.cpp:352:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nStopSecond = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/frmts/raw/snodasdataset.cpp:356:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nCols = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/frmts/raw/snodasdataset.cpp:360:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nRows = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/frmts/rda/rdadataset.cpp:1593:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            poDS->MaxCurlConnectionsSet(atoi(pszMaxConnect));
data/gdal-3.0.4+dfsg/frmts/rik/rikdataset.cpp:580:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy( reinterpret_cast<Byte *>( pImage ) + poRDS->nBlockXSize * i,
data/gdal-3.0.4+dfsg/frmts/rik/rikdataset.cpp:662:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfTransform, &adfTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/rik/rikdataset.cpp:722:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&actLength, poOpenInfo->pabyHeader, 2);
data/gdal-3.0.4+dfsg/frmts/rik/rikdataset.cpp:771:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[1024];
data/gdal-3.0.4+dfsg/frmts/rik/rikdataset.cpp:803:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char projection[1024];
data/gdal-3.0.4+dfsg/frmts/rik/rikdataset.cpp:820:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char tmpStr[16];
data/gdal-3.0.4+dfsg/frmts/rmf/rmfdataset.cpp:776:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfTransform, adfGeoTransform, sizeof(adfGeoTransform[0]) * 6 );
data/gdal-3.0.4+dfsg/frmts/rmf/rmfdataset.cpp:790:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( adfGeoTransform, padfTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/rmf/rmfdataset.cpp:861:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                sHeader.iEPSGCode = atoi(oSRS.GetAuthorityCode(nullptr));
data/gdal-3.0.4+dfsg/frmts/rmf/rmfdataset.cpp:873:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( (ptr) + (offset), &iLong, 4 );              \
data/gdal-3.0.4+dfsg/frmts/rmf/rmfdataset.cpp:879:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( (ptr) + (offset), &iULong, 4 );             \
data/gdal-3.0.4+dfsg/frmts/rmf/rmfdataset.cpp:886:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( (ptr) + (offset), &dfDouble, 8 );           \
data/gdal-3.0.4+dfsg/frmts/rmf/rmfdataset.cpp:898:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( abyHeader, sHeader.bySignature, RMF_SIGNATURE_SIZE );
data/gdal-3.0.4+dfsg/frmts/rmf/rmfdataset.cpp:903:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( abyHeader + 20, sHeader.byName, RMF_NAME_SIZE );
data/gdal-3.0.4+dfsg/frmts/rmf/rmfdataset.cpp:943:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( abyHeader + 248, sHeader.abyInvisibleColors,
data/gdal-3.0.4+dfsg/frmts/rmf/rmfdataset.cpp:1002:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( paiTilesSwapped, paiTiles, sHeader.nTileTblSize );
data/gdal-3.0.4+dfsg/frmts/rmf/rmfdataset.cpp:1200:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( poDS->sHeader.bySignature, abyHeader, RMF_SIGNATURE_SIZE );
data/gdal-3.0.4+dfsg/frmts/rmf/rmfdataset.cpp:1752:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTemp[256] = {};
data/gdal-3.0.4+dfsg/frmts/rmf/rmfdataset.cpp:1895:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nBlockXSize = atoi( pszValue );
data/gdal-3.0.4+dfsg/frmts/rmf/rmfdataset.cpp:1901:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nBlockYSize = atoi( pszValue );
data/gdal-3.0.4+dfsg/frmts/rmf/rmfdataset.cpp:1906:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( poDS->sHeader.bySignature, RMF_SigMTW, RMF_SIGNATURE_SIZE );
data/gdal-3.0.4+dfsg/frmts/rmf/rmfdataset.cpp:1908:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( poDS->sHeader.bySignature, RMF_SigRSW, RMF_SIGNATURE_SIZE );
data/gdal-3.0.4+dfsg/frmts/rmf/rmfdataset.cpp:1915:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( poDS->sHeader.bySignature, poParentDS->sHeader.bySignature,
data/gdal-3.0.4+dfsg/frmts/rmf/rmfdataset.cpp:2075:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                int iJpegQuality = atoi(pszJpegQuality);
data/gdal-3.0.4+dfsg/frmts/rmf/rmfdataset.cpp:2651:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                            atoi(pszNumThreads);
data/gdal-3.0.4+dfsg/frmts/rmf/rmfdataset.cpp:2750:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(poJob->pabyUncompressedData, pabyData, nBytes);
data/gdal-3.0.4+dfsg/frmts/rmf/rmfdataset.cpp:3023:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szNBits[32] = {};
data/gdal-3.0.4+dfsg/frmts/rmf/rmfdataset.h:69:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        bySignature[RMF_SIGNATURE_SIZE];// "RSW" for raster
data/gdal-3.0.4+dfsg/frmts/rmf/rmfdem.cpp:104:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&nTargetU, &nTarget, 4);
data/gdal-3.0.4+dfsg/frmts/rmf/rmfdem.cpp:106:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&nValU, &nVal, 4);
data/gdal-3.0.4+dfsg/frmts/rmf/rmfdem.cpp:108:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&nTarget, &nTargetU, 4);
data/gdal-3.0.4+dfsg/frmts/rmf/rmfdem.cpp:456:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pabyCurrent, &iCode, 2);
data/gdal-3.0.4+dfsg/frmts/rmf/rmfdem.cpp:479:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pabyCurrent, &iCode, 2);
data/gdal-3.0.4+dfsg/frmts/rmf/rmfdem.cpp:502:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pabyCurrent, &iCode, 3);
data/gdal-3.0.4+dfsg/frmts/rmf/rmfdem.cpp:525:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pabyCurrent, &iCode, 4);
data/gdal-3.0.4+dfsg/frmts/rmf/rmfjpeg.cpp:168:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBuffer[32] = {};
data/gdal-3.0.4+dfsg/frmts/rmf/rmfjpeg.cpp:174:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBuffer0[64] = {};
data/gdal-3.0.4+dfsg/frmts/rmf/rmfjpeg.cpp:177:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBuffer1[64] = "PIXELOFFSET=3";
data/gdal-3.0.4+dfsg/frmts/rmf/rmfjpeg.cpp:178:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBuffer2[64] = {};
data/gdal-3.0.4+dfsg/frmts/rmf/rmfjpeg.cpp:190:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szQuality[32] = {};
data/gdal-3.0.4+dfsg/frmts/rmf/rmfjpeg.cpp:222:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pabyOut, pabyBuffer, static_cast<size_t>(nDataLength));
data/gdal-3.0.4+dfsg/frmts/rmf/rmflzw.cpp:270:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyOut, pabyTail, nStackCount );
data/gdal-3.0.4+dfsg/frmts/rs2/rs2dataset.cpp:736:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        atoi(CPLGetXMLValue( psImageAttributes,
data/gdal-3.0.4+dfsg/frmts/rs2/rs2dataset.cpp:740:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        atoi(CPLGetXMLValue( psImageAttributes,
data/gdal-3.0.4+dfsg/frmts/rs2/rs2dataset.cpp:782:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        atoi( CPLGetXMLValue( psImageAttributes,
data/gdal-3.0.4+dfsg/frmts/rs2/rs2dataset.cpp:1204:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                const int utmZone = atoi(CPLGetXMLValue( psUtmParams, "utmZone", "" ));
data/gdal-3.0.4+dfsg/frmts/rs2/rs2dataset.cpp:1253:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    const int nSPZone = atoi(CPLGetXMLValue( psNspParams,
data/gdal-3.0.4+dfsg/frmts/rs2/rs2dataset.cpp:1311:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szID[32];
data/gdal-3.0.4+dfsg/frmts/rs2/rs2dataset.cpp:1464:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfTransform,  adfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/safe/safedataset.cpp:731:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                atoi(CPLGetXMLValue( psAnnotation,
data/gdal-3.0.4+dfsg/frmts/safe/safedataset.cpp:735:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                atoi(CPLGetXMLValue( psAnnotation,
data/gdal-3.0.4+dfsg/frmts/safe/safedataset.cpp:1075:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szID[32];
data/gdal-3.0.4+dfsg/frmts/safe/safedataset.cpp:1172:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfTransform,  adfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/saga/sagadataset.cpp:485:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szDataFormat[20] = "DOUBLE";
data/gdal-3.0.4+dfsg/frmts/saga/sagadataset.cpp:486:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szByteOrderBig[10] = "FALSE";
data/gdal-3.0.4+dfsg/frmts/saga/sagadataset.cpp:487:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTopToBottom[10] = "FALSE";
data/gdal-3.0.4+dfsg/frmts/saga/sagadataset.cpp:508:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nCols = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/frmts/saga/sagadataset.cpp:510:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nRows = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/frmts/saga/sagadataset.cpp:988:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pabyNoDataBuf + iCol * nDataTypeSize, abyNoData, nDataTypeSize);
data/gdal-3.0.4+dfsg/frmts/sde/sdedataset.cpp:264:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szWKT[SE_MAX_SPATIALREF_SRTEXT_LEN];
data/gdal-3.0.4+dfsg/frmts/sde/sdedataset.cpp:471:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
              char         szTableName[SE_QUALIFIED_TABLE_NAME+1];
data/gdal-3.0.4+dfsg/frmts/sde/sdedataset.cpp:472:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
              char         szColumnName[SE_MAX_COLUMN_LEN+1];
data/gdal-3.0.4+dfsg/frmts/sde/sdeerror.cpp:16:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szErrorMsg[SE_MAX_MESSAGE_LENGTH+1];
data/gdal-3.0.4+dfsg/frmts/sde/sdeerror.cpp:37:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szErrorMsg[SE_MAX_MESSAGE_LENGTH+1];
data/gdal-3.0.4+dfsg/frmts/sde/sderasterband.cpp:415:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pImage, pixels, block_size);
data/gdal-3.0.4+dfsg/frmts/sdts/sdts2shp.cpp:249:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        szDBFFilename[1024];
data/gdal-3.0.4+dfsg/frmts/sdts/sdts2shp.cpp:293:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char    szID[13];
data/gdal-3.0.4+dfsg/frmts/sdts/sdts2shp.cpp:373:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        szDBFFilename[1024];
data/gdal-3.0.4+dfsg/frmts/sdts/sdts2shp.cpp:415:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char    szID[13];
data/gdal-3.0.4+dfsg/frmts/sdts/sdts2shp.cpp:466:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        szDBFFilename[1024];
data/gdal-3.0.4+dfsg/frmts/sdts/sdts2shp.cpp:560:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        szDBFFilename[1024];
data/gdal-3.0.4+dfsg/frmts/sdts/sdts_al.h:176:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        szModule[8];
data/gdal-3.0.4+dfsg/frmts/sdts/sdts_al.h:184:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        szOBRP[8];
data/gdal-3.0.4+dfsg/frmts/sdts/sdts_al.h:187:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        szName[20];
data/gdal-3.0.4+dfsg/frmts/sdts/sdts_al.h:549:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        szModule[20];
data/gdal-3.0.4+dfsg/frmts/sdts/sdts_al.h:562:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        szINTR[4];              /* CE is center, TL is top left */
data/gdal-3.0.4+dfsg/frmts/sdts/sdts_al.h:563:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        szFMT[32];
data/gdal-3.0.4+dfsg/frmts/sdts/sdts_al.h:564:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        szUNITS[64];
data/gdal-3.0.4+dfsg/frmts/sdts/sdts_al.h:565:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        szLabel[64];
data/gdal-3.0.4+dfsg/frmts/sdts/sdtsattrreader.cpp:208:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &(poAttrRecord->oModId), &oModId, sizeof(SDTSModId) );
data/gdal-3.0.4+dfsg/frmts/sdts/sdtsiref.cpp:163:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( anXY, pachRawData, 8 );
data/gdal-3.0.4+dfsg/frmts/sdts/sdtsiref.cpp:234:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy( &nValue, pabyBString, 4 );
data/gdal-3.0.4+dfsg/frmts/sdts/sdtsiref.cpp:243:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy( &nValue, pabyBString, 2 );
data/gdal-3.0.4+dfsg/frmts/sdts/sdtsiref.cpp:252:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy( &nValue, pabyBString, 4 );
data/gdal-3.0.4+dfsg/frmts/sdts/sdtsiref.cpp:261:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy( &nValue, pabyBString, 2 );
data/gdal-3.0.4+dfsg/frmts/sdts/sdtsiref.cpp:271:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy( &fValue, pabyBString, 4 );
data/gdal-3.0.4+dfsg/frmts/sdts/sdtsiref.cpp:281:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy( &dfValue, pabyBString, 8 );
data/gdal-3.0.4+dfsg/frmts/sdts/sdtslib.cpp:77:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( poModId->szModule, pabyData, 4 );
data/gdal-3.0.4+dfsg/frmts/sdts/sdtslib.cpp:79:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            poModId->nRecord = atoi(pabyData + 4);
data/gdal-3.0.4+dfsg/frmts/sdts/sdtslib.cpp:121:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( szModule, pachData, 4 );
data/gdal-3.0.4+dfsg/frmts/sdts/sdtslib.cpp:124:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nRecord = atoi( pachData + 4 );
data/gdal-3.0.4+dfsg/frmts/sdts/sdtslib.cpp:225:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char szName[5];
data/gdal-3.0.4+dfsg/frmts/sdts/sdtsrasterreader.cpp:48:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy( szINTR, "CE" );
data/gdal-3.0.4+dfsg/frmts/sdts/sdtsrasterreader.cpp:463:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pData, poCVLS->GetData(), nXSize * nBytesPerValue );
data/gdal-3.0.4+dfsg/frmts/sdts/sdtsrasterreader.cpp:518:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfTransformOut, adfTransform, sizeof(double)*6 );
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:287:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int nBits = (pszNBITS) ? atoi(pszNBITS) : 16;
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:639:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBuffer[3072];
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:661:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(pszTileGeocoding,
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:672:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(pszTileGeocoding,
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:720:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nEPSGCode = atoi(pszCSCode + strlen("EPSG:"));
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:731:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
             atoi(CPLGetXMLValue(psIter, "resolution", "")) == nDesiredResolution) )
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:733:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nDesiredResolution = atoi(CPLGetXMLValue(psIter, "resolution", ""));
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:753:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                *pnWidth = atoi(pszCols);
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:755:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                *pnHeight = atoi(pszRows);
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:759:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                  atoi(CPLGetXMLValue(psIter, "resolution", "")) == nDesiredResolution) )
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:761:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nDesiredResolution = atoi(CPLGetXMLValue(psIter, "resolution", ""));
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:858:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szPointerFilename[2048];
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:918:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        int nResolution = atoi(pszTileName + nLen - 3);
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:1133:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nIdx = atoi(pszRefBand);
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:1250:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        if( atoi(osName) < 10 )
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:1318:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        if( atoi(pszName) > 0 )
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:1550:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            if( atoi(osBandName) > 0 )
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:1585:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            if( atoi(osBandName) > 0 )
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:1612:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        if( atoi(osBandName) > 0 )
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:1723:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            if( atoi(osBandName) < 10 )
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:1862:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if( atoi(osLookupBandName) > 0 )
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:1911:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nSubDSPrecision = atoi(pszPrecision + 1);
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:1983:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                atoi(CPLGetXMLValue(psIter, "resolution", "")) == nSubDSPrecision )
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:2001:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nRows = atoi(pszRows);
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:2002:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nCols = atoi(pszCols);
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:2027:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nSaturatedVal = atoi(CSLFetchNameValueDef(poDS->GetMetadata(), "SPECIAL_VALUE_SATURATED", "-1"));
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:2028:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nNodataVal = atoi(CSLFetchNameValueDef(poDS->GetMetadata(), "SPECIAL_VALUE_NODATA", "-1"));
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:2256:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szPointerFilename[2048];
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:2344:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szPointerFilename[2048];
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:2465:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            if( atoi(osName) < 10 )
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:2913:37:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                                    memcpy(pnHeight, pabyData, 4);
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:2919:37:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                                    memcpy(pnWidth, pabyData+4, 4);
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:2972:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    *pnBits = atoi(pszNBits);
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:3016:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nSubDSEPSGCode = atoi(pszEPSGCode + 1 + strlen("EPSG_"));
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:3019:70:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nSubDSPrecision = (bIsPreview) ? 320 : (bIsTCI) ? 10 : atoi(pszPrecision + 1);
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:3089:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            if( atoi(osName) < 10 )
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:3161:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            if( atoi(osName) < 10 )
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:3202:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nSaturatedVal = atoi(CSLFetchNameValueDef(papszMD,
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:3204:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nNodataVal = atoi(CSLFetchNameValueDef(papszMD,
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:3303:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    int nIdx = atoi(pszBandId);
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:3371:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            if( pszText && pszIdx && atoi(pszIdx) >= 0 && atoi(pszIdx) < 100 )
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:3371:59:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            if( pszText && pszIdx && atoi(pszIdx) >= 0 && atoi(pszIdx) < 100 )
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:3373:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                int nIdx = atoi(pszIdx);
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:3713:54:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nSubDSPrecision = (bIsPreview) ? 320 : atoi(pszPrecision + 1);
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:3762:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nSaturatedVal = atoi(CSLFetchNameValueDef(poTmpDS->GetMetadata(),
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:3764:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nNodataVal = atoi(CSLFetchNameValueDef(poTmpDS->GetMetadata(),
data/gdal-3.0.4+dfsg/frmts/sgi/sgidataset.cpp:54:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char wasteBytes[4];
data/gdal-3.0.4+dfsg/frmts/sgi/sgidataset.cpp:55:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[80];
data/gdal-3.0.4+dfsg/frmts/sgi/sgidataset.cpp:198:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(oPtr, iPtr, count);
data/gdal-3.0.4+dfsg/frmts/sgi/sgidataset.cpp:380:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyRLEBuf + nRLEBytes,
data/gdal-3.0.4+dfsg/frmts/sgi/sgidataset.cpp:521:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(padfTransform, adfGeoTransform, sizeof(double)*6);
data/gdal-3.0.4+dfsg/frmts/sgi/sgidataset.cpp:543:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&tmpImage.imagic, poOpenInfo->pabyHeader + 0, 2);
data/gdal-3.0.4+dfsg/frmts/sgi/sgidataset.cpp:544:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&tmpImage.type,   poOpenInfo->pabyHeader + 2, 1);
data/gdal-3.0.4+dfsg/frmts/sgi/sgidataset.cpp:545:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&tmpImage.bpc,    poOpenInfo->pabyHeader + 3, 1);
data/gdal-3.0.4+dfsg/frmts/sgi/sgidataset.cpp:546:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&tmpImage.dim,    poOpenInfo->pabyHeader + 4, 2);
data/gdal-3.0.4+dfsg/frmts/sgi/sgidataset.cpp:547:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&tmpImage.xsize,  poOpenInfo->pabyHeader + 6, 2);
data/gdal-3.0.4+dfsg/frmts/sgi/sgidataset.cpp:548:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&tmpImage.ysize,  poOpenInfo->pabyHeader + 8, 2);
data/gdal-3.0.4+dfsg/frmts/sgi/sgidataset.cpp:549:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&tmpImage.zsize,  poOpenInfo->pabyHeader + 10, 2);
data/gdal-3.0.4+dfsg/frmts/sgi/sgidataset.cpp:752:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyHeader + 4, &nShortValue, 2 );
data/gdal-3.0.4+dfsg/frmts/sgi/sgidataset.cpp:755:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyHeader + 6, &nShortValue, 2 );
data/gdal-3.0.4+dfsg/frmts/sgi/sgidataset.cpp:758:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyHeader + 8, &nShortValue, 2 );
data/gdal-3.0.4+dfsg/frmts/sgi/sgidataset.cpp:761:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyHeader + 10, &nShortValue, 2 );
data/gdal-3.0.4+dfsg/frmts/sgi/sgidataset.cpp:764:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyHeader + 12, &nIntValue, 4 );
data/gdal-3.0.4+dfsg/frmts/sgi/sgidataset.cpp:767:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyHeader + 16, &nUIntValue, 4 );
data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.cpp:67:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
constexpr char SIGDEM_FILE_TYPE[6] = { 'S', 'I', 'G', 'D', 'E', 'M' };
data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.cpp:128:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            coordinateSystemId = atoi(pszAuthCode);
data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.cpp:289:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(padfTransform, adfGeoTransform, sizeof(double) * 6);
data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.cpp:403:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(abyHeader, pabyHeader, HEADER_LENGTH);
data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.cpp:406:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&(this->version), abyHeader + 6, 2);
data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.cpp:407:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&(this->nCoordinateSystemId), abyHeader + 8, 4);
data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.cpp:408:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&(this->dfOffsetX), abyHeader + 12, 8);
data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.cpp:409:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&(this->dfScaleFactorX), abyHeader + 20, 8);
data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.cpp:410:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&(this->dfOffsetY), abyHeader + 28, 8);
data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.cpp:411:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&(this->dfScaleFactorY), abyHeader + 36, 8);
data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.cpp:412:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&(this->dfOffsetZ), abyHeader + 44, 8);
data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.cpp:413:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&(this->dfScaleFactorZ), abyHeader + 52, 8);
data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.cpp:414:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&(this->dfMinX), abyHeader + 60, 8);
data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.cpp:415:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&(this->dfMinY), abyHeader + 68, 8);
data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.cpp:416:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&(this->dfMinZ), abyHeader + 76, 8);
data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.cpp:417:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&(this->dfMaxX), abyHeader + 84, 8);
data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.cpp:418:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&(this->dfMaxY), abyHeader + 92, 8);
data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.cpp:419:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&(this->dfMaxZ), abyHeader + 100, 8);
data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.cpp:420:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&(this->nCols), abyHeader + 108, 4);
data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.cpp:421:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&(this->nRows), abyHeader + 112, 4);
data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.cpp:422:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&(this->dfXDim), abyHeader + 116, 8);
data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.cpp:423:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&(this->dfYDim), abyHeader + 124, 8);
data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.cpp:431:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(abyHeader, &(SIGDEM_FILE_TYPE), 6);
data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.cpp:432:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(abyHeader + 6, &(this->version), 2);
data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.cpp:433:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(abyHeader + 8, &(this->nCoordinateSystemId), 4);
data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.cpp:434:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(abyHeader + 12, &(this->dfOffsetX), 8);
data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.cpp:435:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(abyHeader + 20, &(this->dfScaleFactorX), 8);
data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.cpp:436:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(abyHeader + 28, &(this->dfOffsetY), 8);
data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.cpp:437:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(abyHeader + 36, &(this->dfScaleFactorY), 8);
data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.cpp:438:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(abyHeader + 44, &(this->dfOffsetZ), 8);
data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.cpp:439:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(abyHeader + 52, &(this->dfScaleFactorZ), 8);
data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.cpp:440:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(abyHeader + 60, &(this->dfMinX), 8);
data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.cpp:441:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(abyHeader + 68, &(this->dfMinY), 8);
data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.cpp:442:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(abyHeader + 76, &(this->dfMinZ), 8);
data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.cpp:443:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(abyHeader + 84, &(this->dfMaxX), 8);
data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.cpp:444:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(abyHeader + 92, &(this->dfMaxY), 8);
data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.cpp:445:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(abyHeader + 100, &(this->dfMaxZ), 8);
data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.cpp:446:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(abyHeader + 108, &(this->nCols), 4);
data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.cpp:447:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(abyHeader + 112, &(this->nRows), 4);
data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.cpp:448:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(abyHeader + 116, &(this->dfXDim), 8);
data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.cpp:449:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(abyHeader + 124, &(this->dfYDim), 8);
data/gdal-3.0.4+dfsg/frmts/srtmhgt/srtmhgtdataset.cpp:159:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(poGDS->panBuffer, pImage, nBlockXSize*nDTSize);
data/gdal-3.0.4+dfsg/frmts/srtmhgt/srtmhgtdataset.cpp:236:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(padfTransform, adfGeoTransform, sizeof(double)*6);
data/gdal-3.0.4+dfsg/frmts/srtmhgt/srtmhgtdataset.cpp:366:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char latLonValueString[4];
data/gdal-3.0.4+dfsg/frmts/srtmhgt/srtmhgtdataset.cpp:369:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  int southWestLat = atoi(latLonValueString);
data/gdal-3.0.4+dfsg/frmts/srtmhgt/srtmhgtdataset.cpp:373:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  int southWestLon = atoi(latLonValueString);
data/gdal-3.0.4+dfsg/frmts/srtmhgt/srtmhgtdataset.cpp:566:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char expectedFileName[12];
data/gdal-3.0.4+dfsg/frmts/terragen/terragendataset.cpp:165:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                m_szUnits[32];
data/gdal-3.0.4+dfsg/frmts/terragen/terragendataset.cpp:480:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szHeader[16];
data/gdal-3.0.4+dfsg/frmts/terragen/terragendataset.cpp:735:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTag[4];
data/gdal-3.0.4+dfsg/frmts/terragen/terragendataset.cpp:917:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(padfTransform, m_adfTransform, sizeof(m_adfTransform));
data/gdal-3.0.4+dfsg/frmts/til/tildataset.cpp:289:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poDS->nRasterXSize = atoi(CSLFetchNameValueDef(papszIMD,"numColumns","0"));
data/gdal-3.0.4+dfsg/frmts/til/tildataset.cpp:290:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poDS->nRasterYSize = atoi(CSLFetchNameValueDef(papszIMD,"numRows","0"));
data/gdal-3.0.4+dfsg/frmts/til/tildataset.cpp:377:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nTileCount = atoi(CSLFetchNameValueDef(papszTIL,"numTiles","0"));
data/gdal-3.0.4+dfsg/frmts/til/tildataset.cpp:401:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int nULX = atoi(CSLFetchNameValueDef(papszTIL, osKey, "0"));
data/gdal-3.0.4+dfsg/frmts/til/tildataset.cpp:404:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int nULY = atoi(CSLFetchNameValueDef(papszTIL, osKey, "0"));
data/gdal-3.0.4+dfsg/frmts/til/tildataset.cpp:407:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int nLRX = atoi(CSLFetchNameValueDef(papszTIL, osKey, "0"));
data/gdal-3.0.4+dfsg/frmts/til/tildataset.cpp:410:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int nLRY = atoi(CSLFetchNameValueDef(papszTIL, osKey, "0"));
data/gdal-3.0.4+dfsg/frmts/tiledb/tiledbdataset.cpp:497:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        fbuf.open( psPam->pszPamFilename, std::ios::out );
data/gdal-3.0.4+dfsg/frmts/tiledb/tiledbdataset.cpp:622:26:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                    fbuf.open( psPam->pszPamFilename, std::ios::in );
data/gdal-3.0.4+dfsg/frmts/tiledb/tiledbdataset.cpp:943:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    poDS->nBands = atoi( pszBands );
data/gdal-3.0.4+dfsg/frmts/tiledb/tiledbdataset.cpp:960:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            poDS->nRasterXSize = atoi( pszXSize );
data/gdal-3.0.4+dfsg/frmts/tiledb/tiledbdataset.cpp:966:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            poDS->nRasterYSize = atoi( pszYSize );
data/gdal-3.0.4+dfsg/frmts/tiledb/tiledbdataset.cpp:972:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            poDS->nBitsPerSample = atoi( pszNBits );
data/gdal-3.0.4+dfsg/frmts/tiledb/tiledbdataset.cpp:978:58:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            poDS->eDataType = static_cast<GDALDataType>( atoi( pszDataType ) );
data/gdal-3.0.4+dfsg/frmts/tiledb/tiledbdataset.cpp:1340:49:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        poDS->nBlockXSize = ( pszBlockXSize ) ? atoi( pszBlockXSize ) : 256;
data/gdal-3.0.4+dfsg/frmts/tiledb/tiledbdataset.cpp:1342:49:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        poDS->nBlockYSize = ( pszBlockYSize ) ? atoi( pszBlockYSize ) : 256;
data/gdal-3.0.4+dfsg/frmts/tiledb/tiledbdataset.cpp:1354:52:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nLevel = ( pszCompressionLevel ) ? atoi( pszCompressionLevel ) : -1;
data/gdal-3.0.4+dfsg/frmts/tiledb/tiledbdataset.cpp:1757:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                atoi(CPLGetConfigOption( "GDAL_READDIR_LIMIT_ON_OPEN", "1000" ) );
data/gdal-3.0.4+dfsg/frmts/tsx/tsxdataset.cpp:339:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        = atoi(CPLGetXMLValue( psGeolocationGrid, "numberOfGridPoints.total", "0" ));
data/gdal-3.0.4+dfsg/frmts/tsx/tsxdataset.cpp:400:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
         char szID[32];
data/gdal-3.0.4+dfsg/frmts/tsx/tsxdataset.cpp:511:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nRows = atoi( CPLGetXMLValue( psProductInfo,
data/gdal-3.0.4+dfsg/frmts/tsx/tsxdataset.cpp:513:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nCols = atoi( CPLGetXMLValue( psProductInfo,
data/gdal-3.0.4+dfsg/frmts/tsx/tsxdataset.cpp:781:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfTransform, adfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:64:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        horizdatum[2];
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:127:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char szPackBuf[100];
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:143:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pszTarget, pszSrc, strlen(pszSrc) );
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:148:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pszTarget, pszSrc, nMaxChars );
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:165:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pszTarget + nMaxChars - strlen(pszSrc), pszSrc,
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:169:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pszTarget, pszSrc, nMaxChars );
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:197:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTemp[DOUBLE_BUFFER_SIZE];
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:247:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTemp[DOUBLE_BUFFER_SIZE];
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:286:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char achARec[1024];
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:723:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char achBuffer[1024];
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:829:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szWord[10];
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:987:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTrimmedTile[7];
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:1003:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTrimmedTile[7];
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:1044:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTrimmedTile[7];
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:1060:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTrimmedTile[7];
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:1122:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTile[10];
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:1209:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char          DatumCodes[4][2] = { "1", "2", "3", "4" };
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:1210:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char          Datums[4][6] = { "NAD27", "WGS72", "WGS84",
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:1322:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szDataPointer[100];
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdemdataset.cpp:60:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBuffer[12];
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdemdataset.cpp:89:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    return atoi(szBuffer);
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdemdataset.cpp:266:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBuffer[100];
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdemdataset.cpp:692:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szDateBuffer[5];
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdemdataset.cpp:705:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szHorzDatum[3];
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdemdataset.cpp:708:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int datum = atoi(szHorzDatum);
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdemdataset.cpp:750:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char    szUTMName[128];
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdemdataset.cpp:836:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfTransform, adfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/vrt/vrtdataset.cpp:279:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szNumber[128] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/vrt/vrtdataset.cpp:460:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                anMapping.push_back(atoi(papszTokens[i]));
data/gdal-3.0.4+dfsg/frmts/vrt/vrtdataset.cpp:653:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( m_adfGeoTransform, padfGeoTransformIn, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/vrt/vrtdataset.cpp:668:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfGeoTransform, m_adfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/frmts/vrt/vrtdataset.cpp:758:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char filenameBuffer[2048];
data/gdal-3.0.4+dfsg/frmts/vrt/vrtdataset.cpp:904:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nXSize = atoi(CPLGetXMLValue(psRoot, "rasterXSize","0"));
data/gdal-3.0.4+dfsg/frmts/vrt/vrtdataset.cpp:905:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nYSize = atoi(CPLGetXMLValue(psRoot, "rasterYSize","0"));
data/gdal-3.0.4+dfsg/frmts/vrt/vrtdataset.cpp:967:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nPixelOffset = atoi(pszPixelOffset);
data/gdal-3.0.4+dfsg/frmts/vrt/vrtdataset.cpp:973:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nLineOffset = atoi(pszLineOffset);
data/gdal-3.0.4+dfsg/frmts/vrt/vrtderivedrasterband.cpp:128:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char big_enough[256];
data/gdal-3.0.4+dfsg/frmts/vrt/vrtderivedrasterband.cpp:209:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&x, &ptr, sizeof(void*)); \
data/gdal-3.0.4+dfsg/frmts/vrt/vrtderivedrasterband.cpp:222:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&x, &ptr, sizeof(void*)); \
data/gdal-3.0.4+dfsg/frmts/vrt/vrtderivedrasterband.cpp:1791:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyBuffer + iY * nExtBufXSize * nSrcTypeSize,
data/gdal-3.0.4+dfsg/frmts/vrt/vrtderivedrasterband.cpp:1798:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyBuffer + iY * nExtBufXSize * nSrcTypeSize,
data/gdal-3.0.4+dfsg/frmts/vrt/vrtderivedrasterband.cpp:1810:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( pabyBuffer + (iY * nExtBufXSize + iX) * nSrcTypeSize,
data/gdal-3.0.4+dfsg/frmts/vrt/vrtderivedrasterband.cpp:1825:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( pabyBuffer + (iY * nExtBufXSize + iX) * nSrcTypeSize,
data/gdal-3.0.4+dfsg/frmts/vrt/vrtderivedrasterband.cpp:2063:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        atoi(CPLGetXMLValue( psTree, "BufferRadius", "0" ));
data/gdal-3.0.4+dfsg/frmts/vrt/vrtdriver.cpp:122:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szPtrValue[128] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/vrt/vrtdriver.cpp:125:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&ptr, &pfnParser, sizeof(void*));
data/gdal-3.0.4+dfsg/frmts/vrt/vrtdriver.cpp:161:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&pfnParser, &ptr, sizeof(void*));
data/gdal-3.0.4+dfsg/frmts/vrt/vrtfilters.cpp:102:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( m_aeSupportedTypes, paeTypes, sizeof(GDALDataType) * nTypeCount );
data/gdal-3.0.4+dfsg/frmts/vrt/vrtfilters.cpp:350:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyWorkData + i * nLineOffset,
data/gdal-3.0.4+dfsg/frmts/vrt/vrtfilters.cpp:357:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyWorkData + i * nLineOffset,
data/gdal-3.0.4+dfsg/frmts/vrt/vrtfilters.cpp:463:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( m_padfKernelCoefs, padfNewCoefs,
data/gdal-3.0.4+dfsg/frmts/vrt/vrtfilters.cpp:525:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( pafSrcData + iJ * nJStride,
data/gdal-3.0.4+dfsg/frmts/vrt/vrtfilters.cpp:592:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nNewKernelSize = atoi(CPLGetXMLValue(psTree,"Kernel.Size","0"));
data/gdal-3.0.4+dfsg/frmts/vrt/vrtfilters.cpp:627:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    SetNormalized( atoi(CPLGetXMLValue(psTree,"Kernel.normalized","0")) );
data/gdal-3.0.4+dfsg/frmts/vrt/vrtpansharpened.cpp:289:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    m_nBlockXSize = atoi(CPLGetXMLValue(psTree,"BlockXSize","512"));
data/gdal-3.0.4+dfsg/frmts/vrt/vrtpansharpened.cpp:290:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    m_nBlockYSize = atoi(CPLGetXMLValue(psTree,"BlockYSize","512"));
data/gdal-3.0.4+dfsg/frmts/vrt/vrtpansharpened.cpp:325:49:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const bool bRelativeToVRT = CPL_TO_BOOL(atoi(CPLGetXMLValue(
data/gdal-3.0.4+dfsg/frmts/vrt/vrtpansharpened.cpp:345:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nPanBand = atoi(pszSourceBand);
data/gdal-3.0.4+dfsg/frmts/vrt/vrtpansharpened.cpp:392:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nThreads = atoi(pszNumThreads);
data/gdal-3.0.4+dfsg/frmts/vrt/vrtpansharpened.cpp:499:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int bRelativeToVRT = atoi(CPLGetXMLValue( psIter, "SourceFilename.relativetoVRT", "0"));
data/gdal-3.0.4+dfsg/frmts/vrt/vrtpansharpened.cpp:742:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(adfPanGT, adfAdjustedGT, 6*sizeof(double));
data/gdal-3.0.4+dfsg/frmts/vrt/vrtpansharpened.cpp:817:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nDstBand = atoi(pszDstBand);
data/gdal-3.0.4+dfsg/frmts/vrt/vrtpansharpened.cpp:843:53:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            const bool bRelativeToVRT = CPL_TO_BOOL(atoi(
data/gdal-3.0.4+dfsg/frmts/vrt/vrtpansharpened.cpp:851:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            const int nBand = atoi(pszSourceBand);
data/gdal-3.0.4+dfsg/frmts/vrt/vrtpansharpened.cpp:960:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nBitDepth = atoi(pszBitDepth);
data/gdal-3.0.4+dfsg/frmts/vrt/vrtpansharpened.cpp:1037:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(psPanOptions->padfWeights, &adfWeights[0],
data/gdal-3.0.4+dfsg/frmts/vrt/vrtpansharpened.cpp:1044:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(psPanOptions->pahInputSpectralBands, &ahSpectralBands[0],
data/gdal-3.0.4+dfsg/frmts/vrt/vrtpansharpened.cpp:1554:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pData,
data/gdal-3.0.4+dfsg/frmts/vrt/vrtpansharpened.cpp:1607:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pData,
data/gdal-3.0.4+dfsg/frmts/vrt/vrtrasterband.cpp:353:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nNewBand = atoi(pszBand);
data/gdal-3.0.4+dfsg/frmts/vrt/vrtrasterband.cpp:448:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                static_cast<short>(atoi(CPLGetXMLValue(psEntry, "c1", "0"))),
data/gdal-3.0.4+dfsg/frmts/vrt/vrtrasterband.cpp:449:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                static_cast<short>(atoi(CPLGetXMLValue(psEntry, "c2", "0"))),
data/gdal-3.0.4+dfsg/frmts/vrt/vrtrasterband.cpp:450:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                static_cast<short>(atoi(CPLGetXMLValue(psEntry, "c3", "0"))),
data/gdal-3.0.4+dfsg/frmts/vrt/vrtrasterband.cpp:451:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                static_cast<short>(atoi(CPLGetXMLValue(psEntry, "c4", "255")))
data/gdal-3.0.4+dfsg/frmts/vrt/vrtrasterband.cpp:519:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            && atoi(CPLGetXMLValue( psFileNameNode, "relativetoVRT", "0")) )
data/gdal-3.0.4+dfsg/frmts/vrt/vrtrasterband.cpp:530:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int nSrcBand = atoi(CPLGetXMLValue( psNode, "SourceBand", "1" ) );
data/gdal-3.0.4+dfsg/frmts/vrt/vrtrasterband.cpp:949:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( panHistogram, panTempHist, sizeof(GUIntBig) * nBuckets );
data/gdal-3.0.4+dfsg/frmts/vrt/vrtrawrasterband.cpp:375:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nPixelOffset = atoi(pszPixelOffset);
data/gdal-3.0.4+dfsg/frmts/vrt/vrtrawrasterband.cpp:397:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nLineOffset = atoi(pszLineOffset);
data/gdal-3.0.4+dfsg/frmts/vrt/vrtsourcedrasterband.cpp:918:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nBits = atoi(GetMetadataItem("NBITS", "IMAGE_STRUCTURE"));
data/gdal-3.0.4+dfsg/frmts/vrt/vrtsources.cpp:510:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        atoi( CPLGetXMLValue( psSourceFileNameNode, "relativetoVRT", "0") );
data/gdal-3.0.4+dfsg/frmts/vrt/vrtsources.cpp:600:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nSrcBand = atoi(pszSourceBand + 5);
data/gdal-3.0.4+dfsg/frmts/vrt/vrtsources.cpp:606:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nSrcBand = atoi(pszSourceBand);
data/gdal-3.0.4+dfsg/frmts/vrt/vrtsources.cpp:629:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(CPLGetXMLValue(psSrcProperties, "RasterXSize", "0"));
data/gdal-3.0.4+dfsg/frmts/vrt/vrtsources.cpp:631:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(CPLGetXMLValue(psSrcProperties, "RasterYSize", "0"));
data/gdal-3.0.4+dfsg/frmts/vrt/vrtsources.cpp:648:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nBlockXSize = atoi(CPLGetXMLValue(psSrcProperties, "BlockXSize", "0"));
data/gdal-3.0.4+dfsg/frmts/vrt/vrtsources.cpp:649:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nBlockYSize = atoi(CPLGetXMLValue(psSrcProperties, "BlockYSize", "0"));
data/gdal-3.0.4+dfsg/frmts/vrt/vrtsources.cpp:1267:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nBits = (pszNBITS) ? atoi(pszNBITS) : 0;
data/gdal-3.0.4+dfsg/frmts/vrt/vrtsources.cpp:2147:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( m_padfLUTInputs, poSrcSource->m_padfLUTInputs,
data/gdal-3.0.4+dfsg/frmts/vrt/vrtsources.cpp:2152:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( m_padfLUTOutputs, poSrcSource->m_padfLUTOutputs,
data/gdal-3.0.4+dfsg/frmts/vrt/vrtsources.cpp:2411:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi( CPLGetXMLValue(psSrc, "ColorTableComponent", "0") );
data/gdal-3.0.4+dfsg/frmts/vrt/vrtwarped.cpp:454:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            m_nSrcOvrLevel = -2-atoi(pszValue + 5);
data/gdal-3.0.4+dfsg/frmts/vrt/vrtwarped.cpp:458:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            m_nSrcOvrLevel = atoi(pszValue);
data/gdal-3.0.4+dfsg/frmts/vrt/vrtwarped.cpp:920:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( psSCTInfo->sTI.abySignature,
data/gdal-3.0.4+dfsg/frmts/vrt/vrtwarped.cpp:1197:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    m_nBlockXSize = atoi(CPLGetXMLValue(psTree, "BlockXSize", "512"));
data/gdal-3.0.4+dfsg/frmts/vrt/vrtwarped.cpp:1198:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    m_nBlockYSize = atoi(CPLGetXMLValue(psTree, "BlockYSize", "128"));
data/gdal-3.0.4+dfsg/frmts/vrt/vrtwarped.cpp:1228:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        CPL_TO_BOOL(atoi(CPLGetXMLValue(psOptionsTree,
data/gdal-3.0.4+dfsg/frmts/vrt/vrtwarped.cpp:1397:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nOvFactor = atoi(papszTokens[iOverview]);
data/gdal-3.0.4+dfsg/frmts/vrt/vrtwarped.cpp:1765:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pImage, poBlock->GetDataRef(), nDataBytes );
data/gdal-3.0.4+dfsg/frmts/wcs/gmlcoverage.cpp:112:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        *pnXSize = atoi(papszHigh[0]) - atoi(papszLow[0]) + 1;
data/gdal-3.0.4+dfsg/frmts/wcs/gmlcoverage.cpp:112:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        *pnXSize = atoi(papszHigh[0]) - atoi(papszLow[0]) + 1;
data/gdal-3.0.4+dfsg/frmts/wcs/gmlcoverage.cpp:114:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        *pnYSize = atoi(papszHigh[1]) - atoi(papszLow[1]) + 1;
data/gdal-3.0.4+dfsg/frmts/wcs/gmlcoverage.cpp:114:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        *pnYSize = atoi(papszHigh[1]) - atoi(papszLow[1]) + 1;
data/gdal-3.0.4+dfsg/frmts/wcs/gmlcoverage.cpp:134:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( psOriginPoint->pszValue, "Point");
data/gdal-3.0.4+dfsg/frmts/wcs/gmlcoverage.cpp:151:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( psOriginPoint->pszValue, "origin");
data/gdal-3.0.4+dfsg/frmts/wcs/wcsdataset.cpp:567:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nMaxCols = atoi(pszCols);
data/gdal-3.0.4+dfsg/frmts/wcs/wcsdataset.cpp:568:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nMaxRows = atoi(pszRows);
data/gdal-3.0.4+dfsg/frmts/wcs/wcsdataset.cpp:1190:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int k = atoi(del);
data/gdal-3.0.4+dfsg/frmts/wcs/wcsdataset.cpp:1446:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nBandCount = atoi(sBandCount);
data/gdal-3.0.4+dfsg/frmts/wcs/wcsdataset.cpp:1467:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nBandCount = atoi(CPLGetXMLValue(service, "BandCount", "0"));
data/gdal-3.0.4+dfsg/frmts/wcs/wcsdataset.cpp:1577:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfTransform, adfGeoTransform, sizeof(double)*6 );
data/gdal-3.0.4+dfsg/frmts/wcs/wcsdataset.h:54:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char       *apszCoverageOfferingMD[2];
data/gdal-3.0.4+dfsg/frmts/wcs/wcsdataset100.cpp:478:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                || atoi(psSV->psChild->pszValue) != iBand )
data/gdal-3.0.4+dfsg/frmts/wcs/wcsdataset110.cpp:621:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                || atoi(psSV->psChild->pszValue) != iBand )
data/gdal-3.0.4+dfsg/frmts/wcs/wcsdataset201.cpp:582:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                if (atoi(current_range) != 0) {
data/gdal-3.0.4+dfsg/frmts/wcs/wcsrasterband.cpp:66:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nBlockXSize = atoi(CPLGetXMLValue( poDSIn->psService, "BlockXSize", "0" ) );
data/gdal-3.0.4+dfsg/frmts/wcs/wcsrasterband.cpp:67:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nBlockYSize = atoi(CPLGetXMLValue( poDSIn->psService, "BlockYSize", "0" ) );
data/gdal-3.0.4+dfsg/frmts/wcs/wcsrasterband.cpp:90:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nOverviewCount = atoi(CPLGetXMLValue(poODS->psService,"OverviewCount",
data/gdal-3.0.4+dfsg/frmts/wcs/wcsutils.cpp:171:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        retval.push_back(atoi(array[i]));
data/gdal-3.0.4+dfsg/frmts/wcs/wcsutils.cpp:675:50:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                            epsg_codes.push_back(atoi(code));
data/gdal-3.0.4+dfsg/frmts/wcs/wcsutils.cpp:861:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        lows.push_back(atoi(array[i]));
data/gdal-3.0.4+dfsg/frmts/wcs/wcsutils.cpp:867:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        highs.push_back(atoi(array[i]));
data/gdal-3.0.4+dfsg/frmts/webp/webpdataset.cpp:210:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szHeader[5];
data/gdal-3.0.4+dfsg/frmts/webp/webpdataset.cpp:258:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char *apszMDList[2] = { pszXMP, nullptr };
data/gdal-3.0.4+dfsg/frmts/webp/webpdataset.cpp:369:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pData, pabyUncompressed, nBands * nXSize * nYSize);
data/gdal-3.0.4+dfsg/frmts/webp/webpdataset.cpp:656:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        sConfig.fieldname = atoi(pszVal); \
data/gdal-3.0.4+dfsg/frmts/wms/gdalhttp.cpp:65:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(psRequest->pabyData + psRequest->nDataLen, buffer, size);
data/gdal-3.0.4+dfsg/frmts/wms/gdalhttp.cpp:126:59:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    max_conn = (max_conn_opt == nullptr) ? 5 : MAX(1, MIN(atoi(max_conn_opt), 1000));
data/gdal-3.0.4+dfsg/frmts/wms/gdalwmscache.cpp:59:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            m_nDepth = atoi( pszCacheDepth );
data/gdal-3.0.4+dfsg/frmts/wms/gdalwmscache.cpp:68:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            m_nExpires = atoi( pszCacheExpires );
data/gdal-3.0.4+dfsg/frmts/wms/gdalwmscache.cpp:73:26:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            m_nMaxSize = atol( pszCacheMaxSize );
data/gdal-3.0.4+dfsg/frmts/wms/gdalwmsdataset.cpp:132:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                int code = atoi(kv[i]);
data/gdal-3.0.4+dfsg/frmts/wms/gdalwmsdataset.cpp:160:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            m_http_max_conn = atoi(max_conn);
data/gdal-3.0.4+dfsg/frmts/wms/gdalwmsdataset.cpp:170:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            m_http_timeout = atoi(timeout);
data/gdal-3.0.4+dfsg/frmts/wms/gdalwmsdataset.cpp:321:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            m_block_size_x = atoi(CPLGetXMLValue(config, "BlockSizeX",
data/gdal-3.0.4+dfsg/frmts/wms/gdalwmsdataset.cpp:323:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            m_block_size_y = atoi(CPLGetXMLValue(config, "BlockSizeY",
data/gdal-3.0.4+dfsg/frmts/wms/gdalwmsdataset.cpp:399:42:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                m_data_window.m_tlevel = atoi(tlevel);
data/gdal-3.0.4+dfsg/frmts/wms/gdalwmsdataset.cpp:405:46:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        m_data_window.m_sx = atoi(sx);
data/gdal-3.0.4+dfsg/frmts/wms/gdalwmsdataset.cpp:406:46:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        m_data_window.m_sy = atoi(sy);
data/gdal-3.0.4+dfsg/frmts/wms/gdalwmsdataset.cpp:410:44:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        int tile_count_x = atoi(str_tile_count_x);
data/gdal-3.0.4+dfsg/frmts/wms/gdalwmsdataset.cpp:411:44:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        int tile_count_y = atoi(str_tile_count_y);
data/gdal-3.0.4+dfsg/frmts/wms/gdalwmsdataset.cpp:426:46:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        m_data_window.m_tx = atoi(tx);
data/gdal-3.0.4+dfsg/frmts/wms/gdalwmsdataset.cpp:427:46:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        m_data_window.m_ty = atoi(ty);
data/gdal-3.0.4+dfsg/frmts/wms/gdalwmsdataset.cpp:441:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        nOverviews = atoi(overview_count);
data/gdal-3.0.4+dfsg/frmts/wms/gdalwmsdataset.cpp:484:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nBands=atoi(CPLGetXMLValue(config,"BandsCount","3"));
data/gdal-3.0.4+dfsg/frmts/wms/minidriver_mrf.cpp:99:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buff, request.pabyData, request.nDataLen);
data/gdal-3.0.4+dfsg/frmts/wms/minidriver_tiled_wms.cpp:387:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int band_count = atoi(CPLGetXMLValue(TG, "Bands", "3"));
data/gdal-3.0.4+dfsg/frmts/wms/minidriver_tiled_wms.cpp:535:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                mbsx = atoi(pszWIDTH);
data/gdal-3.0.4+dfsg/frmts/wms/minidriver_tiled_wms.cpp:536:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                mbsy = atoi(pszHEIGHT);
data/gdal-3.0.4+dfsg/frmts/wms/minidriver_virtualearth.cpp:76:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTileNumber[64];
data/gdal-3.0.4+dfsg/frmts/wms/wmsdriver.cpp:173:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nTileSize = atoi(osTileSize);
data/gdal-3.0.4+dfsg/frmts/wms/wmsdriver.cpp:180:53:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nOverviewCount = (osOverviewCount.size()) ? atoi(osOverviewCount) : 20;
data/gdal-3.0.4+dfsg/frmts/wms/wmsdriver.cpp:369:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nTileWidth = atoi(pszTileWidth);
data/gdal-3.0.4+dfsg/frmts/wms/wmsdriver.cpp:370:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nTileHeight = atoi(pszTileHeight);
data/gdal-3.0.4+dfsg/frmts/wms/wmsdriver.cpp:389:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            if (atoi(pszOrder) != nLevelCount)
data/gdal-3.0.4+dfsg/frmts/wms/wmsdriver.cpp:614:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nWKID = atoi(pszCode);
data/gdal-3.0.4+dfsg/frmts/wms/wmsdriver.cpp:885:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nResolutions = atoi(pszResolutionNumber + strlen("Resolution-number:"));
data/gdal-3.0.4+dfsg/frmts/wms/wmsmetadataset.cpp:57:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    szName[80];
data/gdal-3.0.4+dfsg/frmts/wms/wmsmetadataset.cpp:515:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nTileWidth = atoi(pszTileWidth);
data/gdal-3.0.4+dfsg/frmts/wms/wmsmetadataset.cpp:516:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nTileHeight = atoi(pszTileHeight);
data/gdal-3.0.4+dfsg/frmts/wms/wmsutils.cpp:83:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int n = atoi(p);
data/gdal-3.0.4+dfsg/frmts/wmts/wmtsdataset.cpp:514:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(padfGT, adfGT, 6 * sizeof(double));
data/gdal-3.0.4+dfsg/frmts/wmts/wmtsdataset.cpp:751:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            oTM.nTileWidth = atoi(pszTileWidth);
data/gdal-3.0.4+dfsg/frmts/wmts/wmtsdataset.cpp:752:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            oTM.nTileHeight = atoi(pszTileHeight);
data/gdal-3.0.4+dfsg/frmts/wmts/wmtsdataset.cpp:760:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            oTM.nMatrixWidth = atoi(pszMatrixWidth);
data/gdal-3.0.4+dfsg/frmts/wmts/wmtsdataset.cpp:761:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            oTM.nMatrixHeight = atoi(pszMatrixHeight);
data/gdal-3.0.4+dfsg/frmts/wmts/wmtsdataset.cpp:831:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        oTMLimits.nMinTileRow = atoi(pszMinTileRow);
data/gdal-3.0.4+dfsg/frmts/wmts/wmtsdataset.cpp:832:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        oTMLimits.nMaxTileRow = atoi(pszMaxTileRow);
data/gdal-3.0.4+dfsg/frmts/wmts/wmtsdataset.cpp:833:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        oTMLimits.nMinTileCol = atoi(pszMinTileCol);
data/gdal-3.0.4+dfsg/frmts/wmts/wmtsdataset.cpp:834:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        oTMLimits.nMaxTileCol = atoi(pszMaxTileCol);
data/gdal-3.0.4+dfsg/frmts/wmts/wmtsdataset.cpp:995:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nUserMaxZoomLevel = atoi(CSLFetchNameValueDef(poOpenInfo->papszOpenOptions,
data/gdal-3.0.4+dfsg/frmts/wmts/wmtsdataset.cpp:1032:45:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        nUserMaxZoomLevel = atoi(pszValue);
data/gdal-3.0.4+dfsg/frmts/wmts/wmtsdataset.cpp:1089:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nUserMaxZoomLevel = atoi(CPLGetXMLValue(psRoot, "ZoomLevel",
data/gdal-3.0.4+dfsg/frmts/wmts/wmtsdataset.cpp:1111:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nBands = atoi(CPLGetXMLValue(psRoot, "BandsCount", "4"));
data/gdal-3.0.4+dfsg/frmts/xyz/xyzdataset.cpp:1285:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szFormat[50] = { '\0' };
data/gdal-3.0.4+dfsg/frmts/xyz/xyzdataset.cpp:1287:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(szFormat, "%.18g%c%.18g%c%d\n");
data/gdal-3.0.4+dfsg/frmts/xyz/xyzdataset.cpp:1289:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(szFormat, "%.18g%c%.18g%c%.18g\n");
data/gdal-3.0.4+dfsg/frmts/xyz/xyzdataset.cpp:1304:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nPrecision = atoi(pszSignificantDigits);
data/gdal-3.0.4+dfsg/frmts/xyz/xyzdataset.cpp:1318:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nPrecision = atoi(pszDecimalPrecision);
data/gdal-3.0.4+dfsg/frmts/xyz/xyzdataset.cpp:1347:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szBuf[256];
data/gdal-3.0.4+dfsg/frmts/xyz/xyzdataset.cpp:1397:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &(poXYZ_DS->adfGeoTransform), adfGeoTransform, sizeof(double)*6 );
data/gdal-3.0.4+dfsg/frmts/xyz/xyzdataset.cpp:1417:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(padfTransform, adfGeoTransform, 6 * sizeof(double));
data/gdal-3.0.4+dfsg/frmts/zlib/crc32.c:161:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        out = fopen("crc32.h", "w");
data/gdal-3.0.4+dfsg/frmts/zlib/gzio.c:103:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fmode[80]; /* copy of mode, without the compression level */
data/gdal-3.0.4+dfsg/frmts/zlib/gzio.c:223:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[46];      /* allow for up to 128-bit integers */
data/gdal-3.0.4+dfsg/frmts/zlib/gzio.c:226:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(name, "<fd:%d>", fd); /* for debugging */
data/gdal-3.0.4+dfsg/frmts/zlib/gzio.c:605:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[Z_PRINTF_BUFSIZE];
data/gdal-3.0.4+dfsg/frmts/zlib/gzio.c:644:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[Z_PRINTF_BUFSIZE];
data/gdal-3.0.4+dfsg/frmts/zlib/gzio.c:1009:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(s->msg, ": ");
data/gdal-3.0.4+dfsg/frmts/zlib/inflate.c:574:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char hbuf[4];      /* buffer for gzip header crc calculation */
data/gdal-3.0.4+dfsg/frmts/zlib/inflate.c:1269:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[4];       /* to restore bit buffer to byte string */
data/gdal-3.0.4+dfsg/frmts/zlib/trees.c:332:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *header = fopen("trees.h", "w");
data/gdal-3.0.4+dfsg/frmts/zlib/zutil.c:14:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char * const z_errmsg[10] = {
data/gdal-3.0.4+dfsg/frmts/zlib/zutil.h:41:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern const char * const z_errmsg[10]; /* indexed by 2-zlib_error */
data/gdal-3.0.4+dfsg/frmts/zlib/zutil.h:99:6:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
     fopen((name), (mode), "mbc=60", "ctx=stm", "rfm=fix", "mrs=512")
data/gdal-3.0.4+dfsg/frmts/zlib/zutil.h:153:30:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#  define F_OPEN(name, mode) fopen((name), (mode))
data/gdal-3.0.4+dfsg/frmts/zlib/zutil.h:210:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#    define zmemcpy memcpy
data/gdal-3.0.4+dfsg/frmts/zmap/zmapdataset.cpp:156:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    = atoi(pszValue) * dfExp;
data/gdal-3.0.4+dfsg/frmts/zmap/zmapdataset.cpp:326:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nValuesPerLine = atoi(papszTokens[2]);
data/gdal-3.0.4+dfsg/frmts/zmap/zmapdataset.cpp:355:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nFieldSize = atoi(papszTokens[0]);
data/gdal-3.0.4+dfsg/frmts/zmap/zmapdataset.cpp:357:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nDecimalCount = atoi(papszTokens[3]);
data/gdal-3.0.4+dfsg/frmts/zmap/zmapdataset.cpp:358:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nColumnNumber = atoi(papszTokens[4]);
data/gdal-3.0.4+dfsg/frmts/zmap/zmapdataset.cpp:391:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nRows = atoi(papszTokens[0]);
data/gdal-3.0.4+dfsg/frmts/zmap/zmapdataset.cpp:392:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nCols = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/frmts/zmap/zmapdataset.cpp:503:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szFormat[32];
data/gdal-3.0.4+dfsg/frmts/zmap/zmapdataset.cpp:706:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(padfTransform, adfGeoTransform, 6 * sizeof(double));
data/gdal-3.0.4+dfsg/fuzzers/fuzzingengine.cpp:60:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nLoops = atoi(argv[i+1]);
data/gdal-3.0.4+dfsg/fuzzers/fuzzingengine.cpp:86:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE* f = fopen(pszFilename, "rb");
data/gdal-3.0.4+dfsg/fuzzers/gdal_fuzzer.cpp:92:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTempFilename[64];
data/gdal-3.0.4+dfsg/fuzzers/gdal_translate_fuzzer.cpp:103:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nXDim = atoi(papszArgv[i+1]);
data/gdal-3.0.4+dfsg/fuzzers/gdal_translate_fuzzer.cpp:106:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nYDim = atoi(papszArgv[i+2]);
data/gdal-3.0.4+dfsg/fuzzers/gdal_translate_fuzzer.cpp:119:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                atoi(papszArgv[i+1]+strlen("BLOCKSIZE=")));
data/gdal-3.0.4+dfsg/fuzzers/gdal_translate_fuzzer.cpp:121:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                atoi(papszArgv[i+1]+strlen("BLOCKSIZE=")));
data/gdal-3.0.4+dfsg/fuzzers/gdal_translate_fuzzer.cpp:126:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                atoi(papszArgv[i+1]+strlen("BLOCKXSIZE=")));
data/gdal-3.0.4+dfsg/fuzzers/gdal_translate_fuzzer.cpp:131:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                atoi(papszArgv[i+1]+strlen("BLOCKYSIZE=")));
data/gdal-3.0.4+dfsg/fuzzers/gml_geom_import_fuzzer.cpp:48:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pszGML, buf, len);
data/gdal-3.0.4+dfsg/fuzzers/ogr_fuzzer.cpp:82:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTempFilename[64];
data/gdal-3.0.4+dfsg/fuzzers/osr_set_from_user_input_fuzzer.cpp:52:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pszStr, buf, len);
data/gdal-3.0.4+dfsg/fuzzers/wkt_import_fuzzer.cpp:49:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pszWKT, buf, len);
data/gdal-3.0.4+dfsg/gcore/gdal_mdreader.cpp:362:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szName[512];
data/gdal-3.0.4+dfsg/gcore/gdal_mdreader.cpp:373:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szNameNew[512];
data/gdal-3.0.4+dfsg/gcore/gdal_misc.cpp:1537:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( *ppasGCPs, asGCPs, sizeof(GDAL_GCP) * nCoordinateCount );
data/gdal-3.0.4+dfsg/gcore/gdal_misc.cpp:1732:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( *ppasGCPs, asGCPs, sizeof(GDAL_GCP) * nCoordinateCount );
data/gdal-3.0.4+dfsg/gcore/gdal_misc.cpp:1988:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szDerivedExtension[100] = { '\0' };
data/gdal-3.0.4+dfsg/gcore/gdal_misc.cpp:2019:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szExtUpper[32] = { '\0' };
data/gdal-3.0.4+dfsg/gcore/gdal_misc.cpp:2020:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szExtLower[32] = { '\0' };
data/gdal-3.0.4+dfsg/gcore/gdal_misc.cpp:2743:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(padfGTOut, gtwrk, sizeof(gtwrk));
data/gdal-3.0.4+dfsg/gcore/gdal_misc.cpp:3354:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szFullKey[200];
data/gdal-3.0.4+dfsg/gcore/gdal_misc.cpp:3713:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nMaxBands = atoi(pszMaxBandCount);
data/gdal-3.0.4+dfsg/gcore/gdal_misc.cpp:3827:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    anMapping.push_back(atoi(papszTokens[i]));
data/gdal-3.0.4+dfsg/gcore/gdal_priv_templates.hpp:350:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pDest, &n32, sizeof(n32));
data/gdal-3.0.4+dfsg/gcore/gdal_priv_templates.hpp:360:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pDest, &n64, sizeof(n64));
data/gdal-3.0.4+dfsg/gcore/gdal_rat.cpp:620:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szValue[128] = { '\0' };
data/gdal-3.0.4+dfsg/gcore/gdal_rat.cpp:889:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    atoi(CPLGetXMLValue( psChild, "Type", "1" )) ),
data/gdal-3.0.4+dfsg/gcore/gdal_rat.cpp:891:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    atoi(CPLGetXMLValue( psChild, "Usage","0"))) );
data/gdal-3.0.4+dfsg/gcore/gdal_rat.cpp:905:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            const int iRow = atoi(CPLGetXMLValue(psChild,"index","0"));
data/gdal-3.0.4+dfsg/gcore/gdal_rat.cpp:1574:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        return atoi( aoFields[iField].aosValues[iRow].c_str() );
data/gdal-3.0.4+dfsg/gcore/gdal_rat.cpp:1728:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        aoFields[iField].anValues[iRow] = atoi(pszValue);
data/gdal-3.0.4+dfsg/gcore/gdal_rat.cpp:1805:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char szValue[100];
data/gdal-3.0.4+dfsg/gcore/gdal_rat.cpp:1874:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char szValue[100] = { '\0' };
data/gdal-3.0.4+dfsg/gcore/gdalclientserver.cpp:885:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(data, p->abyRecvBuffer, length);
data/gdal-3.0.4+dfsg/gcore/gdalclientserver.cpp:892:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( data, p->abyRecvBuffer, p->nRecvBufferSize);
data/gdal-3.0.4+dfsg/gcore/gdalclientserver.cpp:942:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(p->abyBuffer + p->nBufferSize, pCur, nRemain);
data/gdal-3.0.4+dfsg/gcore/gdalclientserver.cpp:958:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(p->abyBuffer + p->nBufferSize, pCur,
data/gdal-3.0.4+dfsg/gcore/gdalclientserver.cpp:1740:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nPort = atoi(pszColon + 1);
data/gdal-3.0.4+dfsg/gcore/gdalclientserver.cpp:1757:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(&(sockAddrIn.sin_addr.s_addr), hp->h_addr, hp->h_length);
data/gdal-3.0.4+dfsg/gcore/gdalclientserver.cpp:6412:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if( atoi(pszConnPool) > 0 )
data/gdal-3.0.4+dfsg/gcore/gdalclientserver.cpp:6415:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nMaxRecycled = std::min(atoi(pszConnPool), MAX_RECYCLED);
data/gdal-3.0.4+dfsg/gcore/gdaldataset.cpp:3449:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                const int nOvrLevel = atoi(osVal);
data/gdal-3.0.4+dfsg/gcore/gdaldataset.cpp:3991:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szNewFmt[256] = {};
data/gdal-3.0.4+dfsg/gcore/gdaldataset.cpp:5473:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nWidth = atoi(pszParenthesis + 1);
data/gdal-3.0.4+dfsg/gcore/gdaldataset.cpp:5477:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nPrecision = atoi(pszComma + 1);
data/gdal-3.0.4+dfsg/gcore/gdaldefaultasync.cpp:359:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( panBandMap, panBandMapIn, sizeof(int)*nBandCount );
data/gdal-3.0.4+dfsg/gcore/gdaldefaultoverviews.cpp:224:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&(achOvrFilename[0]),
data/gdal-3.0.4+dfsg/gcore/gdaldefaultoverviews.cpp:235:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&(achOvrFilename[0]),
data/gdal-3.0.4+dfsg/gcore/gdaldefaultoverviews.cpp:1089:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    return atoi(pszValue);
data/gdal-3.0.4+dfsg/gcore/gdaldefaultoverviews.cpp:1177:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&(achMskFilename[0]),
data/gdal-3.0.4+dfsg/gcore/gdaldefaultoverviews.cpp:1189:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&(achMskFilename[0]),
data/gdal-3.0.4+dfsg/gcore/gdaldriver.cpp:1768:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    if( pszMin && atoi(pszValue) < atoi(pszMin) )
data/gdal-3.0.4+dfsg/gcore/gdaldriver.cpp:1768:52:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    if( pszMin && atoi(pszValue) < atoi(pszMin) )
data/gdal-3.0.4+dfsg/gcore/gdaldriver.cpp:1775:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    if( pszMax && atoi(pszValue) > atoi(pszMax) )
data/gdal-3.0.4+dfsg/gcore/gdaldriver.cpp:1775:52:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    if( pszMax && atoi(pszValue) > atoi(pszMax) )
data/gdal-3.0.4+dfsg/gcore/gdaldriver.cpp:1802:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    if( pszMin && atoi(pszValue) < atoi(pszMin) )
data/gdal-3.0.4+dfsg/gcore/gdaldriver.cpp:1802:52:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    if( pszMin && atoi(pszValue) < atoi(pszMin) )
data/gdal-3.0.4+dfsg/gcore/gdaldriver.cpp:1809:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    if( pszMax && atoi(pszValue) > atoi(pszMax) )
data/gdal-3.0.4+dfsg/gcore/gdaldriver.cpp:1809:52:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    if( pszMax && atoi(pszValue) > atoi(pszMax) )
data/gdal-3.0.4+dfsg/gcore/gdaldriver.cpp:1904:62:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    if (static_cast<int>(strlen(pszValue)) > atoi(pszMaxSize))
data/gdal-3.0.4+dfsg/gcore/gdaldriver.cpp:1909:61:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                 pszErrorMessageOptionType, atoi(pszMaxSize));
data/gdal-3.0.4+dfsg/gcore/gdaldrivermanager.cpp:643:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char **apapszList[2] = { nullptr, nullptr };
data/gdal-3.0.4+dfsg/gcore/gdaldrivermanager.cpp:756:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szExecPath[1024];
data/gdal-3.0.4+dfsg/gcore/gdaldrivermanager.cpp:760:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szPluginDir[sizeof(szExecPath)+50];
data/gdal-3.0.4+dfsg/gcore/gdaldrivermanager.cpp:762:13:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
            strcat( szPluginDir, "\\gdalplugins" );
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:254:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char  szTemp[128];
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:287:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pszData, data, count );
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:521:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szName[128];
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:650:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char data[4];
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:651:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(data, &poTIFFDirEntry->tdir_offset, 4);
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:656:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(&nValUInt32, data, 4);
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:658:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(data, &nValUInt32, 4);
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:664:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(&nValUInt32, data, 4);
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:666:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(data, &nValUInt32, 4);
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:862:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pabyData, pszVal, strlen(pszVal) + 1);
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:1062:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(tag.pabyVal, pszValue, tagdescArray[i].length);
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:1071:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(tag.pabyVal, pszValue, strlen(pszValue));
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:1140:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    GUInt32 nVal = atoi(papszTokens[j]);
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:1280:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pabyData + nBufferOff,
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:1289:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pabyData + EXIF_HEADER_SIZE +
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:1413:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pabyData, "Exif\0\0", EXIF_HEADER_SIZE);
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:1529:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pabyData + nBufferOff, pabyThumbnail, nThumbnailSize );
data/gdal-3.0.4+dfsg/gcore/gdalgeorefpamdataset.cpp:317:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( padfTransform, adfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/gcore/gdaljp2abstractdataset.cpp:160:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( adfGeoTransform, oJP2Geo.adfGeoTransform,
data/gdal-3.0.4+dfsg/gcore/gdaljp2abstractdataset.cpp:185:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char *apszMDList[2] = { oJP2Geo.pszXMPMetadata, nullptr };
data/gdal-3.0.4+dfsg/gcore/gdaljp2abstractdataset.cpp:206:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char *apszMDList[2] = { const_cast<char *>(pszXML), nullptr };
data/gdal-3.0.4+dfsg/gcore/gdaljp2box.cpp:166:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( szBoxType, &nTBox, 4 );
data/gdal-3.0.4+dfsg/gcore/gdaljp2box.cpp:184:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &nBoxLength, abyXLBox, 8 );
data/gdal-3.0.4+dfsg/gcore/gdaljp2box.cpp:195:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &nBoxLength, abyXLBox+4, 4 );
data/gdal-3.0.4+dfsg/gcore/gdaljp2box.cpp:304:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBuffer[128];
data/gdal-3.0.4+dfsg/gcore/gdaljp2box.cpp:362:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(szBoxType, pszType, 4);
data/gdal-3.0.4+dfsg/gcore/gdaljp2box.cpp:376:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyData, pabyDataIn, nLength );
data/gdal-3.0.4+dfsg/gcore/gdaljp2box.cpp:400:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyData + GetDataLength(), pabyDataIn, nLength );
data/gdal-3.0.4+dfsg/gcore/gdaljp2box.cpp:484:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyNext, &nLBox, 4 );
data/gdal-3.0.4+dfsg/gcore/gdaljp2box.cpp:487:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyNext, papoBoxes[iBox]->szBoxType, 4 );
data/gdal-3.0.4+dfsg/gcore/gdaljp2box.cpp:490:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyNext, papoBoxes[iBox]->pabyData,
data/gdal-3.0.4+dfsg/gcore/gdaljp2metadata.cpp:66:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char msi_uuid2[16] = {
data/gdal-3.0.4+dfsg/gcore/gdaljp2metadata.cpp:70:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char msig_uuid[16] = {
data/gdal-3.0.4+dfsg/gcore/gdaljp2metadata.cpp:74:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char xmp_uuid[16] = {
data/gdal-3.0.4+dfsg/gcore/gdaljp2metadata.cpp:658:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(adfGeoTransform, aadfGeoTransform[iBestIndex], 6 * sizeof(double));
data/gdal-3.0.4+dfsg/gcore/gdaljp2metadata.cpp:709:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( adfGeoTransform + 0, pabyMSIGData + 22 + 8 * 4, 8 );
data/gdal-3.0.4+dfsg/gcore/gdaljp2metadata.cpp:710:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( adfGeoTransform + 1, pabyMSIGData + 22 + 8 * 0, 8 );
data/gdal-3.0.4+dfsg/gcore/gdaljp2metadata.cpp:711:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( adfGeoTransform + 2, pabyMSIGData + 22 + 8 * 2, 8 );
data/gdal-3.0.4+dfsg/gcore/gdaljp2metadata.cpp:712:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( adfGeoTransform + 3, pabyMSIGData + 22 + 8 * 5, 8 );
data/gdal-3.0.4+dfsg/gcore/gdaljp2metadata.cpp:713:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( adfGeoTransform + 4, pabyMSIGData + 22 + 8 * 1, 8 );
data/gdal-3.0.4+dfsg/gcore/gdaljp2metadata.cpp:714:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( adfGeoTransform + 5, pabyMSIGData + 22 + 8 * 3, 8 );
data/gdal-3.0.4+dfsg/gcore/gdaljp2metadata.cpp:1212:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( adfGeoTransform, padfGT, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/gcore/gdaljp2metadata.cpp:1290:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nEPSGCode = atoi(oSRS.GetAuthorityCode( "PROJCS" ));
data/gdal-3.0.4+dfsg/gcore/gdaljp2metadata.cpp:1299:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nEPSGCode = atoi(oSRS.GetAuthorityCode( "GEOGCS" ));
data/gdal-3.0.4+dfsg/gcore/gdaljp2metadata.cpp:1484:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szSRSName[100];
data/gdal-3.0.4+dfsg/gcore/gdaljp2metadata.cpp:2361:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szSRSName[100] = {0};
data/gdal-3.0.4+dfsg/gcore/gdaljp2metadata.h:51:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        szBoxType[5];
data/gdal-3.0.4+dfsg/gcore/gdaljp2structure.cpp:243:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szBranding[5];
data/gdal-3.0.4+dfsg/gcore/gdaljp2structure.cpp:244:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(szBranding, pabyIter, 4);
data/gdal-3.0.4+dfsg/gcore/gdaljp2structure.cpp:253:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&nVal, pabyIter, 4);
data/gdal-3.0.4+dfsg/gcore/gdaljp2structure.cpp:262:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szBranding[5];
data/gdal-3.0.4+dfsg/gcore/gdaljp2structure.cpp:263:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(szBranding, pabyIter, 4);
data/gdal-3.0.4+dfsg/gcore/gdaljp2structure.cpp:296:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&nVal, pabyIter, 4);
data/gdal-3.0.4+dfsg/gcore/gdaljp2structure.cpp:305:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&nVal, pabyIter, 4);
data/gdal-3.0.4+dfsg/gcore/gdaljp2structure.cpp:314:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&nVal, pabyIter, 2);
data/gdal-3.0.4+dfsg/gcore/gdaljp2structure.cpp:422:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&nVal, pabyIter, 4);
data/gdal-3.0.4+dfsg/gcore/gdaljp2structure.cpp:455:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&nVal, pabyIter, 2);
data/gdal-3.0.4+dfsg/gcore/gdaljp2structure.cpp:525:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&nVal, pabyIter, 2);
data/gdal-3.0.4+dfsg/gcore/gdaljp2structure.cpp:573:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&nVal, pabyIter, 2);
data/gdal-3.0.4+dfsg/gcore/gdaljp2structure.cpp:585:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(&nVal, pabyIter, 2);
data/gdal-3.0.4+dfsg/gcore/gdaljp2structure.cpp:596:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(&nVal, pabyIter, 2);
data/gdal-3.0.4+dfsg/gcore/gdaljp2structure.cpp:611:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(&nVal, pabyIter, 2);
data/gdal-3.0.4+dfsg/gcore/gdaljp2structure.cpp:653:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&nVal, pabyIter, 2);
data/gdal-3.0.4+dfsg/gcore/gdaljp2structure.cpp:663:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&nVal, pabyIter, 2);
data/gdal-3.0.4+dfsg/gcore/gdaljp2structure.cpp:673:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&nVal, pabyIter, 2);
data/gdal-3.0.4+dfsg/gcore/gdaljp2structure.cpp:683:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&nVal, pabyIter, 2);
data/gdal-3.0.4+dfsg/gcore/gdaljp2structure.cpp:771:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&nVal, pabyIter, 2);
data/gdal-3.0.4+dfsg/gcore/gdaljp2structure.cpp:783:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(&nVal, pabyIter, 2);
data/gdal-3.0.4+dfsg/gcore/gdaljp2structure.cpp:813:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&nVal, pabyIter, 2);
data/gdal-3.0.4+dfsg/gcore/gdaljp2structure.cpp:1075:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(&v, pabyMarkerDataIter, 2);
data/gdal-3.0.4+dfsg/gcore/gdaljp2structure.cpp:1094:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(&v, pabyMarkerDataIter, 4);
data/gdal-3.0.4+dfsg/gcore/gdalopeninfo.cpp:108:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(fnto.pabyHeader, pabyHeader, nHeaderBytes);
data/gdal-3.0.4+dfsg/gcore/gdalopeninfo.cpp:150:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pabyHeader, oIter->second.pabyHeader, *pnHeaderBytes);
data/gdal-3.0.4+dfsg/gcore/gdalopeninfo.cpp:196:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char    szAltPath[10];
data/gdal-3.0.4+dfsg/gcore/gdalopeninfo.cpp:276:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(CPLGetConfigOption("GDAL_INGESTED_BYTES_AT_OPEN", "1024"));
data/gdal-3.0.4+dfsg/gcore/gdalopeninfo.cpp:406:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        atoi(CPLGetConfigOption("GDAL_READDIR_LIMIT_ON_OPEN", "1000"));
data/gdal-3.0.4+dfsg/gcore/gdaloverviewdataset.cpp:372:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfTransform, adfGeoTransform, sizeof(double)*6 );
data/gdal-3.0.4+dfsg/gcore/gdalpamdataset.cpp:389:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                anMapping.push_back(atoi(papszTokens[i]));
data/gdal-3.0.4+dfsg/gcore/gdalpamdataset.cpp:517:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int nBand = atoi(CPLGetXMLValue( psBandTree, "band", "0"));
data/gdal-3.0.4+dfsg/gcore/gdalpamdataset.cpp:634:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat( psPam->pszPamFilename, ".aux.xml" );
data/gdal-3.0.4+dfsg/gcore/gdalpamdataset.cpp:1187:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( padfTransform, psPam->adfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/gcore/gdalpamdataset.cpp:1207:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( psPam->adfGeoTransform, padfTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/gcore/gdalpamproxydb.cpp:134:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nUpdateCounter = atoi(reinterpret_cast<char *>(abyHeader) + 10);
data/gdal-3.0.4+dfsg/gcore/gdalpamproxydb.cpp:236:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( reinterpret_cast<char *>(abyHeader), "GDAL_PROXY", 10 );
data/gdal-3.0.4+dfsg/gcore/gdalpamrasterband.cpp:445:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                static_cast<short>(atoi(CPLGetXMLValue( psEntry, "c1", "0" ))),
data/gdal-3.0.4+dfsg/gcore/gdalpamrasterband.cpp:446:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                static_cast<short>(atoi(CPLGetXMLValue( psEntry, "c2", "0" ))),
data/gdal-3.0.4+dfsg/gcore/gdalpamrasterband.cpp:447:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                static_cast<short>(atoi(CPLGetXMLValue( psEntry, "c3", "0" ))),
data/gdal-3.0.4+dfsg/gcore/gdalpamrasterband.cpp:448:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                static_cast<short>(atoi(CPLGetXMLValue( psEntry, "c4", "255" )))
data/gdal-3.0.4+dfsg/gcore/gdalpamrasterband.cpp:1031:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    *pnBuckets = atoi(CPLGetXMLValue( psHistItem, "BucketCount","2"));
data/gdal-3.0.4+dfsg/gcore/gdalpamrasterband.cpp:1102:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            || atoi(CPLGetXMLValue( psXMLHist,
data/gdal-3.0.4+dfsg/gcore/gdalpamrasterband.cpp:1104:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            || !atoi(CPLGetXMLValue( psXMLHist,
data/gdal-3.0.4+dfsg/gcore/gdalpamrasterband.cpp:1107:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            || (!bApproxOK && atoi(CPLGetXMLValue( psXMLHist,
data/gdal-3.0.4+dfsg/gcore/gdalpamrasterband.cpp:1203:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( panHistogram, panTempHist, sizeof(GUIntBig) * nBuckets );
data/gdal-3.0.4+dfsg/gcore/gdalproxypool.cpp:411:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int l_maxSize = atoi(CPLGetConfigOption("GDAL_MAX_DATASET_POOL_SIZE", "100"));
data/gdal-3.0.4+dfsg/gcore/gdalproxypool.cpp:629:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(adfGeoTransform, padfGeoTransform,6 * sizeof(double));
data/gdal-3.0.4+dfsg/gcore/gdalproxypool.cpp:863:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(padfGeoTransform, adfGeoTransform, 6 * sizeof(double));
data/gdal-3.0.4+dfsg/gcore/gdalrasterband.cpp:1425:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(destBlock->GetDataRef(), srcBlock, blockByteSize);
data/gdal-3.0.4+dfsg/gcore/gdalrasterband.cpp:4836:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szValue[128] = { 0 };
data/gdal-3.0.4+dfsg/gcore/gdalrasterband.cpp:5405:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szValue[128] = { 0 };
data/gdal-3.0.4+dfsg/gcore/gdalrasterband.cpp:6556:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szNewFmt[256] = { '\0' };
data/gdal-3.0.4+dfsg/gcore/gdalrasterband.cpp:6656:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const size_t nCacheSize = atoi(
data/gdal-3.0.4+dfsg/gcore/gdalrasterband.cpp:6658:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const size_t nPageSizeHint = atoi(
data/gdal-3.0.4+dfsg/gcore/gdalsse_priv.h:55:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&s, ptr, 2);
data/gdal-3.0.4+dfsg/gcore/gdalsse_priv.h:66:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&i, ptr, 4);
data/gdal-3.0.4+dfsg/gcore/gdalsse_priv.h:77:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&i, ptr, 8);
data/gdal-3.0.4+dfsg/gcore/gdalsse_priv.h:88:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pDest, &i, 2);
data/gdal-3.0.4+dfsg/gcore/gdalsse_priv.h:495:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(low1, &expr1.low, sizeof(double));
data/gdal-3.0.4+dfsg/gcore/gdalsse_priv.h:496:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(high1, &expr1.high, sizeof(double));
data/gdal-3.0.4+dfsg/gcore/gdalsse_priv.h:497:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(low2, &expr2.low, sizeof(double));
data/gdal-3.0.4+dfsg/gcore/gdalsse_priv.h:498:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(high2, &expr2.high, sizeof(double));
data/gdal-3.0.4+dfsg/gcore/gdalsse_priv.h:503:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&reg.low, low1, sizeof(double));
data/gdal-3.0.4+dfsg/gcore/gdalsse_priv.h:504:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&reg.high, high1, sizeof(double));
data/gdal-3.0.4+dfsg/gcore/gdalsse_priv.h:742:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ptr, &low, 8);
data/gdal-3.0.4+dfsg/gcore/gdalsse_priv.h:743:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ptr + 8, &high, 8);
data/gdal-3.0.4+dfsg/gcore/gdalvirtualmem.cpp:160:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(panBandMap, panBandMapIn, nBandCount * sizeof(int));
data/gdal-3.0.4+dfsg/gcore/gdalvirtualmem.cpp:1183:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(panBandMap, panBandMapIn, nBandCount * sizeof(int));
data/gdal-3.0.4+dfsg/gcore/mdreader/reader_alos.cpp:253:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nCC = atoi(pszCloudCover);
data/gdal-3.0.4+dfsg/gcore/mdreader/reader_alos.cpp:271:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[80];
data/gdal-3.0.4+dfsg/gcore/mdreader/reader_alos.cpp:284:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char buffer[80];
data/gdal-3.0.4+dfsg/gcore/mdreader/reader_alos.cpp:320:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buff[50] = {0};
data/gdal-3.0.4+dfsg/gcore/mdreader/reader_digital_globe.cpp:195:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szMidDateTime[80];
data/gdal-3.0.4+dfsg/gcore/mdreader/reader_digital_globe.cpp:208:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szMidDateTime[80];
data/gdal-3.0.4+dfsg/gcore/mdreader/reader_eros.cpp:51:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szMetadataName[512] = {0};
data/gdal-3.0.4+dfsg/gcore/mdreader/reader_eros.cpp:199:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nCC = atoi(pszCloudCover);
data/gdal-3.0.4+dfsg/gcore/mdreader/reader_eros.cpp:215:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[80];
data/gdal-3.0.4+dfsg/gcore/mdreader/reader_eros.cpp:233:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szName[22];
data/gdal-3.0.4+dfsg/gcore/mdreader/reader_geo_eye.cpp:61:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szMetadataName[512] = {0};
data/gdal-3.0.4+dfsg/gcore/mdreader/reader_geo_eye.cpp:203:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[80];
data/gdal-3.0.4+dfsg/gcore/mdreader/reader_kompsat.cpp:141:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nCC = atoi(pszCloudCover);
data/gdal-3.0.4+dfsg/gcore/mdreader/reader_kompsat.cpp:164:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[80];
data/gdal-3.0.4+dfsg/gcore/mdreader/reader_kompsat.cpp:183:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szName[512];
data/gdal-3.0.4+dfsg/gcore/mdreader/reader_landsat.cpp:56:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szMetadataName[512] = {0};
data/gdal-3.0.4+dfsg/gcore/mdreader/reader_landsat.cpp:195:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[80];
data/gdal-3.0.4+dfsg/gcore/mdreader/reader_orb_view.cpp:163:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[80];
data/gdal-3.0.4+dfsg/gcore/mdreader/reader_pleiades.cpp:70:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sBaseName[512];
data/gdal-3.0.4+dfsg/gcore/mdreader/reader_pleiades.cpp:278:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[80];
data/gdal-3.0.4+dfsg/gcore/mdreader/reader_pleiades.cpp:364:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                atoi(pszOVERLAP_COL) == 0 && atoi(pszOVERLAP_ROW) == 0 )
data/gdal-3.0.4+dfsg/gcore/mdreader/reader_pleiades.cpp:364:46:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                atoi(pszOVERLAP_COL) == 0 && atoi(pszOVERLAP_ROW) == 0 )
data/gdal-3.0.4+dfsg/gcore/mdreader/reader_pleiades.cpp:366:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nLineOffShift = - (atoi(pszR) - 1) * atoi(pszTileHeight);
data/gdal-3.0.4+dfsg/gcore/mdreader/reader_pleiades.cpp:366:54:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nLineOffShift = - (atoi(pszR) - 1) * atoi(pszTileHeight);
data/gdal-3.0.4+dfsg/gcore/mdreader/reader_pleiades.cpp:367:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nPixelOffShift = - (atoi(pszC) - 1) * atoi(pszTileWidth);
data/gdal-3.0.4+dfsg/gcore/mdreader/reader_pleiades.cpp:367:55:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nPixelOffShift = - (atoi(pszC) - 1) * atoi(pszTileWidth);
data/gdal-3.0.4+dfsg/gcore/mdreader/reader_rapid_eye.cpp:148:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[80];
data/gdal-3.0.4+dfsg/gcore/mdreader/reader_rdk1.cpp:139:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[80];
data/gdal-3.0.4+dfsg/gcore/mdreader/reader_spot.cpp:208:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[80];
data/gdal-3.0.4+dfsg/gcore/mdreader/reader_spot.cpp:275:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szName[512];
data/gdal-3.0.4+dfsg/gcore/mdreader/reader_spot.cpp:286:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szNameNew[512];
data/gdal-3.0.4+dfsg/gcore/overview.cpp:806:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(panGaussMatrixDup, panGaussMatrix,
data/gdal-3.0.4+dfsg/gcore/overview.cpp:2480:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nBits = atoi(pszNBITS);
data/gdal-3.0.4+dfsg/gcore/overview.cpp:2912:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nBits = atoi(pszNBITS);
data/gdal-3.0.4+dfsg/gcore/rasterio.cpp:195:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(
data/gdal-3.0.4+dfsg/gcore/rasterio.cpp:201:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(
data/gdal-3.0.4+dfsg/gcore/rasterio.cpp:402:29:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                            memcpy( static_cast<GByte *>(pData) + iBufOffset
data/gdal-3.0.4+dfsg/gcore/rasterio.cpp:407:29:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                            memcpy( pabySrcBlock + iSrcOffset,
data/gdal-3.0.4+dfsg/gcore/rasterio.cpp:581:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(
data/gdal-3.0.4+dfsg/gcore/rasterio.cpp:738:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( static_cast<GByte *>(pData) + iBufOffset,
data/gdal-3.0.4+dfsg/gcore/rasterio.cpp:894:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBuffer[32] = { '\0' };
data/gdal-3.0.4+dfsg/gcore/rasterio.cpp:902:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBuffer0[64] = { '\0' };
data/gdal-3.0.4+dfsg/gcore/rasterio.cpp:904:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBuffer1[64] = { '\0' };
data/gdal-3.0.4+dfsg/gcore/rasterio.cpp:907:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBuffer2[64] = { '\0' };
data/gdal-3.0.4+dfsg/gcore/rasterio.cpp:1374:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBuffer[32] = { '\0' };
data/gdal-3.0.4+dfsg/gcore/rasterio.cpp:1381:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBuffer0[64] = { '\0' };
data/gdal-3.0.4+dfsg/gcore/rasterio.cpp:1385:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBuffer1[64] = { '\0' };
data/gdal-3.0.4+dfsg/gcore/rasterio.cpp:1390:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBuffer2[64] = { '\0' };
data/gdal-3.0.4+dfsg/gcore/rasterio.cpp:3029:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pDest, pSrc, nIters * sizeof(T));
data/gdal-3.0.4+dfsg/gcore/rasterio.cpp:3181:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( static_cast<GByte*>(pDstData) + nDstPixelStride * i,
data/gdal-3.0.4+dfsg/gcore/rasterio.cpp:3197:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( pabySrcBuffer,
data/gdal-3.0.4+dfsg/gcore/rasterio.cpp:3207:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( static_cast<GByte*>(pDstData) + nDstPixelStride * i,
data/gdal-3.0.4+dfsg/gcore/rasterio.cpp:3247:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(pDstData, pSrcData, 2);
data/gdal-3.0.4+dfsg/gcore/rasterio.cpp:3249:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(pDstData, pSrcData, 4);
data/gdal-3.0.4+dfsg/gcore/rasterio.cpp:3251:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(pDstData, pSrcData, 8 );
data/gdal-3.0.4+dfsg/gcore/rasterio.cpp:3253:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(pDstData, pSrcData, 16);
data/gdal-3.0.4+dfsg/gcore/rasterio.cpp:3263:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(pDstData, pSrcData, nWordCount * nSrcDataTypeSize);
data/gdal-3.0.4+dfsg/gcore/rasterio.cpp:4074:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy( static_cast<GByte *>(pData) + iBandBufOffset,
data/gdal-3.0.4+dfsg/gcore/rasterio.cpp:4077:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( pabySrcBlock + iSrcOffset,
data/gdal-3.0.4+dfsg/gnm/gnmgenericnetwork.cpp:813:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nK = atoi(CSLFetchNameValueDef(papszOptions, GNM_MD_NUM_PATHS,
data/gdal-3.0.4+dfsg/gnm/gnmgenericnetwork.cpp:837:40:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    GNMGFID nEmitter = atol(papszEmitter[i]);
data/gdal-3.0.4+dfsg/gnm/gnmgenericnetwork.cpp:1255:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            m_nVersion = atoi(pValue);
data/gdal-3.0.4+dfsg/gnm/gnmgenericnetwork.cpp:1259:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            moRules[atoi(pKey + nRulePrefixLen)] = GNMRule(pValue);
data/gdal-3.0.4+dfsg/ogr/generate_encoding_table.c:139:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szSrcBuf[2] = {(char)i, 0};
data/gdal-3.0.4+dfsg/ogr/generate_encoding_table.c:140:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szDstBuf[5] = {0,0,0,0,0};
data/gdal-3.0.4+dfsg/ogr/gml2ogrgeometry.cpp:533:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nDimension = atoi(pszSRSDimension);
data/gdal-3.0.4+dfsg/ogr/gml2ogrgeometry.cpp:880:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nSRSDimension = atoi(pszSRSDimension);
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:133:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat( *ppszText + *pnLength, "<gml:coordinates>" );
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:136:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szCoordinate[256] = {};
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:155:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat( *ppszText + *pnLength, "</gml:coordinates>" );
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:175:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szAttributes[128] = {};
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:219:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szCoordinate[256] = {};
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:240:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szCoordinate[256] = {};
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:473:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szCoordinate[256] = {};
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:524:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat( *ppszText + *pnLength, "<gml:posList srsDimension=\"3\">" );
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:526:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat( *ppszText + *pnLength, "<gml:posList>" );
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:529:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szCoordinate[256] = {};
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:556:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat( *ppszText + *pnLength, "</gml:posList>" );
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:590:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szAttributes[256] = {};
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:671:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szCoordinate[256] = {};
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:695:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szCoordinate[256] = {};
data/gdal-3.0.4+dfsg/ogr/ogr_fromepsg.cpp:171:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szID[32] = {};
data/gdal-3.0.4+dfsg/ogr/ogr_fromepsg.cpp:174:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        atoi( CSVGetField( CSVFilename( "stateplane.csv" ),
data/gdal-3.0.4+dfsg/ogr/ogr_fromepsg.cpp:193:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szName[128] = {};
data/gdal-3.0.4+dfsg/ogr/ogr_fromepsg.cpp:201:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szName[128] = {};
data/gdal-3.0.4+dfsg/ogr/ogr_fromepsg.cpp:310:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        return atoi(GetAuthorityCode( "GEOGCS" ));
data/gdal-3.0.4+dfsg/ogr/ogr_fromepsg.cpp:361:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int nDatum = atoi(GetAuthorityCode("GEOGCS|DATUM"));
data/gdal-3.0.4+dfsg/ogr/ogr_fromepsg.cpp:431:52:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            else if( EQUAL(pszAuthName, "EPSG") && atoi(pszAuthCode) == 4326 )
data/gdal-3.0.4+dfsg/ogr/ogr_fromepsg.cpp:439:52:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            else if( EQUAL(pszAuthName, "EPSG") && atoi(pszAuthCode) == 4267
data/gdal-3.0.4+dfsg/ogr/ogr_fromepsg.cpp:444:52:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            else if( EQUAL(pszAuthName, "EPSG") && atoi(pszAuthCode) == 4269
data/gdal-3.0.4+dfsg/ogr/ogr_fromepsg.cpp:449:52:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            else if( EQUAL(pszAuthName, "EPSG") && atoi(pszAuthCode) == 4322 )
data/gdal-3.0.4+dfsg/ogr/ogr_fromepsg.cpp:470:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                pszAuthCode != nullptr && atoi(pszAuthCode) == 4326 &&
data/gdal-3.0.4+dfsg/ogr/ogr_srs_erm.cpp:101:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        return importFromEPSG( atoi(pszProj+5) );
data/gdal-3.0.4+dfsg/ogr/ogr_srs_erm.cpp:104:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        return importFromEPSG( atoi(pszDatum+5) );
data/gdal-3.0.4+dfsg/ogr/ogr_srs_erm.cpp:193:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy( pszProj, "RAW" );
data/gdal-3.0.4+dfsg/ogr/ogr_srs_erm.cpp:194:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy( pszDatum, "RAW" );
data/gdal-3.0.4+dfsg/ogr/ogr_srs_erm.cpp:195:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy( pszUnits, "METERS" );
data/gdal-3.0.4+dfsg/ogr/ogr_srs_erm.cpp:211:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nEPSGCode = atoi(GetAuthorityCode( "PROJCS" ));
data/gdal-3.0.4+dfsg/ogr/ogr_srs_erm.cpp:220:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nEPSGCode = atoi(GetAuthorityCode( "GEOGCS" ));
data/gdal-3.0.4+dfsg/ogr/ogr_srs_erm.cpp:244:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( pszDatum, "WGS84" );
data/gdal-3.0.4+dfsg/ogr/ogr_srs_erm.cpp:247:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( pszDatum, "WGS72DOD" );
data/gdal-3.0.4+dfsg/ogr/ogr_srs_erm.cpp:250:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( pszDatum, "NAD27" );
data/gdal-3.0.4+dfsg/ogr/ogr_srs_erm.cpp:253:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( pszDatum, "NAD83" );
data/gdal-3.0.4+dfsg/ogr/ogr_srs_erm.cpp:256:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( pszDatum, "OSGB36" );
data/gdal-3.0.4+dfsg/ogr/ogr_srs_erm.cpp:259:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( pszDatum, "OSGB78" );
data/gdal-3.0.4+dfsg/ogr/ogr_srs_erm.cpp:262:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( pszDatum, "ADINDAN" );
data/gdal-3.0.4+dfsg/ogr/ogr_srs_erm.cpp:265:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( pszDatum, "AGD66" );
data/gdal-3.0.4+dfsg/ogr/ogr_srs_erm.cpp:268:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( pszDatum, "AGD84" );
data/gdal-3.0.4+dfsg/ogr/ogr_srs_erm.cpp:271:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( pszDatum, "ARC1950" );
data/gdal-3.0.4+dfsg/ogr/ogr_srs_erm.cpp:274:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( pszDatum, "ARC1960" );
data/gdal-3.0.4+dfsg/ogr/ogr_srs_erm.cpp:277:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( pszDatum, "NTF" );
data/gdal-3.0.4+dfsg/ogr/ogr_srs_erm.cpp:280:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( pszDatum, "GDA94" );
data/gdal-3.0.4+dfsg/ogr/ogr_srs_erm.cpp:283:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( pszDatum, "PULKOVO" );
data/gdal-3.0.4+dfsg/ogr/ogr_srs_erm.cpp:296:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( pszProj, "GEODETIC" );
data/gdal-3.0.4+dfsg/ogr/ogr_srs_erm.cpp:354:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy( pszUnits, "FEET" );
data/gdal-3.0.4+dfsg/ogr/ogr_srs_erm.cpp:356:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy( pszUnits, "METERS" );
data/gdal-3.0.4+dfsg/ogr/ogr_srs_esri.cpp:270:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        for( int nOffset = atoi(pszField+6);
data/gdal-3.0.4+dfsg/ogr/ogr_srs_esri.cpp:756:44:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            SetAuthority("PROJCS", "EPSG", atoi(osOldAuth));
data/gdal-3.0.4+dfsg/ogr/ogr_srs_esri.cpp:827:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char codeS[10] = {};
data/gdal-3.0.4+dfsg/ogr/ogr_srs_esri.cpp:938:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char codeS[20] = {};
data/gdal-3.0.4+dfsg/ogr/ogr_srs_ozi.cpp:203:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                SetUTM( atoi(papszTok[13]), EQUAL(papszTok[16], "N") );
data/gdal-3.0.4+dfsg/ogr/ogr_srs_ozi.cpp:408:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi( CSVGetField( pszOziDatum, "NAME", papszDatum[0],
data/gdal-3.0.4+dfsg/ogr/ogr_srs_pci.cpp:239:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szEarthModel[5] = {};
data/gdal-3.0.4+dfsg/ogr/ogr_srs_pci.cpp:247:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nCode = atoi(pszEM+1);
data/gdal-3.0.4+dfsg/ogr/ogr_srs_pci.cpp:804:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szProj[knProjSize + 1] = {};
data/gdal-3.0.4+dfsg/ogr/ogr_srs_pci.cpp:1072:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szEarthModel[5] = {};
data/gdal-3.0.4+dfsg/ogr/ogr_srs_pci.cpp:1101:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            const int nGCS_EPSG = atoi(GetAuthorityCode("GEOGCS"));
data/gdal-3.0.4+dfsg/ogr/ogr_srs_xml.cpp:147:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szURN[200] = {};
data/gdal-3.0.4+dfsg/ogr/ogr_srs_xml.cpp:208:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szURN[200] = {};
data/gdal-3.0.4+dfsg/ogr/ogr_srs_xml.cpp:237:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szCode[32] = {};
data/gdal-3.0.4+dfsg/ogr/ogr_srs_xml.cpp:255:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szIdText[40] = {};
data/gdal-3.0.4+dfsg/ogr/ogr_srs_xml.cpp:296:51:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                   pszObjectType, atoi(pszCode), pszEdition);
data/gdal-3.0.4+dfsg/ogr/ogr_srs_xml.cpp:299:45:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                             pszObjectType, atoi(pszCode), pszEdition);
data/gdal-3.0.4+dfsg/ogr/ogr_srs_xml.cpp:863:44:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nCode = pszCode != nullptr ? atoi(pszCode) :0;
data/gdal-3.0.4+dfsg/ogr/ogr_srs_xml.cpp:957:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        return atoi(osValue);
data/gdal-3.0.4+dfsg/ogr/ogr_srs_xml.cpp:961:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        return atoi(pszValue);
data/gdal-3.0.4+dfsg/ogr/ogr_srs_xml.cpp:1069:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                atoi(oIdSRS.GetAuthorityCode("LOCAL_CS")) );
data/gdal-3.0.4+dfsg/ogr/ogr_srs_xml.cpp:1181:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        return poSRS->importFromEPSG( atoi(poSRS->GetAuthorityCode("PROJCS")) );
data/gdal-3.0.4+dfsg/ogr/ogr_srsnode.cpp:705:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szToken[512]; // do not initialize whole buffer. significant overhead
data/gdal-3.0.4+dfsg/ogr/ograpispy.cpp:151:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        fpSpyFile = fopen(osSpyFile, "ab");
data/gdal-3.0.4+dfsg/ogr/ograpispy.cpp:197:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        fpSpyFile = fopen(pszSpyFile, "wb");
data/gdal-3.0.4+dfsg/ogr/ogrcircularstring.cpp:549:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(paoPoints, &aoRawPoint[0], sizeof(OGRRawPoint) * nPointCount);
data/gdal-3.0.4+dfsg/ogr/ogrcircularstring.cpp:554:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(padfZ, &adfZ[0], sizeof(double) * nPointCount);
data/gdal-3.0.4+dfsg/ogr/ogrct.cpp:819:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(strstr(pszDstProj4Defn, "+datum=WGS84"), "+ellps", 6);
data/gdal-3.0.4+dfsg/ogr/ogrct.cpp:1839:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(padfOriX, x, sizeof(double) * nCount);
data/gdal-3.0.4+dfsg/ogr/ogrct.cpp:1840:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(padfOriY, y, sizeof(double) * nCount);
data/gdal-3.0.4+dfsg/ogr/ogrct.cpp:1843:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(padfOriZ, z, sizeof(double)*nCount);
data/gdal-3.0.4+dfsg/ogr/ogrct.cpp:1847:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(padfOriT, t, sizeof(double)*nCount);
data/gdal-3.0.4+dfsg/ogr/ogrct.cpp:1859:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(padfTargetX, x, sizeof(double) * nCount);
data/gdal-3.0.4+dfsg/ogr/ogrct.cpp:1860:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(padfTargetY, y, sizeof(double) * nCount);
data/gdal-3.0.4+dfsg/ogr/ogrct.cpp:1863:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(padfTargetZ, z, sizeof(double) * nCount);
data/gdal-3.0.4+dfsg/ogr/ogrct.cpp:1867:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(padfTargetT, t, sizeof(double) * nCount);
data/gdal-3.0.4+dfsg/ogr/ogrcurvecollection.cpp:351:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat( *ppszDstText, " ZM" );
data/gdal-3.0.4+dfsg/ogr/ogrcurvecollection.cpp:353:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat( *ppszDstText, " M" );
data/gdal-3.0.4+dfsg/ogr/ogrcurvecollection.cpp:355:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat( *ppszDstText, " Z" );
data/gdal-3.0.4+dfsg/ogr/ogrcurvecollection.cpp:356:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat( *ppszDstText, " (" );
data/gdal-3.0.4+dfsg/ogr/ogrcurvecollection.cpp:379:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( *ppszDstText + nCumulativeLength,
data/gdal-3.0.4+dfsg/ogr/ogrcurvecollection.cpp:435:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyData + 1, &nGType, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrcurvecollection.cpp:443:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyData+5, &nCount, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrcurvecollection.cpp:447:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyData+5, &nCurveCount, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:1931:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            return atoi(pauFields[iField].String);
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:2203:45:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static void OGRFeatureFormatDateTimeBuffer( char szTempBuffer[TEMP_BUFFER_SIZE],
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:2300:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTempBuffer[TEMP_BUFFER_SIZE] = {};
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:2395:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szFormat[64] = {};
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:2404:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( szFormat, "%.15g" );
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:2466:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szItem[32] = {};
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:2488:13:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
            strcat( szTempBuffer, ",...)" );
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:2499:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szItem[32] = {};
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:2521:13:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
            strcat( szTempBuffer, ",...)" );
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:2532:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szItem[40] = {};
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:2533:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szFormat[64] = {};
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:2542:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( szFormat, "%.16g" );
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:2563:13:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
            strcat( szTempBuffer, ",...)" );
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:2595:13:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
            strcat( szTempBuffer, ",...)" );
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:2614:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( szTempBuffer, pszHex, 2 * nCount );
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:2617:13:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
            strcat( szTempBuffer, "..." );
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:3455:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTempBuffer[64] = {};
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:3470:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTempBuffer[64] = {};
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:3473:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char *apszValues[2] = { szTempBuffer, nullptr };
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:3611:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTempBuffer[64] = {};
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:3626:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTempBuffer[64] = {};
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:3629:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char *apszValues[2] = { szTempBuffer, nullptr };
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:3765:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTempBuffer[128] = {};
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:3780:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTempBuffer[64] = {};
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:3783:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char *apszValues[2] = { szTempBuffer, nullptr };
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:3934:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pauFields+iField, &sWrkField, sizeof(sWrkField));
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:3992:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                || atoi(papszValueList[0]) != CSLCount(papszValueList)-1 )
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:3998:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                const int nCount = atoi(papszValueList[0]);
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:4007:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        int nVal = atoi(papszValueList[i+1]);
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:4023:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                const int nCount = atoi(papszValueList[0]);
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:4039:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                int nCount = atoi(papszValueList[0]);
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:4064:56:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    papszValueList[0] == nullptr ? 0 : atoi(papszValueList[0]);
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:4096:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                const char *papszValues[2] = { pszValue, nullptr };
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:4206:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy(panValuesMod, panValues, nCount * sizeof(int));
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:4646:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nVal = atoi(papszValues[i]);
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:4770:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pszStr, pabyData, nBytes);
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:4891:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTempBuffer[TEMP_BUFFER_SIZE] = {};
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:5076:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pauFields+iField, puValue, sizeof(OGRField) );
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:5099:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pauFields[iField].IntegerList.paList,
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:5126:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pauFields[iField].Integer64List.paList,
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:5153:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pauFields[iField].RealList.paList,
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:5211:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pauFields[iField].Binary.paData,
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:5288:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szFID[32];
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:6307:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pauNewFields + iDstField,
data/gdal-3.0.4+dfsg/ogr/ogrfeaturequery.cpp:55:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char *const SpecialFieldNames[SPECIAL_FIELD_COUNT] = {
data/gdal-3.0.4+dfsg/ogr/ogrfeaturestyle.cpp:1605:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nValue =atoi(&pszFound[strlen(pszRealWanted)+1]);
data/gdal-3.0.4+dfsg/ogr/ogrfeaturestyle.cpp:2179:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        sStyleValue.nValue = atoi(pszParamString);
data/gdal-3.0.4+dfsg/ogr/ogrfeaturestyle.cpp:2182:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        sStyleValue.nValue = atoi(pszParamString) != 0;
data/gdal-3.0.4+dfsg/ogr/ogrgeomediageometry.cpp:71:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&dfX, pabyGeom, 8);
data/gdal-3.0.4+dfsg/ogr/ogrgeomediageometry.cpp:74:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&dfY, pabyGeom + 8, 8);
data/gdal-3.0.4+dfsg/ogr/ogrgeomediageometry.cpp:77:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&dfZ, pabyGeom + 16, 8);
data/gdal-3.0.4+dfsg/ogr/ogrgeomediageometry.cpp:90:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nPoints, pabyGeom, 4);
data/gdal-3.0.4+dfsg/ogr/ogrgeomediageometry.cpp:104:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&dfX, pabyGeom, 8);
data/gdal-3.0.4+dfsg/ogr/ogrgeomediageometry.cpp:107:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&dfY, pabyGeom + 8, 8);
data/gdal-3.0.4+dfsg/ogr/ogrgeomediageometry.cpp:110:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&dfZ, pabyGeom + 16, 8);
data/gdal-3.0.4+dfsg/ogr/ogrgeomediageometry.cpp:128:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nPoints, pabyGeom, 4);
data/gdal-3.0.4+dfsg/ogr/ogrgeomediageometry.cpp:142:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&dfX, pabyGeom, 8);
data/gdal-3.0.4+dfsg/ogr/ogrgeomediageometry.cpp:144:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&dfY, pabyGeom + 8, 8);
data/gdal-3.0.4+dfsg/ogr/ogrgeomediageometry.cpp:146:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&dfZ, pabyGeom + 16, 8);
data/gdal-3.0.4+dfsg/ogr/ogrgeomediageometry.cpp:166:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nExteriorSize, pabyGeom, 4);
data/gdal-3.0.4+dfsg/ogr/ogrgeomediageometry.cpp:196:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nInteriorSize, pabyGeom, 4);
data/gdal-3.0.4+dfsg/ogr/ogrgeomediageometry.cpp:250:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nParts, pabyGeom, 4);
data/gdal-3.0.4+dfsg/ogr/ogrgeomediageometry.cpp:274:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(&nSubBytes, pabyGeom, 4);
data/gdal-3.0.4+dfsg/ogr/ogrgeomediageometry.cpp:329:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&nSubBytes, pabyGeom, 4);
data/gdal-3.0.4+dfsg/ogr/ogrgeometry.cpp:1618:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szToken[OGR_WKT_TOKEN_MAX] = {};
data/gdal-3.0.4+dfsg/ogr/ogrgeometry.cpp:5955:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pnSRID, pabyWKB+5, 4);
data/gdal-3.0.4+dfsg/ogr/ogrgeometry.cpp:6042:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &geomType, pabyWKB+1, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrgeometry.cpp:6167:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &nGeomCount, pabyData + 5, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrgeometry.cpp:6225:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szToken[OGR_WKT_TOKEN_MAX];
data/gdal-3.0.4+dfsg/ogr/ogrgeometry.cpp:6862:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pszWKT, pabySFCGALWKT, nLength);
data/gdal-3.0.4+dfsg/ogr/ogrgeometrycollection.cpp:650:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyData + 1, &nGType, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrgeometrycollection.cpp:658:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyData+5, &nCount, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrgeometrycollection.cpp:662:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyData+5, &nGeomCount, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrgeometrycollection.cpp:723:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szToken[OGR_WKT_TOKEN_MAX] = {};
data/gdal-3.0.4+dfsg/ogr/ogrgeometrycollection.cpp:918:13:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
            strcat( *ppszDstText, " ZM" );
data/gdal-3.0.4+dfsg/ogr/ogrgeometrycollection.cpp:920:13:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
            strcat( *ppszDstText, " Z" );
data/gdal-3.0.4+dfsg/ogr/ogrgeometrycollection.cpp:922:13:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
            strcat( *ppszDstText, " M" );
data/gdal-3.0.4+dfsg/ogr/ogrgeometrycollection.cpp:924:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat( *ppszDstText, " (" );
data/gdal-3.0.4+dfsg/ogr/ogrgeometrycollection.cpp:951:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( *ppszDstText + nCumulativeLength,
data/gdal-3.0.4+dfsg/ogr/ogrgeometryfactory.cpp:338:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szToken[OGR_WKT_TOKEN_MAX] = {};
data/gdal-3.0.4+dfsg/ogr/ogrgeometryfactory.cpp:2212:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &nGType, pabyData + 0, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrgeometryfactory.cpp:2233:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &nGDim, pabyData + 4, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrgeometryfactory.cpp:2271:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( adfTuple, pabyData + 8, nTupleSize*8 );
data/gdal-3.0.4+dfsg/ogr/ogrgeometryfactory.cpp:2294:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &nPointCount, pabyData + 8, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrgeometryfactory.cpp:2310:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( adfTuple, pabyData + 12 + 8*nTupleSize*iPoint,
data/gdal-3.0.4+dfsg/ogr/ogrgeometryfactory.cpp:2335:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &nRingCount, pabyData + 8, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrgeometryfactory.cpp:2359:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &nPointCount, pabyData + nNextByte, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrgeometryfactory.cpp:2382:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( adfTuple, pabyData + nNextByte, nTupleSize*8 );
data/gdal-3.0.4+dfsg/ogr/ogrgeometryfactory.cpp:2415:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &nGeomCount, pabyData + 4, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrgeometryfactory.cpp:4821:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(abyData, &dfX, sizeof(double));
data/gdal-3.0.4+dfsg/ogr/ogrgeometryfactory.cpp:4823:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&dfX, abyData, sizeof(double));
data/gdal-3.0.4+dfsg/ogr/ogrgeometryfactory.cpp:4825:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(abyData, &dfY, sizeof(double));
data/gdal-3.0.4+dfsg/ogr/ogrgeometryfactory.cpp:4827:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&dfY, abyData, sizeof(double));
data/gdal-3.0.4+dfsg/ogr/ogrgeometryfactory.cpp:4838:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(abyData, &dfX, sizeof(double));
data/gdal-3.0.4+dfsg/ogr/ogrgeometryfactory.cpp:4840:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(abyData, &dfY, sizeof(double));
data/gdal-3.0.4+dfsg/ogr/ogrlinearring.cpp:92:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( paoPoints, poSrcRing->paoPoints,
data/gdal-3.0.4+dfsg/ogr/ogrlinearring.cpp:98:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( padfZ, poSrcRing->padfZ, sizeof(double) * getNumPoints() );
data/gdal-3.0.4+dfsg/ogr/ogrlinearring.cpp:198:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &nNewNumPoints, pabyData, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrlinearring.cpp:247:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &(paoPoints[i].x), pabyData + 4 + 32 * i, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrlinearring.cpp:248:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &(paoPoints[i].y), pabyData + 4 + 32 * i + 8, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrlinearring.cpp:249:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( padfZ + i, pabyData + 4 + 32 * i + 16, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrlinearring.cpp:250:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( padfM + i, pabyData + 4 + 32 * i + 24, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrlinearring.cpp:257:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &(paoPoints[i].x), pabyData + 4 + 24 * i, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrlinearring.cpp:258:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &(paoPoints[i].y), pabyData + 4 + 24 * i + 8, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrlinearring.cpp:259:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( padfM + i, pabyData + 4 + 24 * i + 16, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrlinearring.cpp:266:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &(paoPoints[i].x), pabyData + 4 + 24 * i, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrlinearring.cpp:267:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &(paoPoints[i].y), pabyData + 4 + 24 * i + 8, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrlinearring.cpp:268:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( padfZ + i, pabyData + 4 + 24 * i + 16, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrlinearring.cpp:273:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( paoPoints, pabyData + 4, 16 * nPointCount );
data/gdal-3.0.4+dfsg/ogr/ogrlinearring.cpp:315:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyData, &nPointCount, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrlinearring.cpp:326:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyData+4+i*32, &(paoPoints[i].x), 8 );
data/gdal-3.0.4+dfsg/ogr/ogrlinearring.cpp:327:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyData+4+i*32+8, &(paoPoints[i].y), 8 );
data/gdal-3.0.4+dfsg/ogr/ogrlinearring.cpp:331:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( pabyData+4+i*32+16, padfZ + i, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrlinearring.cpp:335:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( pabyData+4+i*32+24, padfM + i, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrlinearring.cpp:343:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyData+4+i*24, &(paoPoints[i].x), 8 );
data/gdal-3.0.4+dfsg/ogr/ogrlinearring.cpp:344:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyData+4+i*24+8, &(paoPoints[i].y), 8 );
data/gdal-3.0.4+dfsg/ogr/ogrlinearring.cpp:348:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( pabyData+4+i*24+16, padfM + i, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrlinearring.cpp:356:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyData+4+i*24, &(paoPoints[i].x), 8 );
data/gdal-3.0.4+dfsg/ogr/ogrlinearring.cpp:357:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyData+4+i*24+8, &(paoPoints[i].y), 8 );
data/gdal-3.0.4+dfsg/ogr/ogrlinearring.cpp:361:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( pabyData+4+i*24+16, padfZ + i, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrlinearring.cpp:367:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyData+4, paoPoints, 16 * nPointCount );
data/gdal-3.0.4+dfsg/ogr/ogrlinearring.cpp:376:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyData, &nCount, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp:918:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( paoPoints, paoPointsIn, sizeof(OGRRawPoint) * nPointsIn);
data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp:931:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( padfM, padfMIn, sizeof(double) * nPointsIn );
data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp:969:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( paoPoints, paoPointsIn, sizeof(OGRRawPoint) * nPointsIn);
data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp:982:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( padfZ, padfZIn, sizeof(double) * nPointsIn );
data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp:996:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( padfM, padfMIn, sizeof(double) * nPointsIn );
data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp:1032:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( paoPoints, paoPointsIn, sizeof(OGRRawPoint) * nPointsIn);
data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp:1045:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( padfZ, padfZIn, sizeof(double) * nPointsIn );
data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp:1100:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfZ, padfZIn, sizeof(double) * nPointsIn );
data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp:1153:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfM, padfMIn, sizeof(double) * nPointsIn );
data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp:1212:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( padfZ, padfZIn, sizeof(double) * nPointsIn );
data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp:1214:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( padfM, padfMIn, sizeof(double) * nPointsIn );
data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp:1240:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( paoPointsOut, paoPoints, sizeof(OGRRawPoint) * nPointCount );
data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp:1248:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( padfZOut, padfZ, sizeof(double) * nPointCount );
data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp:1349:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( pabyZ, padfZ, sizeof(double) * nPointCount );
data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp:1367:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( pabyM, padfM, sizeof(double) * nPointCount );
data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp:1469:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( paoPoints + nOldPoints,
data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp:1477:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( padfZ + nOldPoints, poOtherLine->padfZ + nStartVertex,
data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp:1486:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( padfM + nOldPoints, poOtherLine->padfM + nStartVertex,
data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp:1590:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( paoPoints + i, pabyData + 9 + i*32, 16 );
data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp:1591:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( padfZ + i, pabyData + 9 + 16 + i*32, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp:1592:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( padfM + i, pabyData + 9 + 24 + i*32, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp:1599:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( paoPoints + i, pabyData + 9 + i*24, 16 );
data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp:1600:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( padfM + i, pabyData + 9 + 16 + i*24, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp:1607:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( paoPoints + i, pabyData + 9 + i*24, 16 );
data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp:1608:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( padfZ + i, pabyData + 9 + 16 + i*24, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp:1613:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( paoPoints, pabyData + 9, 16 * nPointCount );
data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp:1689:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyData + 1, &nGType, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp:1694:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyData+5, &nPointCount, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp:1703:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyData + 9 + 32*i, paoPoints+i, 16 );
data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp:1704:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyData + 9 + 16 + 32*i, padfZ+i, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp:1705:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyData + 9 + 24 + 32*i, padfM+i, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp:1712:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyData + 9 + 24*i, paoPoints+i, 16 );
data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp:1713:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyData + 9 + 16 + 24*i, padfM+i, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp:1720:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyData + 9 + 24*i, paoPoints+i, 16 );
data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp:1721:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyData + 9 + 16 + 24*i, padfZ+i, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp:1725:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyData+9, paoPoints, 16 * nPointCount );
data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp:1733:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyData+5, &nCount, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrmultipoint.cpp:268:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szToken[OGR_WKT_TOKEN_MAX] = {};
data/gdal-3.0.4+dfsg/ogr/ogrmultipoint.cpp:379:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szToken[OGR_WKT_TOKEN_MAX] = {};
data/gdal-3.0.4+dfsg/ogr/ogrmultisurface.cpp:165:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szToken[OGR_WKT_TOKEN_MAX] = {};
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:622:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(*ppabyShape, &zero, nShpSize);
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:766:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((*ppabyShape) + nShpSizeBeforeCurve, &nTmp, 4);
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:768:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((*ppabyShape) + nShpSizeBeforeCurve + 4, &nTmp, 4);
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:770:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((*ppabyShape) + nShpSizeBeforeCurve + 8, &nTmp, 4);
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:776:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((*ppabyShape) + nShpSizeBeforeCurve + 8 + 4, &dfVal, 8);
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:778:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((*ppabyShape) + nShpSizeBeforeCurve + 8 + 4 + 8, &dfVal, 8);
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:780:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((*ppabyShape) + nShpSizeBeforeCurve + 8 + 4 + 16, &nTmp, 4);
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:785:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((*ppabyShape) + nShpSizeBeforeCurve + 8 + 4, &dfVal, 8);
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:787:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((*ppabyShape) + nShpSizeBeforeCurve + 8 + 4 + 8, &dfVal, 8);
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:789:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((*ppabyShape) + nShpSizeBeforeCurve + 8 + 4 + 16, &nTmp, 4);
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:794:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((*ppabyShape) + nShpSizeBeforeCurve + 8 + 4, &dfVal, 8);
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:796:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((*ppabyShape) + nShpSizeBeforeCurve + 8 + 4 + 8, &dfVal, 8);
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:798:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((*ppabyShape) + nShpSizeBeforeCurve + 8 + 4 + 16, &nTmp, 4);
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:803:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((*ppabyShape) + nShpSizeBeforeCurve + 8 + 4, &dfVal, 8);
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:805:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((*ppabyShape) + nShpSizeBeforeCurve + 8 + 4 + 8, &dfVal, 8);
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:807:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((*ppabyShape) + nShpSizeBeforeCurve + 8 + 4 + 16, &nTmp, 4);
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:812:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((*ppabyShape) + nShpSizeBeforeCurve + 8 + 4, &dfVal, 8);
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:814:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((*ppabyShape) + nShpSizeBeforeCurve + 8 + 4 + 8, &dfVal, 8);
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:818:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((*ppabyShape) + nShpSizeBeforeCurve + 8 + 4 + 16, &nTmp, 4);
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:823:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((*ppabyShape) + nShpSizeBeforeCurve + 8 + 4, &dfVal, 8);
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:825:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((*ppabyShape) + nShpSizeBeforeCurve + 8 + 4 + 8, &dfVal, 8);
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:827:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((*ppabyShape) + nShpSizeBeforeCurve + 8 + 4 + 16, &nTmp, 4);
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:899:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyPtr, &nGType, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:912:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyPtr, &x, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:913:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyPtr+8, &y, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:917:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyPtr+8+8, &z, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:922:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyPtr+8+((b3d) ? 16 : 8), &m, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:944:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyPtr, &(envelope.MinX), 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:945:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyPtr+8, &(envelope.MinY), 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:946:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyPtr+8+8, &(envelope.MaxX), 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:947:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyPtr+8+8+8, &(envelope.MaxY), 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:960:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyPtrZ, &(envelope.MinZ), 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:961:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyPtrZ+8, &(envelope.MaxZ), 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:991:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyPtr, &nPartsLsb, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:996:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyPtr, &nPointsLsb, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:1001:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyPtr, &nPartIndex, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:1012:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( pabyPtrM + 8*k, &dfM, 8);
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:1041:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyPtr, &nPartsLsb, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:1046:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyPtr, &nPointsLsb, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:1092:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyPtr, &nPartIndex, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:1102:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( pabyPtrM + 8*k, &dfM, 8);
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:1141:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyPtr, &nPointsLsb, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:1160:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pabyPtr, &x, 8);
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:1161:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pabyPtr+8, &y, 8);
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:1165:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(pabyPtrZ, &z, 8);
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:1170:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(pabyPtrM, &dfM, 8);
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:1204:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyPtr, &nPartsLsb, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:1209:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyPtr, &nPointsLsb, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:1227:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyPtr, &nPartIndex, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:1236:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( pabyPtrM + 8*k, &dfM, 8);
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:1276:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyPtr, &nPartsLsb, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:1281:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyPtr, &nPointsLsb, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:1333:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( pabyPtr, &nPartIndex, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:1342:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy( pabyPtrM + 8*k, &dfM, 8);
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:1381:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyPtrMBounds, &(dfMinM), 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:1382:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyPtrMBounds+8, &(dfMaxM), 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:1640:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyPtr, &nGType, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:1645:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyPtr, &(envelope.MinX), 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:1646:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyPtr+8, &(envelope.MinY), 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:1647:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyPtr+8+8, &(envelope.MaxX), 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:1648:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyPtr+8+8+8, &(envelope.MaxY), 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:1660:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyPtr, &nPartsLsb, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:1665:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyPtr, &nPointsLsb, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:1671:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyPtr, &nPartStart, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:1677:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyPtr, &nPartType, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:1682:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pabyPtr, poPoints, 2 * 8 * nPoints);
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:1692:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyPtr, &(envelope.MinZ), 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:1693:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyPtr+8, &(envelope.MaxZ), 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:1702:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pabyPtr, padfZ, 8 * nPoints);
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:2125:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &nUncompressedSize, pabyShape + 4, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:2126:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &nCompressedSize, pabyShape + 8, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:2254:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &nPoints, pabyShape + 40, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:2256:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &nParts, pabyShape + 36, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:2308:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( panPartStart, pabyShape + 44, 4 * nParts );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:2352:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( panPartType, pabyShape + nOffset, 4*nParts );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:2386:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(padfX + i, pabyShape + nOffset + i * 16, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:2387:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(padfY + i, pabyShape + nOffset + i * 16 + 8, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:2401:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( padfZ + i, pabyShape + nOffset + 16 + i*8, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:2415:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( padfM + i, pabyShape + nOffset + 16 + i*8, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:2429:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &nCurves, pabyShape + nOffset, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:2455:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( &nStartPointIdx, pabyShape + nOffset, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:2459:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( &nSegmentType, pabyShape + nOffset, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:2484:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( &dfVal1, pabyShape + nOffset + 0, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:2486:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( &dfVal2, pabyShape + nOffset + 8, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:2489:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( &nBits, pabyShape + nOffset + 16, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:2539:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( &dfX1, pabyShape + nOffset + 0, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:2541:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( &dfY1, pabyShape + nOffset + 8, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:2545:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( &dfX2, pabyShape + nOffset + 16, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:2547:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( &dfY2, pabyShape + nOffset + 24, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:2570:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( &dfVS0, pabyShape + nOffset, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:2575:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( &dfVS1, pabyShape + nOffset, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:2580:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( &dfRotationOrFromV, pabyShape + nOffset, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:2585:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( &dfSemiMajor, pabyShape + nOffset, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:2590:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(&dfMinorMajorRatioOrDeltaV, pabyShape + nOffset, 8);
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:2595:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( &nBits, pabyShape + nOffset, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:2951:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy( &nPoints, pabyShape + 36, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:2975:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(&x, pabyShape + 40 + i*16, 8);
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:2981:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(&y, pabyShape + 40 + i*16 + 8, 8);
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:2989:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&z, pabyShape + nOffsetZ + i*8, 8);
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:2998:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&m, pabyShape + nOffsetM + i*8, 8);
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:3031:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &dfX, pabyShape + 4, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:3032:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &dfY, pabyShape + 4 + 8, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:3041:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &dfZ, pabyShape + 4 + 16, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpgeogeometry.cpp:3048:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &dfM, pabyShape + 4 + 16 + ((bHasZ) ? 8 : 0), 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpoint.cpp:323:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &x, pabyData, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpoint.cpp:325:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &y, pabyData, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpoint.cpp:336:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &z, pabyData, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpoint.cpp:347:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &m, pabyData, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpoint.cpp:414:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyData, &nGType, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrpoint.cpp:424:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyData, &dNan, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpoint.cpp:428:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyData, &dNan, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpoint.cpp:433:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyData, &dNan, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpoint.cpp:439:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyData, &dNan, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpoint.cpp:446:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyData, &x, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpoint.cpp:450:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyData, &y, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpoint.cpp:455:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyData, &z, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpoint.cpp:462:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyData, &m, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrpoint.cpp:587:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTextEquiv[180] = {};
data/gdal-3.0.4+dfsg/ogr/ogrpoint.cpp:590:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szCoordinate[80] = {};
data/gdal-3.0.4+dfsg/ogr/ogrpoint.cpp:608:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szCoordinate[80] = {};
data/gdal-3.0.4+dfsg/ogr/ogrpolygon.cpp:407:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyData + 1, &nGType, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrpolygon.cpp:415:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyData+5, &nCount, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrpolygon.cpp:419:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyData+5, &oCC.nCurveCount, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrpolygon.cpp:487:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szToken[OGR_WKT_TOKEN_MAX] = {};
data/gdal-3.0.4+dfsg/ogr/ogrpolygon.cpp:739:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( *ppszDstText + nCumulativeLength,
data/gdal-3.0.4+dfsg/ogr/ogrpolyhedralsurface.cpp:324:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyData + 1, &nGType, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrpolyhedralsurface.cpp:330:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyData+5, &nCount, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrpolyhedralsurface.cpp:333:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyData+5, &oMP.nGeomCount, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrpolyhedralsurface.cpp:367:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        szToken[OGR_WKT_TOKEN_MAX];
data/gdal-3.0.4+dfsg/ogr/ogrpolyhedralsurface.cpp:558:13:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
            strcat( *ppszDstText, " ZM" );
data/gdal-3.0.4+dfsg/ogr/ogrpolyhedralsurface.cpp:560:13:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
            strcat( *ppszDstText, " Z" );
data/gdal-3.0.4+dfsg/ogr/ogrpolyhedralsurface.cpp:562:13:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
            strcat( *ppszDstText, " M" );
data/gdal-3.0.4+dfsg/ogr/ogrpolyhedralsurface.cpp:564:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat( *ppszDstText, " (" );
data/gdal-3.0.4+dfsg/ogr/ogrpolyhedralsurface.cpp:591:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( *ppszDstText + nCumulativeLength, papszGeoms[iGeom] + nSkip,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/aeronavfaa/ograeronavfaadatasource.cpp:98:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBuffer[10000];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/aeronavfaa/ograeronavfaalayer.cpp:177:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szDeg[4] = { pszLat[0], pszLat[1], 0 };
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/aeronavfaa/ograeronavfaalayer.cpp:178:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szMin[3] = { pszLat[3], pszLat[4], 0 };
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/aeronavfaa/ograeronavfaalayer.cpp:179:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szSec[10];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/aeronavfaa/ograeronavfaalayer.cpp:183:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    dfLat = atoi(szDeg) + atoi(szMin) / 60. + CPLAtof(szSec) / 3600.;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/aeronavfaa/ograeronavfaalayer.cpp:183:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    dfLat = atoi(szDeg) + atoi(szMin) / 60. + CPLAtof(szSec) / 3600.;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/aeronavfaa/ograeronavfaalayer.cpp:197:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    dfLon = atoi(szDeg) + atoi(szMin) / 60. + CPLAtof(szSec) / 3600.;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/aeronavfaa/ograeronavfaalayer.cpp:197:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    dfLon = atoi(szDeg) + atoi(szMin) / 60. + CPLAtof(szSec) / 3600.;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/aeronavfaa/ograeronavfaalayer.cpp:219:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBuffer[130];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/aeronavfaa/ograeronavfaalayer.cpp:321:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBuffer[134];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/aeronavfaa/ograeronavfaalayer.cpp:613:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBuffer[87];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/amigocloud/ogramigoclouddatasource.cpp:327:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                oSRS.importFromEPSG( atoi(pszAuthorityCode) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/amigocloud/ogramigoclouddatasource.cpp:342:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int nAuthorityCode = atoi( oSRS.GetAuthorityCode(nullptr) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/amigocloud/ogramigocloudtablelayer.cpp:113:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nMaxChunkSize = atoi(
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/amigocloud/ogramigocloudtablelayer.cpp:741:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBox3D_1[128];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/amigocloud/ogramigocloudtablelayer.cpp:742:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBox3D_2[128];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/amigocloud/ogramigocloudtablelayer.cpp:898:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szVals[64*6+6];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/amigocloud/ogramigocloudtablelayer.cpp:1026:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                szFieldType[256];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/amigocloud/ogramigocloudtablelayer.cpp:1033:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( szFieldType, "integer" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/amigocloud/ogramigocloudtablelayer.cpp:1037:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy( szFieldType, "bigint" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/amigocloud/ogramigocloudtablelayer.cpp:1041:8:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
       strcpy( szFieldType, "float" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/amigocloud/ogramigocloudtablelayer.cpp:1045:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy( szFieldType, "string");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/amigocloud/ogramigocloudtablelayer.cpp:1049:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy( szFieldType, "date" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/amigocloud/ogramigocloudtablelayer.cpp:1053:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy( szFieldType, "time" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/amigocloud/ogramigocloudtablelayer.cpp:1057:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy( szFieldType, "datetime" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/arcgen/ograrcgendatasource.cpp:108:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBuffer[10+1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc.h:336:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        szName[17];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc.h:350:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        szAltName[17];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc.h:366:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        szTableName[33];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc.h:367:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        szInfoFile[9];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc.h:371:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        szExternal[3];  /* "XX" or "  " */
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc.h:376:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        szDataFile[81];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_bin.cpp:581:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szExt[4] = {0,0,0,0};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_bin.cpp:1941:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                szNameToFind[33] = "";
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_bin.cpp:2479:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(psTableDef->szExternal, "XX");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_binwr.cpp:215:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pszExt, "arx", 3);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_binwr.cpp:222:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pszExt, "pax", 3);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_binwr.cpp:229:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pszExt, "cnx", 3);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_binwr.cpp:236:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pszExt, "txx", 3);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_binwr.cpp:1522:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[380];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_binwr.cpp:1568:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nTableIndex = atoi(sEntry.szInfoFile+3);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_binwr.cpp:1792:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szCoverName[40]="", szExt[4]="", szSubclass[40]="", *pszPtr;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_binwr.cpp:1945:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char          *pszDBFBasename, szFieldName[12];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_binwr.cpp:1991:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(psFile->pszFilename, ".dbf");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_binwr.cpp:2260:48:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                              (char *)pasFields[i].pszStr);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_binwr.cpp:2291:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szBuf[32] = "";
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00gen.cpp:1317:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(pszBuf2, pasFields[i].pszStr, nSize * sizeof(char));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00parse.cpp:116:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        return atoi(pszStr);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00parse.cpp:127:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nValue = atoi(pszTmp);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00parse.cpp:324:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (atoi(pszLine+4) == 2)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00parse.cpp:326:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    else if (atoi(pszLine+4) == 3)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00parse.cpp:420:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        if (atoi(pszLine+4) == 2)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00parse.cpp:422:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        else if (atoi(pszLine+4) == 3)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00parse.cpp:1299:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(psInfo->aosPrj.List()[psInfo->aosPrj.size()-1] + nOldLen,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00parse.cpp:1531:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy((char*)psTxt->pszText+(iLine*80), pszLine,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00parse.cpp:1536:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy((char*)psTxt->pszText+(iLine*80), pszLine, MIN(nLen, 80));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00parse.cpp:1757:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy((char*)psTxt->pszText+(iLine*80), pszLine,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00parse.cpp:1762:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy((char*)psTxt->pszText+(iLine*80), pszLine, MIN(nLen, 80));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00parse.cpp:2052:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        szFormat[20];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00parse.cpp:2053:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        *pszBuf, szTmp[30];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00read.cpp:413:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char             szHeader[10];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00read.cpp:976:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char      **papszTables, **papszFiles, szCWD[75]="", *pcTmp;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00write.cpp:471:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szOldName[40], szOldExt[40], szNewName[40], *pszTmp;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00write.cpp:472:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szSysId[40], szUserId[40];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00write.cpp:559:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        *pszPath, szFname[50]="";
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00write.cpp:573:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(szFname, "arc");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00write.cpp:576:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(szFname, "pal");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00write.cpp:579:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(szFname, "cnt");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00write.cpp:582:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(szFname, "lab");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00write.cpp:586:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(szFname, "tol");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00write.cpp:588:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(szFname, "par");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00write.cpp:591:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(szFname, "prj");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00write.cpp:594:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(szFname, "txt");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00write.cpp:605:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(szFname, "txt.txt");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00write.cpp:652:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(szFname, ".adf");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_misc.cpp:184:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(psNewDef, psSrcDef, sizeof(AVCTableDef));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_misc.cpp:189:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(psNewDef->pasFieldDef, psSrcDef->pasFieldDef,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_misc.cpp:429:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBuf[50];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_rawbin.cpp:259:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pBuf, psFile->abyBuf+psFile->nCurPos, nBytesToRead);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_rawbin.cpp:309:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pBuf, psFile->abyBuf+psFile->nCurPos, nBytes);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_rawbin.cpp:319:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pBuf, psFile->abyBuf+psFile->nCurPos, nBytesToRead);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_rawbin.cpp:350:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pBuf, pszConvBuf, nBytesToRead);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_rawbin.cpp:638:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char acZeros[8] = {0, 0, 0, 0, 0, 0, 0, 0};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_rawbin.cpp:663:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char acSpaces[8] = {' ', ' ', ' ', ' ', ' ', ' ', ' ', ' '};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/ogr_avc.h:110:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                szTableName[128];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/ogravclayer.cpp:503:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szFieldName[128];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/bna/ogrbnadatasource.cpp:336:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nbOutID = atoi(pszNbOutID);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/bna/ogrbnadatasource.cpp:361:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nbPairPerLine = atoi(pszNbPairPerLine);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/bna/ogrbnadatasource.cpp:380:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        coordinatePrecision = atoi(pszCoordinatePrecision);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/bna/ogrbnalayer.cpp:64:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[32];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/bna/ogrbnalayer.cpp:249:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char szBuffer[64];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/bna/ogrbnalayer.cpp:278:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBuffer[64];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/bna/ogrbnalayer.cpp:294:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char eol[3];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/bna/ogrbnaparser.cpp:152:24:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static int BNA_GetLine(char szLineBuffer[LINE_BUFFER_SIZE+1], VSILFILE* f)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/bna/ogrbnaparser.cpp:246:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmpBuffer[NB_MAX_BNA_IDS][TMP_BUFFER_SIZE+1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/bna/ogrbnaparser.cpp:248:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLineBuffer[LINE_BUFFER_SIZE + 1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/bna/ogrbnaparser.cpp:414:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nCoords = atoi(ptrBeginningOfNumber);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/bna/ogrbnaparser.cpp:458:19:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                  memcpy(record->ids[i], tmpBuffer[i], tmpBufferLength[i] + 1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/gdalcaddataset.cpp:445:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfGeoTransform, adfGeoTransform, sizeof(double) * 6 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/cadfilestreamio.cpp:64:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    m_oFileStream.open( m_soFilePath, io_mode );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/cadheader.cpp:241:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &result, handle.data(), copySize );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/cadheader.cpp:320:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char str_buff[256];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/cadheader.cpp:350:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char str_buff[256] = "Invalid date";
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/dwg/io.cpp:103:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(m_pBuffer, data, size);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/dwg/io.cpp:119:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char a2BBytes[2];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/dwg/io.cpp:120:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( a2BBytes, m_pBuffer + nByteOffset, 2 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/dwg/io.cpp:151:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char a3BBytes[2];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/dwg/io.cpp:152:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( a3BBytes, m_pBuffer + nByteOffset, 2 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/dwg/io.cpp:189:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char a4BBytes[2];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/dwg/io.cpp:190:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( a4BBytes, m_pBuffer + nByteOffset, 2 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/dwg/io.cpp:233:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char aDoubleBytes[9]; // maximum bytes a single double can take.
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/dwg/io.cpp:234:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( aDoubleBytes, m_pBuffer + nByteOffset, 9 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/dwg/io.cpp:324:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char aShortBytes[3];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/dwg/io.cpp:325:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( aShortBytes, m_pBuffer + nByteOffset, 3 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/dwg/io.cpp:359:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char aDoubleBytes[9];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/dwg/io.cpp:360:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( aDoubleBytes, m_pBuffer + nByteOffset, 9 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/dwg/io.cpp:406:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char aLongBytes[5];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/dwg/io.cpp:407:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( aLongBytes, m_pBuffer + nByteOffset, 5 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/dwg/io.cpp:464:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char aShortBytes[4]; // maximum bytes a single short can take.
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/dwg/io.cpp:465:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( aShortBytes, m_pBuffer + nByteOffset, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/dwg/io.cpp:522:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char aCharBytes[2]; // maximum bytes a single char can take.
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/dwg/io.cpp:523:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( aCharBytes, m_pBuffer + nByteOffset, 2 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/dwg/io.cpp:559:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char aMCharBytes[8]; // 8 bytes is maximum.
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/dwg/io.cpp:598:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char aMCharBytes[8]; // 8 bytes is maximum.
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/dwg/io.cpp:637:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char aMShortBytes[8]; // 8 bytes is maximum.
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/dwg/io.cpp:668:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( & result, aMShortBytes, MShortBytesCount );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/dwg/io.cpp:676:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char aDefaultValueBytes[8];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/dwg/io.cpp:677:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( aDefaultValueBytes, & defaultvalue, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/dwg/io.cpp:782:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char aLongBytes[5]; // maximum bytes a single short can take.
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/dwg/io.cpp:783:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( aLongBytes, m_pBuffer + nByteOffset, 5 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/dwg/r2000.cpp:76:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char bufferPre[255];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/dwg/r2000.cpp:680:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char   bufferPre[255];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/dwg/r2000.cpp:1660:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( & dfX, citer->acData.data() + 1, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/dwg/r2000.cpp:1661:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( & dfY, citer->acData.data() + 9, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/dwg/r2000.cpp:1662:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( & dfZ, citer->acData.data() + 17, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/dwg/r2000.cpp:1679:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( & dfVal, citer->acData.data() + 1, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/dwg/r2000.cpp:1688:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( & dVal, citer->acData.data() + 1, 2 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/dwg/r2000.cpp:1697:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( & dVal, citer->acData.data() + 1, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/dwg/r2000.cpp:3780:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char  abyBuf[255] = { 0 };
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/opencad.cpp:80:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pabyDWGVersion[DWG_VERSION_STR_SIZE + 1] = { 0 };
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/opencad.cpp:83:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    return atoi( pabyDWGVersion + 2 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/ogrcaddriver.cpp:80:27:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nSubRasterLayer = atol( papszTokens[nTokens - 2] );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/ogrcaddriver.cpp:81:25:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nSubRasterFID = atol( papszTokens[nTokens - 1] );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/carto/ogr_carto.h:106:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        return atoi(CPLGetConfigOption("CARTO_PAGE_SIZE",
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/carto/ogrcartodatasource.cpp:224:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    nPostGISMajor = atoi(pszVersion);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/carto/ogrcartodatasource.cpp:228:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        nPostGISMinor = atoi(pszDot + 1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/carto/ogrcartodatasource.cpp:381:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                oSRS.importFromEPSG( atoi(pszAuthorityCode) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/carto/ogrcartodatasource.cpp:396:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int nAuthorityCode = atoi( oSRS.GetAuthorityCode(nullptr) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/carto/ogrcartotablelayer.cpp:155:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nMaxChunkSize = atoi(CPLGetConfigOption("CARTO_MAX_CHUNK_SIZE",
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/carto/ogrcartotablelayer.cpp:1580:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBox3D_1[128];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/carto/ogrcartotablelayer.cpp:1581:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBox3D_2[128];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/carto/ogrcartotablelayer.cpp:1740:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szVals[64*6+6];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cloudant/ogr_cloudant.h:55:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
               return atoi(CPLGetConfigOption("CLOUDANT_PAGE_SIZE", "200"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cloudant/ogrcloudantdatasource.cpp:298:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szSrid[100];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cloudant/ogrcloudantdatasource.cpp:354:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nCoordPrecision = atoi(CSLFetchNameValueDef(papszOptions, "COORDINATE_PRECISION", "-1"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cloudant/ogrcloudanttablelayer.cpp:284:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szSrid[100];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/couchdb/ogr_couchdb.h:85:63:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    virtual int                 GetFeaturesToFetch() { return atoi(CPLGetConfigOption("COUCHDB_PAGE_SIZE", "500")); }
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/couchdb/ogrcouchdbdatasource.cpp:434:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nCoordPrecision = atoi(CSLFetchNameValueDef(papszOptions, "COORDINATE_PRECISION", "-1"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/couchdb/ogrcouchdblayer.cpp:187:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nFID = atoi(pszId);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/couchdb/ogrcouchdbtablelayer.cpp:70:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nCoordPrecision = atoi(
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/couchdb/ogrcouchdbtablelayer.cpp:1250:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nId = atoi(pszId);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/couchdb/ogrcouchdbtablelayer.cpp:1383:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int l_nFID = atoi(pszId);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:384:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            const char szDelimiter[2] = { chDelimiter, '\0' };
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:567:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szFieldNameBuffer[100];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:690:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    const int nWidth = atoi(pszLeftParenthesis + 1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:691:53:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    const int nPrecision = pszDot ? atoi(pszDot + 1) : 0;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:767:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    const int nEPSGCode = atoi(pszEPSG + strlen("_EPSG_"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:1050:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nBytes = atoi(CSLFetchNameValueDef(papszOpenOptions,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:2323:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szBuffer[75] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:2390:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(pszNew + 1, pszEscaped, nLenWKT);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:2551:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBuffer[nBufSize + 1] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csw/ogrcswdataset.cpp:925:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nMaxRecords = atoi(CSLFetchNameValueDef(papszOpenOptionsIn, "MAX_RECORDS", "500"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/gdaldb2rasterband.cpp:423:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pabyTileData + 1 * nBlockXSize * nBlockYSize,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/gdaldb2rasterband.cpp:431:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pabyTileData + 3 * nBlockXSize * nBlockYSize,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/gdaldb2rasterband.cpp:434:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pabyTileData + 1 * nBlockXSize * nBlockYSize,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/gdaldb2rasterband.cpp:436:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pabyTileData + 2 * nBlockXSize * nBlockYSize,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/gdaldb2rasterband.cpp:473:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pabyTileData + 1 * nBlockXSize * nBlockYSize,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/gdaldb2rasterband.cpp:475:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pabyTileData + 2 * nBlockXSize * nBlockYSize,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/gdaldb2rasterband.cpp:736:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy( pabyDestBand,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/gdaldb2rasterband.cpp:853:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(pabyDest,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/gdaldb2rasterband.cpp:993:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(m_pabyCachedTiles + i * nBlockXSize * nBlockYSize,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/gdaldb2rasterband.cpp:1225:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szDataPointer[32];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/gdaldb2rasterband.cpp:1251:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szDataPointer[32];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/gdaldb2rasterband.cpp:1522:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( m_pabyCachedTiles + (nBand-1) * nBlockXSize * nBlockYSize,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/gdaldb2rasterband.cpp:1613:45:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                                            memcpy( m_pabyCachedTiles + ((nBand - 1) * nBlockYSize + iY) * nBlockXSize + nXOff,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/gdaldb2rasterband.cpp:1775:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( m_pabyCachedTiles + (4 + nBand - 1) * nBlockXSize * nBlockYSize,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/gdaldb2rasterband.cpp:1792:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( m_pabyCachedTiles + (4 + nBand - 1) * nBlockXSize * nBlockYSize +
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/gdaldb2rasterband.cpp:1848:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( m_pabyCachedTiles + (iBand - 1) * nBlockXSize * nBlockYSize,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/gdaldb2rasterband.cpp:1857:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( m_pabyCachedTiles + (iBand - 1) * nBlockXSize * nBlockYSize,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/gdaldb2rasterband.cpp:2070:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( poGDS->m_pabyCachedTiles + (iBand - 1) * nBlockXSize * nBlockYSize,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogr_db2.h:149:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char      m_szLastError[SQL_MAX_MESSAGE_LENGTH + 1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogr_db2.h:586:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                stime[256];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2cli.cpp:884:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szWrkData[513];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2cli.cpp:937:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( m_papszColValues[iCol], szWrkData, cbDataLen );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2cli.cpp:978:43:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                m_papszColValues[iCol] = (char *)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2cli.cpp:981:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( m_papszColValues[iCol] + m_panColValueLengths[iCol],
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2cli.cpp:992:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( m_papszColValues[iCol], szWrkData, cbDataLen );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2cli.cpp:1011:33:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            wchar_t *pwszSrc = (wchar_t *) m_papszColValues[iCol];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2cli.cpp:1251:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szFormattedValue[32];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2cli.cpp:1272:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szFormattedValue[100];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2cli.cpp:1298:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    szFormattedText[8000];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2cli.cpp:1468:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szWrkData[8193];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2cli.cpp:1485:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        m_panColType[iCol] = (short) atoi(szWrkData);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2cli.cpp:1493:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        m_panColSize[iCol] = atoi(szWrkData);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2cli.cpp:1497:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        m_panColPrecision[iCol] = (short) atoi(szWrkData);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2cli.cpp:1501:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        m_panColNullable[iCol] = atoi(szWrkData) == SQL_NULLABLE;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:435:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nCoordDimension = atoi(CSLFetchNameValue( papszOptions, "DIM"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:523:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nSRSId = atoi(CSLFetchNameValue( papszOptions, "SRID"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:828:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nTileWidth = atoi(pszTileWidth);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:829:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nTileHeight = atoi(pszTileHeight);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:987:47:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                   pszSRSId ? atoi(pszSRSId) : 0,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:1251:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char DB2SpatialType[20], OGCSpatialType [20];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:1294:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char DB2SpatialType[20], OGCSpatialType [20];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:1329:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nSRId = atoi(m_papszSRIds[iTable]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:1350:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    nSRId = atoi( oStatement.GetColData( 0 ) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:1375:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nCoordDimension = atoi(m_papszCoordDimensions[iTable]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:1670:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                oSRS.importFromEPSG( atoi(pszAuthorityCode) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:1686:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nAuthorityCode = atoi( oSRS.GetAuthorityCode(nullptr) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:1699:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nSRSId = atoi(oStatement.GetColData( 0 ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:1730:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nSRSId = atoi(oStatement.GetColData( 0 ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:1873:57:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            oStatement.Appendf(" AND zoom_level <= %d", atoi(pszZoomLevel));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:1879:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                               atoi(pszZoomLevel), atoi(pszZoomLevel),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:1879:52:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                               atoi(pszZoomLevel), atoi(pszZoomLevel),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:1957:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            pszTableName, atoi(oStatement.GetColData(0)));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:1978:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nTileWidth = atoi(oStatement.GetColData( 3));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:1979:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nTileHeight = atoi(oStatement.GetColData( 4));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:1980:83:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        osContentsMinX = CPLSPrintf("%.18g", dfMinX + dfPixelXSize * nTileWidth * atoi(oStatement2.GetColData( 0)));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:1981:84:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        osContentsMaxY = CPLSPrintf("%.18g", dfMaxY - dfPixelYSize * nTileHeight * atoi(oStatement2.GetColData( 1)));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:1982:88:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        osContentsMaxX = CPLSPrintf("%.18g", dfMinX + dfPixelXSize * nTileWidth * (1 + atoi(oStatement2.GetColData( 2))));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:1983:89:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        osContentsMinY = CPLSPrintf("%.18g", dfMaxY - dfPixelYSize * nTileHeight * (1 + atoi(oStatement2.GetColData( 3))));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:2085:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nZoomLevel = atoi(oStatement->GetColData( 0));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:2088:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nTileWidth = atoi(oStatement->GetColData( 3));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:2089:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nTileHeight = atoi(oStatement->GetColData( 4));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:2090:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nTileMatrixWidth = atoi(oStatement->GetColData( 5));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:2091:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nTileMatrixHeight = atoi(oStatement->GetColData( 6));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:2115:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nBandCount = atoi(CSLFetchNameValueDef(papszOpenOptionsIn, "BAND_COUNT", "4"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:2334:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        m_nZLevel = atoi(pszZLevel);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:2338:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        m_nQuality = atoi(pszQuality);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:2708:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                atoi(oSrcSRS.GetAuthorityCode(nullptr)) != nEPSGCode )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:2947:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(padfGeoTransform, m_adfGeoTransform, 6 * sizeof(double));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:3016:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(m_adfGeoTransform, padfGeoTransform, 6 * sizeof(double));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasourcemd.cpp:288:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        mdId = atoi(oStatement.GetColData(0));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasourcemd.cpp:347:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    nNewId = atoi(oStatement2.GetColData( 0 ) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2layer.cpp:292:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(m_poStmt->GetColData(m_poStmt->GetColId(pszFIDColumn))) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2selectlayer.cpp:81:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szLayerName[512];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2tablelayer.cpp:387:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nSRSId = atoi( oStatement.GetColData( 0 ) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2tablelayer.cpp:402:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nSRSId = atoi( oStatement.GetColData( 0 ) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2tablelayer.cpp:745:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nRet = atoi(poStatement->GetColData( 0 ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2tablelayer.cpp:758:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                szFieldType[256];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2tablelayer.cpp:786:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( szFieldType, "int" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2tablelayer.cpp:793:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( szFieldType, "bigint" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2tablelayer.cpp:802:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( szFieldType, "float" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2tablelayer.cpp:807:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( szFieldType, "varchar(MAX)" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2tablelayer.cpp:813:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy( szFieldType, "date" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2tablelayer.cpp:817:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy( szFieldType, "time(7)" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2tablelayer.cpp:821:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy( szFieldType, "datetime" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2tablelayer.cpp:825:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy( szFieldType, "image" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2tablelayer.cpp:834:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy( szFieldType, "varchar" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2tablelayer.cpp:1269:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            poFeature->SetFID( atoi(oStatement2.GetColData( 0 ) ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2tablelayer.cpp:1273:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                poFeature->SetFID( atoi(oStatement2.GetColData( 0 ) ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgndump.cpp:63:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char achRaw[128] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgndump.cpp:89:46:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            achRaw[std::max(0, std::min(127, atoi(argv[iArg+1])))] = 1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgndump.cpp:225:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLine[knLineSize] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgndump.cpp:237:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szHex[knHexSize] = { '\0', '\0', '\0' };
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnfloat.cpp:114:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dest + 0, src + 4, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnfloat.cpp:115:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dest + 4, src + 0, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnfloat.cpp:117:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( dbl, &dt, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnfloat.cpp:145:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &dt, dbl, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnfloat.cpp:220:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dest + 2, src + 0, 2);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnfloat.cpp:221:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dest + 0, src + 2, 2);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnfloat.cpp:222:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dest + 6, src + 4, 2);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnfloat.cpp:223:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dest + 4, src + 6, 2);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnhelp.cpp:33:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char abyDefaultPCT[256][3] =
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnhelp.cpp:507:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        char szLineStyle[65] )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnhelp.cpp:522:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( szLineStyle,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnhelp.cpp:1069:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char szNumericResult[16] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnlib.h:174:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        string[1];     /*!< Actual text (length varies, \0 terminated*/
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnlib.h:220:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char levels[8];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnlib.h:252:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        sub_units[3];      /*!< User name for subunits (2 chars)*/
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnlib.h:254:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        master_units[3];   /*!< User name for master units (2 chars)*/
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnlib.h:274:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        name[7];           /*!< Cell name */
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnlib.h:303:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        name[7];           /*!< Cell name */
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnlib.h:311:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        description[28];   /*!< Description */
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnlibp.h:90:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 ((unsigned char *)p)[0] = (unsigned char)((nMacroWork & 0x00ff0000) >> 16); \
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnlibp.h:91:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 ((unsigned char *)p)[1] = (unsigned char)((nMacroWork & 0xff000000) >> 24); \
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnlibp.h:92:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 ((unsigned char *)p)[2] = (unsigned char)((nMacroWork & 0x000000ff) >> 0);  \
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnlibp.h:93:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 ((unsigned char *)p)[3] = (unsigned char)((nMacroWork & 0x0000ff00) >> 8); }
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:625:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy( &(psEllipse->primary_axis), psDGN->abyElem + 36, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:629:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy( &(psEllipse->secondary_axis), psDGN->abyElem + 44, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:638:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy( &(psEllipse->origin.x), psDGN->abyElem + 56, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:641:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy( &(psEllipse->origin.y), psDGN->abyElem + 64, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:648:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy( &(psEllipse->origin.x), psDGN->abyElem + 68, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:651:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy( &(psEllipse->origin.y), psDGN->abyElem + 76, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:654:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy( &(psEllipse->origin.z), psDGN->abyElem + 84, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:695:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy( &(psEllipse->primary_axis), psDGN->abyElem + 44, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:699:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy( &(psEllipse->secondary_axis), psDGN->abyElem + 52, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:708:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy( &(psEllipse->origin.x), psDGN->abyElem + 64, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:711:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy( &(psEllipse->origin.y), psDGN->abyElem + 72, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:719:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy( &(psEllipse->origin.x), psDGN->abyElem + 76, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:722:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy( &(psEllipse->origin.y), psDGN->abyElem + 84, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:725:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy( &(psEllipse->origin.z), psDGN->abyElem + 92, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:790:19:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                  memcpy(&w, psDGN->abyElem + text_off + 2 + i*2, 2);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:806:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy( psText->string, psDGN->abyElem + text_off, num_chars );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:839:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy( &(psTag->tagSet), psDGN->abyElem + 68, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:851:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy( &(psTag->tagValue.integer),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:857:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy( &(psTag->tagValue.real),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:900:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy( &(psCone->center_1.x), psDGN->abyElem + 54, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:902:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy( &(psCone->center_1.y), psDGN->abyElem + 62, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:904:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy( &(psCone->center_1.z), psDGN->abyElem + 70, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:906:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy( &(psCone->radius_1), psDGN->abyElem + 78, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:909:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy( &(psCone->center_2.x), psDGN->abyElem + 86, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:911:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy( &(psCone->center_2.y), psDGN->abyElem + 94, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:913:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy( &(psCone->center_2.z), psDGN->abyElem + 102, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:915:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy( &(psCone->radius_2), psDGN->abyElem + 110, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:1106:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( psElement->raw_data, psDGN->abyElem, psElement->raw_bytes );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:1296:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( psElement->attr_data, psData + nAttIndex * 2 + 32,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:1330:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( psColorTable->color_info[255], psDGN->abyElem+38, 3 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:1331:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( psColorTable->color_info, psDGN->abyElem+41, 765 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:1338:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( psDGN->color_table, psColorTable->color_info, 768 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:1458:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &(tagDef->defaultValue.integer),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:1465:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &(tagDef->defaultValue.real),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:1507:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &(psTCB->origin_x), psDGN->abyElem+1240, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:1508:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &(psTCB->origin_y), psDGN->abyElem+1248, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:1509:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &(psTCB->origin_z), psDGN->abyElem+1256, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:1549:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( psView->levels, pabyRawView + 2, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:1565:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( psView->transmatrx, pabyRawView + 34, sizeof(double) * 9 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:1569:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &(psView->conversion), pabyRawView + 106, sizeof(double) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:108:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char abyLeader[2];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:262:24:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        const unsigned char abyEOF[2] = { 0xff, 0xff };
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:349:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyRawTCB, psSrcTCB->raw_data, psSrcTCB->raw_bytes );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:353:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyRawTCB+1120, pszMasterUnits, 2 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:354:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyRawTCB+1122, pszSubUnits, 2 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:371:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyRawTCB+1240, &dfOriginX, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:372:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyRawTCB+1248, &dfOriginY, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:373:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyRawTCB+1256, &dfOriginZ, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:386:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char abyEOF[2] = { 0xff,  0xff };
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:462:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( psClone, psSrcElement, sizeof(DGNElemCore) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:473:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( psMP, psSrcElement, nSize );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:481:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( psArc, psSrcElement, sizeof(DGNElemArc) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:492:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( psText, psSrcElement, nSize );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:500:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( psNode, psSrcElement, sizeof(DGNElemTextNode) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:508:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( psCH, psSrcElement, sizeof(DGNElemComplexHeader) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:516:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( psCT, psSrcElement, sizeof(DGNElemColorTable) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:524:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( psTCB, psSrcElement, sizeof(DGNElemTCB) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:532:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( psCH, psSrcElement, sizeof(DGNElemCellHeader) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:540:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( psCL, psSrcElement, sizeof(DGNElemCellLibrary) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:548:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( psTV, psSrcElement, sizeof(DGNElemTagValue) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:559:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( psTS, psSrcElement, sizeof(DGNElemTagSet) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:565:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pasTagList, psTS->tagList,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:584:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( psCone, psSrcElement, sizeof(DGNElemCone) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:593:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( psSurface, psSrcElement, sizeof(DGNElemBSplineSurfaceHeader) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:602:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( psCurve, psSrcElement, sizeof(DGNElemBSplineCurveHeader) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:617:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( psBSB, psSrcElement, nSize );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:635:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( psArray, psSrcElement, nSize );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:643:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( psCH, psSrcElement, sizeof(DGNElemSharedCellDefn) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:660:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( psClone->raw_data, psSrcElement->raw_data,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:668:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( psClone->attr_data, psSrcElement->attr_data,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:896:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( psMP->vertices + 0, pasVertices, sizeof(DGNPoint) * nPointCount );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:1045:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( psArc->quat, panQuaternion, sizeof(int)*4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:1086:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( psCore->raw_data + 44, &dfScaledAxis, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:1090:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( psCore->raw_data + 52, &dfScaledAxis, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:1103:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( psCore->raw_data + 76, &(sOrigin.x), 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:1104:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( psCore->raw_data + 84, &(sOrigin.y), 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:1105:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( psCore->raw_data + 92, &(sOrigin.z), 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:1118:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( psCore->raw_data + 64, &(sOrigin.x), 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:1119:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( psCore->raw_data + 72, &(sOrigin.y), 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:1140:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( psCore->raw_data + 36, &dfScaledAxis, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:1144:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( psCore->raw_data + 44, &dfScaledAxis, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:1157:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( psCore->raw_data + 68, &(sOrigin.x), 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:1158:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( psCore->raw_data + 76, &(sOrigin.y), 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:1159:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( psCore->raw_data + 84, &(sOrigin.z), 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:1172:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( psCore->raw_data + 56, &(sOrigin.x), 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:1173:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( psCore->raw_data + 64, &(sOrigin.y), 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:1265:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( psCone->quat, panQuaternion, sizeof(int)*4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:1293:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( psCore->raw_data + 54, &sCenter_1.x, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:1294:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( psCore->raw_data + 62, &sCenter_1.y, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:1295:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( psCore->raw_data + 70, &sCenter_1.z, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:1302:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( psCore->raw_data + 78, &dfScaledRadius, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:1307:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( psCore->raw_data + 86, &sCenter_2.x, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:1308:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( psCore->raw_data + 94, &sCenter_2.y, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:1309:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( psCore->raw_data + 102, &sCenter_2.z, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:1316:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( psCore->raw_data + 110, &dfScaledRadius, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:1449:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( anQuaternion, panQuaternion, sizeof(int) * 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:1463:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( psCore->raw_data + nBase+2, pszText, strlen(pszText) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:1569:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( psCT->color_info, abyColorInfo, 768 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:1580:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( psCore->raw_data + 38, abyColorInfo[255], 3 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:1581:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( psCore->raw_data + 41, abyColorInfo, (256-1)*3 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:1620:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char abyRawZeroLinkage[8] = {0,0,0,0,0,0,0,0};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:1842:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char abyRawZeroLinkage[8] = {0, 0, 0, 0, 0, 0, 0, 0};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:2024:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( psCore->raw_data + 44, panLevels, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:2204:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char abyLevelsOccurring[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:2304:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char abyLinkage[32] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:2398:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( psElement->attr_data + (psElement->attr_bytes-nLinkSize),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:2408:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( psElement->raw_data + (psElement->raw_bytes-nLinkSize),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:2469:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char abyFillInfo[16] =
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/ogrdgndatasource.cpp:268:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nSUPerMU = atoi(pszValue);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/ogrdgndatasource.cpp:275:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nUORPerSU = atoi(pszValue);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/ogrdgnlayer.cpp:286:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szFullStyle[256];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/ogrdgnlayer.cpp:375:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szEntityList[MAX_LINK * 9];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/ogrdgnlayer.cpp:376:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szMSLinkList[MAX_LINK * 9];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/ogrdgnlayer.cpp:413:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szFSColor[128] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/ogrdgnlayer.cpp:418:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char gv_color[128];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/ogrdgnlayer.cpp:429:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szPen[256];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/ogrdgnlayer.cpp:995:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nFontID = atoi( pszFontNumber );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dods/ogrdodsdatasource.cpp:126:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        static char szDODS_CONF[knBufSize];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dwg/ogrdwg_dimension.cpp:269:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nColor = atoi(oStyleProperties["Color"]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dwg/ogrdwg_dimension.cpp:276:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nColor = atoi(pszValue);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dwg/ogrdwg_dimension.cpp:304:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBuffer[64];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dwg/ogrdwg_dimension.cpp:357:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nPrecision = atoi(poDS->GetVariable("$LUPREC","4"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dwg/ogrdwg_dimension.cpp:358:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szFormat[32];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dwg/ogrdwg_dimension.cpp:359:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBuffer[64];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dwg/ogrdwg_hatch.cpp:90:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nColor = atoi(oStyleProperties["Color"]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dwg/ogrdwg_hatch.cpp:97:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nColor = atoi(pszValue);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dwg/ogrdwglayer.cpp:323:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nColor = atoi(oStyleProperties["Color"]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dwg/ogrdwglayer.cpp:330:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nColor = atoi(pszValue);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dwg/ogrdwglayer.cpp:373:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBuffer[64];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dwg/ogrdwglayer.cpp:448:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nColor = atoi(oStyleProperties["Color"]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dwg/ogrdwglayer.cpp:456:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nColor = atoi(pszValue);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dwg/ogrdwglayer.cpp:467:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBuffer[64];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dwg/ogrdwglayer.cpp:579:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nColor = atoi(oStyleProperties["Color"]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dwg/ogrdwglayer.cpp:586:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nColor = atoi(pszValue);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dwg/ogrdwglayer.cpp:599:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBuffer[64];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogr_autocad_services.cpp:79:13:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            wchar_t anWCharString[2];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogr_autocad_services.cpp:147:13:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            wchar_t anWCharString[2];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogr_autocad_services.cpp:238:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const unsigned char abyDXFColors[768] = {
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogr_autocad_services.cpp:605:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBuffer[64];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogr_dxf.h:229:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( adfMatrix, adfNew, sizeof(adfNew) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogr_dxf.h:247:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( padfList, adfMatrix, sizeof(adfMatrix) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogr_dxf.h:248:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( padfList + 9, adfVector, sizeof(adfVector) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogr_dxf.h:506:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                achSrcBuffer[1025];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_blockmap.cpp:57:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLineBuf[257];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_blockmap.cpp:127:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int nMaxIters = atoi(
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_dimension.cpp:55:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLineBuf[257];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_dimension.cpp:162:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                const int nInnerCode = atoi(szLineBuf);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_dimension.cpp:212:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const bool bWantExtLine1 = atoi(oDimStyleProperties["DIMSE1"]) == 0;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_dimension.cpp:213:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const bool bWantExtLine2 = atoi(oDimStyleProperties["DIMSE2"]) == 0;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_dimension.cpp:215:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nUnitsPrecision = atoi(oDimStyleProperties["DIMDEC"]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_dimension.cpp:216:42:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const bool bTextSupposedlyCentered = atoi(oDimStyleProperties["DIMTAD"]) == 0;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_dimension.cpp:400:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBuffer[64];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_dimension.cpp:465:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szFormat[32];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_dimension.cpp:468:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBuffer[64];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_feature.cpp:159:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        atoi(oStyleProperties["Hidden"]) == 1 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_feature.cpp:184:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nTrueColor = atoi(oStyleProperties["TrueColor"]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_feature.cpp:189:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nColor = atoi(oStyleProperties["Color"]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_feature.cpp:227:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nTrueColor = atoi(poBlockFeature->oStyleProperties["TrueColor"]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_feature.cpp:238:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nColor = atoi(poBlockFeature->oStyleProperties["Color"]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_feature.cpp:265:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nTrueColor = atoi(pszTrueColor);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_feature.cpp:281:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nColor = atoi(pszColor);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_hatch.cpp:52:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLineBuf[257];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_hatch.cpp:81:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
              int nBoundaryPathCount = atoi(szLineBuf);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_hatch.cpp:155:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLineBuf[257];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_hatch.cpp:167:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nBoundaryPathType = atoi(szLineBuf);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_hatch.cpp:189:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nEdgeCount = atoi(szLineBuf);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_hatch.cpp:211:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nEdgeType = atoi(szLineBuf);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_hatch.cpp:296:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                bCounterClockwise = atoi(szLineBuf) != 0;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_hatch.cpp:386:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                bCounterClockwise = atoi(szLineBuf) != 0;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_hatch.cpp:442:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nDegree = atoi(szLineBuf);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_hatch.cpp:455:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nKnots = atoi(szLineBuf);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_hatch.cpp:462:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nControlPoints = atoi(szLineBuf);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_hatch.cpp:556:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int iObj, nObjCount = atoi(szLineBuf);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_hatch.cpp:577:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLineBuf[257];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_hatch.cpp:599:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nVertexCount = atoi(szLineBuf);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_hatch.cpp:603:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            bHaveBulges = CPL_TO_BOOL(atoi(szLineBuf));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_hatch.cpp:607:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            bIsClosed = CPL_TO_BOOL(atoi(szLineBuf));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_hatch.cpp:688:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int iObj, nObjCount = atoi(szLineBuf);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_leader.cpp:64:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLineBuf[257];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_leader.cpp:141:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            bWantArrowhead = atoi(szLineBuf) != 0;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_leader.cpp:145:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            bIsSpline = atoi(szLineBuf) != 0;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_leader.cpp:149:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            bHasTextAnnotation = atoi(szLineBuf) == 0;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_leader.cpp:155:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            bHorizontalDirectionFlip = atoi(szLineBuf) != 0;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_leader.cpp:180:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                const int nInnerCode = atoi(szLineBuf);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_leader.cpp:204:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    bool bWantExtension = atoi(oDimStyleProperties["DIMTAD"]) > 0;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_leader.cpp:208:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nLeaderColor = atoi(oDimStyleProperties["DIMCLRD"]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_leader.cpp:321:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLineBuf[257];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_leader.cpp:436:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nLeaderLineType = atoi(szLineBuf);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_leader.cpp:440:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                bHasDogleg = atoi(szLineBuf) != 0;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_leader.cpp:491:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nTextAlignment = atoi( szLineBuf );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_leader.cpp:596:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nCurrentVertex = atoi(szLineBuf);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_leader.cpp:667:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if( ( atoi(osLeaderColor) & 0xC2000000 ) == 0xC0000000 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_leader.cpp:990:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBuffer[64];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_leader.cpp:1264:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if( nPoints > atoi(CPLGetConfigOption(
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_ocstransformer.cpp:72:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( adfN, adfNIn, sizeof(double)*3 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_ocstransformer.cpp:209:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( oCT.adfMatrix, adfNewMatrix, sizeof(adfNewMatrix) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxf_ocstransformer.cpp:223:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( oCT.adfVector, adfNewVector, sizeof(adfNewVector) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfdatasource.cpp:140:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLineBuf[257];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfdatasource.cpp:327:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLineBuf[257];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfdatasource.cpp:391:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLineBuf[257];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfdatasource.cpp:416:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            if( atoi(szLineBuf) < 0 ) // Is layer off?
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfdatasource.cpp:426:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            if( atoi(szLineBuf) & 0x01 ) // Is layer frozen?
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfdatasource.cpp:478:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLineBuf[257];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfdatasource.cpp:567:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLineBuf[257];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfdatasource.cpp:589:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            if( atoi(szLineBuf) & 1 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfdatasource.cpp:613:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                const int nFontFlags = atoi( szLineBuf );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfdatasource.cpp:724:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLineBuf[257];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfdatasource.cpp:791:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLineBuf[257];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfdatasource.cpp:1005:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLineBuf[270]; // TODO figure out what to do with this re character escapes
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfdatasource.cpp:1063:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nLen = atoi( szLineBuf );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:181:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        if( atoi(pszValue) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:403:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBuffer[64];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:453:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLineBuf[257];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:490:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nAttachmentPoint = atoi(szLineBuf);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:571:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBuffer[64];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:649:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLineBuf[257];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:715:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nHorizontalAlignment = atoi(szLineBuf);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:720:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nVerticalAlignment = atoi(szLineBuf);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:725:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nVerticalAlignment = atoi(szLineBuf);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:747:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            if( bIsAttribOrAttdef && atoi(szLineBuf) & 1 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:831:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBuffer[64];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:909:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLineBuf[257];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:970:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLineBuf[257];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:1061:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLineBuf[257];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:1101:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nNumVertices = atoi(szLineBuf);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:1105:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nPolylineFlag = atoi(szLineBuf);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:1195:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLineBuf[257];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:1208:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nPolylineFlag = atoi(szLineBuf);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:1294:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nVertexFlag = atoi(szLineBuf);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:1299:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                vertexIndex71 = SafeAbs(atoi(szLineBuf));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:1303:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                vertexIndex72 = SafeAbs(atoi(szLineBuf));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:1307:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                vertexIndex73 = SafeAbs(atoi(szLineBuf));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:1311:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                vertexIndex74 = SafeAbs(atoi(szLineBuf));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:1455:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLineBuf[257];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:1470:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            bIsClosed = ( atoi(szLineBuf) & 2 ) == 2;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:1474:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nNumVertices = atoi(szLineBuf);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:1478:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nNumElements = atoi(szLineBuf);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:1555:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            const int nNumParameters = atoi(szLineBuf);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:1622:44:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            const int nNumAreaFillParams = atoi(szLineBuf);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:1668:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLineBuf[257];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:1824:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLineBuf[257];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:1975:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLineBuf[257];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:2074:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLineBuf[257];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:2122:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nDegree = atoi(szLineBuf);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:2133:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nKnots = atoi(szLineBuf);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:2144:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nControlPoints = atoi(szLineBuf);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:2308:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLineBuf[257];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:2448:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLineBuf[257];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:2623:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLineBuf[257];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:2659:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyData, pabyBinaryData, nDataLength );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:3090:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLineBuf[257];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:3151:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            bHasAttribs = atoi(szLineBuf) == 1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:3155:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nColumnCount = atoi(szLineBuf);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:3159:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nRowCount = atoi(szLineBuf);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxflayer.cpp:3385:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLineBuf[257];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfreader.cpp:144:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nValueCode = atoi(achSrcBuffer + iSrcBufferOffset);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfwriterds.cpp:213:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nNextFID = atoi(CSLFetchNameValue( papszOptions, "FIRST_ENTITY" ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfwriterds.cpp:294:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLinePair[300];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfwriterds.cpp:315:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLinePair[64];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfwriterds.cpp:353:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLineBuf[257];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfwriterds.cpp:554:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLineBuf[257];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfwriterds.cpp:633:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szWorkBuf[30];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfwriterds.cpp:951:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLineBuf[257];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfwriterlayer.cpp:162:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLinePair[64];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/edigeo/ogredigeodatasource.cpp:501:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nWidth = atoi(pszLine + 8);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/edigeo/ogredigeodatasource.cpp:549:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nODA = atoi(pszLine + 8);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/edigeo/ogredigeodatasource.cpp:551:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nUDA = atoi(pszLine + 8);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/elastic/ogrelasticdatasource.cpp:631:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            m_nMajorVersion = atoi(pszVersion);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/elastic/ogrelasticdatasource.cpp:666:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    m_nBatchSize = atoi(CSLFetchNameValueDef(poOpenInfo->papszOpenOptions, "BATCH_SIZE", "100"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/elastic/ogrelasticdatasource.cpp:667:45:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    m_nFeatureCountToEstablishFeatureDefn = atoi(CSLFetchNameValueDef(
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/elastic/ogrelasticlayer.cpp:99:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        m_nBulkUpload = atoi(CSLFetchNameValueDef(papszOptions, "BULK_SIZE", "1000000"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/elastic/ogrelasticlayer.cpp:763:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szSeparator[2];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/elastic/ogrelasticlayer.cpp:1155:40:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static void decode_geohash_bbox( const char *geohash, double lat[2],
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbDriver.cpp:333:44:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            if( ((*papszIter)[0] == 'a' && atoi((*papszIter)+1) >= 1 &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbDriver.cpp:334:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                 atoi((*papszIter)+1) <= 8) || EQUAL(*papszIter, "gdb") ||
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbLayer.cpp:148:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    m_nResyncThreshold = atoi(CPLGetConfigOption("FGDB_RESYNC_THRESHOLD", "1000000"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbLayer.cpp:347:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nNextPageID, abyBuffer, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbLayer.cpp:349:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nFeatures, abyBuffer + 4, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbLayer.cpp:367:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&nFID, abyBuffer + 12 + 4 * i, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbLayer.cpp:374:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(abyBuffer + 12 + 4 * i, &nOGRFID, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbLayer.cpp:423:29:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                            memcpy(&anValues[nFeaturesToSort], abyBuffer + 12, nFeaturesToSortLastPage * 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbLayer.cpp:451:29:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                            memcpy(abyBuffer + 12, &anValues[nFeaturesToSort], nFeaturesToSortLastPage * 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbLayer.cpp:470:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(pabyLastIndexedValue,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbLayer.cpp:511:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nSubPages, abyBuffer + 4, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbLayer.cpp:519:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&nSubPageID, abyBuffer + 8 + 4 * i, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbLayer.cpp:649:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(abyBuffer + 4, &nTmp, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbLayer.cpp:652:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(abyBuffer + 8, &nTmp, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbLayer.cpp:794:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(pabyPage + nOffsetInPage, abyBuffer, nRecordSize);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbLayer.cpp:807:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(pabyPage + nOffsetInPage, abyBuffer, nRecordSize);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbLayer.cpp:830:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(abyBuffer + 4, &nTmp, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbLayer.cpp:833:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(abyBuffer + 8, &nTmp, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbLayer.cpp:839:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(abyBuffer + 0, &nTmp, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbLayer.cpp:844:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(abyBuffer + 12, &nTmp, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbLayer.cpp:896:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(shape.shapeBuffer, pabyShape, nShapeSize);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbLayer.cpp:1339:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(m_apoByteArrays[nCountBinaryField]->byteArray, bytes, bytesize);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbLayer.cpp:1411:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(shape.shapeBuffer, pabyShape, nShapeSize);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbLayer.cpp:1688:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[100];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbLayer.cpp:1936:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nSRID = atoi(poSRS->GetAuthorityCode(nullptr));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbLayer.cpp:2088:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s_xyscale[50], s_xytol[50], s_zscale[50], s_ztol[50];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbLayer.cpp:2726:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            if( m_pSRS->importFromEPSG(atoi(latestwkid.c_str())) == OGRERR_NONE )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbLayer.cpp:2737:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            if( m_pSRS->importFromEPSG(atoi(wkid.c_str())) == OGRERR_NONE )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbLayer.cpp:2900:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        nLength = atoi(psFieldItemNode->psChild->pszValue);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbLayer.cpp:3515:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        if( m_oMapOGRFIDToFGDBFID.find(atoi(pszName)) != m_oMapOGRFIDToFGDBFID.end() )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbLayer.cpp:3516:59:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            return CPLSPrintf("%d", m_oMapOGRFIDToFGDBFID[atoi(pszName)]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbLayer.cpp:3520:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        if( m_oMapFGDBFIDToOGRFID.find(atoi(pszName)) != m_oMapFGDBFIDToOGRFID.end() )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbLayer.cpp:3521:59:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            return CPLSPrintf("%d", m_oMapFGDBFIDToOGRFID[atoi(pszName)]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbUtils.cpp:392:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        *width = atoi(CPLGetConfigOption("FGDB_STRING_WIDTH", "65536"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmecacheindex.cpp:261:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char      szNewTime[32];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmecacheindex.cpp:263:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( szNewTime, "%lu", (unsigned long) time(NULL) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmecacheindex.cpp:281:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szNewRefCount[32];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmecacheindex.cpp:283:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( szNewRefCount, "%d",
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmecacheindex.cpp:284:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
             atoi(CPLGetXMLValue(psDSNode, "RefCount", "0")) + 1 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmecacheindex.cpp:303:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szNewRefCount[32];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmecacheindex.cpp:304:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int  nRefCount = atoi(CPLGetXMLValue(psDSNode, "RefCount", "1"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmecacheindex.cpp:308:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( szNewRefCount, "%d", nRefCount-1 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmecacheindex.cpp:340:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char      szNewTime[32];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmecacheindex.cpp:342:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( szNewTime, "%lu", (unsigned long) time(NULL) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmecacheindex.cpp:407:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        if( atoi(CPLGetXMLValue( psDSNode, "RefCount", "0" )) > 0
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmecacheindex.cpp:411:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        if( atoi(CPLGetXMLValue( psDSNode, "RefCount", "0" )) < 1
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmecacheindex.cpp:415:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        if( atoi(CPLGetXMLValue( psDSNode, "RefCount", "0" )) < 1
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmecacheindex.cpp:457:26:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            if( poIndex->open() != 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmedatasource.cpp:133:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char           szFilename[2048];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmedatasource.cpp:653:21:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    err = poReader->open( pszDataset, *poParms );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmedatasource.cpp:793:55:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        if( psCLI->poIndex == NULL || psCLI->poIndex->open() != 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmedatasource.cpp:1364:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char      szDefinition[5000];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayer.cpp:209:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nWidth = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayer.cpp:214:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nWidth = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayer.cpp:215:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nPrecision = atoi(papszTokens[2]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayercached.cpp:93:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( poIndex->open() != 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayercached.cpp:296:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            szGeomType[64];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayercached.cpp:304:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( szGeomType, "%d", (int) poFeatureDefn->GetGeomType() );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayercached.cpp:333:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szExtent[512];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayercached.cpp:335:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf( szExtent, "%24.15E,%24.15E,%24.15E,%24.15E",
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayercached.cpp:350:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szWidth[32], szPrecision[32];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayercached.cpp:353:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf( szWidth, "%d", poFieldDef->GetWidth() );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayercached.cpp:354:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf( szPrecision, "%d", poFieldDef->GetPrecision() );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayercached.cpp:401:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                     atoi(CPLGetXMLValue( psLayer, "GeomType", "0" )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayercached.cpp:471:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        oField.SetWidth( atoi(CPLGetXMLValue(psFieldDef,"width","0")) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayercached.cpp:472:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        oField.SetPrecision( atoi(CPLGetXMLValue(psFieldDef,"precision","0")));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayerdb.cpp:222:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pszValStart, pszNewValue, strlen( pszNewValue ) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayerdb.cpp:306:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char      szSEARCH_ENVELOPE[1024];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayerdb.cpp:315:21:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                    sprintf( szSEARCH_ENVELOPE, "%.16f", oEnvelope.MinX );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayerdb.cpp:318:21:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                    sprintf( szSEARCH_ENVELOPE, "%.16f", oEnvelope.MinY );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayerdb.cpp:321:21:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                    sprintf( szSEARCH_ENVELOPE, "%.16f", oEnvelope.MaxX );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayerdb.cpp:324:21:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                    sprintf( szSEARCH_ENVELOPE, "%.16f", oEnvelope.MaxY );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayerdb.cpp:329:21:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                    sprintf( szSEARCH_ENVELOPE, "%.16f", oEnvelope.MinX );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayerdb.cpp:332:21:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                    sprintf( szSEARCH_ENVELOPE, "%.16f", oEnvelope.MinY );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayerdb.cpp:335:21:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                    sprintf( szSEARCH_ENVELOPE, "%.16f", oEnvelope.MaxX );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayerdb.cpp:338:21:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                    sprintf( szSEARCH_ENVELOPE, "%.16f", oEnvelope.MaxY );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayerdb.cpp:383:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char      szSEARCH_ENVELOPE[1024];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayerdb.cpp:388:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf( szSEARCH_ENVELOPE, "%.16f", oEnvelope.MinX );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayerdb.cpp:392:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf( szSEARCH_ENVELOPE, "%.16f", oEnvelope.MinY );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayerdb.cpp:396:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf( szSEARCH_ENVELOPE, "%.16f", oEnvelope.MaxX );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayerdb.cpp:400:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf( szSEARCH_ENVELOPE, "%.16f", oEnvelope.MaxY );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayerdb.cpp:415:21:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    err = poReader->open( pszDataset, *poParms );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/generic/ogr_gensql.cpp:1890:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( psDstField, psSrcField, sizeof(OGRField) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/generic/ogr_gensql.cpp:1896:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( psDstField, psSrcField, sizeof(OGRField) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/generic/ogr_gensql.cpp:1963:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( pasBestFields, pasCurrentFields,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/generic/ogr_gensql.cpp:2185:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( panFIDIndex + nStart, panMerged, sizeof(GIntBig) * nEntries );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/generic/ogr_miattrind.cpp:251:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int iField = atoi(CPLGetXMLValue(psAttrIndex,"FieldIndex","-1"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/generic/ogr_miattrind.cpp:252:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int iIndexIndex = atoi(CPLGetXMLValue(psAttrIndex,"IndexIndex","-1"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.c:1912:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    np= atoi(papszFields[i]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.c:2006:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    np= atoi(papszFields[i]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.c:2055:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      npo= atoi(papszFields[i]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.c:2095:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        np= atoi(papszFields[i]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.c:2229:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char **papszFields, delim[2] = { 0 }, tdst[kItemSize_GCIO];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.c:2391:6:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  i= atoi(papszFields[nbf]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.c:2485:21:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    OGR_F_SetFID(f, atol(papszFields[0])); /* FID */
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.c:3110:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char n[kItemSize_GCIO] = {0};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.c:3111:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char x[kExtraSize_GCIO] = {0};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.c:3112:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char e[kExtraSize_GCIO] = {0};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.c:3307:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char n[kItemSize_GCIO] = {0};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.c:3308:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char x[kExtraSize_GCIO] = {0};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.c:3309:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char e[kExtraSize_GCIO] = {0};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.c:3486:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char n[kItemSize_GCIO] = {0};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.c:3487:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char x[kExtraSize_GCIO] = {0};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.c:3488:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char e[kExtraSize_GCIO] = {0};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.c:3663:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char n[kItemSize_GCIO] = { 0 };
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.c:3841:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char n[kItemSize_GCIO] = { 0 };
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.c:4047:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char l[kExtraSize_GCIO];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.h:286:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char                 unit[kUnitMAX_GCIO+1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.h:298:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char                  cache[kCacheSize_GCIO+1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/ogrgeoconceptdatasource.cpp:325:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pszln[512];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/ogrgeoconceptlayer.cpp:83:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char pszln[512];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/json_object.c:573:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[128], *p, *q;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/json_object.c:663:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(jso->o.c_string.str, (void *)s, len);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/json_tokener.c:111:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char utf8_replacement_char[3] = { 0xEF, 0xBF, 0xBD };
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/json_tokener.c:603:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		unsigned char unescaped_utf[4];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/json_util.c:46:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
# define open _open
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/json_util.c:69:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[JSON_FILE_BUF_SIZE];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/json_util.c:72:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if((fd = open(filename, O_RDONLY)) < 0) {
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/json_util.c:110:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if((fd = open(filename, O_WRONLY | O_TRUNC | O_CREAT, 0644)) < 0) {
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/json_util.c:217:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf_cmp[100];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/printbuf.c:87:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(p->buf + p->bpos, buf, size);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/printbuf.h:45:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(p->buf + p->bpos, (bufptr), bufsize);             \
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsondriver.cpp:341:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(CPLURLGetValue(osURL, "resultRecordCount"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonlayer.cpp:306:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char szBuffer[11];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonreader.cpp:325:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    m_nMaxObjectSize = atoi(CPLGetConfigOption("OGR_GEOJSON_MAX_OBJ_SIZE", "200"))
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonreader.cpp:1017:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char *apszMetadata[3] = {
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonreader.cpp:1677:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szSeparator[2] = { chNestedAttributeSeparator, '\0' };
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonreader.cpp:2292:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        const char szSeparator[2] = { chSeparator, '\0' };
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonreader.cpp:2688:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char *apszMetadata[3] = {
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonseqdriver.cpp:325:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        atoi(CPLGetConfigOption("OGR_GEOJSONSEQ_CHUNK_SIZE", "40960"))));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonseqdriver.cpp:533:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    m_oWriteOptions.nCoordPrecision = atoi(
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonseqdriver.cpp:535:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    m_oWriteOptions.nSignificantFigures = atoi(
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonutils.cpp:289:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(abyBuffer.data(), pszText, nRead);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonwritelayer.cpp:54:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nCoordPrecision_(atoi(
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonwritelayer.cpp:56:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nSignificantFigures_(atoi(
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonwriter.cpp:1452:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        atoi(CSLFetchNameValueDef(papszOptions, "COORDINATE_PRECISION", "-1"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonwriter.cpp:1455:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        atoi(CSLFetchNameValueDef(papszOptions, "SIGNIFICANT_FIGURES", "-1"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonwriter.cpp:1494:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBuffer[75] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonwriter.cpp:1527:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBuffer[75] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonwriter.cpp:1540:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szFormatting[32] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geomedia/ogrgeomedialayer.cpp:244:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(poStmt->GetColData(poStmt->GetColId(pszFIDColumn))) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geomedia/ogrgeomediatablelayer.cpp:299:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    return atoi(oStmt.GetColData(0));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/georss/ogrgeorssdatasource.cpp:279:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char aBuf[BUFSIZ];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/georss/ogrgeorssdatasource.cpp:353:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char aBuf[256];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/georss/ogrgeorsslayer.cpp:337:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pszSubElementValue + nSubElementValueLen, pszStr, len);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/georss/ogrgeorsslayer.cpp:957:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pszSubElementValue + nSubElementValueLen, data, nLen);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/georss/ogrgeorsslayer.cpp:1000:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char aBuf[BUFSIZ];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/georss/ogrgeorsslayer.cpp:1579:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szCoord[75] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/georss/ogrgeorsslayer.cpp:1847:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char aBuf[BUFSIZ] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/georss/ogrgeorsslayer.cpp:2145:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nDimension = atoi(ppszAttr[i+1]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/georss/ogrgeorsslayer.cpp:2300:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pszSubElementValue + nSubElementValueLen, data, nLen);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gft/ogr_gft.h:96:63:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    static int                  GetFeaturesToFetch() { return atoi(CPLGetConfigOption("GFT_PAGE_SIZE", "500")); }
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gft/ogrgftlayer.cpp:462:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nFID = atoi(osFID);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gft/ogrgfttablelayer.cpp:522:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nFeatureCount = atoi(pszLine);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gft/ogrgfttablelayer.cpp:865:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nFID = atoi(pszLine);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlfeatureclass.cpp:486:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nGeomType = atoi(pszType);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlfeatureclass.cpp:573:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nGeomType = atoi(pszGeometryType);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlfeatureclass.cpp:681:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        atoi(CPLGetXMLValue(psThis, "Width", "0")));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlfeatureclass.cpp:698:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                poPDefn->SetWidth(atoi(CPLGetXMLValue(psThis, "Width", "0")));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlfeatureclass.cpp:710:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                poPDefn->SetWidth(atoi(CPLGetXMLValue(psThis, "Width", "0")));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlfeatureclass.cpp:712:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    atoi(CPLGetXMLValue(psThis, "Precision", "0")));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlfeatureclass.cpp:793:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szValue[128] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlfeatureclass.cpp:823:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szValue[128] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlfeatureclass.cpp:856:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szValue[128] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlfeatureclass.cpp:868:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szValue[128] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlfeatureclass.cpp:971:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szMaxLength[48] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlfeatureclass.cpp:978:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szLength[48] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlfeatureclass.cpp:984:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szLength[48] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlfeatureclass.cpp:987:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szPrecision[48] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlhandler.cpp:525:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    m_nSRSDimensionIfMissing(atoi(
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlhandler.cpp:674:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(psCurNode->pszValue, pszName, nLenName+1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlhandler.cpp:1795:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(m_pszCurField + m_nCurFieldLen, data + nIter, nCharsLen);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlhandler.cpp:1846:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(m_pszGeometry+m_nGeomLen, data + nIter, nCharsLen);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlreader.cpp:1502:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    atoi(pszGlobalSRSName + 5),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlreader.cpp:1503:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    atoi(pszVertCS_EPSG + 7)));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/hugefileresolver.cpp:2013:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char sqlPragma[64] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/ogrgmldatasource.cpp:68:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pszTmp, pszURL, nBeforeNeedle);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/ogrgmldatasource.cpp:69:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(pszTmp + nBeforeNeedle, ";%20");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/ogrgmldatasource.cpp:155:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szLowerCorner[75] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/ogrgmldatasource.cpp:156:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szUpperCorner[75] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/ogrgmldatasource.cpp:336:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(szSRSName, pszSRSName, pszEndQuote - pszSRSName);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/ogrgmldatasource.cpp:386:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szHeader[4096] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/ogrgmldatasource.cpp:548:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szSRSName[128] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/ogrgmldatasource.cpp:565:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(szSRSName, "EPSG:3067");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/ogrgmldatasource.cpp:759:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                atoi(CPLGetConfigOption("OGR_SQLITE_CACHE", "0"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/ogrgmldatasource.cpp:2704:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szStartTag[128];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/ogrgmldatasource.cpp:2722:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(szStartTag, pszStartTag, pszEndTag - pszStartTag);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/ogrgmldatasource.cpp:2774:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szSRSName[128] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/ogrgmldatasource.cpp:2785:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(pszXML, "</");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/ogrgmllayer.cpp:437:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                          atoi(psGMLProperty->papszSubProperties[i]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/ogrgmllayer.cpp:807:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szLowerCorner[75] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/ogrgmllayer.cpp:808:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szUpperCorner[75] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/ogrgmllayer.cpp:1030:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char szBuffer[80] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/parsexsd.cpp:84:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        *pnWidth = atoi(pszWidth);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/parsexsd.cpp:85:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        *pnPrecision = atoi(pszPrecision);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/parsexsd.cpp:106:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        *pnWidth = atoi(pszWidth);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/parsexsd.cpp:115:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        *pnWidth = atoi(pszWidth);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/parsexsd.cpp:124:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        *pnWidth = atoi(pszWidth);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/parsexsd.cpp:133:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        *pnWidth = atoi(pszWidth);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlasconf.cpp:377:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    m_nIdentifierMaxLength = atoi( CPLGetXMLValue( psRoot,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlasconf.cpp:391:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        m_nMaximumFieldsForFlattening = atoi( CPLGetXMLValue( psFlatteningRules,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlasconf.cpp:521:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        m_nIndentSize = atoi( CPLGetXMLValue( psWriterConfig,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlasconf.cpp:571:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    m_nTimeOut = atoi( CPLGetXMLValue( psRoot, "Timeout", "0" ) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlasconf.cpp:573:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    m_nMaxFileSize = atoi( CPLGetXMLValue( psRoot, "MaxFileSize",
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlasconf.cpp:576:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    m_nMaxGlobalResolutionTime = atoi(
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlasconf.cpp:606:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    m_nDefaultResolutionDepth = atoi( CPLGetXMLValue( psRoot,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlasconf.cpp:633:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            oItem.m_nResolutionDepth = atoi( CPLGetXMLValue( psIterURL,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlasreader.cpp:390:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    m_nMaxLevel = atoi(CPLGetConfigOption("GMLAS_XML_MAX_LEVEL", "100"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlasreader.cpp:392:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
          atoi(CPLGetConfigOption("GMLAS_XML_MAX_CONTENT_SIZE", "512000000")));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlasreader.cpp:3028:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( pszNewValue + nOldLength, osText.c_str(),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlasreader.cpp:3045:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(psNode->pszValue, osText.c_str(), osText.size() + 1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlasschemaanalyzer.cpp:1268:42:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nMaxLength = MAX(nMaxLength, atoi( transcode(maxLength) ) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlasutils.cpp:161:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szDigits[4];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlaswriter.cpp:537:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(CSLFetchNameValueDef(m_papszOptions, szINDENT_SIZE_OPTION,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlasxlinkresolver.cpp:46:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    m_nMaxRAMCacheSize(atoi(CPLGetConfigOption("GMLAS_XLINK_RAM_CACHE_SIZE",
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmt/ogrgmtlayer.cpp:136:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        if( poSRS->importFromEPSG( atoi(osEPSG) ) != OGRERR_NONE )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmt/ogrgmtlayer.cpp:973:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szLine[128];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/gdalgeopackagerasterband.cpp:680:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pabyTileData + 1 * nBlockPixels,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/gdalgeopackagerasterband.cpp:688:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pabyTileData + 3 * nBlockPixels,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/gdalgeopackagerasterband.cpp:691:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pabyTileData + 1 * nBlockPixels,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/gdalgeopackagerasterband.cpp:693:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pabyTileData + 2 * nBlockPixels,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/gdalgeopackagerasterband.cpp:729:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pabyTileData + 1 * nBlockPixels,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/gdalgeopackagerasterband.cpp:731:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pabyTileData + 2 * nBlockPixels,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/gdalgeopackagerasterband.cpp:826:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(pabyDest + i * nBandBlockSize,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/gdalgeopackagerasterband.cpp:988:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy( pabyDestBand,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/gdalgeopackagerasterband.cpp:1140:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( pabyDest,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/gdalgeopackagerasterband.cpp:1507:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(m_pabyCachedTiles + i * nBandBlockSize,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/gdalgeopackagerasterband.cpp:1947:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szDataPointer[32];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/gdalgeopackagerasterband.cpp:1997:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szDataPointer[32];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/gdalgeopackagerasterband.cpp:2013:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szDataPointer[32];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/gdalgeopackagerasterband.cpp:2061:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szDataPointer[32];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/gdalgeopackagerasterband.cpp:2466:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( m_pabyCachedTiles + (nBand-1) * nBandBlockSize,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/gdalgeopackagerasterband.cpp:2564:45:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                                            memcpy( m_pabyCachedTiles +
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/gdalgeopackagerasterband.cpp:2859:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyTemp + (nBand - 1) * nBandBlockSize,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/gdalgeopackagerasterband.cpp:2875:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyTemp + (static_cast<size_t>(nBand - 1) *
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/gdalgeopackagerasterband.cpp:2934:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( m_pabyCachedTiles + (iBand - 1) * nBandBlockSize,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/gdalgeopackagerasterband.cpp:2943:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( m_pabyCachedTiles + (iBand - 1) * nBandBlockSize,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/gdalgeopackagerasterband.cpp:3188:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( m_poTPD->m_pabyCachedTiles +
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/gdalgeopackagerasterband.cpp:3505:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    bOK = atoi(pszMinX) >= nColMin &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/gdalgeopackagerasterband.cpp:3506:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                          atoi(pszMaxX) <= nColMax &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/gdalgeopackagerasterband.cpp:3507:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                          atoi(pszMinY) >= nRowMin &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/gdalgeopackagerasterband.cpp:3508:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                          atoi(pszMaxY) <= nRowMax;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:311:48:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
          GDALGPKGImportFromEPSG(poSpatialRef, atoi(pszOrganizationCoordsysID))
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:382:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                oSRS.importFromEPSG(atoi(pszOrganizationCoordsysID));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:480:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                poSRS->importFromEPSG( atoi(pszAuthorityCode) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:498:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nAuthorityCode = atoi( poSRS->GetAuthorityCode(nullptr) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:790:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                atoi(CPLGetConfigOption("OGR_TABLE_LIMIT", "10000"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:850:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                atoi(CPLGetConfigOption("OGR_TABLE_LIMIT", "10000"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:894:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                atoi(CPLGetConfigOption("OGR_TABLE_LIMIT", "10000"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:1110:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&m_nApplicationId, pabyHeader + knApplicationIdPos, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:1112:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&m_nUserVersion, pabyHeader + knUserVersionPos, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:1248:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    atoi(CPLGetConfigOption("OGR_TABLE_LIMIT", "10000"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:1304:55:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                              pszZ && atoi(pszZ) > 0,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:1305:55:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                              pszM && atoi(pszM) > 0);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:1376:44:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                pszSRSId ? atoi(pszSRSId) : 0,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:1461:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nZoomLevel = atoi(SQLResultGetValue(&oResult, 0, nIdxInResult));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:1472:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nTileWidth = atoi(SQLResultGetValue(&oResult, 3, nIdxInResult));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:1473:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nTileHeight = atoi(SQLResultGetValue(&oResult, 4, nIdxInResult));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:1527:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nBandCount = atoi(CSLFetchNameValueDef(papszOpenOptionsIn, "BAND_COUNT", "4"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:1908:58:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            osSQL += CPLSPrintf(" AND zoom_level <= %d", atoi(pszZoomLevel));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:1912:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                atoi(pszZoomLevel), atoi(pszZoomLevel), osQuotedTableName.c_str());
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:1912:53:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                atoi(pszZoomLevel), atoi(pszZoomLevel), osQuotedTableName.c_str());
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:1969:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            pszTableName, atoi(SQLResultGetValue(&oResult, 0, 0)));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:1986:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int nTileWidth = atoi(SQLResultGetValue(&oResult, 3, 0));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:1987:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int nTileHeight = atoi(SQLResultGetValue(&oResult, 4, 0));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:1988:83:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        osContentsMinX = CPLSPrintf("%.18g", dfMinX + dfPixelXSize * nTileWidth * atoi(SQLResultGetValue(&oResult2, 0, 0)));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:1989:84:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        osContentsMaxY = CPLSPrintf("%.18g", dfMaxY - dfPixelYSize * nTileHeight * atoi(SQLResultGetValue(&oResult2, 1, 0)));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:1990:88:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        osContentsMaxX = CPLSPrintf("%.18g", dfMinX + dfPixelXSize * nTileWidth * (1 + atoi(SQLResultGetValue(&oResult2, 2, 0))));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:1991:89:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        osContentsMinY = CPLSPrintf("%.18g", dfMaxY - dfPixelYSize * nTileHeight * (1 + atoi(SQLResultGetValue(&oResult2, 3, 0))));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:2228:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(padfGeoTransform, m_adfGeoTransform, 6 * sizeof(double));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:2297:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(m_adfGeoTransform, padfGeoTransform, 6 * sizeof(double));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:3720:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&m_nApplicationId, abyHeader + knApplicationIdPos, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:3722:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&m_nUserVersion, abyHeader + knUserVersionPos, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:4187:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nTileWidth = atoi(pszTileWidth);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:4188:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nTileHeight = atoi(pszTileHeight);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:4755:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(oSrcSRS.GetAuthorityCode(nullptr)) != nEPSGCode )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:4928:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        m_nZLevel = atoi(pszZLevel);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:4932:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        m_nQuality = atoi(pszQuality);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedriver.cpp:70:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&nApplicationId, poOpenInfo->pabyHeader + knApplicationIdPos, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedriver.cpp:73:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&nUserVersion, poOpenInfo->pabyHeader + knUserVersionPos, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedriver.cpp:91:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(abySignature, poOpenInfo->pabyHeader + knApplicationIdPos, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedriver.cpp:132:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(abySignature, poOpenInfo->pabyHeader + knUserVersionPos, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagetablelayer.cpp:270:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char szVal[32];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackageutility.cpp:119:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nMaxWidth = atoi(pszGpkgType+5);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackageutility.cpp:302:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pabyWkb+4, &iSrsId, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackageutility.cpp:407:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&iSrsId, pabyGpkg+4, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpsbabel/ogrgpsbabeldatasource.cpp:122:46:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        (STARTS_WITH(pszFilename, "COM")  && atoi(pszFilename + 3) > 0);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpx/ogrgpxdatasource.cpp:107:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szMetadata[SPACE_FOR_METADATA+1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpx/ogrgpxdatasource.cpp:326:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char aBuf[BUFSIZ];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpx/ogrgpxdatasource.cpp:427:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char aBuf[256];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpx/ogrgpxdatasource.cpp:563:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char szMetadata[SPACE_FOR_METADATA+1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpx/ogrgpxlayer.cpp:120:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nMaxLinks = atoi(CPLGetConfigOption("GPX_N_MAX_LINKS", "2"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpx/ogrgpxlayer.cpp:234:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szFieldName[32];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpx/ogrgpxlayer.cpp:299:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szFieldName[32];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpx/ogrgpxlayer.cpp:496:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pszSubElementValue + nSubElementValueLen, pszStr, len);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpx/ogrgpxlayer.cpp:721:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        char szFieldName[32];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpx/ogrgpxlayer.cpp:782:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char szFieldName[32];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpx/ogrgpxlayer.cpp:789:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char szFieldName[32];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpx/ogrgpxlayer.cpp:1065:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pszSubElementValue + nSubElementValueLen, data, nLen);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpx/ogrgpxlayer.cpp:1108:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char aBuf[BUFSIZ];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpx/ogrgpxlayer.cpp:1288:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szValue[64];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpx/ogrgpxlayer.cpp:1321:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char szValue[64];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpx/ogrgpxlayer.cpp:1442:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLat[64];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpx/ogrgpxlayer.cpp:1443:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLon[64];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpx/ogrgpxlayer.cpp:1444:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szAlt[64];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpx/ogrgpxlayer.cpp:1938:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char aBuf[BUFSIZ];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpx/ogrgpxlayer.cpp:2211:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pszSubElementValue + nSubElementValueLen, data, nLen);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/grass/ogrgrassdatasource.cpp:163:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[2000];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/grass/ogrgrassdatasource.cpp:261:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *p, *ptr[5], *tmp;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/grass/ogrgrasslayer.cpp:66:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[20];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/grass/ogrgrasslayer.cpp:549:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[2000];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/grass/ogrgrasslayer.cpp:812:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[2000];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gtm/gtm.cpp:40:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pBuffer, &val, 8);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gtm/gtm.cpp:46:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pBuffer, &val, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gtm/gtm.cpp:52:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pBuffer, &val, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gtm/gtm.cpp:57:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pBuffer, &val, 1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gtm/gtm.cpp:63:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pBuffer, &val, 2);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gtm/gtm.cpp:316:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[13];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gtm/gtm.cpp:510:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[11];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gtm/gtmtracklayer.cpp:161:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((char*)pBufferAux, psztrackname, trackNameLength);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gtm/gtmwaypointlayer.cpp:183:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((char*)pBufferAux, psNameField, 10);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gtm/gtmwaypointlayer.cpp:190:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((char*)pBuffer+12, pszcomment, commentLength);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gtm/ogrgtmdatasource.cpp:122:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy((char*)pBufferAux, "Arial", 5);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gtm/ogrgtmdatasource.cpp:387:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy((char*)pCurrentPos, "TrackMaker");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gtm/ogrgtmdatasource.cpp:403:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy((char*)pCurrentPos, "Arial");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/htf/ogrhtfdatasource.cpp:182:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nZone = atoi(pszLine + 11);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/htf/ogrhtfdatasource.cpp:206:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nTotalSoundings = atoi(pszLine + 17);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/idb/ogridblayer.cpp:295:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            poFeature->SetFID( atoi( row->Column( iField )->Printable() ) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/idb/ogridbtablelayer.cpp:481:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nSRSId = atoi(row->Column(0)->Printable());
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/idb/ogridbtablelayer.cpp:1057:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int fid = atoi( row->Column(0)->Printable() );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/idrisi/generate_test_files.c:43:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f = fopen("points.vct", "wb");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/idrisi/generate_test_files.c:72:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f = fopen("lines.vct", "wb");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/idrisi/generate_test_files.c:129:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f = fopen("polygons.vct", "wb");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/idrisi/ogridrisilayer.cpp:161:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if( pszRecords == nullptr || atoi(pszRecords) != (int)nTotalFeatures )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/idrisi/ogridrisilayer.cpp:170:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if( pszFields == nullptr || atoi(pszFields) <= 1 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/idrisi/ogridrisilayer.cpp:198:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szKey[32];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/idrisi/ogridrisilayer.cpp:577:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int nID = atoi(papszTokens[0]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ili/ili1reader.cpp:269:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szFieldName[32];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ili/imdreader.cpp:408:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                            atoi( CPLGetXMLValue(
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ili/imdreader.cpp:411:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                            atoi( CPLGetXMLValue(
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ili/imdreader.cpp:414:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                            atoi( CPLGetXMLValue(
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ili/imdreader.cpp:450:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    int iOrderPos = atoi(CPLGetXMLValue(
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ili/imdreader.cpp:463:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    int iOrderPos = atoi(CPLGetXMLValue(
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ili/imdreader.cpp:473:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    int iOrderPos = atoi(
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ili/ogrili1datasource.cpp:136:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szHeader[1000];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ili/ogrili2datasource.cpp:133:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szHeader[1000];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ili/ogrili2layer.cpp:266:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTempBuffer[80];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringresdatasource.cpp:125:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pszDBTarget[MAX_TARGET_STRING_LENGTH];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringresdatasource.cpp:257:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        connParm.co_timeout = atoi(CSLFetchNameValue(papszOptions,"timeout"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringresdatasource.cpp:402:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char   szCommand[1024];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringresdatasource.cpp:405:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( szCommand, "DESCRIBE geometry_columns" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringresdatasource.cpp:408:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(szCommand,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringresdatasource.cpp:434:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( szCommand, "DESCRIBE spatial_ref_sys" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringresdatasource.cpp:437:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(szCommand,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringresdatasource.cpp:497:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szCommand[1024] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringresdatasource.cpp:498:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( szCommand,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringresdatasource.cpp:551:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szCommand[10000] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringresdatasource.cpp:623:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( szCommand,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringresdatasource.cpp:662:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                poSRS->importFromEPSG( atoi(pszAuthorityCode) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringresdatasource.cpp:805:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char               szCommand[1024];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringreslayer.cpp:362:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &nValue, papszRow[iField], 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringreslayer.cpp:375:51:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                unsigned char *pszWKB = (unsigned char *) papszRow[iField];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringreslayer.cpp:409:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &nLength, papszRow[iField], 2 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringreslayer.cpp:418:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( &nValue, papszRow[iField], 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringreslayer.cpp:424:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( &nValue, papszRow[iField], 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringreslayer.cpp:430:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( &nValue, papszRow[iField], 2 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringreslayer.cpp:436:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( &nValue, papszRow[iField], 1 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringreslayer.cpp:445:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( &fValue, papszRow[iField], 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringreslayer.cpp:451:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( &dfValue, papszRow[iField], 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringreslayer.cpp:459:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
              char szFormatBuf[30];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringreslayer.cpp:463:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy( &(sCParm.cv_srcDesc), psFDesc,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringreslayer.cpp:465:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy( &(sCParm.cv_srcValue), psDV,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringreslayer.cpp:609:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szCommand[1024] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringresstatement.cpp:346:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( &nSegmentLen, pasDataBuffer[iBaseCol].dv_value, 2 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringresstatement.cpp:351:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( pachData + nDataLen,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringresstatement.cpp:352:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        ((char *) pasDataBuffer[iBaseCol].dv_value)+2,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringresstatement.cpp:587:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( abyChunk, &nLen, sizeof(nLen) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringresstatement.cpp:588:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( abyChunk+2, pabyParmData + nBytesSent, nLen );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringresstatement.cpp:634:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyParmData, pabyData, nLength);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringrestablelayer.cpp:135:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &nWidth, papszRow[2], 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringrestablelayer.cpp:136:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &nScale, papszRow[3], 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringrestablelayer.cpp:293:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szEnvelope[4096];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringrestablelayer.cpp:300:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(szEnvelope,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringrestablelayer.cpp:376:13:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
            strcat( pszFieldList, ", " );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringrestablelayer.cpp:396:13:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
            strcat( pszFieldList, ", " );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringrestablelayer.cpp:1025:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                szFieldType[256];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringrestablelayer.cpp:1048:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf( szFieldType, "DECIMAL(%d,0)", oField.GetWidth() );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringrestablelayer.cpp:1050:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( szFieldType, "INTEGER" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringrestablelayer.cpp:1056:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf( szFieldType, "DECIMAL(%d,%d)",
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringrestablelayer.cpp:1059:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( szFieldType, "FLOAT" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringrestablelayer.cpp:1064:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf( szFieldType, "DATE" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringrestablelayer.cpp:1069:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf( szFieldType, "DATETIME" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringrestablelayer.cpp:1075:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf( szFieldType, "TIME" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringrestablelayer.cpp:1080:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf( szFieldType, "LONGBLOB" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringrestablelayer.cpp:1086:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf( szFieldType, "VARCHAR(1024)" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringrestablelayer.cpp:1088:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf( szFieldType, "VARCHAR(%d)", oField.GetWidth() );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringrestablelayer.cpp:1096:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy( szFieldType, "VARCHAR(1024)" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringrestablelayer.cpp:1239:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nCount = atoi(papszRow[0]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/jml/ogrjmllayer.cpp:410:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pszElementValue + nElementValueLen, data, nLen);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/jml/ogrjmllayer.cpp:461:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char aBuf[BUFSIZ];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/jml/ogrjmllayer.cpp:533:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char aBuf[BUFSIZ];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/jml/ogrjmllayer.cpp:579:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            poSRS->importFromEPSG(atoi(osSRSName.substr(
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/jml/ogrjmlwriterlayer.cpp:106:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szBuffer[101];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/kml.cpp:68:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
bool KML::open(const char * pszFilename)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/kml.cpp:105:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char aBuf[BUFSIZ] = { 0 };
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/kml.cpp:198:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char aBuf[BUFSIZ] = { 0 };
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/kml.h:60:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    bool open(const char* pszFilename);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/ogr2kmlgeometry.cpp:205:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szCoordinate[256]= { 0 };
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/ogr2kmlgeometry.cpp:211:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat( *ppszText + *pnLength, "<coordinates>" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/ogr2kmlgeometry.cpp:232:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat( *ppszText + *pnLength, "</coordinates>" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/ogr2kmlgeometry.cpp:256:13:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
            strcat( *ppszText + *pnLength, "<Point/>");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/ogr2kmlgeometry.cpp:261:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szCoordinate[256] = { 0 };
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/ogr2kmlgeometry.cpp:280:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szCoordinate[256] = { 0 };
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/ogr2kmlgeometry.cpp:460:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szCoordinate[256] = { 0 };
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/ogr2kmlgeometry.cpp:504:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szAltitudeMode[128];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/ogrkmldatasource.cpp:138:22:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( !poKMLFile_->open( pszNewName ) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/ogrkmllayer.cpp:464:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char acColor[9] = {0};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmldatasource.cpp:1119:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBuffer[1024+1] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmldatasource.cpp:1366:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBuffer[1024+1] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmldatasource.cpp:1524:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBuffer[1024+1] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmlfeaturestyle.cpp:263:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        char szbuf[1025] = { '\0' };
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmlfield.cpp:486:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(&sFieldDT,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmlfield.cpp:529:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(&sFieldDT,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmlfield.cpp:568:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy(&sFieldDT, poOgrFeat->GetRawFieldRef(i), sizeof(OGRField));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmlstyle.cpp:436:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szColor[10] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmlstyle.cpp:464:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szColor[10] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmlstyle.cpp:514:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szColor[10] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmlstyle.cpp:553:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szColor[10] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmlstyle.cpp:882:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szbuf[1025] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mdb/ogrmdbjackcess.cpp:149:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char jvmLib[PATH_MAX];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mdb/ogrmdbjackcess.cpp:159:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szTmp[PATH_MAX];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mdb/ogrmdbjackcess.cpp:713:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pData, elts, *pnBytes);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_bounds.cpp:1046:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char szPreviousMitabBoundsFile[2048] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_bounds.cpp:1090:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(&sStatBoundsFile, &sStat, sizeof(sStat));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_bounds.cpp:1142:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(psCS, &gpasExtBoundsList[i].sBoundsInfo.sProj,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_coordsys.cpp:278:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nProjId = atoi(papszFields[2]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_coordsys.cpp:311:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nDatum = atoi(papszNextField[0]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_coordsys.cpp:318:51:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        psProj->nEllipsoidId = static_cast<GByte>(atoi(papszNextField[0]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_coordsys.cpp:379:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                static_cast<GByte>(atoi(papszNextField[0]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:824:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&m_pasFieldDef[m_numFields - 1], &sFieldDef, sizeof(sFieldDef));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:886:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pasFieldDefTmp, m_pasFieldDef,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:1023:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pasFieldDefTmp, m_pasFieldDef, m_numFields * sizeof(TABDATFieldDef));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:1076:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pasFieldDefTmp, m_pasFieldDef,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:1080:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(m_pasFieldDef + i, pasFieldDefTmp + panMap[i],
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:1169:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pasFieldDefTmp, m_pasFieldDef, m_numFields * sizeof(TABDATFieldDef));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:1282:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&m_pasFieldDef[iField], &sFieldDef, sizeof(sFieldDef));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:1444:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pasFieldDefTmp, m_pasFieldDef, m_numFields * sizeof(TABDATFieldDef));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:1597:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        return atoi(ReadCharField(nWidth));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:1627:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        return static_cast<GInt16>(atoi(ReadCharField(nWidth)));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2172:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBuf[9] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2174:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nDay = atoi(szBuf + 6);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2176:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nMonth = atoi(szBuf + 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2178:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nYear = atoi(szBuf);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2189:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nYear = atoi(papszTok[0]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2190:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nMonth = atoi(papszTok[1]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2191:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nDay = atoi(papszTok[2]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2195:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nYear = atoi(papszTok[2]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2196:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nMonth = atoi(papszTok[1]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2197:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nDay = atoi(papszTok[0]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2281:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBuf[9] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2285:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nHour = atoi(szBuf);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2286:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nMin = atoi(szBuf + 3);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2287:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nSec = atoi(szBuf + 6);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2293:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBuf[4] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2297:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nHour = atoi(szBuf);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2302:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nMin = atoi(szBuf);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2307:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nSec = atoi(szBuf);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2312:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nMS = atoi(szBuf);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2406:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBuf[18] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2408:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nMS = atoi(szBuf + 14);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2410:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nSec = atoi(szBuf + 12);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2412:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nMin = atoi(szBuf + 10);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2414:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nHour = atoi(szBuf + 8);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2416:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nDay = atoi(szBuf + 6);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2418:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nMonth = atoi(szBuf + 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2420:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nYear = atoi(szBuf);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2431:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nYear = atoi(papszTok[0]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2432:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nMonth = atoi(papszTok[1]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2433:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nDay = atoi(papszTok[2]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2434:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nHour = atoi(papszTok[3]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2435:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nMin = atoi(papszTok[4]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2436:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nSec = atoi(papszTok[5]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2441:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nYear = atoi(papszTok[2]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2442:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nMonth = atoi(papszTok[1]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2443:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nDay = atoi(papszTok[0]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2444:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nHour = atoi(papszTok[3]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2445:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nMin = atoi(papszTok[4]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2446:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nSec = atoi(papszTok[5]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2530:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szFormat[10] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature.cpp:1574:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int nSymbolId = atoi(pszSymbolId+9);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature.cpp:8223:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szPattern[20];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature.cpp:8238:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(szPattern,"1 1");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature.cpp:8242:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(szPattern,"2 1");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature.cpp:8246:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(szPattern,"3 1");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature.cpp:8250:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(szPattern,"6 1");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature.cpp:8254:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(szPattern,"12 2");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature.cpp:8258:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(szPattern,"24 4");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature.cpp:8262:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(szPattern,"4 3");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature.cpp:8266:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(szPattern,"1 4");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature.cpp:8270:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(szPattern,"4 6");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature.cpp:8274:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(szPattern,"6 4");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature.cpp:8278:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(szPattern,"12 12");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature.cpp:8282:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(szPattern,"8 2 1 2");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature.cpp:8286:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(szPattern,"12 1 1 1");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature.cpp:8290:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(szPattern,"12 1 3 1");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature.cpp:8294:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(szPattern,"24 6 4 6");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature.cpp:8298:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(szPattern,"24 3 3 3 3 3");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature.cpp:8302:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(szPattern,"24 3 3 3 3 3 3 3");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature.cpp:8306:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(szPattern,"6 3 1 3 1 3");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature.cpp:8310:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(szPattern,"12 2 1 2 1 2");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature.cpp:8314:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(szPattern,"12 2 1 2 1 2 1 2");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature.cpp:8318:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(szPattern,"4 1 1 1");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature.cpp:8322:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(szPattern,"4 1 1 1 1");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature.cpp:8326:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(szPattern,"4 1 1 1 2 1 1 1");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature.cpp:8457:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nPenId = atoi(pszPenId+12);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature.cpp:8465:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nPenId = atoi(pszPenId+8);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature.cpp:8673:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            const int nBrushId = atoi(pszBrushId+14);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature.cpp:8679:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nBrushId = atoi(pszBrushId+10);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature.cpp:8922:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            const int nSymbolId = atoi(pszSymbolId+12);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature.cpp:8927:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            const int nSymbolId = atoi(pszSymbolId+8);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:232:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBuffer[20];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:432:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        SetSymbolNo(static_cast<GInt16>(atoi(papszToken[1])));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:433:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        SetSymbolColor(atoi(papszToken[2]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:434:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        SetSymbolSize(static_cast<GInt16>(atoi(papszToken[3])));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:511:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    SetSymbolNo(static_cast<GInt16>(atoi(papszToken[1])));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:512:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    SetSymbolColor(atoi(papszToken[2]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:513:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    SetSymbolSize(static_cast<GInt16>(atoi(papszToken[3])));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:515:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    SetFontStyleMIFValue(atoi(papszToken[5]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:592:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    SetSymbolColor(atoi(papszToken[2]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:593:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    SetSymbolSize(static_cast<GInt16>(atoi(papszToken[3])));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:594:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    m_nCustomStyle = static_cast<GByte>(atoi(papszToken[4]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:692:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nNumPoints = atoi(pszLine);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:696:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nNumPoints = atoi(papszToken[1]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:702:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nNumSec = atoi(papszToken[2]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:709:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nNumPoints = atoi(pszLine);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:722:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nNumSec = atoi(papszToken[2]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:723:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nNumPoints = atoi(papszToken[3]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:752:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    nNumPoints = atoi(pszLine);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:883:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    SetPenWidthMIF(atoi(papszToken[1]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:884:54:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    SetPenPattern(static_cast<GByte>(atoi(papszToken[2])));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:885:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    SetPenColor(atoi(papszToken[3]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:999:57:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int numLineSections = (CSLCount(papszToken) == 2) ? atoi(papszToken[1]) : 0;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:1053:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            numSectionVertices = atoi(pszLine);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:1164:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    SetPenWidthMIF(atoi(papszToken[1]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:1165:54:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    SetPenPattern(static_cast<GByte>(atoi(papszToken[2])));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:1166:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    SetPenColor(atoi(papszToken[3]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:1173:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    SetBrushFGColor(atoi(papszToken[2]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:1174:56:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    SetBrushPattern(static_cast<GByte>(atoi(papszToken[1])));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:1177:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                       SetBrushBGColor(atoi(papszToken[3]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:1387:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                   SetPenWidthMIF(atoi(papszToken[1]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:1388:53:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                   SetPenPattern(static_cast<GByte>(atoi(papszToken[2])));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:1389:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                   SetPenColor(atoi(papszToken[3]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:1396:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                   SetBrushFGColor(atoi(papszToken[2]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:1397:55:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                   SetBrushPattern(static_cast<GByte>(atoi(papszToken[1])));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:1400:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                       SetBrushBGColor(atoi(papszToken[3]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:1532:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    SetPenWidthMIF(atoi(papszToken[1]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:1533:54:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    SetPenPattern(static_cast<GByte>(atoi(papszToken[2])));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:1534:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    SetPenColor(atoi(papszToken[3]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:1541:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    SetBrushFGColor(atoi(papszToken[2]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:1542:56:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    SetBrushPattern(static_cast<GByte>(atoi(papszToken[1])));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:1545:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                      SetBrushBGColor(atoi(papszToken[3]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:1708:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    SetPenWidthMIF(atoi(papszToken[1]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:1709:54:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    SetPenPattern(static_cast<GByte>(atoi(papszToken[2])));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:1710:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    SetPenColor(atoi(papszToken[3]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:1855:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    SetFontFGColor(atoi(papszToken[4]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:1858:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        SetFontBGColor(atoi(papszToken[5]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:1859:46:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        SetFontStyleMIFValue(atoi(papszToken[2]),TRUE);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:1862:44:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                      SetFontStyleMIFValue(atoi(papszToken[2]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:2123:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nNumPoint = atoi(papszToken[1]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:2177:45:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            SetSymbolNo(static_cast<GInt16>(atoi(papszToken[1])));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:2178:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            SetSymbolColor(atoi(papszToken[2]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:2179:47:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            SetSymbolSize(static_cast<GInt16>(atoi(papszToken[3])));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:2246:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int numParts = atoi(papszToken[1]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_idfile.cpp:144:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(m_pszFname + nLen - 4, ".ID");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_idfile.cpp:146:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(m_pszFname + nLen - 4, ".id");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_indfile.cpp:142:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(m_pszFname+nLen-4, ".ind");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_indfile.cpp:634:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(m_papbyKeyBuffers[nIndexNumber-1], reinterpret_cast<GByte*>(&dValue), nKeyLength);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_indfile.cpp:2109:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(&nInt32, aKeyValBuf, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_indfile.cpp:2111:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(&nInt16, aKeyValBuf + 2, 2);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_indfile.cpp:2113:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(&nUInt32, aKeyValBuf, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_mapindexblock.cpp:1131:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pasSrcEntries, &m_asEntries, m_numEntries*sizeof(TABMAPIndexEntry));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_miffile.cpp:175:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(m_pszFname+nFnameLen-4, ".MIF");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_miffile.cpp:178:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(m_pszFname+nFnameLen-4, ".mif");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_miffile.cpp:247:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(pszTmpFname+nFnameLen-4, ".MID");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_miffile.cpp:249:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(pszTmpFname+nFnameLen-4, ".mid");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_miffile.cpp:431:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
              m_nVersion = atoi(papszToken[1]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_miffile.cpp:505:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nColumns = atoi(papszToken[1]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_miffile.cpp:587:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nVal = atoi(papszToken[i]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_miffile.cpp:599:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nVal = atoi(papszToken[i]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_miffile.cpp:638:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                 atoi(papszToken[2]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_miffile.cpp:654:64:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nStatus = AddFieldNative(osFieldName, TABFInteger, atoi(papszToken[2]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_miffile.cpp:671:65:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nStatus = AddFieldNative(osFieldName, TABFSmallInt, atoi(papszToken[2]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_miffile.cpp:680:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                 atoi(papszToken[2]), atoi(papszToken[3]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_miffile.cpp:680:55:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                 atoi(papszToken[2]), atoi(papszToken[3]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_miffile.cpp:1637:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szNewFieldName[31+1]; /* 31 is the max characters for a field name*/
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_ogr_datasource.cpp:109:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    m_nBlockSize = atoi(CSLFetchNameValueDef(papszOptions, "BLOCKSIZE", "512"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_priv.h:229:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        szName[11];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_priv.h:319:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        szFontName[33];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_priv.h:772:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        m_szName[32]; /* for debug purposes */
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_priv.h:1698:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        m_szBuffer[256];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_priv.h:1909:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
       char m_szLastRead[MIDMAXCHAR];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_priv.h:1910:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
       char m_szSavedLine[MIDMAXCHAR];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_rawbinblock.cpp:329:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(m_pabyBuf, pabyBuf, m_nSizeUsed);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_rawbinblock.cpp:692:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pabyDstBuf, m_pabyBuf + m_nCurPos, numBytes);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_rawbinblock.cpp:815:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(m_pabyBuf + m_nCurPos, pabySrcBuf, nBytesToWrite);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_rawbinblock.cpp:915:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char acSpaces[8] = {' ', ' ', ' ', ' ', ' ', ' ', ' ', ' '};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_rawbinblock.cpp:960:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&nNextGarbageBlock, m_pabyBuf + 2, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_rawbinblock.cpp:986:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&fValue, &nValue, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_rawbinblock.cpp:991:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&n16Val1, pcValue + 2, sizeof(GInt16));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_rawbinblock.cpp:993:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&n16Val2, pcValue, sizeof(GInt16));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_rawbinblock.cpp:1006:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&dValue, anVal, 8);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_spatialref.cpp:1178:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szDatumName[200] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_spatialref.cpp:1853:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nDatumEPSGCode = atoi(pszDatumCode);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_spatialref.cpp:1874:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
             && atoi(pszWKTDatum+4) != 999
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_spatialref.cpp:1875:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
             && atoi(pszWKTDatum+4) != 9999 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_spatialref.cpp:1877:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nDatum = atoi(pszWKTDatum+4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_spatialref.cpp:1899:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
             && (atoi(pszWKTDatum+4) == 999 || atoi(pszWKTDatum+4) == 9999) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_spatialref.cpp:1899:48:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
             && (atoi(pszWKTDatum+4) == 999 || atoi(pszWKTDatum+4) == 9999) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_spatialref.cpp:1901:49:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        sTABProj.nDatumId = static_cast<GInt16>(atoi(pszWKTDatum+4));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_spatialref.cpp:1907:56:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            sTABProj.nEllipsoidId = static_cast<GByte>(atoi(papszFields[1]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_spatialref.cpp:2012:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        atoi(pszAuthorityCode) == 3857) ||
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_tabfile.cpp:226:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(m_pszFname+nFnameLen-4, ".TAB");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_tabfile.cpp:230:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(m_pszFname+nFnameLen-4, ".tab");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_tabfile.cpp:330:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(pszTmpFname+nFnameLen-4, ".DBF");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_tabfile.cpp:332:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(pszTmpFname+nFnameLen-4, ".DAT");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_tabfile.cpp:337:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(pszTmpFname+nFnameLen-4, ".dbf");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_tabfile.cpp:339:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(pszTmpFname+nFnameLen-4, ".dat");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_tabfile.cpp:396:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(pszTmpFname+nFnameLen-4, ".MAP");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_tabfile.cpp:399:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(pszTmpFname+nFnameLen-4, ".map");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_tabfile.cpp:560:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            m_nVersion = atoi(papszTok[1]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_tabfile.cpp:576:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            m_nVersion = atoi(papszTok[1]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_tabfile.cpp:615:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            numFields = atoi(papszTok[1]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_tabfile.cpp:706:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int numFields = atoi(pszStr+7);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_tabfile.cpp:758:61:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                                            atoi(papszTok[2]),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_tabfile.cpp:761:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    poFieldDefn->SetWidth(atoi(papszTok[2]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_tabfile.cpp:774:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    if( numTok > 2 && atoi(papszTok[2]) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_tabfile.cpp:775:48:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        poFieldDefn->SetWidth( atoi(papszTok[2]) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_tabfile.cpp:788:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    if( numTok > 2 && atoi(papszTok[2]) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_tabfile.cpp:789:48:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        poFieldDefn->SetWidth( atoi(papszTok[2]) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_tabfile.cpp:799:60:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                                           atoi(papszTok[2]),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_tabfile.cpp:800:60:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                                           atoi(papszTok[3]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_tabfile.cpp:802:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    poFieldDefn->SetWidth(atoi(papszTok[2]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_tabfile.cpp:803:47:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    poFieldDefn->SetPrecision(atoi(papszTok[3]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_tabfile.cpp:900:44:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    m_panIndexNo[iField] = atoi(papszTok[numTok-1]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_tabfile.cpp:1967:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szNewFieldName[31+1];  // 31 is the max characters for a field name.
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_tabview.cpp:1452:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(m_pszMainFieldName, "MI_Refnum");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mongodb/ogrmongodbdriver.cpp:515:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szSeparator[2];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mongodb/ogrmongodbdriver.cpp:965:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szSeparator[2];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mongodb/ogrmongodbdriver.cpp:1077:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    panValues[i] = atoi(Stringify(elt));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mongodb/ogrmongodbdriver.cpp:2372:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    m_nBatchSize = atoi(CSLFetchNameValueDef(papszOpenOptionsIn, "BATCH_SIZE", "0"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mongodb/ogrmongodbdriver.cpp:2373:45:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    m_nFeatureCountToEstablishFeatureDefn = atoi(CSLFetchNameValueDef(
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mongodbv3/ogrmongodbv3driver.cpp:480:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szSeparator[2];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mongodbv3/ogrmongodbv3driver.cpp:1089:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    panValues[i] = atoi(Stringify(subElt.get_value()));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mongodbv3/ogrmongodbv3driver.cpp:2235:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    m_nBatchSize = atoi(CSLFetchNameValueDef(
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mongodbv3/ogrmongodbv3driver.cpp:2237:45:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    m_nFeatureCountToEstablishFeatureDefn = atoi(CSLFetchNameValueDef(
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialdatasource.cpp:66:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nBCPSize = atoi(nBCPSizeParam);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialdatasource.cpp:113:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szVer[20] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialdatasource.cpp:123:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szNum[20] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialdatasource.cpp:127:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    psVersion->nMajor = atoi(szNum);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialdatasource.cpp:139:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    psVersion->nMinor = atoi(szNum);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialdatasource.cpp:151:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    psVersion->nBuild = atoi(szNum);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialdatasource.cpp:163:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    psVersion->nRevision = atoi(szNum);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialdatasource.cpp:335:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nCoordDimension = atoi(CSLFetchNameValue( papszOptions, "DIM"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialdatasource.cpp:460:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nSRSId = atoi(CSLFetchNameValue( papszOptions, "SRID"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialdatasource.cpp:1045:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nSRId = atoi(papszSRIds[iTable]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialdatasource.cpp:1050:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nCoordDimension = atoi(papszCoordDimensions[iTable]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialdatasource.cpp:1335:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        const int nCode = atoi(pszAuthorityCode);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialdatasource.cpp:1411:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                oSRS.importFromEPSG( atoi(pszAuthorityCode) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialdatasource.cpp:1427:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nAuthorityCode = atoi( oSRS.GetAuthorityCode(nullptr) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialdatasource.cpp:1437:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nSRSId = atoi(oStmt.GetColData( 0 ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialdatasource.cpp:1466:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nSRSId = atoi(oStmt.GetColData( 0 ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialdatasource.cpp:1523:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nSRSId = atoi(oStmt.GetColData( 0 ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialtablelayer.cpp:316:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                const int nCode = atoi(pszAuthorityCode);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialtablelayer.cpp:353:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nSRSId = atoi( oStatement.GetColData( 0 ) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialtablelayer.cpp:905:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                szFieldType[256];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialtablelayer.cpp:933:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( szFieldType, "int" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialtablelayer.cpp:940:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( szFieldType, "bigint" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialtablelayer.cpp:949:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( szFieldType, "float" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialtablelayer.cpp:954:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( szFieldType, "nvarchar(MAX)" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialtablelayer.cpp:960:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy( szFieldType, "date" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialtablelayer.cpp:964:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy( szFieldType, "time(7)" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialtablelayer.cpp:968:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy( szFieldType, "datetime" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialtablelayer.cpp:972:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy( szFieldType, "image" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialtablelayer.cpp:980:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy( szFieldType, "varchar" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialtablelayer.cpp:1340:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char SQLState[6] = "";
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialtablelayer.cpp:1341:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char Msg[256] = "";
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialtablelayer.cpp:1367:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char SQLState[6] = "";
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialtablelayer.cpp:1368:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char Msg[256] = "";
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialtablelayer.cpp:1825:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy(papstBindBuffer[iCol]->VarChar.pData, buffer, papstBindBuffer[iCol]->VarChar.nSize + 2);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/mvt_tile.cpp:77:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(m_pszValue, oOther.m_pszValue, nSize);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/mvt_tile.cpp:136:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static size_t GetSizeMax8(const char achValue[8])
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/mvt_tile.cpp:156:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( m_achValue, osValue.c_str(), nSize );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/mvt_tile.cpp:164:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(m_pszValue, osValue.c_str(), nSize);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/mvt_tile.cpp:246:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pabyData, m_pszValue, nSize);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/mvt_tile.cpp:258:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(pabyData, m_achValue, nSize);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/mvt_tile.h:101:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char m_achValue[8]; // optimization for short strings
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/mvt_tile.h:147:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                  char szBuf[8+1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/mvt_tile.h:148:19:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                  memcpy(szBuf, m_achValue, 8);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/ogrmvtdataset.cpp:1459:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    m_nZ = atoi(CPLGetFilename(m_osDirName));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/ogrmvtdataset.cpp:1559:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                 !IsBetween(atoi(m_aosDirContent[m_nXIndex]),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/ogrmvtdataset.cpp:1631:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        atoi(m_aosDirContent[m_nXIndex]) : m_nXIndex;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/ogrmvtdataset.cpp:1632:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nY = m_bUseReadDir ? atoi(m_aosSubDirContent[m_nYIndex]) : m_nYIndex;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/ogrmvtdataset.cpp:1658:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    !IsBetween(atoi(m_aosSubDirContent[m_nYIndex]),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/ogrmvtdataset.cpp:2504:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nZ = atoi(osZ);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/ogrmvtdataset.cpp:2601:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int nMaxTiles = atoi(
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/ogrmvtdataset.cpp:3105:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nX = atoi(osX);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/ogrmvtdataset.cpp:3106:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nY = atoi(osY);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/ogrmvtdataset.cpp:3107:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nZ = atoi(osZ);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/ogrmvtdataset.cpp:5913:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poLayer->m_nMinZoom = atoi(CSLFetchNameValueDef(papszOptions, "MINZOOM",
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/ogrmvtdataset.cpp:5915:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poLayer->m_nMaxZoom = atoi(CSLFetchNameValueDef(papszOptions, "MAXZOOM",
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/ogrmvtdataset.cpp:6061:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poDS->m_nMinZoom = atoi(CSLFetchNameValueDef(papszOptions, "MINZOOM",
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/ogrmvtdataset.cpp:6063:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poDS->m_nMaxZoom = atoi(CSLFetchNameValueDef(papszOptions, "MAXZOOM",
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/ogrmvtdataset.cpp:6096:45:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poDS->m_nExtent = static_cast<unsigned>(atoi(
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/ogrmvtdataset.cpp:6099:45:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poDS->m_nBuffer = static_cast<unsigned>(atoi(
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/ogrmvtdataset.cpp:6103:65:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poDS->m_nMaxTileSize = std::max(100U, static_cast<unsigned>(atoi(
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/ogrmvtdataset.cpp:6106:63:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poDS->m_nMaxFeatures = std::max(1U, static_cast<unsigned>(atoi(
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/ogrmvtdataset.cpp:6189:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nThreads = atoi(pszNumThreads);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqldatasource.cpp:180:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nPort = atoi(papszItems[i] + 5);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqldatasource.cpp:213:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        unsigned int timeout = atoi(pszTimeoutLength);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqldatasource.cpp:269:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            m_nMajor = atoi(pszVersion);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqldatasource.cpp:272:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                m_nMinor = atoi(pszDot+1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqldatasource.cpp:496:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szCommand[128] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqldatasource.cpp:548:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            poSRS->importFromEPSG( atoi(pszAuthorityCode) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqldatasource.cpp:598:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                oSRS.importFromEPSG( atoi(pszAuthorityCode) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqldatasource.cpp:613:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nAuthorityCode = atoi( oSRS.GetAuthorityCode(nullptr) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqldatasource.cpp:649:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                const int nSRSId = atoi(papszRow[0]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqldatasource.cpp:705:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int nSRSId = atoi(papszRow[0]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqldatasource.cpp:737:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        ? atoi(papszRow[0]) + 1
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqllayer.cpp:333:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nSRSId = atoi(papszRow[0]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqltablelayer.cpp:167:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                oField.SetWidth(atoi(papszTokens[1]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqltablelayer.cpp:192:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                oField.SetWidth(atoi(papszTokens[1]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqltablelayer.cpp:231:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                oField.SetWidth(atoi(papszTokens[1]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqltablelayer.cpp:232:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                oField.SetPrecision(atoi(papszTokens[2]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqltablelayer.cpp:255:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                oField.SetWidth(atoi(papszTokens[1]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqltablelayer.cpp:256:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                oField.SetPrecision(atoi(papszTokens[2]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqltablelayer.cpp:405:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            if( papszRow[1] != nullptr && atoi(papszRow[1]) == 3 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqltablelayer.cpp:458:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szEnvelope[400];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqltablelayer.cpp:568:13:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
            strcat( pszFieldList, ", " );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqltablelayer.cpp:584:13:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
            strcat( pszFieldList, ", " );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqltablelayer.cpp:967:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                szFieldType[256];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqltablelayer.cpp:991:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( szFieldType, "INTEGER" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqltablelayer.cpp:998:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( szFieldType, "BIGINT" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqltablelayer.cpp:1007:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( szFieldType, "DOUBLE" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqltablelayer.cpp:1040:17:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                strcpy( szFieldType, "VARCHAR(256)" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqltablelayer.cpp:1042:17:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                strcpy( szFieldType, "TEXT" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqltablelayer.cpp:1053:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy( szFieldType, "TEXT" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/nas/nashandler.cpp:601:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat( m_pszGeometry+m_nGeomLen, "</" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/nas/nashandler.cpp:759:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( m_pszCurField + nCurFieldLength, m_osCharacters.c_str(),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/nas/nashandler.cpp:786:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( m_pszGeometry+m_nGeomLen, m_osCharacters.c_str(),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/nas/ogrnaslayer.cpp:227:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                          atoi(psGMLProperty->papszSubProperties[i]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ngw/gdalngwdataset.cpp:182:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nBatchSize = atoi( CSLFetchNameValueDef( papszOpenOptionsIn,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ngw/gdalngwdataset.cpp:185:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nPageSize = atoi( CSLFetchNameValueDef(papszOpenOptionsIn, "PAGE_SIZE",
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ngw/gdalngwdataset.cpp:192:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nCacheExpires = atoi( CSLFetchNameValueDef(papszOpenOptionsIn, "CACHE_EXPIRES",
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ngw/gdalngwdataset.cpp:195:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nCacheMaxSize = atoi( CSLFetchNameValueDef(papszOpenOptionsIn, "CACHE_MAX_SIZE",
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ngw/gdalngwdataset.cpp:590:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nEPSG = atoi( pszEPSG );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ngw/ngw_api.cpp:140:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nCurrentMajor = atoi(aosList[0]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ngw/ngw_api.cpp:141:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nCurrentMinor = atoi(aosList[1]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ngw/ngw_api.cpp:142:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nCurrentPatch = atoi(aosList[2]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ngw/ngw_api.cpp:146:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nCurrentMajor = atoi(aosList[0]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ngw/ngw_api.cpp:147:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nCurrentMinor = atoi(aosList[1]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ngw/ngw_api.cpp:151:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nCurrentMajor = atoi(aosList[0]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ngw/ogrngwdriver.cpp:138:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    oParent.Add( "id", atoi(stUri.osResourceId.c_str()) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ngw/ogrngwdriver.cpp:357:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    oParent.Add( "id", atoi(stUri.osResourceId.c_str()) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ngw/ogrngwdriver.cpp:383:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    oParentRaster.Add( "id", atoi(osNewResourceId.c_str()) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ngw/ogrngwlayer.cpp:1234:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nEPSG = atoi( pszEPSG );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf.h:170:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        szValType[3];   /* attribute code for list, i.e. AC */
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf.h:171:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        szFInter[6];    /* format of code values */
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf.h:183:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char  val_type     [ 2 +1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf.h:184:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char  fwidth       [ 3 +1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf.h:185:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char  finter       [ 5 +1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf.h:186:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char  att_name     [ 100 ];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_codelist.cpp:41:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nNumCode(atoi(poRecord->GetField(20,22))),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_codelist.cpp:58:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szVal[128] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_codelist.cpp:71:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szDes[128] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:58:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( 0, atoi(papoGroup[0]->GetField( 3, 8 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:99:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( 0, atoi(papoGroup[0]->GetField( 3, 8 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:140:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( 0, atoi(papoGroup[0]->GetField( 3, 8 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:175:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( 0, atoi(papoGroup[0]->GetField( 3, 8 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:211:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( 0, atoi(papoGroup[0]->GetField( 3, 8 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:269:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( 0, atoi(papoGroup[0]->GetField( 3, 8 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:326:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( 0, atoi(papoGroup[0]->GetField( 3, 4 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:354:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( 0, atoi(papoGroup[0]->GetField( 3, 8 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:390:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( 0, atoi(papoGroup[0]->GetField( 3, 8 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:426:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( 0, atoi(papoGroup[0]->GetField( 3, 8 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:463:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( 0, atoi(papoGroup[0]->GetField( 3, 8 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:499:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( 0, atoi(papoGroup[0]->GetField( 3, 8 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:502:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nNumLinks = atoi(papoGroup[0]->GetField( 9, 12 ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:517:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        anList[i] = atoi(papoGroup[0]->GetField( 15+i*8, 20+i*8 ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:551:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        poFeature->SetField( 0, atoi(papoGroup[0]->GetField( 3, 8 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:554:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int             nNumLinks = atoi(papoGroup[2]->GetField( 9, 12 ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:569:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            anList[i] = atoi(papoGroup[2]->GetField( 19+i*7, 19+i*7 ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:575:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            anList[i] = atoi(papoGroup[2]->GetField( 13+i*7, 18+i*7 ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:640:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int nLineCount = atoi(papoGroup[iRec+1]->GetField(9,12));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:647:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                atoi(papoGroup[iRec+1]->GetField( 19+i*7, 19+i*7 ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:649:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                atoi(papoGroup[iRec+1]->GetField( 13+i*7, 18+i*7 ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:680:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        poFeature->SetField( 0, atoi(papoGroup[iRec]->GetField( 3, 8 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:751:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        poFeature->SetField( 0, atoi(papoGroup[0]->GetField( 3, 8 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:754:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int             nNumLinks = atoi(papoGroup[2]->GetField( 9, 12 ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:770:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            anList[i] = atoi(papoGroup[2]->GetField( 19+i*7, 19+i*7 ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:776:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            anList[i] = atoi(papoGroup[2]->GetField( 13+i*7, 18+i*7 ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:836:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int nLineCount = atoi(papoGroup[iRec+1]->GetField(9,12));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:843:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                atoi(papoGroup[iRec+1]->GetField( 19+i*7, 19+i*7 ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:845:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                atoi(papoGroup[iRec+1]->GetField( 13+i*7, 18+i*7 ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:876:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        poFeature->SetField( 0, atoi(papoGroup[iRec]->GetField( 3, 8 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:907:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( 0, atoi(papoGroup[0]->GetField( 3, 8 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:943:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( 0, atoi(papoGroup[0]->GetField( 3, 8 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:946:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int         nNumLinks = atoi(papoGroup[0]->GetField( 9, 12 ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:964:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        if( atoi(papoGroup[0]->GetField( 13+i*8, 14+i*8 )) == 34 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:966:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                atoi(papoGroup[0]->GetField( 15+i*8, 20+i*8 ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:969:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                atoi(papoGroup[0]->GetField( 15+i*8, 20+i*8 ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:1005:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( 0, atoi(papoGroup[0]->GetField( 3, 8 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:1043:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( 0, atoi(papoGroup[0]->GetField( 3, 8 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:1081:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( 0, atoi(papoGroup[0]->GetField( 3, 8 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:1120:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( 0, atoi(papoGroup[0]->GetField( 3, 8 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:1159:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( 0, atoi(papoGroup[0]->GetField( 3, 8 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:1162:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( 1, atoi(papoGroup[0]->GetField( 9, 14 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:1165:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int         nNumLinks = atoi(papoGroup[0]->GetField( 15, 18 ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:1181:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        anList[i] = atoi(papoGroup[0]->GetField( 19+i*12, 19+i*12 ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:1187:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        anList[i] = atoi(papoGroup[0]->GetField( 19+i*12+1, 19+i*12+6 ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:1193:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        anList[i] = atoi(papoGroup[0]->GetField( 19+i*12+11, 19+i*12+11 ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:1205:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                atoi(papoGroup[0]->GetField( 19+i*12+7, 19+i*12+10 )) * 0.1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:1234:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( 0, atoi(papoGroup[0]->GetField( 3, 8 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:1237:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( 2, atoi(papoGroup[2]->GetField( 9, 12 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:1240:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( 3, atoi(papoGroup[2]->GetField( 13, 15 )) * 0.1 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:1243:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( 4, atoi(papoGroup[2]->GetField( 16, 16 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:1246:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( 5, atoi(papoGroup[2]->GetField( 17, 20 )) * 0.1 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:1280:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( 0, atoi(papoGroup[0]->GetField( 3, 8 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:1322:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( 0, atoi(papoGroup[0]->GetField( 3, 8 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:1361:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( 0, atoi(papoGroup[0]->GetField( 3, 8 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:1367:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( 2, atoi(papoGroup[0]->GetField( 11, 16 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:1392:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( 0, atoi(papoGroup[0]->GetField( 3, 8 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:1398:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( 2, atoi(papoGroup[0]->GetField( 11, 16 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:1424:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( 0, atoi(papoGroup[0]->GetField( 3, 8 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:1471:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( 0, atoi(papoGroup[0]->GetField( 3, 8 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:1527:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( 0, atoi(papoGroup[0]->GetField( 3, 8 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:1533:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( 2, atoi(papoGroup[0]->GetField( 11, 16 )) * 0.1 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:1575:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( 0, atoi(papoGroup[0]->GetField( 3, 8 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:1612:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int         nNumChar = atoi(papoGroup[0]->GetField(13,14));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:1619:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( 0, atoi(papoGroup[0]->GetField( 3, 8 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:1628:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( 3, atoi(papoGroup[1]->GetField( 3, 6 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:1631:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( 4, atoi(papoGroup[1]->GetField(7,9)) * 0.1 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:1634:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( 5, atoi(papoGroup[1]->GetField(10,10)) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:1751:49:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        oFieldDefn.SetPrecision(atoi(pszFormat+3));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:1753:49:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        oFieldDefn.SetPrecision(atoi(pszFormat+4));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:1765:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char szName[128];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_generic.cpp:242:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                       atoi(poRecord->GetField(13,14)) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_generic.cpp:247:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                  if( atoi(poRecord->GetField(3,8)) != 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_generic.cpp:319:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szListName[128] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_generic.cpp:377:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( "NODE_ID", atoi(papoGroup[0]->GetField( 3, 8 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_generic.cpp:389:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nLinkCount = atoi(papoGroup[0]->GetField(15,18));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_generic.cpp:400:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        panLinks[iLink] = atoi(papoGroup[0]->GetField(20+iLink*12,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_generic.cpp:408:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        panLinks[iLink] = atoi(papoGroup[0]->GetField(19+iLink*12,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_generic.cpp:437:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( "COLL_ID", atoi(papoGroup[0]->GetField( 3, 8 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_generic.cpp:445:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nPartCount = atoi(papoGroup[0]->GetField(9,12));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_generic.cpp:461:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        panParts[iPart] = atoi(papoGroup[0]->GetField(13+iPart*8,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_generic.cpp:469:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        panParts[iPart] = atoi(papoGroup[0]->GetField(15+iPart*8,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_generic.cpp:499:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( "TEXT_ID", atoi(papoGroup[0]->GetField( 3, 8 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_generic.cpp:524:42:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            poFeature->SetField( "FONT", atoi(poRecord->GetField(9,12)) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_generic.cpp:526:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                 atoi(poRecord->GetField(13,15)) * 0.1 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_generic.cpp:528:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                 atoi(poRecord->GetField(13,15))
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_generic.cpp:531:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                 atoi(poRecord->GetField(16,16)) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_generic.cpp:533:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                 atoi(poRecord->GetField(17,20)) * 0.1 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_generic.cpp:557:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( "NAME_ID", atoi(papoGroup[0]->GetField( 3, 8 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_generic.cpp:563:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nNumChar = atoi(papoGroup[0]->GetField(13,14));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_generic.cpp:591:42:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            poFeature->SetField( "FONT", atoi(poRecord->GetField(3,6)) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_generic.cpp:593:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                 atoi(poRecord->GetField(7,9)) * 0.1 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_generic.cpp:595:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                 atoi(poRecord->GetField(7,9))
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_generic.cpp:598:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                 atoi(poRecord->GetField(10,10)) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_generic.cpp:600:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                 atoi(poRecord->GetField(11,14)) * 0.1 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_generic.cpp:628:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( "POINT_ID", atoi(papoGroup[0]->GetField( 3, 8 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_generic.cpp:640:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char    szValType[3];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_generic.cpp:680:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( "LINE_ID", atoi(papoGroup[0]->GetField( 3, 8 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_generic.cpp:692:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szValType[3] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_generic.cpp:733:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        poFeature->SetField( 0, atoi(papoGroup[0]->GetField( 3, 8 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_generic.cpp:736:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int             nNumLinks = atoi(papoGroup[1]->GetField( 9, 12 ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_generic.cpp:751:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            anList[i] = atoi(papoGroup[1]->GetField( 19+i*7, 19+i*7 ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_generic.cpp:757:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            anList[i] = atoi(papoGroup[1]->GetField( 13+i*7, 18+i*7 ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_generic.cpp:814:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poFeature->SetField( "CPOLY_ID", atoi(papoGroup[0]->GetField( 3, 8 )) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_generic.cpp:827:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                             atoi(papoGroup[1]->GetField(3,8)) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_generic.cpp:839:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nNumLink = atoi(papoGroup[0]->GetField(9,12));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_generic.cpp:849:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        anPolyId[iLink] = atoi(papoGroup[0]->GetField(13 + iLink*7,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_raster.cpp:88:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nRasterXSize = atoi(poRecord->GetField(13,16));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_raster.cpp:89:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nRasterYSize = atoi(poRecord->GetField(17,20));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_raster.cpp:93:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        adfGeoTransform[0] = atoi(poRecord->GetField(25,34));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_raster.cpp:96:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        adfGeoTransform[3] = atoi(poRecord->GetField(35,44));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_raster.cpp:108:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nRasterXSize = atoi(poRecord->GetField(23,30));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_raster.cpp:109:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nRasterYSize = atoi(poRecord->GetField(31,38));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_raster.cpp:113:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        adfGeoTransform[0] = atoi(poRecord->GetField(13,17))
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_raster.cpp:115:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        adfGeoTransform[1] = atoi(poRecord->GetField(39,42));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_raster.cpp:117:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        adfGeoTransform[3] = atoi(poRecord->GetField(18,22))
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_raster.cpp:120:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        adfGeoTransform[5] = atoi(poRecord->GetField(43,46));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_raster.cpp:199:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const double dfVOffset = atoi(poRecord->GetField(56,65));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_raster.cpp:200:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const double dfVScale = atoi(poRecord->GetField(66,75)) * 0.001;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_raster.cpp:211:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                atoi(pszValue));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_raster.cpp:228:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            pafElev[iPixel] = (float)(atoi(pszValue) * GetZMult());
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_raster.cpp:258:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
               1 : std::max(1, atoi(poDSIn->GetOption("DEM_SAMPLE")))),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_raster.cpp:261:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLayerName[128];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:265:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nNTFLevel = atoi(oVHR.GetField( 57, 57 ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:478:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nCoordWidth = atoi(poRecord->GetField(15,19));            // XYLEN
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:482:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nZWidth = atoi(poRecord->GetField(31,35));                // ZLEN
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:486:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    dfXYMult = atoi(poRecord->GetField(21,30)) / 1000.0;      // XY_MULT
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:487:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    dfXOrigin = atoi(poRecord->GetField(47,56));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:488:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    dfYOrigin = atoi(poRecord->GetField(57,66));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:489:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    dfTileXSize = atoi(poRecord->GetField(23+74,32+74));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:490:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    dfTileYSize = atoi(poRecord->GetField(33+74,42+74));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:491:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    dfZMult = atoi(poRecord->GetField(37,46)) / 1000.0;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:497:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        dfScale = atoi(poRecord->GetField(148+31,148+39));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:571:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nGType = atoi(poRecord->GetField(9,9));            // GTYPE
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:572:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nNumCoord = atoi(poRecord->GetField(10,13));       // NUM_COORD
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:576:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        *pnGeomId = atoi(poRecord->GetField(3,8));     // GEOM_ID
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:585:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(poRecord->GetField(14,14+GetXYLen()-1)) * GetXYMult()
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:588:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(poRecord->GetField(14+GetXYLen(),14+GetXYLen()*2-1))
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:618:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            const double dfX = atoi(poRecord->GetField(iStart+0,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:621:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            const double dfY = atoi(poRecord->GetField(iStart+GetXYLen(),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:640:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        CacheAddByGeomId( atoi(poRecord->GetField(3,8)), poLine );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:655:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            adfX[iCoord] = atoi(poRecord->GetField(iStart+0,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:658:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            adfY[iCoord] = atoi(poRecord->GetField(iStart+GetXYLen(),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:677:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(poRecord->GetField(iCenterStart, iCenterStart+GetXYLen()-1))
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:680:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(poRecord->GetField(iCenterStart+GetXYLen(),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:685:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(poRecord->GetField(iArcStart, iArcStart+GetXYLen()-1))
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:688:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(poRecord->GetField(iArcStart+GetXYLen(),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:727:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nGType = atoi(poRecord->GetField(9,9));  // GTYPE
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:728:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nNumCoord = atoi(poRecord->GetField(10,13));       // NUM_COORD
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:730:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        *pnGeomId = atoi(poRecord->GetField(3,8));     // GEOM_ID
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:739:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(poRecord->GetField(14,14+GetXYLen()-1)) * GetXYMult()
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:742:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(poRecord->GetField(14+GetXYLen(),14+GetXYLen()*2-1))
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:745:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(poRecord->GetField(14+1+2*GetXYLen(),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:774:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            const double dfX = atoi(pszX)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:779:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            const double dfY = atoi(pszY)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:785:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            const double dfZ = atoi(pszZ)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:808:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        CacheAddByGeomId( atoi(poRecord->GetField(3,8)), poLine );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:917:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        *pnAttId = atoi(poRecord->GetField(3,8));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:951:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int nFWidth = atoi(psAttDesc->fwidth);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:1078:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            const int nPrecision = atoi(pszDecimalPortion+1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:1101:42:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        *ppszAttValue = CPLSPrintf("%d", atoi(pszRawValue) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:1223:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char    szDescFieldName[256];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:1663:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int iId = atoi(poRecord->GetField( 3, 8 ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:1813:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nPrevId = atoi(papoPrevGroup[0]->GetField(3,8));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:1872:44:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                           atoi(poAnchor->GetField(9,14)) ) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:1875:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            l_nAttCount = atoi(poAnchor->GetField(15,16));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:1881:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                  atoi(poAnchor->GetField(17+6*iAtt,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:1895:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nSelCount = atoi(poAnchor->GetField(9,10));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:1905:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                  atoi(poAnchor->GetField(iStart,iStart+5)) ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:1917:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            const int nNumTEXR = atoi(poRecord->GetField(9,10));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:1922:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                      atoi(poRecord->GetField(11+iTEXR*12,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:1926:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                      atoi(poRecord->GetField(17+iTEXR*12,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:1933:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            l_nAttCount = atoi(poAnchor->GetField(11+nSelCount*12,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:1942:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                  atoi(poAnchor->GetField(iStart,iStart+5)) ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:1952:44:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                           atoi(poAnchor->GetField(9,14)) ) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:1960:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int nParts = atoi(poAnchor->GetField(9,12));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:1967:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            l_nAttCount = atoi(poAnchor->GetField(nAttOffset,nAttOffset+1));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:1975:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                  atoi(poAnchor->GetField(iStart,iStart+5)) ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:1985:44:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                           atoi(poAnchor->GetField(9,14)) ) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:1990:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                          atoi(poAnchor->GetField(15,20)) ) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:1996:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            l_nAttCount = atoi(poAnchor->GetField(21,22));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:2002:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                  atoi(poAnchor->GetField(23+6*iAtt,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:2011:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nPolyCount = atoi(poAnchor->GetField(9,12));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:2018:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int  nGeomId = atoi(poAnchor->GetField(nPostPoly+1,nPostPoly+6));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:2025:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int l_nAttCount = atoi(poAnchor->GetField(nPostPoly+7,nPostPoly+8));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:2029:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                int nAttId = atoi(poAnchor->GetField(nPostPoly+9+iAtt*6,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntfrecord.cpp:58:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLine[MAX_RECORD_LEN+3] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntfrecord.cpp:86:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pszData, szLine, nLength );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntfrecord.cpp:109:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pszData+nLength, szLine+2, nNewLength-4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntfrecord.cpp:120:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char  szType[3];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntfrecord.cpp:125:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nType = atoi(szType);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ogrntfdatasource.cpp:232:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char fullFilename[2048];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ogrntfdatasource.cpp:279:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szHeader[80] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ogrntfdatasource.cpp:529:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szCandidateName[11] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/fastload.cpp:67:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szField2[100*4];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/fastload.cpp:128:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf( szField2 + iRow*4, "%3d", iRow );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocidatasource.cpp:237:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szFullTableName[100];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocidatasource.cpp:512:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nDefaultStringSize = atoi( 
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocidatasource.cpp:557:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szSRSId[100];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocidatasource.cpp:565:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy( szSRSId, "NULL" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocidatasource.cpp:634:70:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                        EQUAL(szSRSId,"NULL") ? -1 : atoi(szSRSId),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocidatasource.cpp:640:65:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                   EQUAL(szSRSId,"NULL") ? -1 : atoi(szSRSId),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocidatasource.cpp:652:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        poLayer->SetDimension( atoi(pszDIM) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocidatasource.cpp:820:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            szSelect[200], **papszResult;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocidatasource.cpp:863:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if( papszResult[1] != nullptr && atoi(papszResult[1]) != 0
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocidatasource.cpp:869:46:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                             papszResult[2], atoi(papszResult[1]) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocidatasource.cpp:927:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            && atoi(pszAuthCode) != 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocidatasource.cpp:928:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            return atoi(pszAuthCode);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocidatasource.cpp:932:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int i, nEPSGCode = atoi(pszAuthCode);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocidatasource.cpp:992:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        return atoi( papszResult[0] );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocidatasource.cpp:1009:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nSRSId = atoi(papszResult[0]) + 1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocilayer.cpp:184:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        poFeature->SetFID( atoi(papszResult[iFIDColumn]) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocilayer.cpp:946:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nSRID = atoi( papszRow[0] );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrociloaderlayer.cpp:265:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szSRID[128];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrociloaderlayer.cpp:270:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( szSRID, "NULL" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrociloaderlayer.cpp:402:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szSRID[128];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrociloaderlayer.cpp:407:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( szSRID, "NULL" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrociloaderlayer.cpp:483:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                ((char *) pszStrValue)[nLength] = '\0';
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrociloaderlayer.cpp:496:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLength[9] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrociloaderlayer.cpp:500:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( oLine.GetString(), szLength, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocisession.cpp:285:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szVersionTxt[256];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocisession.cpp:301:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nServerVersion = atoi(papszNameValue[i + 1]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocisession.cpp:305:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nServerRelease = atoi(papszNameValue[i + 2]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocisession.cpp:352:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szErrorMsg[10000];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocisession.cpp:408:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTermColName[128];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocistringbuf.cpp:95:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    szSimpleBuf[100];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:421:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                iDim = atoi( papszResult2[0] );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:431:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            iDim = atoi( papszResult[0] );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:969:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        this->nFirstId = atoi( CSLFetchNameValue( papszOptions, "FIRST_ID" ) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:982:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        this->nMultiLoadCount = atoi( CSLFetchNameValue( papszOptions,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:1028:13:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
            strcat( pszCommand, "\",\"" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:1042:13:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
            strcat( pszCommand, "\",\"" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:1049:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat( pszCommand, "\") VALUES (" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:1060:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szSDO_GEOMETRY[512];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:1061:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szSRID[128];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:1064:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( szSRID, "NULL" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:1117:13:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
            strcat( pszCommand+nOffset, ", " );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:1147:13:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
            strcat( pszCommand+nOffset, ", " );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:1165:17:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
                strcat( pszCommand+nOffset, "NULL" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:1505:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char               szCommand[1024];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:1835:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szFieldPlaceholderName[80];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:2210:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char  szIndexName[20];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:2304:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    return CSLCount(papszResult) == 1 ? atoi( papszResult[0] ) : 0;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrociwritablelayer.cpp:44:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nDimension = MAX(2,MIN(3,atoi(CPLGetConfigOption("OCI_DEFAULT_DIM","3"))));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrociwritablelayer.cpp:249:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                szFieldType[256];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrociwritablelayer.cpp:250:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                szFieldName[128]; // 12.2 max identifier name
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrociwritablelayer.cpp:274:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( szFieldType, "INTEGER" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrociwritablelayer.cpp:281:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( szFieldType, "NUMBER(20)" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrociwritablelayer.cpp:289:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( szFieldType, "FLOAT(126)" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrociwritablelayer.cpp:356:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat( oCommand.GetString(), " NOT NULL");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrociwritablelayer.cpp:431:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szResult[1024];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/odbc/ogrodbcdatasource.cpp:526:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    panSRID[nKnownSRID] = atoi( pszSRID );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/odbc/ogrodbclayer.cpp:248:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(poStmt->GetColData(poStmt->GetColId(pszFIDColumn))) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/odbc/ogrodbctablelayer.cpp:415:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szCommand[1024] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/odbc/ogrodbctablelayer.cpp:426:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nSRSId = atoi(PQgetvalue(hResult,0,0));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ods/ods_formula_node.cpp:241:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char spaces[max_num_spaces];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ods/ods_formula_node.cpp:1208:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTmp[128];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ods/ods_formula_node.cpp:1284:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nRow = atoi(pszCell + i);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ods/ods_formula_parser.cpp:989:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ods/ods_formula_parser.cpp:1258:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char yymsgbuf[128];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ods/ogrodsdatasource.cpp:665:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nRowsRepeated = atoi(
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ods/ogrodsdatasource.cpp:898:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nCellsRepeated = atoi(
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ods/ogrodsdatasource.cpp:1212:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char aBuf[BUFSIZ];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ods/ogrodsdatasource.cpp:1395:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char aBuf[BUFSIZ];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ods/ogrodsdriver.cpp:113:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBuffer[1024];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openair/ogropenairlayer.cpp:201:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy(psStyle, &sStyle, sizeof(sStyle));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openair/ogropenairlayer.cpp:243:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    sStyle.penStyle = atoi(papszTokens[0]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openair/ogropenairlayer.cpp:244:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    sStyle.penWidth = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openair/ogropenairlayer.cpp:245:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    sStyle.penR = atoi(papszTokens[2]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openair/ogropenairlayer.cpp:246:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    sStyle.penG = atoi(papszTokens[3]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openair/ogropenairlayer.cpp:247:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    sStyle.penB = atoi(papszTokens[4]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openair/ogropenairlayer.cpp:259:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    sStyle.fillR = atoi(papszTokens[0]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openair/ogropenairlayer.cpp:260:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    sStyle.fillG = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openair/ogropenairlayer.cpp:261:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    sStyle.fillB = atoi(papszTokens[2]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/filegdbindex.cpp:218:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char                 szUUID[UUID_LEN_AS_STRING + 1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/filegdbindex.cpp:223:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char                 szMin[MAX_UTF8_LEN_STR+1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/filegdbindex.cpp:224:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char                 szMax[MAX_UTF8_LEN_STR+1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/filegdbindex.cpp:1035:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLastMaxUUID[UUID_LEN_AS_STRING + 1] = { 0 };
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/filegdbindex.cpp:1097:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(asMax, abyPage[iLevel] + nOffsetFirstValInPage +
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/filegdbindex.cpp:1108:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(asLastMax, pasMax, nStrLen * 2);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/filegdbindex.cpp:1122:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(szLastMaxUUID, psNonzMaxUUID, UUID_LEN_AS_STRING);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/filegdbindex.cpp:1399:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(asVal, abyPageFeature + nOffsetFirstValInPage +
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/filegdbindex.cpp:1675:13:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            wchar_t awsVal[MAX_CAR_COUNT_STR+1] = { 0 };
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/filegdbindex.cpp:1697:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(psField->String, l_abyPage + nOffsetFirstValInPage +
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/filegdbtable.cpp:889:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy(sDefault.String, pabyIter, defaultValueLength);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/filegdbtable.cpp:2508:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyBuffer + 16 * i, &dfX, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/filegdbtable.cpp:2510:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyBuffer + 16 * i + 8, &dfY, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/filegdbtable.cpp:2524:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyBuffer + 8 * i, &dfValue, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/filegdbtable.cpp:2564:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyExtShapeBuffer, &nTmp, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/filegdbtable.cpp:2567:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyExtShapeBuffer + 36, &nTmp, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/filegdbtable.cpp:2569:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyExtShapeBuffer + 40, &nTmp, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/filegdbtable.cpp:2575:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyExtShapeBuffer + 44 + 4 * i, &nTmp, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/filegdbtable.cpp:2617:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyShapeTypePtr, &nTmp, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/filegdbtable.cpp:2624:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(pabyExtShapeBuffer + nOffset + 8 * i, &myNan, 8);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/filegdbtable.cpp:2647:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyExtShapeBuffer + nOffset, &nTmp, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/filegdbtable.cpp:2655:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyExtShapeBuffer + nOffset, &nTmp, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/filegdbtable.cpp:2662:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyExtShapeBuffer + nOffset, &nTmp, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/filegdbtable.cpp:2677:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyExtShapeBuffer + nOffset, pabyCur, nStructureSize );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/filegdbtable.h:240:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char                        achGUIDBuffer[32 + 6 + 1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/ogropenfilegdblayer.cpp:341:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(CPLGetXMLValue( psInfo, "SpatialReference.WKID", "0" ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/ogropenfilegdblayer.cpp:344:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nLatestWKID = atoi(
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/ogropenfilegdblayer.cpp:753:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        if ( atoi(pszDefaultValue) != psDefault->Integer)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/gpb.h:251:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&fValue, *ppabyData, sizeof(float));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/gpb.h:266:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&dfValue, *ppabyData, sizeof(double));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/gpb.h:303:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pszTxt, pabyData, l_nDataLength); \
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/gpb.h:488:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(*ppabyData, &fVal, sizeof(float));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/gpb.h:499:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(*ppabyData, &dfVal, sizeof(double));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/gpb.h:527:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(*ppabyData, pszText, nTextSize);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/gpb.h:535:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(*ppabyData, osText.c_str(), nTextSize);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogr_osm.h:128:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                  szLaunderedFieldName[256];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:369:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE* f = fopen("keys.txt", "wt");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:652:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(pabyOut, &pasLonLatIn[i], sizeof(LonLat));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:1055:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(&(pasLonLatOut[i]), pabyPtr, sizeof(LonLat));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:1258:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pasLonLatArray + j,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:1364:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &pasLonLatArray[j],
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:1497:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pabyPtr, pszV, nLenV);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:1526:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pabyPtr, &(pasLonLatPairs[0]), sizeof(LonLat));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:1608:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&pasCoords[0].nLon, pabyPtr, sizeof(int));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:1609:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&pasCoords[0].nLat, pabyPtr + sizeof(int), sizeof(int));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:2162:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( pabyNonRedundantValues + nNonRedundantValuesLen, pszV,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:2192:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( panUnsortedReqIds + nUnsortedReqIds,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:2260:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(blob_dup, blob, nBlobSize);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:2333:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(pabyWayBuffer, pabyCompressedWay, nCompressedWaySize);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:2920:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nMaxSizeForInMemoryDBInMB = atoi(CSLFetchNameValueDef(papszOpenOptionsIn,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:3213:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            static_cast<GIntBig>(atoi( pszSqliteCacheMB )) * 1024 * 1024;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:3223:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            iSqlitePageSize = atoi( papszResult[(iRow * nColCount) + 0] );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:3278:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTmp[LIMIT_IDS_PER_REQUEST*2 + 128];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:3279:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(szTmp, "SELECT id, coords FROM nodes WHERE id IN (");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:3285:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(szTmp + nLen, "?) ORDER BY id ASC");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:3290:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(szTmp + nLen -1, ",?) ORDER BY id ASC");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:3314:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(szTmp, "SELECT id, data FROM ways WHERE id IN (");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:3320:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(szTmp + nLen, "?)");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:3325:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(szTmp + nLen -1, ",?)");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:4389:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szVal[64] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmlayer.cpp:600:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szID[32];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmlayer.cpp:611:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szID[32];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmlayer.cpp:859:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nZOrder += 10 * atoi(pszLayer);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/osm_parser.cpp:2099:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pszRet, pszStr, nLen);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/osm_parser.cpp:2117:28:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const GIntBig iValue = atol( pszString );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/osm_parser.cpp:2228:58:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    psCtxt->pasNodes[0].sInfo.nVersion = atoi( ppszIter[1] );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/osm_parser.cpp:2240:54:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    psCtxt->pasNodes[0].sInfo.nUID = atoi( ppszIter[1] );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/osm_parser.cpp:2274:51:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    psCtxt->sWay.sInfo.nVersion = atoi( ppszIter[1] );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/osm_parser.cpp:2286:47:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    psCtxt->sWay.sInfo.nUID = atoi( ppszIter[1] );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/osm_parser.cpp:2320:56:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    psCtxt->sRelation.sInfo.nVersion = atoi( ppszIter[1] );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/osm_parser.cpp:2332:52:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    psCtxt->sRelation.sInfo.nUID = atoi( ppszIter[1] );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/osm_parser.cpp:2761:55:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nNumCPUs = std::max(0, std::min(2 * nNumCPUs, atoi(pszNumThreads)));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pds/ogrpdsdatasource.cpp:167:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nStartBytes = atoi(osStartRecord.c_str());
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pds/ogrpdsdatasource.cpp:194:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nStartBytes = atoi(osTableFilename.c_str());
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pds/ogrpdsdatasource.cpp:239:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nRecords = atoi(osTableRows);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pds/ogrpdsdatasource.cpp:313:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBuffer[512];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pds/ogrpdsdatasource.cpp:337:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nRecordSize = atoi(osRecordBytes);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pds/ogrpdslayer.cpp:107:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szFieldName[32];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pds/ogrpdslayer.cpp:186:52:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                pasFieldDesc[nFields].nStartByte = atoi(osColumnStartByte) - 1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pds/ogrpdslayer.cpp:187:52:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                pasFieldDesc[nFields].nByteCount = atoi(osColumnBytes);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pds/ogrpdslayer.cpp:198:56:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    pasFieldDesc[nFields].nItemBytes = atoi(osColumnItemBytes);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pds/ogrpdslayer.cpp:199:52:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    pasFieldDesc[nFields].nItems = atoi(osColumnItems);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pds/ogrpdslayer.cpp:277:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        int nWidth = atoi(pszFormat + 1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pds/ogrpdslayer.cpp:282:46:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                            int nPrecision = atoi(pszPoint + 1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pds/ogrpdslayer.cpp:291:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        int nWidth = atoi(pszFormat + 1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pds/ogrpdslayer.cpp:363:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nRowBytes = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pds/ogrpdslayer.cpp:376:59:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    nRowBytes = (CPLSM(nRowBytes) + CPLSM(atoi(papszTokens[1]))).v();
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pds/ogrpdslayer.cpp:419:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                int nColumnNumber = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pds/ogrpdslayer.cpp:574:29:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                            memcpy(&sVal, pabyRecord + pasFieldDesc[i].nStartByte + 2 * j, 2);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pds/ogrpdslayer.cpp:584:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy(&sVal, pabyRecord + pasFieldDesc[i].nStartByte, 2);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pds/ogrpdslayer.cpp:597:29:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                            memcpy(&nVal, pabyRecord + pasFieldDesc[i].nStartByte + 4 * j, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pds/ogrpdslayer.cpp:607:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy(&nVal, pabyRecord + pasFieldDesc[i].nStartByte, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pds/ogrpdslayer.cpp:642:29:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                            memcpy(&sVal, pabyRecord + pasFieldDesc[i].nStartByte + 2 * j, 2);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pds/ogrpdslayer.cpp:652:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy(&sVal, pabyRecord + pasFieldDesc[i].nStartByte, 2);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pds/ogrpdslayer.cpp:665:29:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                            memcpy(&nVal, pabyRecord + pasFieldDesc[i].nStartByte + 4 * j, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pds/ogrpdslayer.cpp:675:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy(&nVal, pabyRecord + pasFieldDesc[i].nStartByte, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pds/ogrpdslayer.cpp:692:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy(&fVal, pabyRecord + pasFieldDesc[i].nStartByte + 4 * j, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pds/ogrpdslayer.cpp:702:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(&fVal, pabyRecord + pasFieldDesc[i].nStartByte, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pds/ogrpdslayer.cpp:718:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy(&dfVal, pabyRecord + pasFieldDesc[i].nStartByte + 8 * j, 8);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pds/ogrpdslayer.cpp:728:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(&dfVal, pabyRecord + pasFieldDesc[i].nStartByte, 8);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:182:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szVer[10] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:192:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szNum[25] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:196:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    psVersion->nMajor = atoi(szNum);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:208:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    psVersion->nMinor = atoi(szNum);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:220:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        psVersion->nRelease = atoi(szNum);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:659:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( nVal, PQgetvalue( hResult, 0, 0 ), 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:663:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( &dVal, PQgetvalue( hResult, 0, 0 ), 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:723:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nGeometryOID = atoi(pszOid);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:728:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nGeographyOID = atoi(pszOid);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:788:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nUndefinedSRID = atoi(PQgetvalue(hResult,0,0));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:961:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nGeomCoordDimension = atoi(pszDim);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:963:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nSRID = atoi(pszSRID);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:996:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    nSRID = atoi(pszNeedle);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:1007:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    nGeomCoordDimension = atoi(pszNeedle);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:1125:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nGeomCoordDimension = atoi(PQgetvalue(hResult, iRecord, 5));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:1126:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nSRID = atoi(PQgetvalue(hResult, iRecord, 6));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:1127:46:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                ePostgisType = (PostgisType) atoi(PQgetvalue(hResult, iRecord, 7));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:2260:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                oSRS.importFromEPSG( atoi(pszAuthorityCode) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:2275:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nAuthorityCode = atoi( oSRS.GetAuthorityCode(nullptr) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:2287:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                int nSRSId = atoi(PQgetvalue( hResult, 0, 0 ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:2325:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nSRSId = atoi(PQgetvalue( hResult, 0, 0 ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:2355:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nSRSId = atoi(PQgetvalue(hResult,0,0)) + 1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:2373:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nAuthorityCode = atoi( oSRS.GetAuthorityCode(nullptr) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpglayer.cpp:82:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nCursorPage(atoi(CPLGetConfigOption("OGR_PG_CURSOR_PAGE", "500"))),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpglayer.cpp:484:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy(pszNewToken, pszNewTokenStart, pszCur - pszNewTokenStart);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpglayer.cpp:515:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(pszNewToken, pszNewTokenStart, pszCur - pszNewTokenStart);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpglayer.cpp:528:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(pszNewToken, pszNewTokenStart, pszCur - pszNewTokenStart);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpglayer.cpp:591:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( &nVal, PQgetvalue( hResult, iRecord, iField ), sizeof(int) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpglayer.cpp:599:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( &nVal, PQgetvalue( hResult, iRecord, iField ), sizeof(GIntBig) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpglayer.cpp:784:42:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    OIDToGeometry( (Oid) atoi((const char*)pabyData) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpglayer.cpp:844:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( &nCount, pData, sizeof(int) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpglayer.cpp:862:29:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                            memcpy( &panList[i], pData, nSize );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpglayer.cpp:869:29:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                            memcpy( &nVal, pData, nSize );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpglayer.cpp:901:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        panList[i] = atoi(papszTokens[i]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpglayer.cpp:923:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( &nCount, pData, sizeof(int) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpglayer.cpp:941:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy( &panList[i], pData, nSize );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpglayer.cpp:993:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( &nCount, pData, sizeof(int) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpglayer.cpp:1013:29:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                            memcpy( &padfList[i], pData, nSize );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpglayer.cpp:1021:29:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                            memcpy( &fVal, pData, nSize );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpglayer.cpp:1067:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( &nCount, pData, sizeof(int) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpglayer.cpp:1090:29:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                            memcpy(pszToken, pData, nSize);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpglayer.cpp:1125:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( &nVal, PQgetvalue( hResult, iRecord, iField ), sizeof(int) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpglayer.cpp:1135:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char szTime[32];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpglayer.cpp:1142:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy( nVal, PQgetvalue( hResult, iRecord, iField ), 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpglayer.cpp:1151:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy( &dfVal, PQgetvalue( hResult, iRecord, iField ), 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpglayer.cpp:1169:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( nVal, PQgetvalue( hResult, iRecord, iField ), 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpglayer.cpp:1238:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( &sLen, pabyData, sizeof(short));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpglayer.cpp:1242:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( &sWeight, pabyData, sizeof(short));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpglayer.cpp:1246:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( &sSign, pabyData, sizeof(short));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpglayer.cpp:1250:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( &sDscale, pabyData, sizeof(short));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpglayer.cpp:1269:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( &sVal, PQgetvalue( hResult, iRecord, iField ), sizeof(short) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpglayer.cpp:1277:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( &nVal, PQgetvalue( hResult, iRecord, iField ), sizeof(int) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpglayer.cpp:1285:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( nVal, PQgetvalue( hResult, iRecord, iField ), 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpglayer.cpp:1296:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( &fVal, PQgetvalue( hResult, iRecord, iField ), sizeof(float) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpglayer.cpp:1304:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( &dfVal, PQgetvalue( hResult, iRecord, iField ), sizeof(double) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpglayer.cpp:1932:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szVals[64*6+6];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgresultlayer.cpp:105:78:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                int iRawField = oMapAttributeToFieldIndex[std::pair<int,int>(atoi(pszAttRelid),atoi(pszAttNum))];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgresultlayer.cpp:105:96:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                int iRawField = oMapAttributeToFieldIndex[std::pair<int,int>(atoi(pszAttRelid),atoi(pszAttNum))];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgresultlayer.cpp:209:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nCount = atoi(PQgetvalue(hResult,0,0));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgresultlayer.cpp:323:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szBox3D_1[128];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgresultlayer.cpp:324:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szBox3D_2[128];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgresultlayer.cpp:414:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    nSRSId = atoi(PQgetvalue(hSRSIdResult, 0, 0));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgtablelayer.cpp:517:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nWidth = atoi(PQgetvalue(hResult,iRecord,2));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgtablelayer.cpp:665:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int dim = atoi(PQgetvalue(hResult,0,1));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgtablelayer.cpp:678:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nSRSId = atoi(PQgetvalue(hResult,0,2));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgtablelayer.cpp:818:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBox3D_1[128];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgtablelayer.cpp:819:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBox3D_2[128];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgtablelayer.cpp:1635:29:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            if( (((unsigned char *) pszStrValue)[iChar] & 0xc0) != 0x80 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgtablelayer.cpp:2828:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nSRSId = atoi(PQgetvalue(hResult,0,0));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgtablelayer.cpp:2856:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nSRSId = atoi(PQgetvalue(hResult,0,0));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgutility.cpp:47:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szNTuples[32] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumpdatasource.cpp:374:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if( pszPostgisVersion != nullptr && atoi(pszPostgisVersion) >= 2 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumpdatasource.cpp:376:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nPostGISMajor = atoi(pszPostgisVersion);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumpdatasource.cpp:378:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nPostGISMinor = atoi(strchr(pszPostgisVersion, '.')+1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumpdatasource.cpp:388:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nSRSId = atoi(CSLFetchNameValue( papszOptions, "SRID"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumpdatasource.cpp:399:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nSRSId = atoi( poSRS->GetAuthorityCode(nullptr) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumplayer.cpp:844:29:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            if( (((unsigned char *) pszStrValue)[iChar] & 0xc0) != 0x80 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumplayer.cpp:1002:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy( pszNeedToFree, "'{" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumplayer.cpp:1011:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat( pszNeedToFree+nOff, "}'" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumplayer.cpp:1026:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy( pszNeedToFree, "'{" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumplayer.cpp:1035:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat( pszNeedToFree+nOff, "}'" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumplayer.cpp:1052:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy( pszNeedToFree, "'{" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumplayer.cpp:1067:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat( pszNeedToFree+nOff, "}'" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumplayer.cpp:1309:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nWidth = atoi(pszFormatType+10);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumplayer.cpp:1311:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nWidth = atoi(pszFormatType+18);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumplayer.cpp:1333:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nWidth = atoi(pszFormatType + 8);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumplayer.cpp:1335:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nPrecision = atoi(pszPrecision+1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumplayer.cpp:1360:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nWidth = atoi(pszFormatType + 8);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumplayer.cpp:1362:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nPrecision = atoi(pszPrecision+1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumplayer.cpp:1693:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nSRSId = atoi( poSRS->GetAuthorityCode(nullptr) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgeo/ogrpgeodatasource.cpp:214:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                 atoi(papszRecord[2]),   // ShapeType
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgeo/ogrpgeodatasource.cpp:219:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                 atoi(papszRecord[7]),   // SRID
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgeo/ogrpgeodatasource.cpp:220:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                 atoi(papszRecord[8]))  // HasZ
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgeo/ogrpgeolayer.cpp:250:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(poStmt->GetColData(poStmt->GetColId(pszFIDColumn))) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/plscenes/ogrplscenesdatav1dataset.cpp:285:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(psResult->pabyData, pabyBuf, nDataLength);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/plscenes/ogrplscenesdatav1dataset.cpp:394:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nActivationTimeout = atoi(CSLFetchNameValueDef(poOpenInfo->papszOpenOptions,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/plscenes/ogrplscenesdatav1layer.cpp:59:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    m_nPageSize(atoi(CPLGetConfigOption("PLSCENES_PAGE_SIZE", "250"))),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/rec/ll_recio.cpp:47:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if( atoi(pszLine) < 1 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/rec/ll_recio.cpp:52:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    return atoi(pszLine);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/rec/ll_recio.cpp:72:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    *pnWidth = atoi( RECGetField( pszLine, 37, 4 ) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/rec/ll_recio.cpp:77:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nTypeCode = atoi(RECGetField(pszLine,33,4));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/rec/ll_recio.cpp:125:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char szWorkField[128] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/rec/ll_recio.cpp:189:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pszRecord+nDataLen, pszLine, iSegLen );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/rec/ogrrecdatasource.cpp:114:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nFieldCount = atoi(pszLine);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/rec/ogrreclayer.cpp:72:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        panFieldWidth[nFieldCount] = atoi( RECGetField( pszLine, 37, 4 ) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/rec/ogrreclayer.cpp:77:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nTypeCode = atoi(RECGetField(pszLine,33,4));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/rec/ogrreclayer.cpp:226:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pszRecord+nDataLen, pszLine, iSegLen );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/ogrs57datasource.cpp:537:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nEXPP = atoi(CSLFetchNameValueDef( papszOptionsIn, "S57_EXPP", CPLSPrintf("%d", S57Writer::nDEFAULT_EXPP) ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/ogrs57datasource.cpp:538:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nINTU = atoi(CSLFetchNameValueDef( papszOptionsIn, "S57_INTU", CPLSPrintf("%d", S57Writer::nDEFAULT_INTU) ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/ogrs57datasource.cpp:544:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nAGEN = atoi(CSLFetchNameValueDef( papszOptionsIn, "S57_AGEN", CPLSPrintf("%d", S57Writer::nDEFAULT_AGEN) ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/ogrs57datasource.cpp:546:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nAALL = atoi(CSLFetchNameValueDef( papszOptionsIn, "S57_AALL", "0" ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/ogrs57datasource.cpp:547:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nNALL = atoi(CSLFetchNameValueDef( papszOptionsIn, "S57_NALL", "0" ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/ogrs57datasource.cpp:548:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nNOMR = atoi(CSLFetchNameValueDef( papszOptionsIn, "S57_NOMR", "0" ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/ogrs57datasource.cpp:549:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nNOGR = atoi(CSLFetchNameValueDef( papszOptionsIn, "S57_NOGR", "0" ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/ogrs57datasource.cpp:550:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nNOLR = atoi(CSLFetchNameValueDef( papszOptionsIn, "S57_NOLR", "0" ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/ogrs57datasource.cpp:551:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nNOIN = atoi(CSLFetchNameValueDef( papszOptionsIn, "S57_NOIN", "0" ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/ogrs57datasource.cpp:552:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nNOCN = atoi(CSLFetchNameValueDef( papszOptionsIn, "S57_NOCN", "0" ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/ogrs57datasource.cpp:553:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nNOED = atoi(CSLFetchNameValueDef( papszOptionsIn, "S57_NOED", "0" ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/ogrs57datasource.cpp:561:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nHDAT = atoi(CSLFetchNameValueDef( papszOptionsIn, "S57_HDAT", CPLSPrintf("%d", S57Writer::nDEFAULT_HDAT) ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/ogrs57datasource.cpp:562:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nVDAT = atoi(CSLFetchNameValueDef( papszOptionsIn, "S57_VDAT", CPLSPrintf("%d", S57Writer::nDEFAULT_VDAT) ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/ogrs57datasource.cpp:563:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nSDAT = atoi(CSLFetchNameValueDef( papszOptionsIn, "S57_SDAT", CPLSPrintf("%d", S57Writer::nDEFAULT_SDAT) ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/ogrs57datasource.cpp:564:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nCSCL = atoi(CSLFetchNameValueDef( papszOptionsIn, "S57_CSCL", CPLSPrintf("%d", S57Writer::nDEFAULT_CSCL) ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/ogrs57datasource.cpp:565:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nCOMF = atoi(CSLFetchNameValueDef( papszOptionsIn, "S57_COMF", CPLSPrintf("%d", S57Writer::nDEFAULT_COMF) ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/ogrs57datasource.cpp:566:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nSOMF = atoi(CSLFetchNameValueDef( papszOptionsIn, "S57_SOMF", CPLSPrintf("%d", S57Writer::nDEFAULT_SOMF) ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57.h:279:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                szUPDNUpdate[10];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57classregistrar.cpp:184:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTargetFile[1024];  // TODO: Get this off of the stack.
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57classregistrar.cpp:201:8:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
       strcpy( szTargetFile, "s57objectclasses.csv" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57classregistrar.cpp:210:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( szTargetFile, "s57objectclasses.csv" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57classregistrar.cpp:274:8:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
       strcpy( szTargetFile, "s57attributes.csv" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57classregistrar.cpp:282:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( szTargetFile, "s57attributes.csv" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57classregistrar.cpp:321:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int iAttr = atoi(papszTokens[0]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57classregistrar.cpp:413:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        if( atoi(poRegistrar->apszClassesInfo[i]) == nOBJL )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57classregistrar.cpp:448:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        return atoi(poRegistrar->apszClassesInfo[iCurrentClass]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57reader.cpp:1047:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLNAM[32];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57reader.cpp:1821:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( &nYCOO, pachData, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57reader.cpp:1825:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( &nXCOO, pachData, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57reader.cpp:2713:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pachInsertion, poSrcFSPT->GetData(), nInsertionBytes );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57reader.cpp:2731:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( pachInsertion + nInsertionBytes,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57reader.cpp:2802:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pachInsertion, poSrcVRPT->GetData(), nInsertionBytes );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57reader.cpp:2819:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( pachInsertion + nInsertionBytes,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57reader.cpp:2917:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pachInsertion, poSrcSG2D->GetData(), nInsertionBytes );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57reader.cpp:2935:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( pachInsertion + nInsertionBytes,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57reader.cpp:3033:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pachInsertion, poSrcFFPT->GetData(), nInsertionBytes );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57reader.cpp:3051:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( pachInsertion + nInsertionBytes,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57reader.cpp:3317:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char buf[2];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57reader.cpp:3325:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char buf[3];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57reader.cpp:3333:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char buf[4];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57writer.cpp:572:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char abyData[2] = {
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57writer.cpp:618:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyRawData + i * 8, &nYCOO, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57writer.cpp:619:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyRawData + i * 8 + 4, &nXCOO, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57writer.cpp:625:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyRawData + i * 12, &nYCOO, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57writer.cpp:626:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyRawData + i * 12 + 4, &nXCOO, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57writer.cpp:627:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyRawData + i * 12 + 8, &nVE3D, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57writer.cpp:753:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szName0[5] = {
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57writer.cpp:772:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        const char szName1[5] = {
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57writer.cpp:922:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyRawData + i*8 + 1, &nRCID, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57writer.cpp:949:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szLNAM[9];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57writer.cpp:1011:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char achRawData[5000] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57writer.cpp:1033:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( achRawData + nRawSize, &nATTL, 2 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57writer.cpp:1039:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        if( atoi(pszATVL) == EMPTY_NUMBER_MARKER
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57writer.cpp:1052:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( achRawData + nRawSize, pszATVL, strlen(pszATVL) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sde/ogrsdedatasource.cpp:68:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char       pszVersionName[SE_MAX_VERSION_LEN];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sde/ogrsdedatasource.cpp:132:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szErrorMsg[SE_MAX_MESSAGE_LENGTH+1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sde/ogrsdedatasource.cpp:134:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pszVersionName[SE_MAX_VERSION_LEN];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sde/ogrsdedatasource.cpp:314:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char username[SE_MAX_OWNER_LEN];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sde/ogrsdedatasource.cpp:718:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pszVersionName[SE_MAX_VERSION_LEN];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sde/ogrsdedatasource.cpp:869:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTableName[SE_QUALIFIED_TABLE_NAME+1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sde/ogrsdedatasource.cpp:1136:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                szQualifiedTable[SE_QUALIFIED_TABLE_NAME];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sde/ogrsdedatasource.cpp:1352:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTableName[SE_QUALIFIED_TABLE_NAME+1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sde/ogrsdedatasource.cpp:1353:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szIDColName[SE_MAX_COLUMN_LEN+1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sde/ogrsdelayer.cpp:343:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szWKT[SE_MAX_SPATIALREF_SRTEXT_LEN];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sde/ogrsdelayer.cpp:430:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTableName[SE_QUALIFIED_TABLE_NAME];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sde/ogrsdelayer.cpp:431:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szShapeColumn[SE_MAX_COLUMN_LEN];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sde/ogrsdelayer.cpp:1909:19:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                  memcpy(sClobstring, sClobVal.clob_buffer, sClobVal.clob_length);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sde/ogrsdelayer.cpp:1938:19:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                  memcpy(sNclobstring, sNclobVal.nclob_buffer, sNclobVal.nclob_length);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sde/ogrsdelayer.cpp:2207:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTableName[SE_QUALIFIED_TABLE_NAME];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sde/ogrsdelayer.cpp:2208:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szShapeColumn[SE_MAX_COLUMN_LEN];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sdts/ogrsdtsdatasource.cpp:117:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char pachLeader[10] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:43:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(szField, pszLine + nOffset, nLen);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:207:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char aszParams[6][6+1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:208:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szZ[10+1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:229:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    int nVal = atoi(papszTokens[i]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:300:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szLineName[12 + 1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:313:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szVesselId[1+1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:321:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szSourceId[1+1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:329:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szOtherId[1+1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:337:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szPointNumber[6+1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:339:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        poFeature->SetField(4, atoi(szPointNumber));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:341:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szDeg[3+1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:342:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szMin[2+1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:343:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szSec[5+1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:348:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        double dfLat = atoi(szDeg) + atoi(szMin) / 60.0 + CPLAtof(szSec) / 3600.0;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:348:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        double dfLat = atoi(szDeg) + atoi(szMin) / 60.0 + CPLAtof(szSec) / 3600.0;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:356:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        double dfLon = atoi(szDeg) + atoi(szMin) / 60.0 + CPLAtof(szSec) / 3600.0;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:356:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        double dfLon = atoi(szDeg) + atoi(szMin) / 60.0 + CPLAtof(szSec) / 3600.0;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:367:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szEasting[9+1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:372:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szNorthing[9+1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:390:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szDepth[6+1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:399:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szDayOfYear[3+1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:401:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nDayOfYear = atoi(szDayOfYear);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:407:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szH[2+1], szM[2+1], szS[2+1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:411:54:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            poFeature->SetField(FIELD_TIME, 0, 0, 0, atoi(szH), atoi(szM), static_cast<float>(atoi(szS)) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:411:65:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            poFeature->SetField(FIELD_TIME, 0, 0, 0, atoi(szH), atoi(szM), static_cast<float>(atoi(szS)) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:411:95:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            poFeature->SetField(FIELD_TIME, 0, 0, 0, atoi(szH), atoi(szM), static_cast<float>(atoi(szS)) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:438:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                        atoi(szH), atoi(szM),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:438:52:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                        atoi(szH), atoi(szM),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:439:60:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                                        static_cast<float>(atoi(szS)) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:585:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szDeg[3+1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:586:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szMin[2+1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:587:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szSec[4+1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:592:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            double dfLat = atoi(szDeg) + atoi(szMin) / 60.0 + atoi(szSec) / 100.0 / 3600.0;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:592:42:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            double dfLat = atoi(szDeg) + atoi(szMin) / 60.0 + atoi(szSec) / 100.0 / 3600.0;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:592:63:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            double dfLat = atoi(szDeg) + atoi(szMin) / 60.0 + atoi(szSec) / 100.0 / 3600.0;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:600:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            double dfLon = atoi(szDeg) + atoi(szMin) / 60.0 + atoi(szSec) / 100.0 / 3600.0;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:600:42:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            double dfLon = atoi(szDeg) + atoi(szMin) / 60.0 + atoi(szSec) / 100.0 / 3600.0;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:600:63:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            double dfLon = atoi(szDeg) + atoi(szMin) / 60.0 + atoi(szSec) / 100.0 / 3600.0;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:612:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szLineName[16 + 1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:625:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szPointNumber[8+1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:627:58:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            poFeature->SetField(SEGP1_FIELD_POINTNUMBER, atoi(szPointNumber));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:629:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szReshootCode[1+1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:635:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szEasting[8+1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:640:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szNorthing[8+1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:651:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szDepth[5+1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segy/ogrsegydatasource.cpp:88:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&nVal, pabyVal, 2);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segy/ogrsegydatasource.cpp:100:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&nVal, pabyVal, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segy/ogrsegylayer.cpp:240:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&fVal, pabyVal, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segy/ogrsegylayer.cpp:360:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&nVal, pabyData, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segy/ogrsegylayer.cpp:370:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&fVal, &nVal, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segy/ogrsegylayer.cpp:657:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(&nVal, pabyData + i * 4, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segy/ogrsegylayer.cpp:666:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(&nVal, pabyData + i * 2, 2);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segy/ogrsegylayer.cpp:675:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(&fVal, pabyData + i * 4, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/selafin/io_selafin.cpp:306:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char anb[4];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/selafin/io_selafin.cpp:312:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&nData, anb, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/selafin/io_selafin.cpp:319:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char anb[4];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/selafin/io_selafin.cpp:321:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(anb, &nData, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/selafin/ogrselafindatasource.cpp:360:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBuf[9];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/selafin/ogrselafindatasource.cpp:428:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szTemp[30] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/selafin/ogrselafindriver.cpp:98:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pszTitle[81];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/selafin/ogrselafindriver.cpp:105:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        pnDate[0]=atoi(pszTemp);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/selafin/ogrselafindriver.cpp:110:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        pnDate[1]=atoi(pszc);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/selafin/ogrselafindriver.cpp:113:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        pnDate[2]=atoi(pszc);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/selafin/ogrselafindriver.cpp:116:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        pnDate[3]=atoi(pszc);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/selafin/ogrselafindriver.cpp:119:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        pnDate[4]=atoi(pszc);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/selafin/ogrselafindriver.cpp:122:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        pnDate[5]=atoi(pszc);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/selafin/ogrselafinlayer.cpp:46:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char anBuf[0x10000];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:280:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char	abyHeader[XBASE_FILEHDR_SZ] = { 0 };
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:363:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szMessage[128];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:402:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szMessage[128];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:412:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szMessage[128];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:433:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char		abyFileHeader[XBASE_FILEHDR_SZ];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:545:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pszFullname, pszFilename, nLenWithoutExtension);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:546:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pszFullname + nLenWithoutExtension, ".dbf", 5);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:550:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &(psDBF->sHooks), psHooks, sizeof(SAHooks) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:554:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pszFullname + nLenWithoutExtension, ".DBF", 5);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:558:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pszFullname + nLenWithoutExtension, ".cpg", 5);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:562:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pszFullname + nLenWithoutExtension, ".CPG", 5);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:630:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( psDBF->pszCodePage, pabyBuf, n + 1 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:819:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pszFullname, pszFilename, nLenWithoutExtension);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:820:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pszFullname + nLenWithoutExtension, ".dbf", 5);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:842:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pszFullname + nLenWithoutExtension, ".cpg", 5);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:847:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            ldid = atoi( pszCodePage + 5 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:870:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &(psDBF->sHooks), psHooks, sizeof(SAHooks) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:974:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szMessage[128];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:994:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szMessage[128];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:1170:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( psDBF->pszWorkField,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:1182:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        psDBF->fieldValue.nIntField = atoi(psDBF->pszWorkField);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:1444:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	szSField[XBASE_FLD_MAX_WIDTH+1], szFormat[20];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:1518:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(REINTERPRET_CAST(char *, pabyRec+psDBF->panFieldOffset[iField]),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:1737:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy ( pabyRec, pRawTuple,  psDBF->nRecordLength );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:1786:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy ( newDBF->pszHeader, psDBF->pszHeader, XBASE_FLDHDR_SZ * psDBF->nFields );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:1790:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy ( newDBF->panFieldOffset, psDBF->panFieldOffset, sizeof(int) * psDBF->nFields );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:1792:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy ( newDBF->panFieldSize, psDBF->panFieldSize, sizeof(int) * psDBF->nFields );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:1794:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy ( newDBF->panFieldDecimals, psDBF->panFieldDecimals, sizeof(int) * psDBF->nFields );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:1796:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy ( newDBF->pachFieldType, psDBF->pachFieldType, sizeof(char)*psDBF->nFields );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:1844:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char          name[XBASE_FLDNAME_LEN_READ+1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:2104:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pszHeaderNew + i * XBASE_FLDHDR_SZ,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:2141:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(pszRecordNew + panFieldOffsetNew[i],
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:2287:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pszOldField, pszRecord + nOffset, nOldWidth);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:2354:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pszOldField, pszRecord + nOffset, nOldWidth);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/ogrshapedatasource.cpp:1160:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        CSLCount(papszTokens) == 7 ? atoi(papszTokens[6]) : 0;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/ogrshapelayer.cpp:358:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        switch( atoi(pszCodePage+5) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/ogrshapelayer.cpp:436:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if( (atoi(pszCodePage) >= 437 && atoi(pszCodePage) <= 950)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/ogrshapelayer.cpp:436:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if( (atoi(pszCodePage) >= 437 && atoi(pszCodePage) <= 950)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/ogrshapelayer.cpp:437:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        || (atoi(pszCodePage) >= 1250 && atoi(pszCodePage) <= 1258) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/ogrshapelayer.cpp:437:42:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        || (atoi(pszCodePage) >= 1250 && atoi(pszCodePage) <= 1258) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/ogrshapelayer.cpp:439:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        l_osEncoding.Printf( "CP%d", atoi(pszCodePage) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/ogrshapelayer.cpp:1327:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(&(sShape.nSHPType), abyBuf, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/ogrshapelayer.cpp:1335:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(&(sShape.dfXMin), abyBuf + 4, 8);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/ogrshapelayer.cpp:1336:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(&(sShape.dfYMin), abyBuf + 12, 8);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/ogrshapelayer.cpp:1337:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(&(sShape.dfXMax), abyBuf + 20, 8);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/ogrshapelayer.cpp:1338:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(&(sShape.dfYMax), abyBuf + 28, 8);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/ogrshapelayer.cpp:1649:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szFieldName[XBASE_FLDNAME_LEN_READ+1] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/ogrshapelayer.cpp:1759:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szNewFieldName[XBASE_FLDNAME_LEN_WRITE + 1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/ogrshapelayer.cpp:2053:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szFieldName[XBASE_FLDNAME_LEN_READ+1] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/ogrshapelayer.cpp:2201:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            const int nEPSGCode = atoi(pszAuthorityCode);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/ogrshapelayer.cpp:2272:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char abyHeader[100] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/ogrshapelayer.cpp:2396:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        const char papszExt[2][4] = { "sbn", "sbx" };
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/ogrshapelayer.cpp:2861:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(panRecOffsetNew, hNewSHP->panRecOffset,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/ogrshapelayer.cpp:2863:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(panRecSizeNew, hNewSHP->panRecSize,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/ogrshapelayer.cpp:2972:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(hSHP->adBoundsMin, sSHPInfo.adBoundsMin,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/ogrshapelayer.cpp:2974:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(hSHP->adBoundsMax, sSHPInfo.adBoundsMax,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/ogrshapelayer.cpp:3194:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szFieldName[XBASE_FLDNAME_LEN_READ+1] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/ogrshapelayer.cpp:3356:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(hSHP->adBoundsMin, adBoundsMin, 4*sizeof(double));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/ogrshapelayer.cpp:3357:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(hSHP->adBoundsMax, adBoundsMax, 4*sizeof(double));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/sbnsearch.c:197:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &(hSBN->sHooks), psHooks, sizeof(SAHooks) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/sbnsearch.c:228:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&hSBN->dfMinX, abyHeader + 32, 8);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/sbnsearch.c:229:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&hSBN->dfMinY, abyHeader + 40, 8);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/sbnsearch.c:230:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&hSBN->dfMaxX, abyHeader + 48, 8);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/sbnsearch.c:231:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&hSBN->dfMaxY, abyHeader + 56, 8);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/sbnsearch.c:256:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szErrorMsg[64];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/sbnsearch.c:306:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szErrorMsg[64];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shape2ogr.cpp:971:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szFieldName[XBASE_FLDNAME_LEN_READ+1] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shape2ogr.cpp:1301:56:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                  sFld.Date.Month = static_cast<GByte>(atoi(pszDateValue + 0));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shape2ogr.cpp:1302:56:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                  sFld.Date.Day   = static_cast<GByte>(atoi(pszDateValue + 3));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shape2ogr.cpp:1303:57:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                  sFld.Date.Year  = static_cast<GInt16>(atoi(pszDateValue + 6));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shape2ogr.cpp:1307:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                  const int nFullDate = atoi(pszDateValue);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shape2ogr.cpp:1335:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szFieldName[20] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shape2ogr.cpp:1516:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
              char szFormat[20] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shape2ogr.cpp:1517:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
              char szValue[32] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:315:29:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define ByteCopy( a, b, c )	memcpy( b, a, c )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:472:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szErrorMsg[200];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:491:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szErrorMsg[200];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:522:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szErrorMsg[200];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:625:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &(psSHP->sHooks), psHooks, sizeof(SAHooks) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:633:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pszFullname, pszLayer, nLenWithoutExtension);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:634:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pszFullname + nLenWithoutExtension, ".shp", 5);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:638:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pszFullname + nLenWithoutExtension, ".SHP", 5);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:658:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pszFullname + nLenWithoutExtension, ".shx", 5);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:662:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pszFullname + nLenWithoutExtension, ".SHX", 5);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:733:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szErrorMsg[200];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:768:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &dValue, pabyBuf+36, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:772:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &dValue, pabyBuf+44, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:776:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &dValue, pabyBuf+52, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:780:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &dValue, pabyBuf+60, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:784:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &dValue, pabyBuf+68, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:788:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &dValue, pabyBuf+76, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:792:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &dValue, pabyBuf+84, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:796:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &dValue, pabyBuf+92, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:820:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szErrorMsg[200];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:848:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szErrorMsg[200];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:878:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &nOffset, pabyBuf + i * 8, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:881:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &nLength, pabyBuf + i * 8 + 4, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:886:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char str[128];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:898:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char str[128];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:966:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            abyReadedRecord[8];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:1003:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pszFullname, pszLayer, nLenWithoutExtension);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:1004:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pszFullname + nLenWithoutExtension, ".shp", 5);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:1008:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pszFullname + nLenWithoutExtension, ".SHP", 5);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:1050:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pszFullname + nLenWithoutExtension, ".shx", 5);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:1075:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabySHXHeader, pabyBuf, 100 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:1085:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( abyReadedRecord, &nRecordOffset, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:1086:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( abyReadedRecord + 4, &nRecordLength, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:1281:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pszFullname, pszLayer, nLenWithoutExtension);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:1282:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pszFullname + nLenWithoutExtension, ".shp", 5);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:1286:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szErrorMsg[200];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:1295:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pszFullname + nLenWithoutExtension, ".shx", 5);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:1299:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szErrorMsg[200];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:1340:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szErrorMsg[200];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:1359:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szErrorMsg[200];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:1543:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(psObject->padfX, padfX, nSize);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:1545:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(psObject->padfY, padfY, nSize);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:1547:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(psObject->padfZ, padfZ, nSize);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:1550:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(psObject->padfM, padfM, nSize);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:1693:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyRec + nRecordSize, psObject->panPartType,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:1900:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char str[128];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:1938:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szErrorMsg[200];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:1951:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szErrorMsg[200];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:2082:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                 szErrorMsg[160];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:2103:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char str[128];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:2117:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char str[128];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:2127:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char str[128];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:2176:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char str[128];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:2218:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char str[128];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:2240:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &nSHPContentLength, psSHP->pabyRec + 4, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:2246:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char str[128];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:2262:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char str[128];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:2281:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &nSHPType, psSHP->pabyRec + 8, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:2335:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &(psShape->dfXMin), psSHP->pabyRec + 8 +  4, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:2336:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &(psShape->dfYMin), psSHP->pabyRec + 8 + 12, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:2337:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &(psShape->dfXMax), psSHP->pabyRec + 8 + 20, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:2338:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &(psShape->dfYMax), psSHP->pabyRec + 8 + 28, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:2349:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &nPoints, psSHP->pabyRec + 40 + 8, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:2350:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &nParts, psSHP->pabyRec + 36 + 8, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:2432:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( psShape->panPartStart, psSHP->pabyRec + 44 + 8, 4 * nParts );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:2470:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( psShape->panPartType, psSHP->pabyRec + nOffset, 4*nParts );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:2484:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(psShape->padfX + i,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:2488:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(psShape->padfY + i,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:2505:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &(psShape->dfZMin), psSHP->pabyRec + nOffset, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:2506:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &(psShape->dfZMax), psSHP->pabyRec + nOffset + 8, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:2513:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( psShape->padfZ + i,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:2533:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &(psShape->dfMMin), psSHP->pabyRec + nOffset, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:2534:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &(psShape->dfMMax), psSHP->pabyRec + nOffset + 8, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:2541:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( psShape->padfM + i,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:2575:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &nPoints, psSHP->pabyRec + 44, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:2637:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(psShape->padfX+i, psSHP->pabyRec + 48 + 16 * i, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:2638:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(psShape->padfY+i, psSHP->pabyRec + 48 + 16 * i + 8, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:2649:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &(psShape->dfXMin), psSHP->pabyRec + 8 +  4, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:2650:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &(psShape->dfYMin), psSHP->pabyRec + 8 + 12, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:2651:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &(psShape->dfXMax), psSHP->pabyRec + 8 + 20, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:2652:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &(psShape->dfYMax), psSHP->pabyRec + 8 + 28, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:2664:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &(psShape->dfZMin), psSHP->pabyRec + nOffset, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:2665:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &(psShape->dfZMax), psSHP->pabyRec + nOffset + 8, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:2672:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( psShape->padfZ + i,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:2690:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &(psShape->dfMMin), psSHP->pabyRec + nOffset, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:2691:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &(psShape->dfMMax), psSHP->pabyRec + nOffset + 8, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:2698:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( psShape->padfM + i,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:2745:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( psShape->padfX, psSHP->pabyRec + 12, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:2746:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( psShape->padfY, psSHP->pabyRec + 20, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:2758:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( psShape->padfZ, psSHP->pabyRec + nOffset, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:2773:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( psShape->padfM, psSHP->pabyRec + nOffset, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shptree.c:120:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( psTreeNode->adfBoundsMin, padfBoundsMin, sizeof(double) * 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shptree.c:123:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( psTreeNode->adfBoundsMax, padfBoundsMax, sizeof(double) * 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shptree.c:366:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfBoundsMin1, padfBoundsMinIn, sizeof(double) * 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shptree.c:367:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfBoundsMax1, padfBoundsMaxIn, sizeof(double) * 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shptree.c:368:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfBoundsMin2, padfBoundsMinIn, sizeof(double) * 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shptree.c:369:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfBoundsMax2, padfBoundsMaxIn, sizeof(double) * 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shptree.c:698:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(psTreeNode->adfBoundsMin, psSubNode->adfBoundsMin,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shptree.c:700:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(psTreeNode->adfBoundsMax, psSubNode->adfBoundsMax,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shptree.c:774:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &(hDiskTree->sHooks), psHooks, sizeof(SAHooks) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shptree.c:993:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char abyBuf[16];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shptree.c:1099:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyRec, &offset, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shptree.c:1102:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyRec+ 4, node->adfBoundsMin+0, sizeof(double) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shptree.c:1103:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyRec+12, node->adfBoundsMin+1, sizeof(double) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shptree.c:1104:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyRec+20, node->adfBoundsMax+0, sizeof(double) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shptree.c:1105:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyRec+28, node->adfBoundsMax+1, sizeof(double) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shptree.c:1107:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyRec+36, &node->nShapeCount, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shptree.c:1110:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyRec+40, node->panShapeIds, j);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shptree.c:1111:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyRec+j+40, &node->nSubNodes, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shptree.c:1142:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char		signature[4] = "SQT";
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shptree.c:1144:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char		abyBuf[32];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shptree.c:1175:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( abyBuf+0, signature, 3 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sosi/fyba_melding.cpp:37:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szErrMsg[260] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sosi/ogrsosidatasource.cpp:561:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                int nKoosys = epsg2sosi(atoi(pszKoosys));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sosi/ogrsosidatasource.cpp:567:45:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    int nKoosys = epsg2sosi(atoi(pszKoosys));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sosi/ogrsosidatatypes.cpp:68:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  return atoi(value);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sosi/ogrsosidatatypes.cpp:75:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char dato[9];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sosi/ogrsosidatatypes.cpp:77:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  date[2] = atoi(dato+6);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sosi/ogrsosidatatypes.cpp:79:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  date[1] = atoi(dato+4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sosi/ogrsosidatatypes.cpp:81:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  date[0] = atoi(dato);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sosi/ogrsosidatatypes.cpp:85:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char dato[15];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sosi/ogrsosidatatypes.cpp:88:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    date[5] = atoi(dato+12);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sosi/ogrsosidatatypes.cpp:90:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    date[4] = atoi(dato+10);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sosi/ogrsosidatatypes.cpp:92:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    date[3] = atoi(dato+8);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sosi/ogrsosidatatypes.cpp:97:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  date[2] = atoi(dato+6);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sosi/ogrsosidatatypes.cpp:99:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  date[1] = atoi(dato+4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sosi/ogrsosidatatypes.cpp:101:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  date[0] = atoi(dato);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sosi/ogrsosilayer.cpp:107:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pszGi[255];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlite3ext.h:344:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  int  (*open)(const char*,sqlite3**);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlite3ext.h:559:53:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#define sqlite3_open                   sqlite3_api->open
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitedatasource.cpp:569:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nReplaceEventId = atoi(pszEventId);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitedatasource.cpp:636:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            static_cast<GIntBig>(atoi( pszSqliteCacheMB )) * 1024 * 1024;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitedatasource.cpp:803:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        sqlite3_busy_timeout(hDB, atoi(pszVal));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitedatasource.cpp:1119:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nSRSId = atoi(*iterCode);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitedatasource.cpp:1965:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nSRID = atoi(papszTokens[2]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitedatasource.cpp:2278:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szVal[64];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitedatasource.cpp:2638:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nSRSId = atoi(pszSRID);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitedatasource.cpp:3183:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                oSRS.importFromEPSG( atoi(pszAuthorityCode) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitedatasource.cpp:3258:56:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nSRSId = (papszResult[1] != nullptr) ? atoi(papszResult[1]) : nUndefinedSRID;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitedatasource.cpp:3412:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nSRSId = atoi(pszAuthorityCode);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitedatasource.cpp:3446:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nSRSId = atoi(papszResult[1]) + 1;  // Insert as the next SRS ID
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitedatasource.cpp:3689:56:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nAuthSRID = (papszRow[2] != nullptr) ? atoi(papszRow[2]) : 0;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqliteexecutesql.cpp:811:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pabyEmptyDBClone, pabyEmptyDB, nEmptyDBSize);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:396:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                            nSRID = atoi(pszSRID);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:967:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &nGType, pabyData, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:1004:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( adfTuple, pabyData + 4, 2*8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:1026:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( adfTuple, pabyData + 4, 3*8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:1049:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( adfTuple, pabyData + 4, 3*8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:1074:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( adfTuple, pabyData + 4, 4*8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:1098:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &nPointCount, pabyData + 4, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:1120:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( adfTuple, pabyData + 8 + 2*8*iPoint, 2*8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:1140:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &nPointCount, pabyData + 4, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:1157:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( adfTuple, pabyData + 8 + 3*8*iPoint, 3*8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:1182:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &nPointCount, pabyData + 4, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:1199:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( adfTuple, pabyData + 8 + 3*8*iPoint, 3*8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:1223:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &nPointCount, pabyData + 4, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:1240:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( adfTuple, pabyData + 8 + 4*8*iPoint, 4*8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:1265:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &nPointCount, pabyData + 4, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:1292:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( adfTuple, pabyData + nNextByte, 2*8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:1305:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( asfTuple, pabyData + nNextByte, 2*4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:1335:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &nPointCount, pabyData + 4, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:1362:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( adfTuple, pabyData + nNextByte, 3*8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:1376:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( asfTuple, pabyData + nNextByte, 3*4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:1409:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &nPointCount, pabyData + 4, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:1435:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( adfTuple, pabyData + nNextByte, 3*8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:1449:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( asfTuple, pabyData + nNextByte, 2*4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:1450:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( adfTuple + 2, pabyData + nNextByte + 2*4, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:1481:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &nPointCount, pabyData + 4, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:1509:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( adfTuple, pabyData + nNextByte, 4*8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:1524:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( asfTuple, pabyData + nNextByte, 3*4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:1525:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( adfTuple + 3, pabyData + nNextByte + 3*4, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:1559:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &nRingCount, pabyData + 4, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:1584:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &nPointCount, pabyData + nNextByte, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:1614:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( adfTuple, pabyData + nNextByte, 2*8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:1638:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &nRingCount, pabyData + 4, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:1663:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &nPointCount, pabyData + nNextByte, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:1687:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( adfTuple, pabyData + nNextByte, 3*8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:1716:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &nRingCount, pabyData + 4, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:1741:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &nPointCount, pabyData + nNextByte, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:1765:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( adfTuple, pabyData + nNextByte, 3*8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:1794:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &nRingCount, pabyData + 4, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:1819:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &nPointCount, pabyData + nNextByte, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:1844:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( adfTuple, pabyData + nNextByte, 4*8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:1874:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &nRingCount, pabyData + 4, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:1899:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &nPointCount, pabyData + nNextByte, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:1930:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( adfTuple, pabyData + nNextByte, 2*8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:1943:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( asfTuple, pabyData + nNextByte, 2*4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:1976:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &nRingCount, pabyData + 4, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:2001:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &nPointCount, pabyData + nNextByte, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:2032:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( adfTuple, pabyData + nNextByte, 3*8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:2046:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( asfTuple, pabyData + nNextByte, 3*4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:2082:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &nRingCount, pabyData + 4, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:2107:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &nPointCount, pabyData + nNextByte, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:2138:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( adfTuple, pabyData + nNextByte, 3*8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:2152:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( asfTuple, pabyData + nNextByte, 2*4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:2153:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( adfTuple + 2, pabyData + nNextByte + 2*4, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:2187:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &nRingCount, pabyData + 4, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:2212:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &nPointCount, pabyData + nNextByte, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:2244:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( adfTuple, pabyData + nNextByte, 4*8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:2259:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( asfTuple, pabyData + nNextByte, 3*4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:2260:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( adfTuple + 3, pabyData + nNextByte + 3*4, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:2312:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &nGeomCount, pabyData + 4, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:2508:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &nSRID, pabyData + 2, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:2518:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &nSpliteType, pabyData + 39, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:2538:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( &nSpliteType, pabyData + 43, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:2549:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &dfMinX, pabyData + 6, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:2558:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &dfMinY, pabyData + 14, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:2568:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &dfMaxX, pabyData + 22, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:2577:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &dfMaxY, pabyData + 30, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:2626:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &nSRID, pabyData + 2, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:2979:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pabyData, &x, 8);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:2980:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pabyData + 8, &y, 8);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:2991:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(pabyData + 16, &z, 8);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:2997:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(pabyData + 24, &m, 8);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:3010:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(pabyData + 16, &m, 8);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:3026:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pabyData, &nPointCount, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:3045:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(pabyData + nTotalSize, &x, 8);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:3046:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(pabyData + nTotalSize + 8, &y, 8);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:3055:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy(pabyData + nTotalSize + 16, &z, 8);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:3061:29:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                            memcpy(pabyData + nTotalSize + 24, &m, 8);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:3074:29:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                            memcpy(pabyData + nTotalSize + 16, &m, 8);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:3087:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(pabyData + nTotalSize, &deltax, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:3088:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(pabyData + nTotalSize + 4, &deltay, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:3098:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy(pabyData + nTotalSize + 8, &deltaz, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:3104:29:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                            memcpy(pabyData + nTotalSize + 12, &m, 8);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:3117:29:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                            memcpy(pabyData + nTotalSize + 8, &m, 8);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:3139:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(pabyData, &nParts, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:3173:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pabyData, &nParts, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:3197:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(pabyData + nTotalSize, &nCode, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:3249:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( *ppabyData + 2, &nSRID, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:3253:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( *ppabyData + 6, &sEnvelope.MinX, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:3254:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( *ppabyData + 14, &sEnvelope.MinY, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:3255:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( *ppabyData + 22, &sEnvelope.MaxX, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:3256:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( *ppabyData + 30, &sEnvelope.MaxY, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitelayer.cpp:3271:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( *ppabyData + 39, &nCode, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqliteregexp.cpp:73:29:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *re = (const char *) sqlite3_value_text(argv[0]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqliteregexp.cpp:85:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *str = (const char *) sqlite3_value_text(argv[1]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqliteselectlayer.cpp:120:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(&nSRSId, pabyBlob + 2, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqliteselectlayer.cpp:323:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nResult = atoi(papszResult[1]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:441:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                poGeomFieldDefn->nSRSId = atoi(papszRow[0]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:445:57:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    poGeomFieldDefn->bHasSpatialIndex = atoi(papszRow[3]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:448:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    int nGeomType = atoi(papszRow[1]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:475:50:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                eGeomType = (OGRwkbGeometryType) atoi(papszRow[1]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:476:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                if( atoi(papszRow[2]) > 2 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:1673:13:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
            strcat( pszNewFieldList, " VARCHAR" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:1675:13:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
            strcat( pszNewFieldList, " BLOB" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:1677:13:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
            strcat( pszNewFieldList, " NOT NULL" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:2283:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char szBuffer[64];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:2301:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char szBuffer[64];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqliteutility.cpp:133:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    return atoi(pszValue);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitevfs.cpp:55:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                       szVFSName[64];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitevfs.cpp:495:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    pMyVFS->mxPathname = atoi(CPLGetConfigOption("OGR_SQLITE_VFS_MAXPATHNAME", "2048"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqliteviewlayer.cpp:575:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nResult = atoi(papszResult[1]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitevirtualogr.cpp:244:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    nSRSId = atoi(pszAuthorityCode);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitevirtualogr.cpp:478:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nDSIndex = atoi(argv[3]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitevirtualogr.cpp:498:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        bExposeOGR_STYLE = atoi(SQLUnescape(argv[5]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitevirtualogr.cpp:499:46:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        bExposeOGRNativeData = (argc == 7) ? atoi(SQLUnescape(argv[6])) : FALSE;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitevirtualogr.cpp:530:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int bUpdate = atoi(osUpdate);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitevirtualogr.cpp:576:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            bExposeOGR_STYLE = atoi(SQLUnescape(argv[6]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitevirtualogr.cpp:580:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            bExposeOGRNativeData = atoi(SQLUnescape(argv[7]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitevirtualogr.cpp:1325:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pabyGeomBLOBDup,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitevirtualogr.cpp:1424:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szBuffer[64];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitevirtualogr.cpp:1443:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szBuffer[64];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitevirtualogr.cpp:1982:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nDSIndex = atoi(argv[3]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/rasterlite2.cpp:1684:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nBITS = atoi(pszNBITS);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/rasterlite2.cpp:1698:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nBITS = atoi(pszNBITS);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/rasterlite2.cpp:2045:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nQuality = atoi(pszQuality);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/rasterlite2.cpp:2052:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    unsigned int nTileWidth = atoi( CSLFetchNameValueDef(papszOptions,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/rasterlite2.cpp:2055:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    unsigned int nTileHeight = atoi( CSLFetchNameValueDef(papszOptions,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/rasterlite2.cpp:2096:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nSRSId = atoi(pszSRID);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/rasterlite2.cpp:2279:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &cbk_data.adfGeoTransform, adfGeoTransform,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/rasterlite2.cpp:2443:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( padfGeoTransform, m_adfGeoTransform, 6 * sizeof(double) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/test_load_virtual_ogr.c:74:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBuffer[256];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sua/ogrsualayer.cpp:134:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szDeg[4], szMin[3], szSec[3];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sua/ogrsualayer.cpp:145:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    dfLat = atoi(szDeg) + atoi(szMin) / 60. + atoi(szSec) / 3600.;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sua/ogrsualayer.cpp:145:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    dfLat = atoi(szDeg) + atoi(szMin) / 60. + atoi(szSec) / 3600.;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sua/ogrsualayer.cpp:145:47:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    dfLat = atoi(szDeg) + atoi(szMin) / 60. + atoi(szSec) / 3600.;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sua/ogrsualayer.cpp:160:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    dfLon = atoi(szDeg) + atoi(szMin) / 60. + atoi(szSec) / 3600.;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sua/ogrsualayer.cpp:160:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    dfLon = atoi(szDeg) + atoi(szMin) / 60. + atoi(szSec) / 3600.;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sua/ogrsualayer.cpp:160:47:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    dfLon = atoi(szDeg) + atoi(szMin) / 60. + atoi(szSec) / 3600.;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/svg/ogrsvgdatasource.cpp:171:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char aBuf[BUFSIZ];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/svg/ogrsvgdatasource.cpp:245:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char aBuf[256];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/svg/ogrsvglayer.cpp:230:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBuffer[32];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/svg/ogrsvglayer.cpp:520:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pszSubElementValue + nSubElementValueLen, data, nLen);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/svg/ogrsvglayer.cpp:556:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char aBuf[BUFSIZ];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/svg/ogrsvglayer.cpp:671:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char aBuf[BUFSIZ];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxfdatasource.cpp:328:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char date[3] = { 0 };
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxfdatasource.cpp:331:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(date, buff, 2);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxfdatasource.cpp:332:59:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        passport.dtCrateDate.nYear = static_cast<GUInt16>(atoi(date));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxfdatasource.cpp:338:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(date, buff + 2, 2);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxfdatasource.cpp:340:60:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        passport.dtCrateDate.nMonth = static_cast<GUInt16>(atoi(date));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxfdatasource.cpp:342:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(date, buff + 4, 2);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxfdatasource.cpp:344:58:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        passport.dtCrateDate.nDay = static_cast<GUInt16>(atoi(date));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxfdatasource.cpp:346:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szName[26] = { 0 };
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxfdatasource.cpp:347:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(szName, buff + 8, 24);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxfdatasource.cpp:353:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&passport.nScale, buff + 32, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxfdatasource.cpp:356:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(szName, buff + 36, 26);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxfdatasource.cpp:367:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char date[5] = { 0 };
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxfdatasource.cpp:370:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(date, buff, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxfdatasource.cpp:371:59:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        passport.dtCrateDate.nYear = static_cast<GUInt16>(atoi(date));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxfdatasource.cpp:373:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(date, buff + 4, 2);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxfdatasource.cpp:376:60:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        passport.dtCrateDate.nMonth = static_cast<GUInt16>(atoi(date));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxfdatasource.cpp:378:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(date, buff + 6, 2);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxfdatasource.cpp:380:58:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        passport.dtCrateDate.nDay = static_cast<GUInt16>(atoi(date));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxfdatasource.cpp:382:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szName[32] = { 0 };
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxfdatasource.cpp:383:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(szName, buff + 12, 32);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxfdatasource.cpp:389:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&passport.nScale, buff + 44, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxfdatasource.cpp:392:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(szName, buff + 48, 32);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxfdatasource.cpp:1012:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szName[32];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxfdatasource.cpp:1013:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szShortName[16];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxfdatasource.cpp:1073:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szObjectsID[4];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxfdatasource.cpp:1081:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szShortName[32];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxfdatasource.cpp:1082:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szName[32];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxfdatasource.cpp:1087:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szUnimportantSeg[14];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxflayer.cpp:441:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&y, psBuff, 2);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxflayer.cpp:443:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&x, psBuff + 2, 2);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxflayer.cpp:473:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&h, psBuff + 4, 4); // H always in float
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxflayer.cpp:486:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&y, psBuff, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxflayer.cpp:489:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&x, psBuff + 4, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxflayer.cpp:510:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&h, psBuff + 8, 4); // H always in float
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxflayer.cpp:523:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&y, psBuff, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxflayer.cpp:525:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&x, psBuff + 4, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxflayer.cpp:554:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&h, psBuff + 8, 4); // H always in float
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxflayer.cpp:568:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&y, psBuff, 8);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxflayer.cpp:570:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&x, psBuff + 8, 8);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxflayer.cpp:591:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&h, psBuff + 16, 8); // H in double
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxflayer.cpp:895:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(value, psSemanticsdBuf + offset, nLen);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxflayer.cpp:913:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(&nTmpVal, psSemanticsdBuf + offset, sizeof(GByte));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxflayer.cpp:928:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(&nTmpVal, psSemanticsdBuf + offset, sizeof(GInt16));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxflayer.cpp:943:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(&nTmpVal, psSemanticsdBuf + offset, sizeof(GInt32));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxflayer.cpp:958:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(&dfTmpVal, psSemanticsdBuf + offset, sizeof(double));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxflayer.cpp:977:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(value, psSemanticsdBuf + offset, nLen);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxflayer.cpp:996:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(value, psSemanticsdBuf + offset, nLen - 2);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxflayer.cpp:1031:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(&scale2, psSemanticsdBuf + offset, sizeof(GUInt32));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxflayer.cpp:1041:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(value, psSemanticsdBuf + offset, scale2 + 1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxflayer.cpp:1111:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nSubObj, psRecordBuf + nOffset, 2);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxflayer.cpp:1115:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nCoords, psRecordBuf + nOffset + 2, 2);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxflayer.cpp:1210:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nSubObj, psRecordBuf + nOffset, 2);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxflayer.cpp:1214:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nCoords, psRecordBuf + nOffset + 2, 2);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxflayer.cpp:1373:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nSubObj, psRecordBuf + nOffset, 2);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxflayer.cpp:1377:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nCoords, psRecordBuf + nOffset + 2, 2);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxflayer.cpp:1513:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nSubObj, psRecordBuf + nOffset, 2);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxflayer.cpp:1517:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&nCoords, psRecordBuf + nOffset + 2, 2);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/org_sxf_defs.h:312:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szID[4]; //the file ID should be "SXF"
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/org_sxf_defs.h:335:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szID[4];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/org_sxf_defs.h:344:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szMapType[32];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/org_sxf_defs.h:345:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szClassifyName[32];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/org_sxf_defs.h:346:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szClassifyCode[8];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/org_sxf_defs.h:348:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char nScales[4];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/ogr_tiger.h:94:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char          pszFieldName[11];  // name of the field
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/ogrtigerdatasource.cpp:168:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szHeader[115];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/ogrtigerdatasource.cpp:320:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char       szModule[128];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/ogrtigerdatasource.cpp:361:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char       szModule[128];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/ogrtigerdatasource.cpp:408:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szHeader[500] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/ogrtigerdatasource.cpp:443:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nVersionCode = atoi(TigerFileBase::GetField( pszRecStart, 2, 5 ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/ogrtigerdatasource.cpp:524:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nVersionCode = atoi(pszRequestedVersion);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/ogrtigerdatasource.cpp:722:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLCExtension[3] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/ogrtigerdatasource.cpp:804:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nVersionCode = atoi(GetOption("VERSION"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigeraltname.cpp:83:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        achRecord[OGR_TIGER_RECBUF_LEN];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigeraltname.cpp:133:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            anFeatList[nFeatCount++] = atoi(pszFieldText);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigeraltname.cpp:152:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szRecord[OGR_TIGER_RECBUF_LEN] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigeraltname.cpp:162:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szWork[9] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigeraltname.cpp:165:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( szRecord + 18 + 8 * i, szWork, 8 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigercompletechain.cpp:301:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char achHeader[10];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigercompletechain.cpp:379:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        achRecord[OGR_TIGER_RECBUF_LEN];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigercompletechain.cpp:429:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char    achRT3Rec[OGR_TIGER_RECBUF_LEN];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigercompletechain.cpp:461:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                     atoi(GetField(achRecord, 191, 200)) / 1000000.0,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigercompletechain.cpp:462:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                     atoi(GetField(achRecord, 201, 209)) / 1000000.0 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigercompletechain.cpp:472:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    poLine->addPoint(atoi(GetField(achRecord, 210, 219)) / 1000000.0,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigercompletechain.cpp:473:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                     atoi(GetField(achRecord, 220, 228)) / 1000000.0 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigercompletechain.cpp:504:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char achShapeRec[OGR_TIGER_RECBUF_LEN];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigercompletechain.cpp:542:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        if( atoi(GetField(achShapeRec,6,15)) != nTLID )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigercompletechain.cpp:553:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            const int nX = atoi(GetField(achShapeRec,iStart,iStart+9));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigercompletechain.cpp:554:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            const int nY = atoi(GetField(achShapeRec,iStart+10,iStart+18));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigercompletechain.cpp:628:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        achShapeRec[OGR_TIGER_RECBUF_LEN];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigercompletechain.cpp:660:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        if( atoi(GetField(achShapeRec,6,15)) == nTLID )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigercompletechain.cpp:667:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        if( atoi(GetField(achShapeRec,16,18)) == 1 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigercompletechain.cpp:742:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        szRecord[OGR_TIGER_RECBUF_LEN];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigercompletechain.cpp:783:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szTemp[5] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigercompletechain.cpp:790:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( ((char *)szRecord) + 15, szTemp, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerfilebase.cpp:132:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        aszRecordHead[6];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerfilebase.cpp:137:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nVersionCode = atoi(aszRecordHead+1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerfilebase.cpp:240:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char         aszField[128];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerfilebase.cpp:286:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szValue[512];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerfilebase.cpp:293:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szFormat[32];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerfilebase.cpp:324:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pachRecord + nStart - 1, szValue, nEnd - nStart + 1 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerfilebase.cpp:339:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pachRecord + nStart - 1, "+000000000+00000000", 19 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerfilebase.cpp:343:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTemp[20] = { 0 };
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerfilebase.cpp:347:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pachRecord + nStart - 1, szTemp, 19 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerfilebase.cpp:374:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szVersion[5] = { 0 };
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerfilebase.cpp:376:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pachRecord + 1, szVersion, 4 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerfilebase.cpp:406:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szFullModule[30];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerfilebase.cpp:549:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        achRecord[OGR_TIGER_RECBUF_LEN];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerfilebase.cpp:603:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        szRecord[OGR_TIGER_RECBUF_LEN];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerpoint.cpp:50:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        achRecord[OGR_TIGER_RECBUF_LEN];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerpoint.cpp:94:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const double dfX = atoi(GetField(achRecord, nX0, nX1)) / 1000000.0;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerpoint.cpp:95:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const double dfY = atoi(GetField(achRecord, nY0, nY1)) / 1000000.0;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerpoint.cpp:111:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        szRecord[OGR_TIGER_RECBUF_LEN];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerpolygon.cpp:477:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        achRecord[OGR_TIGER_RECBUF_LEN];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerpolygon.cpp:530:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char    achRTSRec[OGR_TIGER_RECBUF_LEN];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerpolygon.cpp:602:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        szRecord[OGR_TIGER_RECBUF_LEN];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vdv/ogrvdvdatasource.cpp:67:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    atoi(strchr(papszFrm[i], ',')+1) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vdv/ogrvdvdatasource.cpp:73:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    nWidth = atoi(papszFrm[i] + strlen("decimal") + 1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vdv/ogrvdvdatasource.cpp:88:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    atoi(strchr(papszFrm[i], '.')+1) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vdv/ogrvdvdatasource.cpp:94:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    nWidth = atoi(papszFrm[i] + strlen("num") + 1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vdv/ogrvdvdatasource.cpp:117:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nWidth = atoi(papszFrm[i] + strlen("char") + 1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vdv/ogrvdvdatasource.cpp:676:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBuffer[1+1024+1];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vdv/ogrvdvdatasource.cpp:1686:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                oField.nWidth = atoi(CPLGetXMLValue(psField, "width", "0"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vfk/vfkdatablocksqlite.cpp:373:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *vrColumn[2] = {
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vfk/vfkdatablocksqlite.cpp:485:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *vrColumn[2] = { nullptr, nullptr };
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vfk/vfkfeature.cpp:213:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char s[3] = {}; /* 15 */
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vfk/vfkpropertydefn.cpp:64:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    m_nWidth = atoi(pszWidth);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vfk/vfkpropertydefn.cpp:71:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            m_nPrecision = atoi(poChar+1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vfk/vfkreader.cpp:143:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pszLine, pszRawLine, nBufLength + 1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vrt/ogrvrtdatasource.cpp:469:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            const int nWidth = atoi(CPLGetXMLValue(psSubNode, "width", "0"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vrt/ogrvrtdatasource.cpp:479:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                atoi(CPLGetXMLValue(psSubNode, "precision", "0"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vrt/ogrvrtdatasource.cpp:717:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        poLayer->SetFeatureCount(atoi(pszFeatureCount));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vrt/ogrvrtdatasource.cpp:872:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      std::max(atoi(CPLGetConfigOption("OGR_VRT_MAX_OPENED", "100")), 1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vrt/ogrvrtlayer.cpp:949:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nWidth = atoi(CPLGetXMLValue(psChild, "width", "0"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vrt/ogrvrtlayer.cpp:958:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nPrecision = atoi(CPLGetXMLValue(psChild, "precision", "0"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogrwalklayer.cpp:232:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(poStmt->GetColData(poStmt->GetColId(pszFIDColumn))) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogrwalktablelayer.cpp:346:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    return atoi(oStmt.GetColData(0));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogrwalktool.cpp:179:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&geom->wkbType, p, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogrwalktool.cpp:186:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&geom->point, p, sizeof(WKBPoint));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogrwalktool.cpp:191:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&geom->linestring.numSegments, p, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogrwalktool.cpp:199:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&geom->linestring.segments[i].lineType, p, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogrwalktool.cpp:202:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&geom->linestring.segments[i].numPoints, p, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogrwalktool.cpp:207:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(geom->linestring.segments[i].points, p,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogrwalktool.cpp:215:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&geom->polygon.numRings, p, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogrwalktool.cpp:222:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&geom->polygon.rings[i].numSegments, p, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogrwalktool.cpp:230:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(&geom->polygon.rings[i].segments[j].lineType, p, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogrwalktool.cpp:233:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(&geom->polygon.rings[i].segments[j].numPoints, p, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogrwalktool.cpp:238:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(geom->polygon.rings[i].segments[j].points, p,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogrwalktool.cpp:247:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&geom->mpoint.num_wkbPoints, p, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogrwalktool.cpp:251:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(geom->mpoint.WKBPoints, p, sizeof(WKBPoint) * geom->mpoint.num_wkbPoints);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogrwalktool.cpp:256:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&geom->mlinestring.num_wkbLineStrings, p, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogrwalktool.cpp:264:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&geom->mlinestring.WKBLineStrings[i].numSegments, p, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogrwalktool.cpp:272:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(&geom->mlinestring.WKBLineStrings[i].segments[j].lineType, p, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogrwalktool.cpp:275:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(&geom->mlinestring.WKBLineStrings[i].segments[j].numPoints, p, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogrwalktool.cpp:280:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(geom->mlinestring.WKBLineStrings[i].segments[j].points, p,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogrwalktool.cpp:289:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&geom->mpolygon.num_wkbPolygons, p, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogrwalktool.cpp:296:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&geom->mpolygon.WKBPolygons[i].numRings, p, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogrwalktool.cpp:304:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(&geom->mpolygon.WKBPolygons[i].rings[j].numSegments, p, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogrwalktool.cpp:312:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(&geom->mpolygon.WKBPolygons[i].rings[j].segments[k].lineType, p, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogrwalktool.cpp:315:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(&geom->mpolygon.WKBPolygons[i].rings[j].segments[k].numPoints, p, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogrwalktool.cpp:320:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(geom->mpolygon.WKBPolygons[i].rings[j].segments[k].points,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogrwalktool.cpp:350:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&geom->wkbType, p, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogrwalktool.cpp:364:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&geom->mgeometries.num_wkbSGeometries, p, 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogr_wfs.h:338:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char         *apszGetCapabilities[2];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogroapifdriver.cpp:677:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    m_nPageSize = atoi( CSLFetchNameValueDef(poOpenInfo->papszOpenOptions,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogrwfsdatasource.cpp:176:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nPageSize = atoi(pszOption);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogrwfsdatasource.cpp:183:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nBaseStartIndex = atoi(pszOption);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogrwfsdatasource.cpp:665:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                int nVal = atoi(CPLGetXMLValue(psChild, "DefaultValue", "0"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogrwfsdatasource.cpp:677:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nPageSize = atoi(pszOption);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogrwfsdatasource.cpp:768:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char achHeader[1024] = {};
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogrwfsdatasource.cpp:1009:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nPageSize = atoi(pszParm);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogrwfsdatasource.cpp:1016:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nBaseStartIndex = atoi(pszParm);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogrwfsdatasource.cpp:1151:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        if (atoi(osVersion) >= 2)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogrwfsdatasource.cpp:1159:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if ( atoi(osVersion) >= 2 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogrwfsdatasource.cpp:1208:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                if (atoi(osVersion) >= 2)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogrwfsdatasource.cpp:2005:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szPercentEncoded[10];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogrwfsfilter.cpp:173:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            oSRS.importFromEPSGA(atoi(psOptions->poSRS->GetAuthorityCode(nullptr))) == OGRERR_NONE )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogrwfsfilter.cpp:335:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char ach[2];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogrwfsjoinlayer.cpp:451:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBuffer[2048];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogrwfslayer.cpp:407:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if( atoi(poDS->GetVersion()) >= 2 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogrwfslayer.cpp:427:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                             atoi(poDS->GetVersion()) >= 2 ? "COUNT" : "MAXFEATURES",
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogrwfslayer.cpp:455:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        if (atoi(poDS->GetVersion()) >= 2)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogrwfslayer.cpp:465:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        if (atoi(poDS->GetVersion()) >= 2)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogrwfslayer.cpp:470:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        if ( atoi(poDS->GetVersion()) >= 2 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogrwfslayer.cpp:533:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        if (atoi(poDS->GetVersion()) >= 2)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogrwfslayer.cpp:545:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        if (atoi(poDS->GetVersion()) >= 2)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogrwfslayer.cpp:574:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                if (atoi(poDS->GetVersion()) >= 2)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogrwfslayer.cpp:756:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBuffer[2048];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogrwfslayer.cpp:827:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(pData, psResult->pasMimePart[i].pabyData, psResult->pasMimePart[i].nDataLen);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogrwfslayer.cpp:1355:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                       (atoi(poDS->GetVersion()) >= 2) ? 200 : 110;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogrwfslayer.cpp:1569:53:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    CPLString osMaxFeatures = CPLURLGetValue(osURL, atoi(poDS->GetVersion()) >= 2 ? "COUNT" : "MAXFEATURES");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogrwfslayer.cpp:2124:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    else if (atoi(poDS->GetVersion()) >= 2)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogrwfslayer.cpp:2546:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nGotInserted = atoi(CPLGetXMLValue(psRoot, "TransactionSummary.totalInserted", ""));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xlsx/ogrxlsxdatasource.cpp:653:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nNewCurLine = atoi(
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xlsx/ogrxlsxdatasource.cpp:787:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nS = atoi(pszS);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xlsx/ogrxlsxdatasource.cpp:1059:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nIndex = atoi(osValue);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xlsx/ogrxlsxdatasource.cpp:1117:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char aBuf[BUFSIZ];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xlsx/ogrxlsxdatasource.cpp:1277:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char aBuf[BUFSIZ];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xlsx/ogrxlsxdatasource.cpp:1356:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char aBuf[BUFSIZ];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xlsx/ogrxlsxdatasource.cpp:1468:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char aBuf[BUFSIZ];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xlsx/ogrxlsxdatasource.cpp:1522:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nNumFmtId = atoi(pszNumFmtId);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xlsx/ogrxlsxdatasource.cpp:1550:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nNumFmtId = atoi(pszNumFmtId);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xlsx/ogrxlsxdatasource.cpp:1622:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char aBuf[BUFSIZ];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xlsx/ogrxlsxdriver.cpp:86:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBuffer[2048];
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_apt_reader.cpp:265:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            const int nType = atoi(papszTokens[0]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_apt_reader.cpp:409:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    bControlTower = atoi(papszTokens[2]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_apt_reader.cpp:437:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    adfDisplacedThresholdLength[0] = atoi(papszTokens[6]) * FEET_TO_METER;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_apt_reader.cpp:439:42:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        adfDisplacedThresholdLength[1] = atoi(strchr(papszTokens[6], '.') + 1) * FEET_TO_METER;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_apt_reader.cpp:443:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    adfStopwayLength[0] = atoi(papszTokens[7]) * FEET_TO_METER;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_apt_reader.cpp:445:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        adfStopwayLength[1] = atoi(strchr(papszTokens[7], '.') + 1) * FEET_TO_METER;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_apt_reader.cpp:469:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int eSurfaceCode = atoi(papszTokens[10]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_apt_reader.cpp:470:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int eShoulderCode = atoi(papszTokens[11]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_apt_reader.cpp:471:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int eMarkings = atoi(papszTokens[12]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_apt_reader.cpp:474:51:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    bool bHasDistanceRemainingSigns = CPL_TO_BOOL(atoi(papszTokens[14]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_apt_reader.cpp:478:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        adfVisualGlidePathAngle[0] = atoi(papszTokens[15]) / 100.;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_apt_reader.cpp:480:42:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            adfVisualGlidePathAngle[1] = atoi(strchr(papszTokens[15], '.') + 1) / 100.;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_apt_reader.cpp:499:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int num1 = atoi(pszRwyNum);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_apt_reader.cpp:689:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int eSurfaceCode = atoi(papszTokens[2]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_apt_reader.cpp:690:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int eShoulderCode = atoi(papszTokens[3]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_apt_reader.cpp:694:51:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const bool bHasCenterLineLights = CPL_TO_BOOL(atoi(papszTokens[5]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_apt_reader.cpp:695:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int eEdgeLighting = atoi(papszTokens[6]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_apt_reader.cpp:696:57:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const bool bHasDistanceRemainingSigns = CPL_TO_BOOL(atoi(papszTokens[7]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_apt_reader.cpp:733:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            const int eMarkings = atoi(papszTokens[8 + 9*nRwy + 5]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_apt_reader.cpp:734:47:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            const int eApproachLightingCode = atoi(papszTokens[8 + 9*nRwy + 6]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_apt_reader.cpp:735:58:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            const bool bHasTouchdownLights = CPL_TO_BOOL(atoi(papszTokens[8 + 9*nRwy + 7]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_apt_reader.cpp:736:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            const int eREIL = atoi(papszTokens[8 + 9*nRwy + 8]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_apt_reader.cpp:802:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    bool bBuoys = CPL_TO_BOOL(atoi(papszTokens[2]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_apt_reader.cpp:858:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int eSurfaceCode = atoi(papszTokens[7]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_apt_reader.cpp:859:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int eMarkings = atoi(papszTokens[8]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_apt_reader.cpp:860:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int eShoulderCode = atoi(papszTokens[9]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_apt_reader.cpp:863:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int eEdgeLighting = atoi(papszTokens[11]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_apt_reader.cpp:1126:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nType = atoi(papszTokens[0]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_apt_reader.cpp:1310:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int eSurfaceCode = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_apt_reader.cpp:1462:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nType = atoi(papszTokens[0]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_apt_reader.cpp:1774:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int eColor = atoi(papszTokens[3]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_apt_reader.cpp:1795:44:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const bool bIsIllumnited = CPL_TO_BOOL(atoi(papszTokens[3]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_apt_reader.cpp:1817:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nSize = atoi(papszTokens[5]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_apt_reader.cpp:1837:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int eType = atoi(papszTokens[3]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_awy_reader.cpp:150:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const bool bIsHigh = atoi(papszTokens[6]) == 2;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_awy_reader.cpp:151:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nBaseFL = atoi(papszTokens[7]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_awy_reader.cpp:152:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nTopFL = atoi(papszTokens[8]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_awy_reader.cpp:329:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(anValue, &dfVal, sizeof(double));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_nav_reader.cpp:143:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int nType = atoi(papszTokens[0]);
data/gdal-3.0.4+dfsg/ogr/ogrspatialreference.cpp:1942:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szValue[64] = { '\0' };
data/gdal-3.0.4+dfsg/ogr/ogrspatialreference.cpp:2353:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szValue[128] = { '\0' };
data/gdal-3.0.4+dfsg/ogr/ogrspatialreference.cpp:2962:51:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const OGRErr eErr = oSRS2.importFromEPSG( atoi(pszName+5) );
data/gdal-3.0.4+dfsg/ogr/ogrspatialreference.cpp:3249:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            eStatus = importFromEPSG( atoi(pszDefinition+5) );
data/gdal-3.0.4+dfsg/ogr/ogrspatialreference.cpp:3252:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            eStatus = importFromEPSGA( atoi(pszDefinition+6) );
data/gdal-3.0.4+dfsg/ogr/ogrspatialreference.cpp:3261:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                atoi(strchr(pszDefinition, '+') + 1) );
data/gdal-3.0.4+dfsg/ogr/ogrspatialreference.cpp:3568:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        return importFromEPSGA( atoi(pszCode) );
data/gdal-3.0.4+dfsg/ogr/ogrspatialreference.cpp:3602:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szWMSAuto[100] = { '\0' };
data/gdal-3.0.4+dfsg/ogr/ogrspatialreference.cpp:3847:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char searchStr[15] = {};
data/gdal-3.0.4+dfsg/ogr/ogrspatialreference.cpp:3961:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nProjId = atoi(papszTokens[0]);
data/gdal-3.0.4+dfsg/ogr/ogrspatialreference.cpp:3962:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nUnitsId = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/ogr/ogrspatialreference.cpp:3966:44:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    else if( CSLCount(papszTokens) == 3 && atoi(papszTokens[0]) == 42005 )
data/gdal-3.0.4+dfsg/ogr/ogrspatialreference.cpp:3968:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nProjId = atoi(papszTokens[0]);
data/gdal-3.0.4+dfsg/ogr/ogrspatialreference.cpp:3969:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nUnitsId = atoi(papszTokens[1]);
data/gdal-3.0.4+dfsg/ogr/ogrspatialreference.cpp:3975:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nProjId = atoi(papszTokens[0]);
data/gdal-3.0.4+dfsg/ogr/ogrspatialreference.cpp:3980:44:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    else if( CSLCount(papszTokens) == 2 && atoi(papszTokens[0]) == 42005 )
data/gdal-3.0.4+dfsg/ogr/ogrspatialreference.cpp:3982:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nProjId = atoi(papszTokens[0]);
data/gdal-3.0.4+dfsg/ogr/ogrspatialreference.cpp:4747:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szValue[64] = { '\0' };
data/gdal-3.0.4+dfsg/ogr/ogrspatialreference.cpp:7322:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szCode[32] = {};
data/gdal-3.0.4+dfsg/ogr/ogrspatialreference.cpp:10516:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            const int nMethodCode = atoi(pszMethodCode ? pszMethodCode : "0");
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:90:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szFormat[16] = {};
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:238:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nPrecision = atoi(CPLGetConfigOption("OGR_WKT_PRECISION", "15"));
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:240:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szX[bufSize] = {};
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:241:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szY[bufSize] = {};
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:242:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szZ[bufSize] = {};
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:261:13:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
            strcat(szX, ".0");
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:268:13:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
            strcat(szY, ".0");
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:297:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( pszTarget, "0 0 0");
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:299:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( pszTarget, "0 0");
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:303:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pszTarget, szX, nLenX );
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:305:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pszTarget + nLenX + 1, szY, nLenY );
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:340:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nPrecision = atoi(CPLGetConfigOption("OGR_WKT_PRECISION", "15"));
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:342:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szX[bufSize] = {};
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:343:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szY[bufSize] = {};
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:344:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szZ[bufSize] = {};
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:345:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szM[bufSize] = {};
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:363:13:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
            strcat(szX, ".0");
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:370:13:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
            strcat(szY, ".0");
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:413:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( pszTarget, "0 0 0 0");
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:415:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( pszTarget, "0 0 0");
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:417:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy( pszTarget, "0 0");
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:551:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szDelim[OGR_WKT_TOKEN_MAX] = {};
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:557:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTokenX[OGR_WKT_TOKEN_MAX] = {};
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:558:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTokenY[OGR_WKT_TOKEN_MAX] = {};
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:689:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szDelim[OGR_WKT_TOKEN_MAX] = {};
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:695:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTokenX[OGR_WKT_TOKEN_MAX] = {};
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:696:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTokenY[OGR_WKT_TOKEN_MAX] = {};
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:1021:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nYear = atoi(pszInput);
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:1051:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int nMonth = atoi(pszInput);
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:1063:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int nDay = atoi(pszInput);
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:1094:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int nHour = atoi(pszInput);
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:1108:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int nMinute = atoi(pszInput);
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:1157:61:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            psField->Date.TZFlag = static_cast<GByte>(100 + atoi(pszInput) * 4);
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:1160:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                 && atoi(pszInput + 4) % 15 == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:1163:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                + atoi(pszInput + 1) * 4
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:1164:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                + (atoi(pszInput + 4) / 15));
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:1170:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                 && atoi(pszInput + 3) % 15 == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:1174:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                + (atoi(pszInput + 3) / 15));
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:1180:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                 && atoi(pszInput + 2) % 15 == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:1184:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                + (atoi(pszInput + 2) / 15));
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:1388:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTimeZone[7];
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:1518:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTemp[128] = {};
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:1660:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&iRawType, pabyData + 1, 4);
data/gdal-3.0.4+dfsg/ogr/swq_expr_node.cpp:284:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char spaces[60] = {};
data/gdal-3.0.4+dfsg/ogr/swq_op_general.cpp:1388:44:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    poRetNode->int_value = atoi(poSrcNode->string_value);
data/gdal-3.0.4+dfsg/ogr/swq_parser.cpp:1079:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/gdal-3.0.4+dfsg/ogr/swq_parser.cpp:1336:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char yymsgbuf[128];
data/gdal-3.0.4+dfsg/ogr/swq_select.cpp:150:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&sTmp, &join_defs[i], sizeof(swq_join_def));
data/gdal-3.0.4+dfsg/ogr/swq_select.cpp:151:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&join_defs[i],
data/gdal-3.0.4+dfsg/ogr/swq_select.cpp:154:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&join_defs[join_count - 1 - i], &sTmp, sizeof(swq_join_def));
data/gdal-3.0.4+dfsg/ogr/swq_select.cpp:881:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( column_defs + i + new_fields - 1,
data/gdal-3.0.4+dfsg/port/cpl_alibaba_oss.cpp:415:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    GIntBig nExpiresIn = nStartDate + atoi(
data/gdal-3.0.4+dfsg/port/cpl_aws.cpp:245:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(abySigningKeyIn, abySigningKeyOut, CPL_SHA256_HASH_SIZE);
data/gdal-3.0.4+dfsg/port/cpl_aws.cpp:250:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(abySigningKeyIn, abySigningKeyOut, CPL_SHA256_HASH_SIZE);
data/gdal-3.0.4+dfsg/port/cpl_aws.cpp:255:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(abySigningKeyIn, abySigningKeyOut, CPL_SHA256_HASH_SIZE);
data/gdal-3.0.4+dfsg/port/cpl_aws.cpp:260:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(abySigningKeyIn, abySigningKeyOut, CPL_SHA256_HASH_SIZE);
data/gdal-3.0.4+dfsg/port/cpl_aws.cpp:359:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTimeStamp[80] = {};
data/gdal-3.0.4+dfsg/port/cpl_aws.cpp:519:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szDate[64];
data/gdal-3.0.4+dfsg/port/cpl_aws.cpp:642:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char uuid[36+1] = { 0 };
data/gdal-3.0.4+dfsg/port/cpl_aws.cpp:654:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[10+1] = { 0 };
data/gdal-3.0.4+dfsg/port/cpl_azure.cpp:427:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    GIntBig nEndDate = nStartDate + atoi(
data/gdal-3.0.4+dfsg/port/cpl_base64.cpp:50:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
constexpr unsigned char CPLBase64DecodeChar[256] = {
data/gdal-3.0.4+dfsg/port/cpl_base64.cpp:206:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char charArray3[kCharArray3Size] = {};
data/gdal-3.0.4+dfsg/port/cpl_base64.cpp:216:28:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            const unsigned char charArray4[kCharArray4Size] = {
data/gdal-3.0.4+dfsg/port/cpl_base64.cpp:241:24:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        const unsigned char charArray4[kCharArray4Size] = {
data/gdal-3.0.4+dfsg/port/cpl_conv.cpp:254:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szSmallMsg[80] = {};
data/gdal-3.0.4+dfsg/port/cpl_conv.cpp:301:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pszReturn, pszString, nLen+1 );
data/gdal-3.0.4+dfsg/port/cpl_conv.cpp:701:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szChunk[nChunkSize] = {};
data/gdal-3.0.4+dfsg/port/cpl_conv.cpp:913:12:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    return atol(osValue.c_str());
data/gdal-3.0.4+dfsg/port/cpl_conv.cpp:982:12:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    return atol(osValue.c_str());
data/gdal-3.0.4+dfsg/port/cpl_conv.cpp:1005:12:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    return atol(pszString);
data/gdal-3.0.4+dfsg/port/cpl_conv.cpp:1020:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBuffer[32] = {};
data/gdal-3.0.4+dfsg/port/cpl_conv.cpp:1058:20:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    GIntBig nVal = atol(pszString);
data/gdal-3.0.4+dfsg/port/cpl_conv.cpp:1107:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTemp[128] = {};
data/gdal-3.0.4+dfsg/port/cpl_conv.cpp:1173:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szValue[32] = {};
data/gdal-3.0.4+dfsg/port/cpl_conv.cpp:1319:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTemp[64] = {};
data/gdal-3.0.4+dfsg/port/cpl_conv.cpp:1358:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTemp[64] = {};
data/gdal-3.0.4+dfsg/port/cpl_conv.cpp:1408:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTemp[64] = {};
data/gdal-3.0.4+dfsg/port/cpl_conv.cpp:1451:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTemp[knDoubleBufferSize] = {};
data/gdal-3.0.4+dfsg/port/cpl_conv.cpp:2002:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szAltPath[4] = {pszPath[0], pszPath[1], '\\', '\0'};
data/gdal-3.0.4+dfsg/port/cpl_conv.cpp:2056:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char work[64] = {};
data/gdal-3.0.4+dfsg/port/cpl_conv.cpp:2162:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szFormat[30] = {};
data/gdal-3.0.4+dfsg/port/cpl_conv.cpp:2167:28:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static CPL_THREADLOCAL char szBuffer[50] = {};
data/gdal-3.0.4+dfsg/port/cpl_csv.cpp:529:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        psTable->panLineIndex[i] = atoi(psTable->papszLines[i]);
data/gdal-3.0.4+dfsg/port/cpl_csv.cpp:810:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                atoi(pszFieldValue) == atoi(pszTarget) );
data/gdal-3.0.4+dfsg/port/cpl_csv.cpp:810:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                atoi(pszFieldValue) == atoi(pszTarget) );
data/gdal-3.0.4+dfsg/port/cpl_csv.cpp:835:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nTestValue = atoi(pszValue);
data/gdal-3.0.4+dfsg/port/cpl_csv.cpp:848:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                 && atoi(papszFields[iKeyField]) == nTestValue )
data/gdal-3.0.4+dfsg/port/cpl_csv.cpp:885:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nTestValue = atoi(pszValue);
data/gdal-3.0.4+dfsg/port/cpl_csv.cpp:898:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                 && atoi(papszFields[iKeyField]) == nTestValue )
data/gdal-3.0.4+dfsg/port/cpl_csv.cpp:987:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nTestValue = atoi(pszValue);
data/gdal-3.0.4+dfsg/port/cpl_csv.cpp:1013:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                 && atoi(papszFields[iKeyField]) == nTestValue )
data/gdal-3.0.4+dfsg/port/cpl_csv.cpp:1330:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szPath[512];
data/gdal-3.0.4+dfsg/port/cpl_csv.cpp:1419:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy( pTLSData->szPath, "/usr/local/share/epsg_csv/" );
data/gdal-3.0.4+dfsg/port/cpl_error.cpp:83:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    szLastErrMsg[DEFAULT_LAST_ERR_MSG_SIZE];
data/gdal-3.0.4+dfsg/port/cpl_error.cpp:350:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szShortMessage[80] = {};
data/gdal-3.0.4+dfsg/port/cpl_error.cpp:519:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE* fp = fopen("/proc/self/status", "r");
data/gdal-3.0.4+dfsg/port/cpl_error.cpp:523:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLine[128] = {};
data/gdal-3.0.4+dfsg/port/cpl_error.cpp:531:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nRet = atoi(pszPtr);
data/gdal-3.0.4+dfsg/port/cpl_error.cpp:672:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szVmSize[32] = {};
data/gdal-3.0.4+dfsg/port/cpl_error.cpp:681:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat( pszMessage, ": " );
data/gdal-3.0.4+dfsg/port/cpl_error.cpp:798:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pszLastErrMsg, pszMsg, size );
data/gdal-3.0.4+dfsg/port/cpl_error.cpp:915:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                atoi(CPLGetConfigOption( "CPL_MAX_ERROR_REPORTS", "1000" ));
data/gdal-3.0.4+dfsg/port/cpl_error.cpp:936:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            fpLog = fopen( CPLGetConfigOption("CPL_LOG", ""), pszAccess );
data/gdal-3.0.4+dfsg/port/cpl_error.cpp:1009:29:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            while( (fpLog = fopen( pszPath, "rt" )) != nullptr )
data/gdal-3.0.4+dfsg/port/cpl_error.cpp:1034:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            fpLog = fopen( pszPath, "wt" );
data/gdal-3.0.4+dfsg/port/cpl_google_cloud.cpp:822:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    GIntBig nExpiresIn = nStartDate + atoi(
data/gdal-3.0.4+dfsg/port/cpl_google_oauth2.cpp:490:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    atoi(CPLGetConfigOption("GOA2_EXPIRATION_DELAY", "3600")));
data/gdal-3.0.4+dfsg/port/cpl_google_oauth2.cpp:715:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        m_nExpirationTime = nCurTime + atoi(pszExpires);
data/gdal-3.0.4+dfsg/port/cpl_http.cpp:210:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szSubject[256] = {0};
data/gdal-3.0.4+dfsg/port/cpl_http.cpp:373:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( psResult->pabyData + psResult->nDataLen, buffer, nBytesToWrite );
data/gdal-3.0.4+dfsg/port/cpl_http.cpp:399:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pszHdr, buffer, nBytes);
data/gdal-3.0.4+dfsg/port/cpl_http.cpp:710:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(psResult->pabyData, pabyData, static_cast<size_t>(nLength));
data/gdal-3.0.4+dfsg/port/cpl_http.cpp:729:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(psResult->pszContentType,
data/gdal-3.0.4+dfsg/port/cpl_http.cpp:823:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szCurlErrBuf[CURL_ERROR_SIZE+1] = {};
data/gdal-3.0.4+dfsg/port/cpl_http.cpp:872:45:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            sResultWithLimit.nMaxFileSize = atoi(pszMaxFileSize);
data/gdal-3.0.4+dfsg/port/cpl_http.cpp:953:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nParametersCount = atoi( pszParametersCount );
data/gdal-3.0.4+dfsg/port/cpl_http.cpp:998:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nMaxRetries = atoi(pszMaxRetries);
data/gdal-3.0.4+dfsg/port/cpl_http.cpp:1073:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    atoi(pszContentLength) == psResult->nDataLen )
data/gdal-3.0.4+dfsg/port/cpl_http.cpp:1194:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBuffer[CURL_ERROR_SIZE+1];
data/gdal-3.0.4+dfsg/port/cpl_http.cpp:1347:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            asResults[i].nMaxFileSize = atoi(pszMaxFileSize);
data/gdal-3.0.4+dfsg/port/cpl_http.cpp:1631:56:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    curl_easy_setopt(http_handle, CURLOPT_TCP_NODELAY, atoi(pszTCPNoDelay));
data/gdal-3.0.4+dfsg/port/cpl_http.cpp:1767:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                         atoi(pszLowSpeedTime) );
data/gdal-3.0.4+dfsg/port/cpl_http.cpp:1775:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                         atoi(pszLowSpeedLimit) );
data/gdal-3.0.4+dfsg/port/cpl_http.cpp:1967:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ret, &old_pipe_act, sizeof(old_pipe_act));
data/gdal-3.0.4+dfsg/port/cpl_json.cpp:339:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nDepth = atoi( CSLFetchNameValueDef( papszOptions, "JSON_DEPTH", "32") ); // Same as JSON_TOKENER_DEFAULT_DEPTH
data/gdal-3.0.4+dfsg/port/cpl_json_streaming_parser.cpp:139:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szMessage[108];
data/gdal-3.0.4+dfsg/port/cpl_json_streaming_parser.cpp:154:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szMessage[64];
data/gdal-3.0.4+dfsg/port/cpl_json_streaming_parser.cpp:585:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                char szMessage[64];
data/gdal-3.0.4+dfsg/port/cpl_json_streaming_parser.cpp:618:29:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                            char szMessage[64];
data/gdal-3.0.4+dfsg/port/cpl_json_streaming_parser.cpp:649:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        char szMessage[32];
data/gdal-3.0.4+dfsg/port/cpl_md5.cpp:96:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(p, buf, len);
data/gdal-3.0.4+dfsg/port/cpl_md5.cpp:99:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(p, buf, t);
data/gdal-3.0.4+dfsg/port/cpl_md5.cpp:109:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(context->in, buf, 64);
data/gdal-3.0.4+dfsg/port/cpl_md5.cpp:117:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(context->in, buf, len);
data/gdal-3.0.4+dfsg/port/cpl_md5.cpp:124:28:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void CPLMD5Final( unsigned char digest[16], struct CPLMD5Context *context )
data/gdal-3.0.4+dfsg/port/cpl_md5.cpp:182:54:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void CPLMD5Transform( GUInt32 buf[4], const unsigned char inraw[64] )
data/gdal-3.0.4+dfsg/port/cpl_md5.cpp:279:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char hash[16];
data/gdal-3.0.4+dfsg/port/cpl_md5.cpp:283:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char hhash[33];
data/gdal-3.0.4+dfsg/port/cpl_md5.h:17:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char in[64];
data/gdal-3.0.4+dfsg/port/cpl_md5.h:23:28:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void CPLMD5Final( unsigned char digest[16], struct CPLMD5Context *context );
data/gdal-3.0.4+dfsg/port/cpl_md5.h:24:54:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void CPLMD5Transform( GUInt32 buf[4], const unsigned char inraw[64] );
data/gdal-3.0.4+dfsg/port/cpl_minixml.cpp:1179:17:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
                strcat( *ppszText + *pnLength, "?>\n" );
data/gdal-3.0.4+dfsg/port/cpl_minixml.cpp:1181:17:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
                strcat( *ppszText + *pnLength, " />\n" );
data/gdal-3.0.4+dfsg/port/cpl_minixml.cpp:1564:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *apszTokens[2] = { const_cast<char*>(pszPath), nullptr };
data/gdal-3.0.4+dfsg/port/cpl_minizip_unzip.cpp:1157:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szCurrentFileName[UNZ_MAXFILENAMEINZIP+1];
data/gdal-3.0.4+dfsg/port/cpl_minizip_unzip.cpp:1363:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char source[12];
data/gdal-3.0.4+dfsg/port/cpl_minizip_zip.cpp:131:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char data[SIZEDATA_INDATABLOCK];
data/gdal-3.0.4+dfsg/port/cpl_minizip_zip.cpp:298:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[8];
data/gdal-3.0.4+dfsg/port/cpl_minizip_zip.cpp:972:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(p, filename,size_filename);
data/gdal-3.0.4+dfsg/port/cpl_minizip_zip.cpp:978:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(p, extrafield_local,size_extrafield_local);
data/gdal-3.0.4+dfsg/port/cpl_minizip_zip.cpp:1197:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char bufHead[RAND_HEAD_LEN];
data/gdal-3.0.4+dfsg/port/cpl_minizip_zip.cpp:1447:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char padding[nZIP64ExtraBytes];
data/gdal-3.0.4+dfsg/port/cpl_minizip_zip.cpp:1869:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char fileName[8193];
data/gdal-3.0.4+dfsg/port/cpl_minizip_zip.cpp:1951:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pabyExtra, &nHeaderIdLE, 2);
data/gdal-3.0.4+dfsg/port/cpl_minizip_zip.cpp:1953:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pabyExtra + 2, &nDataLengthLE, 2);
data/gdal-3.0.4+dfsg/port/cpl_minizip_zip.cpp:1955:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pabyExtra + 2 + 2, &nVersion, 1);
data/gdal-3.0.4+dfsg/port/cpl_minizip_zip.cpp:1960:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pabyExtra + 2 + 2 + 1, &nNameCRC32LE, 4);
data/gdal-3.0.4+dfsg/port/cpl_minizip_zip.cpp:1961:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pabyExtra + 2 + 2 + 1 + 4, pszFilename, strlen(pszFilename));
data/gdal-3.0.4+dfsg/port/cpl_multiproc.cpp:623:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *fpLock = fopen( pszLockFilename, "r" );
data/gdal-3.0.4+dfsg/port/cpl_multiproc.cpp:630:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        fpLock = fopen( pszLockFilename, "r" );
data/gdal-3.0.4+dfsg/port/cpl_multiproc.cpp:640:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fpLock = fopen( pszLockFilename, "w" );
data/gdal-3.0.4+dfsg/port/cpl_multiproc.cpp:1355:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE* f = fopen("/sys/fs/cgroup/cpuset/cpuset.cpus", "rb");
data/gdal-3.0.4+dfsg/port/cpl_multiproc.cpp:1379:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    int iBegin(atoi(papszCPUsRange[0]));
data/gdal-3.0.4+dfsg/port/cpl_multiproc.cpp:1380:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    int iEnd(atoi(papszCPUsRange[1]));
data/gdal-3.0.4+dfsg/port/cpl_multiproc.cpp:1765:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *fpLock = fopen( pszLockFilename, "r" );
data/gdal-3.0.4+dfsg/port/cpl_multiproc.cpp:1772:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        fpLock = fopen( pszLockFilename, "r" );
data/gdal-3.0.4+dfsg/port/cpl_multiproc.cpp:1782:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fpLock = fopen( pszLockFilename, "w" );
data/gdal-3.0.4+dfsg/port/cpl_odbc.cpp:924:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szWrkData[513] = {};
data/gdal-3.0.4+dfsg/port/cpl_odbc.cpp:969:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( m_papszColValues[iCol], szWrkData, cbDataLen );
data/gdal-3.0.4+dfsg/port/cpl_odbc.cpp:1015:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( m_papszColValues[iCol] + m_panColValueLengths[iCol],
data/gdal-3.0.4+dfsg/port/cpl_odbc.cpp:1027:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( m_papszColValues[iCol], szWrkData, cbDataLen );
data/gdal-3.0.4+dfsg/port/cpl_odbc.cpp:1309:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szFormattedValue[32] = {};
data/gdal-3.0.4+dfsg/port/cpl_odbc.cpp:1330:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szFormattedValue[100] = {};
data/gdal-3.0.4+dfsg/port/cpl_odbc.cpp:1359:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szFormattedText[8000] = {};  // TODO: Move this off the stack.
data/gdal-3.0.4+dfsg/port/cpl_odbc.cpp:1542:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szWrkData[8193] = {};
data/gdal-3.0.4+dfsg/port/cpl_odbc.cpp:1551:49:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        m_panColType[iCol] = static_cast<short>(atoi(szWrkData));
data/gdal-3.0.4+dfsg/port/cpl_odbc.cpp:1559:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        m_panColSize[iCol] = atoi(szWrkData);
data/gdal-3.0.4+dfsg/port/cpl_odbc.cpp:1563:54:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        m_panColPrecision[iCol] = static_cast<short>(atoi(szWrkData));
data/gdal-3.0.4+dfsg/port/cpl_odbc.cpp:1567:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        m_panColNullable[iCol] = atoi(szWrkData) == SQL_NULLABLE;
data/gdal-3.0.4+dfsg/port/cpl_odbc.h:63:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char m_szPathOut[ODBC_FILENAME_MAX];
data/gdal-3.0.4+dfsg/port/cpl_odbc.h:64:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char m_szError[SQL_MAX_MESSAGE_LENGTH];
data/gdal-3.0.4+dfsg/port/cpl_port.h:787:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&_n32, _lx, 4);                                                  \
data/gdal-3.0.4+dfsg/port/cpl_port.h:790:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(_lx, &_n32, 4);                                                  \
data/gdal-3.0.4+dfsg/port/cpl_port.h:798:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&_n64, _lx, 8);                                                    \
data/gdal-3.0.4+dfsg/port/cpl_port.h:801:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(_lx, &_n64, 8);                                                    \
data/gdal-3.0.4+dfsg/port/cpl_quad_tree.cpp:126:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&(psNode->rect), pRect, sizeof(CPLRectObj));
data/gdal-3.0.4+dfsg/port/cpl_quad_tree.cpp:355:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(out1, in, sizeof(CPLRectObj));
data/gdal-3.0.4+dfsg/port/cpl_quad_tree.cpp:356:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(out2, in, sizeof(CPLRectObj));
data/gdal-3.0.4+dfsg/port/cpl_recode_stub.cpp:179:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int nCode = atoi( pszSrcEncoding + 2 );
data/gdal-3.0.4+dfsg/port/cpl_recode_stub.cpp:195:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
         int nCode = atoi( pszDstEncoding + 2 );
data/gdal-3.0.4+dfsg/port/cpl_recode_stub.cpp:229:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( pszResult, pszSource, nCharCount );
data/gdal-3.0.4+dfsg/port/cpl_recode_stub.cpp:1145:16:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
    int wlen = MultiByteToWideChar( src_code_page, MB_ERR_INVALID_CHARS, src,
data/gdal-3.0.4+dfsg/port/cpl_recode_stub.cpp:1159:16:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
        wlen = MultiByteToWideChar( src_code_page, 0, src, -1, nullptr, 0 );
data/gdal-3.0.4+dfsg/port/cpl_recode_stub.cpp:1166:5:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
    MultiByteToWideChar( src_code_page, 0, src, -1, tbuf, wlen+1 );
data/gdal-3.0.4+dfsg/port/cpl_recode_stub.cpp:1268:5:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    wchar_t lbuf[1024] = {};
data/gdal-3.0.4+dfsg/port/cpl_recode_stub.cpp:1291:5:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    wchar_t lbuf[1024] = {};
data/gdal-3.0.4+dfsg/port/cpl_recode_stub.cpp:1315:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, src, srclen);
data/gdal-3.0.4+dfsg/port/cpl_recode_stub.cpp:1318:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, src, dstlen-1);
data/gdal-3.0.4+dfsg/port/cpl_recode_stub.cpp:1348:5:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    wchar_t lbuf[1024] = {};
data/gdal-3.0.4+dfsg/port/cpl_recode_stub.cpp:1352:7:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
      MultiByteToWideChar(GetACP(), 0, src, srclen, buf, 1024);
data/gdal-3.0.4+dfsg/port/cpl_recode_stub.cpp:1355:16:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
      length = MultiByteToWideChar(GetACP(), 0, src, srclen, 0, 0);
data/gdal-3.0.4+dfsg/port/cpl_recode_stub.cpp:1357:7:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
      MultiByteToWideChar(GetACP(), 0, src, srclen, buf, length);
data/gdal-3.0.4+dfsg/port/cpl_recode_stub.cpp:1363:5:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    wchar_t lbuf[1024] = {};
data/gdal-3.0.4+dfsg/port/cpl_recode_stub.cpp:1384:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, src, srclen);
data/gdal-3.0.4+dfsg/port/cpl_recode_stub.cpp:1389:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, src, dstlen-1);
data/gdal-3.0.4+dfsg/port/cpl_sha1.cpp:229:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(abyPad, pKey, nKeyLen);
data/gdal-3.0.4+dfsg/port/cpl_sha256.cpp:368:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&sc->buffer.bytes[sc->bufferLength], data, bytesToCopy);
data/gdal-3.0.4+dfsg/port/cpl_sha256.cpp:397:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&sc->buffer.bytes[sc->bufferLength], data, len);
data/gdal-3.0.4+dfsg/port/cpl_sha256.cpp:464:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(abyPad, pKey, nKeyLen);
data/gdal-3.0.4+dfsg/port/cpl_sha256.cpp:671:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pabySignature, signature.c_str(), signature.size());
data/gdal-3.0.4+dfsg/port/cpl_spawn.cpp:79:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[PIPE_BUFFER_SIZE] = {};
data/gdal-3.0.4+dfsg/port/cpl_spawn.cpp:207:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[PIPE_BUFFER_SIZE] = {};
data/gdal-3.0.4+dfsg/port/cpl_spawn.cpp:543:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[PIPE_BUFFER_SIZE] = {};
data/gdal-3.0.4+dfsg/port/cpl_spawn.cpp:738:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&p->actions, &actions, sizeof(actions));
data/gdal-3.0.4+dfsg/port/cpl_spawn.cpp:754:34:  [2] (race) vfork:
  On some old systems, vfork() permits race conditions, and it's very
  difficult to use correctly (CWE-362). Use fork() instead.
        pid_t (*p_vfork)(void) = vfork;
data/gdal-3.0.4+dfsg/port/cpl_string.cpp:565:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *apszList[2] = { const_cast<char *>(pszNewLine), nullptr };
data/gdal-3.0.4+dfsg/port/cpl_string.cpp:1172:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char localfmt[22] = {};
data/gdal-3.0.4+dfsg/port/cpl_string.cpp:1173:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(localfmt, fmt, ptrend - fmt + 1);
data/gdal-3.0.4+dfsg/port/cpl_string.cpp:1405:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szBuffer[4096] = {};
data/gdal-3.0.4+dfsg/port/cpl_string.cpp:1767:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( *ppszKey, pszNameValue, i );
data/gdal-3.0.4+dfsg/port/cpl_string.cpp:2192:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pszOutput, pszInput, nLength + 1 );
data/gdal-3.0.4+dfsg/port/cpl_string.cpp:2315:17:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                wchar_t anVal[2] = {0 , 0};
data/gdal-3.0.4+dfsg/port/cpl_string.cpp:2342:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(pszOutput + iOut, pszUTF8, nLen);
data/gdal-3.0.4+dfsg/port/cpl_string.cpp:2348:17:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                wchar_t anVal[2] = { 0, 0 };
data/gdal-3.0.4+dfsg/port/cpl_string.cpp:2368:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(pszOutput + iOut, pszUTF8, nLen);
data/gdal-3.0.4+dfsg/port/cpl_string.cpp:2499:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
constexpr unsigned char hex2char[256] = {
data/gdal-3.0.4+dfsg/port/cpl_strtod.cpp:168:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBuf[16] = {};
data/gdal-3.0.4+dfsg/port/cpl_time.cpp:279:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int day = atoi(*papszVal);
data/gdal-3.0.4+dfsg/port/cpl_time.cpp:307:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int year = atoi(*papszVal);
data/gdal-3.0.4+dfsg/port/cpl_time.cpp:316:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int hour = atoi(*papszVal);
data/gdal-3.0.4+dfsg/port/cpl_time.cpp:331:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int minute = atoi(*papszVal);
data/gdal-3.0.4+dfsg/port/cpl_time.cpp:343:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int second = atoi(*papszVal);
data/gdal-3.0.4+dfsg/port/cpl_time.cpp:363:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBuf[3] = { (*papszVal)[1], (*papszVal)[2], 0 };
data/gdal-3.0.4+dfsg/port/cpl_time.cpp:364:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int TZHour = atoi(szBuf);
data/gdal-3.0.4+dfsg/port/cpl_time.cpp:373:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int TZMinute = atoi(szBuf);
data/gdal-3.0.4+dfsg/port/cpl_virtualmem.cpp:235:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[80] = {};
data/gdal-3.0.4+dfsg/port/cpl_virtualmem.cpp:370:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE* f = fopen("/proc/self/maps", "rb");
data/gdal-3.0.4+dfsg/port/cpl_virtualmem.cpp:373:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[80] = {};
data/gdal-3.0.4+dfsg/port/cpl_virtualmem.cpp:775:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(target_addr, pPageToFill, ctxt->sBase.nPageSize);
data/gdal-3.0.4+dfsg/port/cpl_virtualmem.cpp:1523:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char response_buf[4] = {};
data/gdal-3.0.4+dfsg/port/cpl_vsi.h:517:49:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    VSIFilesystemPluginOpenCallback             open; /**< open handle by name (rw) */
data/gdal-3.0.4+dfsg/port/cpl_vsi_error.cpp:68:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    szLastErrMsg[DEFAULT_LAST_ERR_MSG_SIZE];
data/gdal-3.0.4+dfsg/port/cpl_vsi_mem.cpp:384:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pBuffer, poFile->pabyData + m_nOffset,
data/gdal-3.0.4+dfsg/port/cpl_vsi_mem.cpp:427:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( poFile->pabyData + m_nOffset, pBuffer, nBytesToWrite );
data/gdal-3.0.4+dfsg/port/cpl_vsil.cpp:779:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szAltPath[4] = { '\0' };
data/gdal-3.0.4+dfsg/port/cpl_vsil_az.cpp:337:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        (osMaxKeys.empty() || nMaxFiles < atoi(osMaxKeys)) )
data/gdal-3.0.4+dfsg/port/cpl_vsil_az.cpp:374:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szCurlErrBuf[CURL_ERROR_SIZE+1] = {};
data/gdal-3.0.4+dfsg/port/cpl_vsil_az.cpp:574:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nChunkSizeMB = atoi(CPLGetConfigOption("VSIAZ_CHUNK_SIZE", "4"));
data/gdal-3.0.4+dfsg/port/cpl_vsil_az.cpp:584:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nBufferSize = atoi(pszChunkSizeBytes);
data/gdal-3.0.4+dfsg/port/cpl_vsil_az.cpp:656:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nMaxRetry = atoi(CPLGetConfigOption("GDAL_HTTP_MAX_RETRY",
data/gdal-3.0.4+dfsg/port/cpl_vsil_az.cpp:726:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szCurlErrBuf[CURL_ERROR_SIZE+1] = {};
data/gdal-3.0.4+dfsg/port/cpl_vsil_az.cpp:1132:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    dir->nMaxFiles = atoi(CSLFetchNameValueDef(papszOptions, "MAXFILES", "0"));
data/gdal-3.0.4+dfsg/port/cpl_vsil_buffered_reader.cpp:140:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pabyBuffer, pabyBeginningContent, nBufferSize);
data/gdal-3.0.4+dfsg/port/cpl_vsil_buffered_reader.cpp:264:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pBuffer, pabyBuffer + nCurOffset - nBufferOffset, nReadInBuffer);
data/gdal-3.0.4+dfsg/port/cpl_vsil_buffered_reader.cpp:292:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pabyBuffer,
data/gdal-3.0.4+dfsg/port/cpl_vsil_buffered_reader.cpp:325:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pabyBuffer,
data/gdal-3.0.4+dfsg/port/cpl_vsil_cache.cpp:393:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( poBlock->pabyData, pabyWorkBuffer + i*m_nChunkSize,
data/gdal-3.0.4+dfsg/port/cpl_vsil_cache.cpp:473:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( static_cast<GByte *>(pBuffer) + nAmountCopied,
data/gdal-3.0.4+dfsg/port/cpl_vsil_crypt.cpp:221:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pabyGlobalKey, pabyKey, nKeySize);
data/gdal-3.0.4+dfsg/port/cpl_vsil_crypt.cpp:924:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyData, osRes.c_str(), osRes.length() );
data/gdal-3.0.4+dfsg/port/cpl_vsil_crypt.cpp:976:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( pabyData, osRes.c_str(), osRes.length() );
data/gdal-3.0.4+dfsg/port/cpl_vsil_crypt.cpp:1077:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pabyBuffer, pabyWB + nCurPos - nWBOffset, nToCopy);
data/gdal-3.0.4+dfsg/port/cpl_vsil_crypt.cpp:1179:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pabyWB + nCurPos - nWBOffset, pabyBuffer, nToCopy);
data/gdal-3.0.4+dfsg/port/cpl_vsil_crypt.cpp:1201:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pabyWB, pabyBuffer, poHeader->nSectorSize );
data/gdal-3.0.4+dfsg/port/cpl_vsil_crypt.cpp:1601:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(GetArgument(pszFilename, "sector_size",
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:222:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        *pnMaxRetry = atoi(pszValue);
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:304:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    m_nMaxRetry(atoi(CPLGetConfigOption("GDAL_HTTP_MAX_RETRY",
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:427:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szMonth[4] = {};
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:509:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(psStruct->pBuffer + psStruct->nSize, buffer, nSize);
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:519:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    psStruct->nHTTPCode = atoi(pszSpace + 1);
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:779:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(CPLGetConfigOption("GDAL_INGESTED_BYTES_AT_OPEN", "1024"))));
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:825:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szCurlErrBuf[CURL_ERROR_SIZE+1] = {};
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:1268:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char rangeStr[512] = {};
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:1287:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szCurlErrBuf[CURL_ERROR_SIZE+1] = {};
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:1669:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pBuffer,
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:1751:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szCurlErrBuf[CURL_ERROR_SIZE+1];
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:1807:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char rangeStr[512] = {};
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:1867:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char rangeStr[512] = {};
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:1885:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char rangeStr[512] = {};
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:1910:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy( ppData[iRange],
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:1988:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nMaxRanges = atoi(pszMaxRanges);
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:2043:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szCurlErrBuf[CURL_ERROR_SIZE+1] = {};
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:2123:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(ppData[i], pBuffer + nAccSize, panSizes[i]);
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:2253:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(ppData[iRange], pszNext, panSizes[iRange]);
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:3008:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szMonth[32] = {};
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:3010:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(szMonth + 1, apszMonths[iMonth], 3);
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:3023:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                int nDay = atoi(pszMonthFound);
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:3024:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                int nYear = atoi(pszMonthFound + 7);
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:3025:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                int nHour = atoi(pszMonthFound + 12);
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:3026:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                int nMin = atoi(pszMonthFound + 15);
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:3058:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                int nDay = atoi(pszMonthFound);
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:3060:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                int nYear = atoi(pszMonthFound + nCurOffset);
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:3062:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                int nHour = atoi(pszMonthFound + nCurOffset);
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:3067:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                const int nMin = atoi(pszMonthFound + nCurOffset);
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:3106:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                int nDay = atoi(pszMonthFound + nCurOffset);
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:3108:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                int nYear = atoi(pszMonthFound + nCurOffset);
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:3110:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                int nHour = atoi(pszMonthFound + nCurOffset);
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:3112:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                const int nMin = atoi(pszMonthFound + nCurOffset);
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:3458:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nDay = atoi(pszDay);
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:3470:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        brokendowntime.tm_year = atoi(pszHourOrYear) - 1900;
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:3480:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        brokendowntime.tm_hour = atoi(pszHourOrYear);
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:3481:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        brokendowntime.tm_min = atoi(pszHourOrYear + 3);
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:3597:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szCurlErrBuf[CURL_ERROR_SIZE+1] = {};
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:3758:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szCurlErrBuf[CURL_ERROR_SIZE+1] = {};
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:4146:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buffer, poThis->m_pabyBuffer + poThis->m_nBufferOffReadCallback,
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:4182:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(m_pabyBuffer + m_nBufferOff, pabySrcBuffer, nToWriteInBuffer);
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:4302:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    DOWNLOAD_CHUNK_SIZE = atoi(
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl_streaming.cpp:148:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pabyBuffer + nEndOffset, pBuffer, nSz);
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl_streaming.cpp:150:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pabyBuffer, static_cast<GByte *>(pBuffer) + nSz, nSize - nSz);
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl_streaming.cpp:162:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pBuffer, pabyBuffer + nOffset, nSz);
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl_streaming.cpp:164:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(static_cast<GByte *>(pBuffer) + nSz, pabyBuffer, nSize - nSz);
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl_streaming.cpp:485:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(psStruct->pBuffer + psStruct->nSize, buffer, nSize);
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl_streaming.cpp:495:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    psStruct->nHTTPCode = atoi(pszSpace + 1);
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl_streaming.cpp:595:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szCurlErrBuf[CURL_ERROR_SIZE+1] = {};
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl_streaming.cpp:915:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pabyHeaderData + nHeaderSize, buffer, nSz);
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl_streaming.cpp:935:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nHTTPCode = atoi(pszSpace + 1);
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl_streaming.cpp:1055:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szCurlErrBuf[CURL_ERROR_SIZE+1] = {};
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl_streaming.cpp:1222:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&nVal, pCachedData + i * sizeof(int), sizeof(int));
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl_streaming.cpp:1261:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pabyBuffer, pCachedData + curOffset, nSz);
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl_streaming.cpp:1278:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pabyBuffer, pCachedData + curOffset, nSz);
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl_streaming.cpp:1410:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyErrorBuffer, pBuffer, nErrorBufferSize );
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl_streaming.cpp:1475:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pCachedData + nFileOffsetStart, pData, nSz);
data/gdal-3.0.4+dfsg/port/cpl_vsil_gzip.cpp:852:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char szBuffer[32] = {};
data/gdal-3.0.4+dfsg/port/cpl_vsil_gzip.cpp:930:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy (stream.next_out, stream.next_in, n);
data/gdal-3.0.4+dfsg/port/cpl_vsil_gzip.cpp:1267:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nChunkSize_ = static_cast<size_t>(atoi(pszChunkSize));
data/gdal-3.0.4+dfsg/port/cpl_vsil_gzip.cpp:1280:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char header[11] = {};
data/gdal-3.0.4+dfsg/port/cpl_vsil_gzip.cpp:1844:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char header[11] = {};
data/gdal-3.0.4+dfsg/port/cpl_vsil_gzip.cpp:1873:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nThreads = atoi(pszThreads);
data/gdal-3.0.4+dfsg/port/cpl_vsil_gzip.cpp:2001:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( pabyInBuf + sStream.avail_in,
data/gdal-3.0.4+dfsg/port/cpl_vsil_gzip.cpp:2232:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char signature[2] = { '\0', '\0' };
data/gdal-3.0.4+dfsg/port/cpl_vsil_gzip.cpp:2539:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fileName[8193] = {};
data/gdal-3.0.4+dfsg/port/cpl_vsil_hdfs.cpp:67:20:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  int hNewStderr = open("/dev/null", O_WRONLY);\
data/gdal-3.0.4+dfsg/port/cpl_vsil_plugin.cpp:127:26:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    void *cbData = m_cb->open(m_cb->pUserData, GetCallbackFilename(pszFilename), pszAccess);
data/gdal-3.0.4+dfsg/port/cpl_vsil_plugin.cpp:247:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ppData[0],mData[0],panSizes[0]);
data/gdal-3.0.4+dfsg/port/cpl_vsil_plugin.cpp:250:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(ppData[iRange+1], mData[curRange]+curOffset, panSizes[iRange+1]);
data/gdal-3.0.4+dfsg/port/cpl_vsil_plugin.cpp:254:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(ppData[iRange+1], mData[curRange], panSizes[iRange+1]);
data/gdal-3.0.4+dfsg/port/cpl_vsil_s3.cpp:386:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        (osMaxKeys.empty() || nMaxFiles < atoi(osMaxKeys)) )
data/gdal-3.0.4+dfsg/port/cpl_vsil_s3.cpp:432:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szCurlErrBuf[CURL_ERROR_SIZE+1] = {};
data/gdal-3.0.4+dfsg/port/cpl_vsil_s3.cpp:628:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        m_nMaxRetry(atoi(CPLGetConfigOption("GDAL_HTTP_MAX_RETRY",
data/gdal-3.0.4+dfsg/port/cpl_vsil_s3.cpp:643:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int nChunkSizeMB = atoi(
data/gdal-3.0.4+dfsg/port/cpl_vsil_s3.cpp:656:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            m_nBufferSize = atoi(pszChunkSizeBytes);
data/gdal-3.0.4+dfsg/port/cpl_vsil_s3.cpp:772:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szCurlErrBuf[CURL_ERROR_SIZE+1] = {};
data/gdal-3.0.4+dfsg/port/cpl_vsil_s3.cpp:873:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buffer, poThis->m_pabyBuffer + poThis->m_nBufferOffReadCallback,
data/gdal-3.0.4+dfsg/port/cpl_vsil_s3.cpp:940:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szCurlErrBuf[CURL_ERROR_SIZE+1] = {};
data/gdal-3.0.4+dfsg/port/cpl_vsil_s3.cpp:1034:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buffer,
data/gdal-3.0.4+dfsg/port/cpl_vsil_s3.cpp:1282:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(m_pabyBuffer + m_nBufferOff, pabySrcBuffer, nToWriteInBuffer);
data/gdal-3.0.4+dfsg/port/cpl_vsil_s3.cpp:1375:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szCurlErrBuf[CURL_ERROR_SIZE+1] = {};
data/gdal-3.0.4+dfsg/port/cpl_vsil_s3.cpp:1476:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buffer, poThis->m_osXML.c_str() + poThis->m_nOffsetInXML,
data/gdal-3.0.4+dfsg/port/cpl_vsil_s3.cpp:1542:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szCurlErrBuf[CURL_ERROR_SIZE+1] = {};
data/gdal-3.0.4+dfsg/port/cpl_vsil_s3.cpp:1638:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szCurlErrBuf[CURL_ERROR_SIZE+1] = {};
data/gdal-3.0.4+dfsg/port/cpl_vsil_s3.cpp:2113:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const int nMaxRetry = atoi(CPLGetConfigOption("GDAL_HTTP_MAX_RETRY",
data/gdal-3.0.4+dfsg/port/cpl_vsil_s3.cpp:2144:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szCurlErrBuf[CURL_ERROR_SIZE+1] = {};
data/gdal-3.0.4+dfsg/port/cpl_vsil_s3.cpp:2304:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    dir->nMaxFiles = atoi(CSLFetchNameValueDef(papszOptions, "MAXFILES", "0"));
data/gdal-3.0.4+dfsg/port/cpl_vsil_s3.cpp:2336:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char hash[16];
data/gdal-3.0.4+dfsg/port/cpl_vsil_s3.cpp:2340:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char hhash[33];
data/gdal-3.0.4+dfsg/port/cpl_vsil_sparsefile.cpp:420:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        if( atoi(CPLGetXMLValue( psRegion, "Filename.relative", "0" )) != 0 )
data/gdal-3.0.4+dfsg/port/cpl_vsil_sparsefile.cpp:439:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            atoi(CPLGetXMLValue(psRegion, "Value", "0")));
data/gdal-3.0.4+dfsg/port/cpl_vsil_stdin.cpp:143:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pabyBuffer + nRealPos, pBuffer, nToCopy);
data/gdal-3.0.4+dfsg/port/cpl_vsil_stdin.cpp:213:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char abyTemp[8192] = {};
data/gdal-3.0.4+dfsg/port/cpl_vsil_stdin.cpp:253:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pBuffer, pabyBuffer + nCurOff, nSize * nCount);
data/gdal-3.0.4+dfsg/port/cpl_vsil_stdin.cpp:259:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pBuffer, pabyBuffer + nCurOff, nAlreadyCached);
data/gdal-3.0.4+dfsg/port/cpl_vsil_swift.cpp:513:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nMaxFilesThisQuery = atoi(osMaxKeys);
data/gdal-3.0.4+dfsg/port/cpl_vsil_swift.cpp:525:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        const int nMaxRetry = atoi(CPLGetConfigOption("GDAL_HTTP_MAX_RETRY",
data/gdal-3.0.4+dfsg/port/cpl_vsil_swift.cpp:567:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szCurlErrBuf[CURL_ERROR_SIZE+1] = {};
data/gdal-3.0.4+dfsg/port/cpl_vsil_tar.cpp:272:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(m_abyBuffer, m_abyBuffer + HALF_BUFFER_SIZE,
data/gdal-3.0.4+dfsg/port/cpl_vsil_unix_stdio_64.cpp:122:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#define VSI_FOPEN64 fopen
data/gdal-3.0.4+dfsg/port/cpl_vsil_webhdfs.cpp:211:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int nChunkSizeMB = atoi(CPLGetConfigOption("VSIWEBHDFS_SIZE", "4"));
data/gdal-3.0.4+dfsg/port/cpl_vsil_webhdfs.cpp:221:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nBufferSize = atoi(pszChunkSizeBytes);
data/gdal-3.0.4+dfsg/port/cpl_vsil_webhdfs.cpp:928:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szCurlErrBuf[CURL_ERROR_SIZE+1] = {};
data/gdal-3.0.4+dfsg/port/cpl_vsil_webhdfs.cpp:1060:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szCurlErrBuf[CURL_ERROR_SIZE+1] = {};
data/gdal-3.0.4+dfsg/port/cpl_vsil_win32.cpp:579:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nVersion = atoi(pszWineVersion) * 10000;
data/gdal-3.0.4+dfsg/port/cpl_vsil_win32.cpp:583:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                nVersion += atoi(pszDot + 1) * 100;
data/gdal-3.0.4+dfsg/port/cpl_vsil_win32.cpp:587:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    nVersion += atoi(pszDot + 1);
data/gdal-3.0.4+dfsg/port/cpl_vsisimple.cpp:130:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        fp = fopen(const_cast<char *>(pszFilename),
data/gdal-3.0.4+dfsg/port/cpl_vsisimple.cpp:134:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *fp = fopen(pszFilename, pszAccess);
data/gdal-3.0.4+dfsg/port/cpl_vsisimple.cpp:464:51:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nMaxPeakAllocSize = pszMaxPeakAllocSize ? atoi(pszMaxPeakAllocSize) : 0;
data/gdal-3.0.4+dfsg/port/cpl_vsisimple.cpp:467:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            pszMaxCumulAllocSize ? atoi(pszMaxCumulAllocSize) : 0;
data/gdal-3.0.4+dfsg/port/cpl_vsisimple.cpp:504:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr + sizeof(void*), &nMul, sizeof(void*));
data/gdal-3.0.4+dfsg/port/cpl_vsisimple.cpp:572:51:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nMaxPeakAllocSize = pszMaxPeakAllocSize ? atoi(pszMaxPeakAllocSize) : 0;
data/gdal-3.0.4+dfsg/port/cpl_vsisimple.cpp:575:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            pszMaxCumulAllocSize ? atoi(pszMaxCumulAllocSize) : 0;
data/gdal-3.0.4+dfsg/port/cpl_vsisimple.cpp:608:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr + sizeof(void*), &nSize, sizeof(void*));
data/gdal-3.0.4+dfsg/port/cpl_vsisimple.cpp:693:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&nOldSize, ptr + sizeof(void*), sizeof(void*));
data/gdal-3.0.4+dfsg/port/cpl_vsisimple.cpp:699:51:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        nMaxPeakAllocSize = pszMaxPeakAllocSize ? atoi(pszMaxPeakAllocSize) : 0;
data/gdal-3.0.4+dfsg/port/cpl_vsisimple.cpp:739:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(newptr + 2 * sizeof(void*), pData, nOldSize);
data/gdal-3.0.4+dfsg/port/cpl_vsisimple.cpp:771:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr + sizeof(void*), &nNewSize, sizeof(void*));
data/gdal-3.0.4+dfsg/port/cpl_vsisimple.cpp:838:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&nOldSize, ptr + sizeof(void*), sizeof(void*));
data/gdal-3.0.4+dfsg/port/cpl_vsisimple.cpp:1002:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, pszString, nSize);
data/gdal-3.0.4+dfsg/port/cpl_vsisimple.cpp:1319:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( poBrokenTime, poTime, sizeof(tm) );
data/gdal-3.0.4+dfsg/port/cpl_vsisimple.cpp:1336:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( poBrokenTime, poTime, sizeof(tm) );
data/gdal-3.0.4+dfsg/port/cpl_vsisimple.cpp:1379:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE* f = fopen("/sys/fs/cgroup/memory/memory.limit_in_bytes", "rb");
data/gdal-3.0.4+dfsg/port/cpl_vsisimple.cpp:1382:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szBuffer[32];
data/gdal-3.0.4+dfsg/port/cpl_xml_validate.cpp:1077:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szHeader[2048] = {};  // TODO(schwehr): Get this off of the stack.
data/gdal-3.0.4+dfsg/port/cplgetsymbol.cpp:109:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char withUnder[256] = {};
data/gdal-3.0.4+dfsg/port/cplkeywordparser.cpp:82:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szChunk[513] = {};
data/gdal-3.0.4+dfsg/port/cplstring.cpp:108:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szModestBuffer[500] = {};
data/gdal-3.0.4+dfsg/port/cplstring.cpp:181:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szWork[buf_size] = {};
data/gdal-3.0.4+dfsg/port/vsipreload.cpp:84:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
DECLARE_SYMBOL(fopen, FILE*, (const char *path, const char *mode));
data/gdal-3.0.4+dfsg/port/vsipreload.cpp:110:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
DECLARE_SYMBOL(open, int, (const char *path, int flags, mode_t mode));
data/gdal-3.0.4+dfsg/port/vsipreload.cpp:173:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    LOAD_SYMBOL(fopen);
data/gdal-3.0.4+dfsg/port/vsipreload.cpp:196:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    LOAD_SYMBOL(open);
data/gdal-3.0.4+dfsg/port/vsipreload.cpp:304:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        fd = open("/dev/zero", O_RDONLY);
data/gdal-3.0.4+dfsg/port/vsipreload.cpp:426:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
FILE CPL_DLL *fopen( const char *path, const char *mode )
data/gdal-3.0.4+dfsg/port/vsipreload.cpp:950:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
int CPL_DLL open( const char *path, int flags, ... )
data/gdal-3.0.4+dfsg/port/vsipreload.cpp:989:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            fd = open("/dev/zero", O_RDONLY);
data/gdal-3.0.4+dfsg/port/vsipreload.cpp:1048:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            fd = open("/dev/zero", O_RDONLY);
data/gdal-3.0.4+dfsg/port/vsipreload.cpp:1596:25:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            mydir->fd = open("/dev/zero", O_RDONLY);
data/gdal-3.0.4+dfsg/port/xmlreformat.cpp:38:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char szXML[20000000] = {};
data/gdal-3.0.4+dfsg/port/xmlreformat.cpp:52:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        fp = fopen( argv[1], "rt" );
data/gdal-3.0.4+dfsg/swig/java/add_javadoc.c:132:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE* fSrc = fopen(patch_filename, "rt");
data/gdal-3.0.4+dfsg/swig/java/add_javadoc.c:136:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szLine[256];
data/gdal-3.0.4+dfsg/swig/java/add_javadoc.c:137:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szClass[256];
data/gdal-3.0.4+dfsg/swig/java/add_javadoc.c:138:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char javadoc[16384];
data/gdal-3.0.4+dfsg/swig/java/add_javadoc.c:184:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        fSrc = fopen(argv[i], "rt");
data/gdal-3.0.4+dfsg/swig/java/add_javadoc.c:186:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szDstName[1024];
data/gdal-3.0.4+dfsg/swig/java/add_javadoc.c:188:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        fDst = fopen(szDstName, "wt");
data/gdal-3.0.4+dfsg/swig/java/add_javadoc.c:191:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szPackage[256];
data/gdal-3.0.4+dfsg/swig/java/add_javadoc.c:196:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szMethodName[1024];
data/gdal-3.0.4+dfsg/swig/java/add_javadoc.c:218:25:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                        strcpy(szLine, "public class org.gdal.gdal.Driver");
data/gdal-3.0.4+dfsg/swig/java/add_javadoc.c:220:25:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                        strcpy(szLine, "public class org.gdal.ogr.Driver");
data/gdal-3.0.4+dfsg/swig/perl/gdal_wrap.cpp:622:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static const char hex[17] = "0123456789abcdef";
data/gdal-3.0.4+dfsg/swig/perl/gdal_wrap.cpp:1248:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char result[1024];
data/gdal-3.0.4+dfsg/swig/perl/gdal_wrap.cpp:1472:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#ifdef open
data/gdal-3.0.4+dfsg/swig/perl/gdal_wrap.cpp:1473:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  #undef open
data/gdal-3.0.4+dfsg/swig/perl/gdal_wrap.cpp:1937:38:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  *cptr = reinterpret_cast< char* >(memcpy((new char[size]), cstr, sizeof(char)*(size)));
data/gdal-3.0.4+dfsg/swig/perl/gdal_wrap.cpp:2218:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pabyDataDup, pabyData, nBytes);
data/gdal-3.0.4+dfsg/swig/perl/gdal_wrap.cpp:2338:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *tmpList[2];
data/gdal-3.0.4+dfsg/swig/perl/gdal_wrap.cpp:3278:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char s[LENGTH_OF_GUIntBig_AS_STRING];
data/gdal-3.0.4+dfsg/swig/perl/gdal_wrap.cpp:3376:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        char key[12];
data/gdal-3.0.4+dfsg/swig/perl/gdal_wrap.cpp:3377:36:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                        int klen = sprintf(key, "%i", k);
data/gdal-3.0.4+dfsg/swig/perl/gdal_wrap.cpp:3468:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        char key[12];
data/gdal-3.0.4+dfsg/swig/perl/gdal_wrap.cpp:3469:36:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                        int klen = sprintf(key, "%i", k);
data/gdal-3.0.4+dfsg/swig/perl/gdal_wrap.cpp:3586:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                char key[12];
data/gdal-3.0.4+dfsg/swig/perl/gdal_wrap.cpp:3587:44:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                                int klen = sprintf(key, "%i", k);
data/gdal-3.0.4+dfsg/swig/perl/gdal_wrap.cpp:7792:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char mode[2];
data/gdal-3.0.4+dfsg/swig/perl/gdal_wrap.cpp:19727:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char s[LENGTH_OF_GUIntBig_AS_STRING];
data/gdal-3.0.4+dfsg/swig/perl/gdal_wrap.cpp:26869:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char temp[256];
data/gdal-3.0.4+dfsg/swig/perl/gdal_wrap.cpp:26870:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(temp, "" CPL_FRMT_GIB "", result);
data/gdal-3.0.4+dfsg/swig/perl/gdal_wrap.cpp:26915:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char temp[256];
data/gdal-3.0.4+dfsg/swig/perl/gdal_wrap.cpp:26916:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(temp, "" CPL_FRMT_GIB "", result);
data/gdal-3.0.4+dfsg/swig/perl/gdal_wrap.cpp:32523:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      sv_setpv(sv, (const char *) swig_constants[i].pvalue);
data/gdal-3.0.4+dfsg/swig/perl/gdalconst_wrap.c:598:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static const char hex[17] = "0123456789abcdef";
data/gdal-3.0.4+dfsg/swig/perl/gdalconst_wrap.c:1224:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char result[1024];
data/gdal-3.0.4+dfsg/swig/perl/gdalconst_wrap.c:1448:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#ifdef open
data/gdal-3.0.4+dfsg/swig/perl/gdalconst_wrap.c:1449:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  #undef open
data/gdal-3.0.4+dfsg/swig/perl/gdalconst_wrap.c:1901:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      sv_setpv(sv, (const char *) swig_constants[i].pvalue);
data/gdal-3.0.4+dfsg/swig/perl/gnm_wrap.cpp:622:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static const char hex[17] = "0123456789abcdef";
data/gdal-3.0.4+dfsg/swig/perl/gnm_wrap.cpp:1248:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char result[1024];
data/gdal-3.0.4+dfsg/swig/perl/gnm_wrap.cpp:1472:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#ifdef open
data/gdal-3.0.4+dfsg/swig/perl/gnm_wrap.cpp:1473:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  #undef open
data/gdal-3.0.4+dfsg/swig/perl/gnm_wrap.cpp:1898:38:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  *cptr = reinterpret_cast< char* >(memcpy((new char[size]), cstr, sizeof(char)*(size)));
data/gdal-3.0.4+dfsg/swig/perl/gnm_wrap.cpp:4879:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      sv_setpv(sv, (const char *) swig_constants[i].pvalue);
data/gdal-3.0.4+dfsg/swig/perl/ogr_wrap.cpp:622:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static const char hex[17] = "0123456789abcdef";
data/gdal-3.0.4+dfsg/swig/perl/ogr_wrap.cpp:1248:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char result[1024];
data/gdal-3.0.4+dfsg/swig/perl/ogr_wrap.cpp:1472:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#ifdef open
data/gdal-3.0.4+dfsg/swig/perl/ogr_wrap.cpp:1473:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  #undef open
data/gdal-3.0.4+dfsg/swig/perl/ogr_wrap.cpp:1801:38:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  *cptr = reinterpret_cast< char* >(memcpy((new char[size]), cstr, sizeof(char)*(size)));
data/gdal-3.0.4+dfsg/swig/perl/ogr_wrap.cpp:2343:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char s[LENGTH_OF_GIntBig_AS_STRING];
data/gdal-3.0.4+dfsg/swig/perl/ogr_wrap.cpp:2376:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(*pBuf, pabyBlob, *nLen);
data/gdal-3.0.4+dfsg/swig/perl/ogr_wrap.cpp:5465:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char temp[256];
data/gdal-3.0.4+dfsg/swig/perl/ogr_wrap.cpp:5466:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(temp, "" CPL_FRMT_GIB "", result);
data/gdal-3.0.4+dfsg/swig/perl/ogr_wrap.cpp:6470:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char temp[256];
data/gdal-3.0.4+dfsg/swig/perl/ogr_wrap.cpp:6471:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(temp, "" CPL_FRMT_GIB "", result);
data/gdal-3.0.4+dfsg/swig/perl/ogr_wrap.cpp:9365:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char temp[256];
data/gdal-3.0.4+dfsg/swig/perl/ogr_wrap.cpp:9366:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(temp, "" CPL_FRMT_GIB "", result);
data/gdal-3.0.4+dfsg/swig/perl/ogr_wrap.cpp:10340:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char temp[256];
data/gdal-3.0.4+dfsg/swig/perl/ogr_wrap.cpp:10341:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(temp, "" CPL_FRMT_GIB "", result);
data/gdal-3.0.4+dfsg/swig/perl/ogr_wrap.cpp:24871:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      sv_setpv(sv, (const char *) swig_constants[i].pvalue);
data/gdal-3.0.4+dfsg/swig/perl/osr_wrap.cpp:622:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static const char hex[17] = "0123456789abcdef";
data/gdal-3.0.4+dfsg/swig/perl/osr_wrap.cpp:1248:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char result[1024];
data/gdal-3.0.4+dfsg/swig/perl/osr_wrap.cpp:1472:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#ifdef open
data/gdal-3.0.4+dfsg/swig/perl/osr_wrap.cpp:1473:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  #undef open
data/gdal-3.0.4+dfsg/swig/perl/osr_wrap.cpp:1753:38:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  *cptr = reinterpret_cast< char* >(memcpy((new char[size]), cstr, sizeof(char)*(size)));
data/gdal-3.0.4+dfsg/swig/perl/osr_wrap.cpp:2463:89:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
SWIGINTERN OGRErr OSRSpatialReferenceShadow_ExportToPCI(OSRSpatialReferenceShadow *self,char **proj,char **units,double *parms[17]){
data/gdal-3.0.4+dfsg/swig/perl/osr_wrap.cpp:2463:101:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
SWIGINTERN OGRErr OSRSpatialReferenceShadow_ExportToPCI(OSRSpatialReferenceShadow *self,char **proj,char **units,double *parms[17]){
data/gdal-3.0.4+dfsg/swig/perl/osr_wrap.cpp:16278:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      sv_setpv(sv, (const char *) swig_constants[i].pvalue);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_array_wrap.cpp:650:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static const char hex[17] = "0123456789abcdef";
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_array_wrap.cpp:811:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(newstr, cstr, len+1);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_array_wrap.cpp:855:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[SWIG_PYBUFFER_SIZE * 2];
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_array_wrap.cpp:2049:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char result[SWIG_BUFFER_SIZE];
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_array_wrap.cpp:2063:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char result[SWIG_BUFFER_SIZE];
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_array_wrap.cpp:2074:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char result[SWIG_BUFFER_SIZE];
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_array_wrap.cpp:2217:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(pack, ptr, size);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_array_wrap.cpp:2235:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, sobj->pack, size);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_array_wrap.cpp:2872:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mesg[256];
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_array_wrap.cpp:3437:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(pszNewStr, pszStr, nLen+1);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_array_wrap.cpp:3474:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            static_cast<CPLErrorNum>(atoi(pszLastErrorCode)),
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_array_wrap.cpp:3660:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( padfTransform, adfGeoTransform, sizeof(double)*6 );
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_array_wrap.cpp:3675:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( adfGeoTransform, padfTransform, sizeof(double)*6 );
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_array_wrap.cpp:4004:38:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  *cptr = reinterpret_cast< char* >(memcpy((new char[len + 1]), cstr, sizeof(char)*(len + 1)));
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_array_wrap.cpp:4034:45:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          *cptr = reinterpret_cast< char* >(memcpy((new char[len + 1]), cstr, sizeof(char)*(len + 1)));
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_array_wrap.cpp:4175:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char      szString[128];
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_array_wrap.cpp:6323:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy(buff, "swig_ptr: ", 10);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:651:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static const char hex[17] = "0123456789abcdef";
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:812:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(newstr, cstr, len+1);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:856:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[SWIG_PYBUFFER_SIZE * 2];
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:2050:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char result[SWIG_BUFFER_SIZE];
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:2064:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char result[SWIG_BUFFER_SIZE];
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:2075:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char result[SWIG_BUFFER_SIZE];
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:2218:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(pack, ptr, size);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:2236:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, sobj->pack, size);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:2873:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mesg[256];
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:3389:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            static_cast<CPLErrorNum>(atoi(pszLastErrorCode)),
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:3444:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(pszNewStr, pszStr, nLen+1);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:3761:38:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  *cptr = reinterpret_cast< char* >(memcpy((new char[len + 1]), cstr, sizeof(char)*(len + 1)));
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:3791:45:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          *cptr = reinterpret_cast< char* >(memcpy((new char[len + 1]), cstr, sizeof(char)*(len + 1)));
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:4155:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pabyDataDup, pabyData, nSize);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:4261:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *tmpList[2];
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:4813:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int nLevel = atoi(pszLevel);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:8684:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTmp[32];
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:8719:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTmp[32];
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:10579:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTmp[32];
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:10614:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTmp[32];
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:11235:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTmp[32];
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:15203:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy( (void*) tmpGCPList1, (void*) item, sizeof( GDAL_GCP ) );
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:16801:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy( (void*) tmpGCPList2, (void*) item, sizeof( GDAL_GCP ) );
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:16896:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy( (void*) tmpGCPList2, (void*) item, sizeof( GDAL_GCP ) );
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:22827:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char szTmp[32];
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:30410:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTmp[32];
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:30449:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTmp[32];
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:36741:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy(buff, "swig_ptr: ", 10);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdalconst_wrap.c:627:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static const char hex[17] = "0123456789abcdef";
data/gdal-3.0.4+dfsg/swig/python/extensions/gdalconst_wrap.c:788:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(newstr, cstr, len+1);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdalconst_wrap.c:832:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[SWIG_PYBUFFER_SIZE * 2];
data/gdal-3.0.4+dfsg/swig/python/extensions/gdalconst_wrap.c:2026:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char result[SWIG_BUFFER_SIZE];
data/gdal-3.0.4+dfsg/swig/python/extensions/gdalconst_wrap.c:2040:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char result[SWIG_BUFFER_SIZE];
data/gdal-3.0.4+dfsg/swig/python/extensions/gdalconst_wrap.c:2051:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char result[SWIG_BUFFER_SIZE];
data/gdal-3.0.4+dfsg/swig/python/extensions/gdalconst_wrap.c:2194:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(pack, ptr, size);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdalconst_wrap.c:2212:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, sobj->pack, size);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdalconst_wrap.c:2849:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mesg[256];
data/gdal-3.0.4+dfsg/swig/python/extensions/gdalconst_wrap.c:5502:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy(buff, "swig_ptr: ", 10);
data/gdal-3.0.4+dfsg/swig/python/extensions/gnm_wrap.cpp:651:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static const char hex[17] = "0123456789abcdef";
data/gdal-3.0.4+dfsg/swig/python/extensions/gnm_wrap.cpp:812:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(newstr, cstr, len+1);
data/gdal-3.0.4+dfsg/swig/python/extensions/gnm_wrap.cpp:856:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[SWIG_PYBUFFER_SIZE * 2];
data/gdal-3.0.4+dfsg/swig/python/extensions/gnm_wrap.cpp:2050:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char result[SWIG_BUFFER_SIZE];
data/gdal-3.0.4+dfsg/swig/python/extensions/gnm_wrap.cpp:2064:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char result[SWIG_BUFFER_SIZE];
data/gdal-3.0.4+dfsg/swig/python/extensions/gnm_wrap.cpp:2075:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char result[SWIG_BUFFER_SIZE];
data/gdal-3.0.4+dfsg/swig/python/extensions/gnm_wrap.cpp:2218:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(pack, ptr, size);
data/gdal-3.0.4+dfsg/swig/python/extensions/gnm_wrap.cpp:2236:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, sobj->pack, size);
data/gdal-3.0.4+dfsg/swig/python/extensions/gnm_wrap.cpp:2873:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mesg[256];
data/gdal-3.0.4+dfsg/swig/python/extensions/gnm_wrap.cpp:3308:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            static_cast<CPLErrorNum>(atoi(pszLastErrorCode)),
data/gdal-3.0.4+dfsg/swig/python/extensions/gnm_wrap.cpp:3363:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(pszNewStr, pszStr, nLen+1);
data/gdal-3.0.4+dfsg/swig/python/extensions/gnm_wrap.cpp:3750:38:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  *cptr = reinterpret_cast< char* >(memcpy((new char[len + 1]), cstr, sizeof(char)*(len + 1)));
data/gdal-3.0.4+dfsg/swig/python/extensions/gnm_wrap.cpp:3780:45:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          *cptr = reinterpret_cast< char* >(memcpy((new char[len + 1]), cstr, sizeof(char)*(len + 1)));
data/gdal-3.0.4+dfsg/swig/python/extensions/gnm_wrap.cpp:6908:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy(buff, "swig_ptr: ", 10);
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:651:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static const char hex[17] = "0123456789abcdef";
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:812:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(newstr, cstr, len+1);
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:856:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[SWIG_PYBUFFER_SIZE * 2];
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:2050:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char result[SWIG_BUFFER_SIZE];
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:2064:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char result[SWIG_BUFFER_SIZE];
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:2075:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char result[SWIG_BUFFER_SIZE];
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:2218:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(pack, ptr, size);
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:2236:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, sobj->pack, size);
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:2873:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mesg[256];
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:3366:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            static_cast<CPLErrorNum>(atoi(pszLastErrorCode)),
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:3421:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(pszNewStr, pszStr, nLen+1);
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:3573:38:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  *cptr = reinterpret_cast< char* >(memcpy((new char[len + 1]), cstr, sizeof(char)*(len + 1)));
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:3603:45:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          *cptr = reinterpret_cast< char* >(memcpy((new char[len + 1]), cstr, sizeof(char)*(len + 1)));
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:3649:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *tmpList[2];
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:4336:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(*pBuf, pabyBlob, *nLen);
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:4350:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(*pBuf, pabyBlob, *nLen);
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:11466:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTmp[32];
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:12426:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTmp[32];
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:15866:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTmp[32];
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:15926:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTmp[32];
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:16705:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char szTmp[32];
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:17864:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szTmp[32];
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:37098:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy(buff, "swig_ptr: ", 10);
data/gdal-3.0.4+dfsg/swig/python/extensions/osr_wrap.cpp:651:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static const char hex[17] = "0123456789abcdef";
data/gdal-3.0.4+dfsg/swig/python/extensions/osr_wrap.cpp:812:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(newstr, cstr, len+1);
data/gdal-3.0.4+dfsg/swig/python/extensions/osr_wrap.cpp:856:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[SWIG_PYBUFFER_SIZE * 2];
data/gdal-3.0.4+dfsg/swig/python/extensions/osr_wrap.cpp:2050:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char result[SWIG_BUFFER_SIZE];
data/gdal-3.0.4+dfsg/swig/python/extensions/osr_wrap.cpp:2064:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char result[SWIG_BUFFER_SIZE];
data/gdal-3.0.4+dfsg/swig/python/extensions/osr_wrap.cpp:2075:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char result[SWIG_BUFFER_SIZE];
data/gdal-3.0.4+dfsg/swig/python/extensions/osr_wrap.cpp:2218:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(pack, ptr, size);
data/gdal-3.0.4+dfsg/swig/python/extensions/osr_wrap.cpp:2236:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, sobj->pack, size);
data/gdal-3.0.4+dfsg/swig/python/extensions/osr_wrap.cpp:2873:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mesg[256];
data/gdal-3.0.4+dfsg/swig/python/extensions/osr_wrap.cpp:3333:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            static_cast<CPLErrorNum>(atoi(pszLastErrorCode)),
data/gdal-3.0.4+dfsg/swig/python/extensions/osr_wrap.cpp:3388:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(pszNewStr, pszStr, nLen+1);
data/gdal-3.0.4+dfsg/swig/python/extensions/osr_wrap.cpp:3463:38:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  *cptr = reinterpret_cast< char* >(memcpy((new char[len + 1]), cstr, sizeof(char)*(len + 1)));
data/gdal-3.0.4+dfsg/swig/python/extensions/osr_wrap.cpp:3493:45:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          *cptr = reinterpret_cast< char* >(memcpy((new char[len + 1]), cstr, sizeof(char)*(len + 1)));
data/gdal-3.0.4+dfsg/swig/python/extensions/osr_wrap.cpp:4217:89:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
SWIGINTERN OGRErr OSRSpatialReferenceShadow_ExportToPCI(OSRSpatialReferenceShadow *self,char **proj,char **units,double *parms[17]){
data/gdal-3.0.4+dfsg/swig/python/extensions/osr_wrap.cpp:4217:101:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
SWIGINTERN OGRErr OSRSpatialReferenceShadow_ExportToPCI(OSRSpatialReferenceShadow *self,char **proj,char **units,double *parms[17]){
data/gdal-3.0.4+dfsg/swig/python/extensions/osr_wrap.cpp:20314:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy(buff, "swig_ptr: ", 10);
data/gdal-3.0.4+dfsg/third_party/LercLib/BitMask.cpp:36:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(m_pBits, src.m_pBits, Size());
data/gdal-3.0.4+dfsg/third_party/LercLib/BitMask.cpp:47:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(m_pBits, src.m_pBits, Size());
data/gdal-3.0.4+dfsg/third_party/LercLib/BitStuffer2.cpp:317:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&dstValue, dstPtr, sizeof(unsigned int));
data/gdal-3.0.4+dfsg/third_party/LercLib/BitStuffer2.cpp:319:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(dstPtr, &dstValue, sizeof(unsigned int));
data/gdal-3.0.4+dfsg/third_party/LercLib/BitStuffer2.cpp:331:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&dstValue, dstPtr, sizeof(unsigned int));
data/gdal-3.0.4+dfsg/third_party/LercLib/BitStuffer2.cpp:333:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(dstPtr, &dstValue, sizeof(unsigned int));
data/gdal-3.0.4+dfsg/third_party/LercLib/BitStuffer2.cpp:335:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&dstValue, dstPtr, sizeof(unsigned int));
data/gdal-3.0.4+dfsg/third_party/LercLib/BitStuffer2.cpp:337:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(dstPtr, &dstValue, sizeof(unsigned int));
data/gdal-3.0.4+dfsg/third_party/LercLib/BitStuffer2.cpp:348:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&dstValue, dstPtr, sizeof(unsigned int));
data/gdal-3.0.4+dfsg/third_party/LercLib/BitStuffer2.cpp:350:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dstPtr, &dstValue, sizeof(unsigned int));
data/gdal-3.0.4+dfsg/third_party/LercLib/BitStuffer2.cpp:388:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&val, srcPtr, sizeof(unsigned int));
data/gdal-3.0.4+dfsg/third_party/LercLib/BitStuffer2.cpp:390:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(srcPtr, &val, sizeof(unsigned int));
data/gdal-3.0.4+dfsg/third_party/LercLib/BitStuffer2.cpp:403:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&val, srcPtr, sizeof(unsigned int));
data/gdal-3.0.4+dfsg/third_party/LercLib/BitStuffer2.cpp:417:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&val, srcPtr, sizeof(unsigned int));
data/gdal-3.0.4+dfsg/third_party/LercLib/BitStuffer2.cpp:422:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&val, srcPtr, sizeof(unsigned int));
data/gdal-3.0.4+dfsg/third_party/LercLib/BitStuffer2.cpp:428:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(srcPtr, &lastUInt, sizeof(unsigned int));  // restore the last UInt
data/gdal-3.0.4+dfsg/third_party/LercLib/BitStuffer2.cpp:477:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(*ppByte, &m_tmpBitStuffVec[0], numBytesUsed);
data/gdal-3.0.4+dfsg/third_party/LercLib/BitStuffer2.cpp:516:50:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  if (nBytesRemaining < (size_t)numBytesUsed || !memcpy(&m_tmpBitStuffVec[0], *ppByte, numBytesUsed))
data/gdal-3.0.4+dfsg/third_party/LercLib/BitStuffer2.h:87:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, &kShort, sizeof(unsigned short));
data/gdal-3.0.4+dfsg/third_party/LercLib/BitStuffer2.h:90:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, &k, sizeof(unsigned int));
data/gdal-3.0.4+dfsg/third_party/LercLib/BitStuffer2.h:112:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&s, ptr, sizeof(unsigned short));
data/gdal-3.0.4+dfsg/third_party/LercLib/BitStuffer2.h:116:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&k, ptr, sizeof(unsigned int));
data/gdal-3.0.4+dfsg/third_party/LercLib/Huffman.cpp:154:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(ptr, &intVec[0], len);
data/gdal-3.0.4+dfsg/third_party/LercLib/Huffman.cpp:184:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&intVec[0], ptr, len);
data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc2.cpp:90:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(m_bitMask.Bits(), pMaskBits, m_bitMask.Size());
data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc2.cpp:152:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(ptr, fileKey.c_str(), len);
data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc2.cpp:155:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(ptr, &hd.version, sizeof(int));
data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc2.cpp:161:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, &checksum, sizeof(unsigned int));    // place holder to be filled by the real check sum later
data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc2.cpp:180:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(ptr, &intVec[0], len);
data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc2.cpp:189:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(ptr, &dblVec[0], len);
data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc2.cpp:217:41:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  if (nBytesRemaining < sizeof(int) || !memcpy(&(hd.version), ptr, sizeof(int)))
data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc2.cpp:228:52:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    if (nBytesRemaining < sizeof(unsigned int) || !memcpy(&(hd.checksum), ptr, sizeof(unsigned int)))
data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc2.cpp:241:33:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  if (nBytesRemaining < len || !memcpy(&intVec[0], ptr, len))
data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc2.cpp:249:33:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  if (nBytesRemaining < len || !memcpy(&dblVec[0], ptr, len))
data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc2.cpp:300:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, &numBytesMask, sizeof(int));    // num bytes for compressed mask
data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc2.cpp:302:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, pArrRLE, numBytesRLE);
data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc2.cpp:332:41:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  if (nBytesRemaining < sizeof(int) || !memcpy(&numBytesMask, ptr, sizeof(int)))
data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc2.cpp:384:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pBlobBegin + nBytes, &checksum, sizeof(unsigned int));
data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc2.h:500:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pMaskBits, m_bitMask.Bits(), m_bitMask.Size());
data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc2.h:780:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ptr, &data[m0], len);
data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc2.h:810:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&data[m0], ptr, len);
data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc2.h:1157:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, dataBuf, num * sizeof(T));
data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc2.h:1473:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(ptr, &s, sizeof(short));
data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc2.h:1480:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(ptr, &us, sizeof(unsigned short));
data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc2.h:1487:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(ptr, &i, sizeof(int));
data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc2.h:1494:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(ptr, &n, sizeof(unsigned int));
data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc2.h:1501:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(ptr, &f, sizeof(float));
data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc2.h:1507:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(ptr, &z, sizeof(double));
data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc2.h:1544:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&s, ptr, sizeof(short));
data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc2.h:1551:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&us, ptr, sizeof(unsigned short));
data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc2.h:1558:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&i, ptr, sizeof(int));
data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc2.h:1565:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&n, ptr, sizeof(unsigned int));
data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc2.h:1572:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&f, ptr, sizeof(float));
data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc2.h:1579:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&d, ptr, sizeof(double));
data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc2.h:2079:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(*ppByte, &zVec[0], len);
data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc2.h:2085:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(*ppByte, &zVec[0], len);
data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc2.h:2107:33:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  if (nBytesRemaining < len || !memcpy(&zVec[0], *ppByte, len))
data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc2.h:2116:33:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  if (nBytesRemaining < len || !memcpy(&zVec[0], *ppByte, len))
data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc2.h:2181:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(&data[m], &zBufVec[0], len);
data/gdal-3.0.4+dfsg/third_party/LercLib/RLE.cpp:338:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(*ppCnt, &cnt, sizeof(short));
data/gdal-3.0.4+dfsg/third_party/LercLib/RLE.cpp:348:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&cnt, *ppCnt, sizeof(short));
data/gdal-3.0.4+dfsg/alg/gdal_crs.cpp:220:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    memcpy( psInfo->sTI.abySignature, GDAL_GTI2_SIGNATURE, strlen(GDAL_GTI2_SIGNATURE) );
data/gdal-3.0.4+dfsg/alg/gdal_rpc.cpp:802:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strlen(GDAL_GTI2_SIGNATURE) );
data/gdal-3.0.4+dfsg/alg/gdal_tps.cpp:175:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strlen(GDAL_GTI2_SIGNATURE) );
data/gdal-3.0.4+dfsg/alg/gdalcutline.cpp:344:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        szDataPointer+strlen(szDataPointer),
data/gdal-3.0.4+dfsg/alg/gdalcutline.cpp:346:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        static_cast<int>(sizeof(szDataPointer) - strlen(szDataPointer)) );
data/gdal-3.0.4+dfsg/alg/gdalgeoloc.cpp:680:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strlen(GDAL_GTI2_SIGNATURE) );
data/gdal-3.0.4+dfsg/alg/gdaltransformer.cpp:1172:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strlen(GDAL_GTI2_SIGNATURE) );
data/gdal-3.0.4+dfsg/alg/gdaltransformer.cpp:2871:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strlen(GDAL_GTI2_SIGNATURE) );
data/gdal-3.0.4+dfsg/alg/gdaltransformer.cpp:3258:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
           strlen(GDAL_GTI2_SIGNATURE));
data/gdal-3.0.4+dfsg/alg/gdaltransformer.cpp:3853:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
               strlen(GDAL_GTI2_SIGNATURE)) != 0 )
data/gdal-3.0.4+dfsg/alg/gdaltransformer.cpp:4046:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
               strlen(GDAL_GTI2_SIGNATURE)) != 0 )
data/gdal-3.0.4+dfsg/alg/gdaltransformer.cpp:4071:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
               strlen(GDAL_GTI2_SIGNATURE)) != 0 )
data/gdal-3.0.4+dfsg/alg/gdaltransformer.cpp:4096:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
               strlen(GDAL_GTI2_SIGNATURE)) != 0 )
data/gdal-3.0.4+dfsg/alg/gdaltransformer.cpp:4148:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
               strlen(GDAL_GTI2_SIGNATURE)) != 0 )
data/gdal-3.0.4+dfsg/alg/gdaltransformer.cpp:4178:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
               strlen(GDAL_GTI2_SIGNATURE)) != 0 )
data/gdal-3.0.4+dfsg/alg/gdaltransformer.cpp:4195:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                   strlen(GDAL_GTI2_SIGNATURE)) != 0 )
data/gdal-3.0.4+dfsg/alg/gdalwarper.cpp:1651:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( psWO->hDstDS != nullptr && strlen(GDALGetDescription(psWO->hDstDS)) != 0 )
data/gdal-3.0.4+dfsg/alg/internal_libqhull/global.c:93:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (*hiddenflags != ' ' || hiddenflags[strlen(hiddenflags)-1] != ' ') {
data/gdal-3.0.4+dfsg/alg/internal_libqhull/global.c:151:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      chkerr[strlen(chkerr)-1]=  '\'';
data/gdal-3.0.4+dfsg/alg/internal_libqhull/global.c:215:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      qh qhull_commandsiz2= (int)strlen(qh qhull_command); /* WARN64 */
data/gdal-3.0.4+dfsg/alg/internal_libqhull/global.c:220:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    qh qhull_optionsiz2= (int)strlen(qh qhull_options);  /* WARN64 */
data/gdal-3.0.4+dfsg/alg/internal_libqhull/global.c:620:7:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
      strncat(qh qhull_command, command, sizeof(qh qhull_command)-strlen(qh qhull_command)-1);
data/gdal-3.0.4+dfsg/alg/internal_libqhull/global.c:620:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      strncat(qh qhull_command, command, sizeof(qh qhull_command)-strlen(qh qhull_command)-1);
data/gdal-3.0.4+dfsg/alg/internal_libqhull/global.c:733:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(qh feasible_string, start, (size_t)(t-start));
data/gdal-3.0.4+dfsg/alg/internal_libqhull/global.c:2031:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    sprintf(buf+strlen(buf), " %d", *i);
data/gdal-3.0.4+dfsg/alg/internal_libqhull/global.c:2033:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    sprintf(buf+strlen(buf), " %2.2g", *r);
data/gdal-3.0.4+dfsg/alg/internal_libqhull/global.c:2034:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len= (int)strlen(buf);  /* WARN64 */
data/gdal-3.0.4+dfsg/alg/internal_libqhull/global.c:2040:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant character.
    strncat(qh qhull_options, "\n", (size_t)(maxlen--));
data/gdal-3.0.4+dfsg/alg/internal_libqhull/global.c:2042:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
  strncat(qh qhull_options, buf, (size_t)maxlen);
data/gdal-3.0.4+dfsg/alg/internal_libqhull/io.c:198:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(filename, source, length);
data/gdal-3.0.4+dfsg/alg/internal_libqhull/io.c:3697:9:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
        strncat(qh rbox_command, s, sizeof(qh rbox_command)-1);
data/gdal-3.0.4+dfsg/alg/internal_libqhull/io.c:3715:11:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
          strncat(qh rbox_command, s, sizeof(qh rbox_command)-1);
data/gdal-3.0.4+dfsg/alg/internal_libqhull/io.c:3827:10:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
         strncat(qh rbox_command, s, sizeof(qh rbox_command)-1);
data/gdal-3.0.4+dfsg/alg/internal_libqhull/io.c:3931:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    qh rbox_command[strlen(qh rbox_command)-1]= '\0';
data/gdal-3.0.4+dfsg/alg/internal_libqhull/libqhull.c:317:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      qh qhull_optionsiz= (int)strlen(qh qhull_options);   /* WARN64 */
data/gdal-3.0.4+dfsg/alg/internal_libqhull/random.c:51:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((int)strlen(s) < max_size)   /* WARN64 */
data/gdal-3.0.4+dfsg/alg/internal_libqhull/random.c:61:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    remaining= max_size - (int)strlen(command) - (int)strlen(s) - 2;   /* WARN64 */
data/gdal-3.0.4+dfsg/alg/internal_libqhull/random.c:61:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    remaining= max_size - (int)strlen(command) - (int)strlen(s) - 2;   /* WARN64 */
data/gdal-3.0.4+dfsg/alg/internal_libqhull/random.c:63:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      char *t= command + strlen(command);
data/gdal-3.0.4+dfsg/alg/internal_libqhull/random.c:83:7:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
      strcat(command, " ");
data/gdal-3.0.4+dfsg/alg/internal_libqhull/random.c:109:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      count += (int)strlen(argv[i]) + 1;   /* WARN64 */
data/gdal-3.0.4+dfsg/alg/internal_libqhull/rboxlib.c:127:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
  strncat(command, rbox_command, sizeof(command)-strlen(command)-1);
data/gdal-3.0.4+dfsg/alg/internal_libqhull/rboxlib.c:127:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  strncat(command, rbox_command, sizeof(command)-strlen(command)-1);
data/gdal-3.0.4+dfsg/alg/internal_libqhull/rboxlib.c:350:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    strncat(command, seedbuf, sizeof(command)-strlen(command)-1);
data/gdal-3.0.4+dfsg/alg/internal_libqhull/rboxlib.c:350:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    strncat(command, seedbuf, sizeof(command)-strlen(command)-1);
data/gdal-3.0.4+dfsg/apps/gdal2ogr.c:187:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszDstFilenameCSVT = CPLMalloc(strlen(pszDstFilename) + 2);
data/gdal-3.0.4+dfsg/apps/gdal2ogr.c:189:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat(pszDstFilenameCSVT, "t");
data/gdal-3.0.4+dfsg/apps/gdal2ogr.c:202:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strcpy(pszDstFilenameVRT + strlen(pszDstFilename) - 3, "vrt");
data/gdal-3.0.4+dfsg/apps/gdal_contour.cpp:294:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszWKT != nullptr && strlen(pszWKT) != 0 )
data/gdal-3.0.4+dfsg/apps/gdal_translate_bin.cpp:305:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                CPLMalloc(strlen(psOptionsForBinary->pszDest) + 32));
data/gdal-3.0.4+dfsg/apps/gdal_translate_lib.cpp:758:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( pszProjection != nullptr && strlen(pszProjection) > 0 )
data/gdal-3.0.4+dfsg/apps/gdal_translate_lib.cpp:1199:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( pszProjection != nullptr && strlen(pszProjection) > 0 )
data/gdal-3.0.4+dfsg/apps/gdal_translate_lib.cpp:2028:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(poSrcBand->GetDescription()) > 0 )
data/gdal-3.0.4+dfsg/apps/gdal_translate_lib.cpp:2494:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                papszArgv[i][strlen(papszArgv[i])-1] == '%' )
data/gdal-3.0.4+dfsg/apps/gdal_translate_lib.cpp:2500:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                papszArgv[i][strlen(papszArgv[i])-1] == '%' )
data/gdal-3.0.4+dfsg/apps/gdal_translate_lib.cpp:2625:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            int nIndex = atoi(papszArgv[i] + strlen("-colorinterp_"));
data/gdal-3.0.4+dfsg/apps/gdalasyncread.cpp:292:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nOXSize = static_cast<int>((pszOXSize[strlen(pszOXSize)-1]=='%'
data/gdal-3.0.4+dfsg/apps/gdalasyncread.cpp:294:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nOYSize = static_cast<int>((pszOYSize[strlen(pszOYSize)-1]=='%'
data/gdal-3.0.4+dfsg/apps/gdalbuildvrt_lib.cpp:464:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if (EQUALN(*papszMetadata, subdatasetNameKey, strlen(subdatasetNameKey)))
data/gdal-3.0.4+dfsg/apps/gdalbuildvrt_lib.cpp:468:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            CPLStrdup(*papszMetadata+strlen(subdatasetNameKey)+1);
data/gdal-3.0.4+dfsg/apps/gdaldem_lib.cpp:1926:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            else if( strlen(papszFields[0]) > 1 &&
data/gdal-3.0.4+dfsg/apps/gdaldem_lib.cpp:1927:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                     papszFields[0][strlen(papszFields[0])-1] == '%' )
data/gdal-3.0.4+dfsg/apps/gdalenhance.cpp:409:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( pszProjection != nullptr && strlen(pszProjection) > 0 )
data/gdal-3.0.4+dfsg/apps/gdalinfo_lib.cpp:763:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            && strlen(GDALGetDescription( hBand )) > 0 )
data/gdal-3.0.4+dfsg/apps/gdalinfo_lib.cpp:1235:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(GDALGetRasterUnitType(hBand)) > 0 )
data/gdal-3.0.4+dfsg/apps/gdalserver.cpp:460:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = static_cast<int>(strlen(sockAddrUnix.sun_path) + sizeof(sockAddrUnix.sun_family));
data/gdal-3.0.4+dfsg/apps/gdaltindex.cpp:647:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                         strlen(projectionRef) <= nMaxFieldSize )
data/gdal-3.0.4+dfsg/apps/gdaltindex.cpp:670:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    strlen(projectionRef) <= nMaxFieldSize )
data/gdal-3.0.4+dfsg/apps/gdalwarp_lib.cpp:300:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        && strlen(GDALGetProjectionRef( hDS )) > 0
data/gdal-3.0.4+dfsg/apps/gdalwarp_lib.cpp:306:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             && strlen(GDALGetGCPProjection( hDS )) > 0
data/gdal-3.0.4+dfsg/apps/gdalwarp_lib.cpp:1266:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            if(  pszSrcInfo != nullptr && strlen(pszSrcInfo) > 0 )
data/gdal-3.0.4+dfsg/apps/gdalwarp_lib.cpp:1269:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            if(  pszSrcInfo != nullptr && strlen(pszSrcInfo) > 0 )
data/gdal-3.0.4+dfsg/apps/gdalwarp_lib.cpp:1297:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            if( ! ( pszSrcInfo != nullptr && strlen(pszSrcInfo) > 0  &&
data/gdal-3.0.4+dfsg/apps/gdalwarp_lib.cpp:1298:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                    pszDstInfo != nullptr && strlen(pszDstInfo) > 0  &&
data/gdal-3.0.4+dfsg/apps/gdalwarp_lib.cpp:1303:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            if( ! ( pszSrcInfo != nullptr && strlen(pszSrcInfo) > 0  &&
data/gdal-3.0.4+dfsg/apps/gdalwarp_lib.cpp:1304:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                    pszDstInfo != nullptr && strlen(pszDstInfo) > 0  &&
data/gdal-3.0.4+dfsg/apps/gdalwarpsimple.c:216:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            && strlen(GDALGetProjectionRef( hSrcDS )) > 0 )
data/gdal-3.0.4+dfsg/apps/gdalwarpsimple.c:220:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 && strlen(GDALGetGCPProjection(hSrcDS)) > 0
data/gdal-3.0.4+dfsg/apps/gnmanalyse.cpp:307:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(poLayer->GetFIDColumn()) > 0 )
data/gdal-3.0.4+dfsg/apps/ogr2ogr_lib.cpp:719:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            int nWidth = static_cast<int>(strlen(paList[j]));
data/gdal-3.0.4+dfsg/apps/ogr2ogr_lib.cpp:1163:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        : static_cast<int>(strlen(pszArg));
data/gdal-3.0.4+dfsg/apps/ogr2ogr_lib.cpp:4939:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memmove(pabyData, pabyData + 3, strlen(reinterpret_cast<char*>(pabyData) + 3) + 1);
data/gdal-3.0.4+dfsg/apps/ogr2ogr_lib.cpp:5152:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strlen(papszArgv[i+1]) > 3 &&
data/gdal-3.0.4+dfsg/apps/ogr2ogr_lib.cpp:5153:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                STARTS_WITH_CI(papszArgv[i+1] + strlen(papszArgv[i+1]) - 3, "25D"))
data/gdal-3.0.4+dfsg/apps/ogr2ogr_lib.cpp:5158:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            else if (strlen(papszArgv[i+1]) > 1 &&
data/gdal-3.0.4+dfsg/apps/ogr2ogr_lib.cpp:5159:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                STARTS_WITH_CI(papszArgv[i+1] + strlen(papszArgv[i+1]) - 1, "Z"))
data/gdal-3.0.4+dfsg/apps/ogrdissolve.cpp:152:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strlen(papszArgv[iArg+1]) > 3 &&
data/gdal-3.0.4+dfsg/apps/ogrdissolve.cpp:153:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                STARTS_WITH_CI(papszArgv[iArg+1] + strlen(papszArgv[iArg+1]) - 3, "25D"))
data/gdal-3.0.4+dfsg/apps/ogrdissolve.cpp:158:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            else if (strlen(papszArgv[iArg+1]) > 1 &&
data/gdal-3.0.4+dfsg/apps/ogrdissolve.cpp:159:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                STARTS_WITH_CI(papszArgv[iArg+1] + strlen(papszArgv[iArg+1]) - 1, "Z"))
data/gdal-3.0.4+dfsg/apps/ogrinfo.cpp:367:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(poLayer->GetFIDColumn()) > 0 )
data/gdal-3.0.4+dfsg/apps/ogrinfo.cpp:450:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                strlen(reinterpret_cast<char *>(pabyData) + 3) + 1);
data/gdal-3.0.4+dfsg/apps/ogrinfo.cpp:642:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                static_cast<char *>(CPLMalloc(32 + strlen(papszArgv[iArg])));
data/gdal-3.0.4+dfsg/apps/ogrinfo.cpp:644:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    32 + strlen(papszArgv[iArg]),
data/gdal-3.0.4+dfsg/apps/ogrinfo.cpp:645:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    "DISPLAY_FIELDS=%s", papszArgv[iArg] + strlen("-fields="));
data/gdal-3.0.4+dfsg/apps/ogrinfo.cpp:652:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                static_cast<char *>(CPLMalloc(32 + strlen(papszArgv[iArg])));
data/gdal-3.0.4+dfsg/apps/ogrinfo.cpp:654:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    32 + strlen(papszArgv[iArg]),
data/gdal-3.0.4+dfsg/apps/ogrinfo.cpp:655:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    "DISPLAY_GEOMETRY=%s", papszArgv[iArg] + strlen("-geom="));
data/gdal-3.0.4+dfsg/apps/ogrlineref.cpp:376:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                   strlen(apszBeginName[i][0])) &&
data/gdal-3.0.4+dfsg/apps/ogrtindex.cpp:440:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                int j = static_cast<int>(strlen(filename)) - 1;
data/gdal-3.0.4+dfsg/apps/ogrtindex.cpp:757:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            strlen(pszWKT) <= nMaxFieldSize )
data/gdal-3.0.4+dfsg/apps/ogrtindex.cpp:779:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        strlen(pszWKT) <= nMaxFieldSize )
data/gdal-3.0.4+dfsg/frmts/aaigrid/aaigriddataset.cpp:1027:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        snprintf(szHeader + strlen(szHeader),
data/gdal-3.0.4+dfsg/frmts/aaigrid/aaigriddataset.cpp:1028:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 sizeof(szHeader) - strlen(szHeader), "%s", "NODATA_value ");
data/gdal-3.0.4+dfsg/frmts/aaigrid/aaigriddataset.cpp:1030:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            snprintf(szHeader + strlen(szHeader),
data/gdal-3.0.4+dfsg/frmts/aaigrid/aaigriddataset.cpp:1031:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                     sizeof(szHeader) - strlen(szHeader), "%d",
data/gdal-3.0.4+dfsg/frmts/aaigrid/aaigriddataset.cpp:1034:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            CPLsnprintf(szHeader + strlen(szHeader),
data/gdal-3.0.4+dfsg/frmts/aaigrid/aaigriddataset.cpp:1035:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        sizeof(szHeader) - strlen(szHeader),
data/gdal-3.0.4+dfsg/frmts/aaigrid/aaigriddataset.cpp:1037:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        snprintf(szHeader + strlen(szHeader),
data/gdal-3.0.4+dfsg/frmts/aaigrid/aaigriddataset.cpp:1038:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 sizeof(szHeader) - strlen(szHeader), "%s", "\n");
data/gdal-3.0.4+dfsg/frmts/aaigrid/aaigriddataset.cpp:1041:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( VSIFWriteL(szHeader, strlen(szHeader), 1, fpImage) != 1)
data/gdal-3.0.4+dfsg/frmts/aaigrid/aaigriddataset.cpp:1170:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                          strlen(pszESRIProjection), fp));
data/gdal-3.0.4+dfsg/frmts/aaigrid/aaigriddataset.cpp:1223:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             !EQUALN(papszNV[iLine],pszField,strlen(pszField));
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:326:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(pszStr) > size )
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:333:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    str[strlen(pszStr)] = ' ';
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:373:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    CPLAssert((int)strlen(str) == 11);
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:387:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    CPLAssert((int)strlen(str) == 10);
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:516:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    VSIFWriteL(_fieldName, 1, strlen(_fieldName), fd);
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:517:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len += static_cast<int>(strlen(_fieldName));
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:521:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        VSIFWriteL(_arrayDescr, 1, strlen(_arrayDescr), fd);
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:522:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len += static_cast<int>(strlen(_arrayDescr));
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:525:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        VSIFWriteL(_formatControls, 1, strlen(_formatControls), fd);
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:526:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len += static_cast<int>(strlen(_formatControls));
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:782:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(ddd, str, 3);
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:784:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(mm, str, 2);
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:786:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(ssdotss, str, 5);
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:801:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(ddd, str, 2);
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:803:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(mm, str, 2);
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:805:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(ssdotss, str, 5);
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:863:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( pszBAD == nullptr || strlen(pszBAD) != 12 )
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:925:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszNAM == nullptr || strlen(pszNAM) != 8 )
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:965:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( pszLSO == nullptr || strlen(pszLSO) != 11 )
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:971:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( pszPSO == nullptr || strlen(pszPSO) != 10 )
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:995:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( pszLSO == NULL || strlen(pszLSO) != 11 )
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:1001:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( pszPSO == NULL || strlen(pszPSO) != 10 )
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:1050:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszBAD == nullptr || strlen(pszBAD) != 12 )
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:1107:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(offset, ptr, 5);
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:1446:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( pszBAD == nullptr || strlen(pszBAD) != 12 )
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:2078:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(tmp, osBaseFileName.c_str(), 6);
data/gdal-3.0.4+dfsg/frmts/adrg/adrgdataset.cpp:2350:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(tmp, osBaseFileName.c_str(), 6);
data/gdal-3.0.4+dfsg/frmts/adrg/srpdataset.cpp:592:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(offset, ptr, nIndexValueWidth);
data/gdal-3.0.4+dfsg/frmts/adrg/srpdataset.cpp:751:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    if( pszDAT != nullptr && strlen(pszDAT) >= 12 )
data/gdal-3.0.4+dfsg/frmts/adrg/srpdataset.cpp:754:25:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                        strncpy(dat, pszDAT+4, 8);
data/gdal-3.0.4+dfsg/frmts/adrg/srpdataset.cpp:771:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    if( pszDAT != nullptr && strlen(pszDAT) >= 12 )
data/gdal-3.0.4+dfsg/frmts/adrg/srpdataset.cpp:774:25:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                        strncpy(dat,pszDAT+4,8);
data/gdal-3.0.4+dfsg/frmts/adrg/srpdataset.cpp:990:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( pszBAD == nullptr || strlen(pszBAD) != 12 )
data/gdal-3.0.4+dfsg/frmts/adrg/srpdataset.cpp:1049:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ( strlen(pszNAM) != 8 )
data/gdal-3.0.4+dfsg/frmts/adrg/srpdataset.cpp:1051:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        CPLDebug("SRP", "Name Size=%d", (int)strlen(pszNAM) );
data/gdal-3.0.4+dfsg/frmts/adrg/srpdataset.cpp:1277:25:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                        strncpy(dat,pszDAT+4,8);
data/gdal-3.0.4+dfsg/frmts/adrg/srpdataset.cpp:1397:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( pszBAD == nullptr || strlen(pszBAD) != 12 )
data/gdal-3.0.4+dfsg/frmts/aigrid/aigdataset.cpp:623:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(papszFileList[iFile]) != 11 )
data/gdal-3.0.4+dfsg/frmts/aigrid/aigdataset.cpp:864:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             !EQUALN(papszNV[iLine],pszField,strlen(pszField));
data/gdal-3.0.4+dfsg/frmts/aigrid/aigdataset.cpp:899:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(CPLGetExtension(pszNewName)) > 0 )
data/gdal-3.0.4+dfsg/frmts/aigrid/aigdataset.cpp:904:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(CPLGetExtension(pszOldName)) > 0 )
data/gdal-3.0.4+dfsg/frmts/aigrid/aigopen.c:55:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( EQUAL(pszCoverName+strlen(pszCoverName)-4, ".adf") )
data/gdal-3.0.4+dfsg/frmts/aigrid/aigopen.c:59:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        for( i = (int)strlen(pszCoverName)-1; i > 0; i-- )
data/gdal-3.0.4+dfsg/frmts/aigrid/aigopen.c:69:13:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
            strcpy(pszCoverName,".");
data/gdal-3.0.4+dfsg/frmts/aigrid/aigopen.c:200:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t nFilenameLen = strlen(psInfo->pszCoverName)+40;
data/gdal-3.0.4+dfsg/frmts/aigrid/aigopen.c:493:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        for( i = (int)strlen(pszUCFilename)-1;
data/gdal-3.0.4+dfsg/frmts/aigrid/gridlib.c:809:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t nHDRFilenameLen = strlen(pszCoverName)+30;
data/gdal-3.0.4+dfsg/frmts/aigrid/gridlib.c:888:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t nHDRFilenameLen = strlen(psInfo->pszCoverName)+40;
data/gdal-3.0.4+dfsg/frmts/aigrid/gridlib.c:1072:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t nHDRFilenameLen = strlen(pszCoverName)+40;
data/gdal-3.0.4+dfsg/frmts/aigrid/gridlib.c:1132:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t nHDRFilenameLen = strlen(pszCoverName)+40;
data/gdal-3.0.4+dfsg/frmts/cals/calsdataset.cpp:310:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( sscanf(pszRPelCnt+strlen("rpelcnt:"),"%d,%d",&nXSize,&nYSize) != 2 ||
data/gdal-3.0.4+dfsg/frmts/cals/calsdataset.cpp:317:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( sscanf(pszOrient+strlen("rorient:"),"%d,%d",&nAngle1,&nAngle2) != 2 )
data/gdal-3.0.4+dfsg/frmts/cals/calsdataset.cpp:324:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        sscanf(pszDensity+strlen("rdensty:"), "%d", &nDensity);
data/gdal-3.0.4+dfsg/frmts/cals/calsdataset.cpp:515:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    memset(szBuffer, 'X', 2048 - nTIFFHeaderSize + strlen(INITIAL_PADDING));
data/gdal-3.0.4+dfsg/frmts/cals/calsdataset.cpp:516:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    szBuffer[2048 - nTIFFHeaderSize + strlen(INITIAL_PADDING)] = 0;
data/gdal-3.0.4+dfsg/frmts/ceos2/ceos.c:286:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(temp_buf,value,field_size+1);
data/gdal-3.0.4+dfsg/frmts/ceos2/ceosrecipe.c:750:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if(strncmp(CeosStringType[i].String ,string, strlen( CeosStringType[i].String ) ) == 0 )
data/gdal-3.0.4+dfsg/frmts/ceos2/sar_ceosdataset.cpp:1698:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(pszBasename) > 4 )
data/gdal-3.0.4+dfsg/frmts/ceos2/sar_ceosdataset.cpp:1741:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if( strlen(pszExtension) > 3 )
data/gdal-3.0.4+dfsg/frmts/ceos2/sar_ceosdataset.cpp:1763:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                for( int i = static_cast<int>(strlen(pszFilename))-1;
data/gdal-3.0.4+dfsg/frmts/coasp/coasp_dataset.cpp:209:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    const size_t nSize = strlen(pszItemValue) + 1 + strlen(papszMDTokens[i]);
data/gdal-3.0.4+dfsg/frmts/coasp/coasp_dataset.cpp:209:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    const size_t nSize = strlen(pszItemValue) + 1 + strlen(papszMDTokens[i]);
data/gdal-3.0.4+dfsg/frmts/coasp/coasp_dataset.cpp:211:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    snprintf(pszItemValue + strlen(pszItemValue),
data/gdal-3.0.4+dfsg/frmts/coasp/coasp_dataset.cpp:212:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            nSize - strlen(pszItemValue), " %s",
data/gdal-3.0.4+dfsg/frmts/coasp/coasp_dataset.cpp:401:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int nNull = static_cast<int>(strlen(pszBaseName)) - 1;
data/gdal-3.0.4+dfsg/frmts/coasp/coasp_dataset.cpp:410:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(pszBase, pszBaseName, nNull);
data/gdal-3.0.4+dfsg/frmts/daas/daasdataset.cpp:466:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                       strlen("HTTP error code : ")) )
data/gdal-3.0.4+dfsg/frmts/daas/daasdataset.cpp:469:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                        strlen("HTTP error code : "));
data/gdal-3.0.4+dfsg/frmts/daas/daasdataset.cpp:873:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                m_osGetMetadataURL.substr(nPosImages + strlen("/images/")) +
data/gdal-3.0.4+dfsg/frmts/daas/daasdataset.cpp:1238:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                             poOpenInfo->pszFilename + strlen("DAAS:"));
data/gdal-3.0.4+dfsg/frmts/derived/deriveddataset.cpp:76:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t nPrefixLen = strlen("DERIVED_SUBDATASET:");
data/gdal-3.0.4+dfsg/frmts/dimap/dimapdataset.cpp:597:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if( strlen(pszHref) > 0 )  // DIMAP product found.
data/gdal-3.0.4+dfsg/frmts/dimap/dimapdataset.cpp:618:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    if( strlen(pszDataFileHref) > 0 )
data/gdal-3.0.4+dfsg/frmts/dimap/dimapdataset.cpp:660:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    if( strlen(pszHref) > 0 )  // STRIP product found.
data/gdal-3.0.4+dfsg/frmts/dimap/dimapdataset.cpp:692:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 if( strlen(pszHref) > 0 )  // RPC product found.
data/gdal-3.0.4+dfsg/frmts/dimap/dimapdataset.cpp:1436:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                if( strlen(psTag->psChild->pszValue) < 2)
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:1008:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy( pszResult, pszFieldSrc, nFieldLen );
data/gdal-3.0.4+dfsg/frmts/dted/dted_api.c:1039:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nLenToCopy = MIN((size_t)nFieldLen,strlen(pszNewValue));
data/gdal-3.0.4+dfsg/frmts/dted/dteddataset.cpp:470:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( !pszPrj || strlen(pszPrj) == 0 )
data/gdal-3.0.4+dfsg/frmts/dted/dteddataset.cpp:483:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if( pszPrj && strlen(pszPrj) > 0 )
data/gdal-3.0.4+dfsg/frmts/dted/dteddataset.cpp:529:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if(pszPrj && strlen(pszPrj) > 0)
data/gdal-3.0.4+dfsg/frmts/dted/dteddataset.cpp:532:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (pszProjection && strlen(pszProjection) > 0)
data/gdal-3.0.4+dfsg/frmts/e00grid/e00griddataset.cpp:230:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if (pszLine == nullptr || strlen(pszLine) < 5 * E00_FLOAT_SIZE)
data/gdal-3.0.4+dfsg/frmts/e00grid/e00griddataset.cpp:578:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (pszLine == nullptr || strlen(pszLine) <
data/gdal-3.0.4+dfsg/frmts/e00grid/e00griddataset.cpp:616:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (pszLine == nullptr || strlen(pszLine) < 2*E00_DOUBLE_SIZE)
data/gdal-3.0.4+dfsg/frmts/e00grid/e00griddataset.cpp:632:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (pszLine == nullptr || strlen(pszLine) < 2*E00_DOUBLE_SIZE)
data/gdal-3.0.4+dfsg/frmts/e00grid/e00griddataset.cpp:646:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (pszLine == nullptr || strlen(pszLine) < 2*E00_DOUBLE_SIZE)
data/gdal-3.0.4+dfsg/frmts/e00grid/e00read.c:108:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             (strlen(psInfo->szInBuf)==79 || strlen(psInfo->szInBuf)==80) &&
data/gdal-3.0.4+dfsg/frmts/e00grid/e00read.c:108:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             (strlen(psInfo->szInBuf)==79 || strlen(psInfo->szInBuf)==80) &&
data/gdal-3.0.4+dfsg/frmts/e00grid/e00read.c:318:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (psInfo->bEOF && strlen(pszLine) == 0)
data/gdal-3.0.4+dfsg/frmts/e00grid/e00read.c:357:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                strncpy(psInfo->szInBuf, pszLine, E00_READ_BUF_SIZE);
data/gdal-3.0.4+dfsg/frmts/e00grid/e00read.c:374:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            nLen = (int)strlen(psInfo->szInBuf);
data/gdal-3.0.4+dfsg/frmts/ecw/ecwcreatecopy.cpp:62:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            memmove(szProcessName, szLastSlash + 1, strlen(szLastSlash + 1) + 1);
data/gdal-3.0.4+dfsg/frmts/ecw/ecwcreatecopy.cpp:397:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pszDictBox = (char *) CPLMalloc(strlen(pszGMLDef) + 4000);
data/gdal-3.0.4+dfsg/frmts/ecw/ecwcreatecopy.cpp:399:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            snprintf( pszDictBox, strlen(pszGMLDef) + 4000,
data/gdal-3.0.4+dfsg/frmts/ecw/ecwcreatecopy.cpp:439:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    poGMLData->SetData( strlen( szDoc ), (unsigned char *) szDoc );
data/gdal-3.0.4+dfsg/frmts/ecw/ecwcreatecopy.cpp:458:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        poGMLData->SetData( strlen(pszDictBox),
data/gdal-3.0.4+dfsg/frmts/ecw/ecwcreatecopy.cpp:908:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy( szProjection,
data/gdal-3.0.4+dfsg/frmts/ecw/ecwcreatecopy.cpp:915:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy( szDatum, CSLFetchNameValue(papszOptions, "DATUM"), sizeof(szDatum) );
data/gdal-3.0.4+dfsg/frmts/ecw/ecwcreatecopy.cpp:1671:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          if( strlen(GetDescription()) == 0 )
data/gdal-3.0.4+dfsg/frmts/ecw/ecwdataset.cpp:3180:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszWKT == nullptr || strlen(pszWKT) == 0 )
data/gdal-3.0.4+dfsg/frmts/ecw/ecwdataset.cpp:3225:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy( pszProjection, pszEPSGProj, nProjectionLen );
data/gdal-3.0.4+dfsg/frmts/ecw/ecwdataset.cpp:3226:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy( pszDatum, pszEPSGDatum, nDatumLen );
data/gdal-3.0.4+dfsg/frmts/ecw/gdal_ecw.h:208:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( strlen(CPLGetExtension(pszFilename)) > 0 )
data/gdal-3.0.4+dfsg/frmts/eeda/eedacommon.cpp:150:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                    pszStr + strlen("SR-ORG:"));
data/gdal-3.0.4+dfsg/frmts/eeda/eedacommon.cpp:503:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                EQUALN(psResult->pszErrBuf, "HTTP error code : ", strlen("HTTP error code : ")) )
data/gdal-3.0.4+dfsg/frmts/eeda/eedacommon.cpp:505:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                nHTTPStatus = atoi(psResult->pszErrBuf + strlen("HTTP error code : "));
data/gdal-3.0.4+dfsg/frmts/eeda/eedadataset.cpp:51:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int nLength = static_cast<int>(strlen(pszInput));
data/gdal-3.0.4+dfsg/frmts/eeda/eedadataset.cpp:910:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        m_osAttributeFilter = pszQuery + strlen("EEDA:");
data/gdal-3.0.4+dfsg/frmts/envisat/EnvisatFile.c:956:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nValueLen = strlen(value);
data/gdal-3.0.4+dfsg/frmts/envisat/EnvisatFile.c:957:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nEntryValueLen = strlen(entries[key_index]->value);
data/gdal-3.0.4+dfsg/frmts/envisat/EnvisatFile.c:1073:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    snprintf( format, sizeof(format), "%%+0%dd", (int) strlen(prototype_value) );
data/gdal-3.0.4+dfsg/frmts/envisat/EnvisatFile.c:1186:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    length = (int)strlen(prototype_value);
data/gdal-3.0.4+dfsg/frmts/envisat/EnvisatFile.c:1206:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( (int)strlen(string_value) > length )
data/gdal-3.0.4+dfsg/frmts/envisat/EnvisatFile.c:1247:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy( padded_ds_name, ds_name, sizeof(padded_ds_name) );
data/gdal-3.0.4+dfsg/frmts/envisat/EnvisatFile.c:1249:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for( i = (int)strlen(padded_ds_name); (size_t)i < sizeof(padded_ds_name)-1; i++ )
data/gdal-3.0.4+dfsg/frmts/envisat/EnvisatFile.c:1261:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                     strlen(self->ds_info[i]->ds_name) ) == 0 )        {
data/gdal-3.0.4+dfsg/frmts/envisat/EnvisatFile.c:1811:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy( entry->key, line, equal_index );
data/gdal-3.0.4+dfsg/frmts/envisat/EnvisatFile.c:1827:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            entry->value_len = strlen(entry->value)+1;
data/gdal-3.0.4+dfsg/frmts/envisat/EnvisatFile.c:1856:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            entry->value_len = strlen(entry->value)+1;
data/gdal-3.0.4+dfsg/frmts/envisat/EnvisatFile.c:1916:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( VSIFWriteL( entry->value, 1, strlen(entry->value), fp ) !=
data/gdal-3.0.4+dfsg/frmts/envisat/EnvisatFile.c:1917:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strlen(entry->value) )
data/gdal-3.0.4+dfsg/frmts/envisat/envisatdataset.cpp:597:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy( szDSName, pszDomain+11, sizeof(szDSName) );
data/gdal-3.0.4+dfsg/frmts/envisat/envisatdataset.cpp:680:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            || strlen(pszFilename) == 0
data/gdal-3.0.4+dfsg/frmts/envisat/envisatdataset.cpp:689:9:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
        strncat( szKey, pszDSName, max_len - strlen(szKey) - 1 );
data/gdal-3.0.4+dfsg/frmts/envisat/envisatdataset.cpp:689:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strncat( szKey, pszDSName, max_len - strlen(szKey) - 1 );
data/gdal-3.0.4+dfsg/frmts/envisat/envisatdataset.cpp:692:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        for( int i = static_cast<int>(strlen(szKey))-1; i && szKey[i] == ' '; i-- )
data/gdal-3.0.4+dfsg/frmts/envisat/envisatdataset.cpp:706:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        for( int i = static_cast<int>(strlen(szTrimmedName))-1; i && szTrimmedName[i] == ' '; i--)
data/gdal-3.0.4+dfsg/frmts/envisat/envisatdataset.cpp:745:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy( szPrefix, pszDSName, sizeof(szPrefix) - 1);
data/gdal-3.0.4+dfsg/frmts/envisat/envisatdataset.cpp:749:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            for( int i = static_cast<int>(strlen(szPrefix))-1; i && szPrefix[i] == ' '; --i )
data/gdal-3.0.4+dfsg/frmts/envisat/records.c:1232:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for( nLen = (int)strlen(pszDataset); nLen && pszDataset[nLen-1] == ' '; --nLen );
data/gdal-3.0.4+dfsg/frmts/epsilon/epsilondataset.cpp:485:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int nRasterliteWaveletHeaderLen = strlen(RASTERLITE_WAVELET_HEADER);
data/gdal-3.0.4+dfsg/frmts/epsilon/epsilondataset.cpp:494:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int nRasterlineWaveletFooterLen = strlen(RASTERLITE_WAVELET_FOOTER);
data/gdal-3.0.4+dfsg/frmts/epsilon/epsilondataset.cpp:609:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int nRasterliteWaveletHeaderLen = strlen(RASTERLITE_WAVELET_HEADER);
data/gdal-3.0.4+dfsg/frmts/epsilon/epsilondataset.cpp:858:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        VSIFWriteL(pszHeader, 1, strlen(pszHeader) + 1, fp);
data/gdal-3.0.4+dfsg/frmts/epsilon/epsilondataset.cpp:963:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        VSIFWriteL(pszFooter, 1, strlen(pszFooter) + 1, fp);
data/gdal-3.0.4+dfsg/frmts/ers/ersdataset.cpp:426:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if(pszPrj && strlen(pszPrj) > 0)
data/gdal-3.0.4+dfsg/frmts/ers/ersdataset.cpp:1289:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( !pszPrj || strlen(pszPrj) == 0 )
data/gdal-3.0.4+dfsg/frmts/ers/ersdataset.cpp:1296:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( pszPrj && strlen(pszPrj) > 0 )
data/gdal-3.0.4+dfsg/frmts/fits/fitsdataset.cpp:333:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(field) == 0)
data/gdal-3.0.4+dfsg/frmts/fits/fitsdataset.cpp:339:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (key != nullptr && strlen(key) <= 8 && !isIgnorableFITSHeader(key))
data/gdal-3.0.4+dfsg/frmts/fits/fitsdataset.cpp:577:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (value[0] == '\'' && value[strlen(value) - 1] == '\'')
data/gdal-3.0.4+dfsg/frmts/fits/fitsdataset.cpp:580:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          value[strlen(value) - 1] = '\0';
data/gdal-3.0.4+dfsg/frmts/fits/fitsdataset.cpp:583:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strrchr(newValue, '&') == newValue + strlen(newValue) - 1)
data/gdal-3.0.4+dfsg/frmts/fits/fitsdataset.cpp:616:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t fitsIDLen = strlen(fitsID);  // Should be 30 chars long
data/gdal-3.0.4+dfsg/frmts/fits/fitsdataset.cpp:1329:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
        strncpy(target, "Undefined", 10);
data/gdal-3.0.4+dfsg/frmts/georaster/cpl_vsil_ocilob.cpp:135:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strncmp(pszFilename, "/vsiocilob/", strlen("/vsiocilob/") ) != 0 )
data/gdal-3.0.4+dfsg/frmts/georaster/cpl_vsil_ocilob.cpp:141:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            &pszFilename[strlen("/vsiocilob/")], ",",
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:624:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    while( strlen(oBox.GetType()) > 0 )
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:1904:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(poGeoRaster->sAuthority) > 0 )
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:2199:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            memcpy( pszStart, "Azimuth", strlen(SRS_PP_AZIMUTH) );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:2205:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                        strlen(SRS_PP_CENTRAL_MERIDIAN) );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:2210:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            memcpy( pszStart, "False_Easting", strlen(SRS_PP_FALSE_EASTING) );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:2216:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                        strlen(SRS_PP_FALSE_NORTHING) );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:2222:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                        strlen(SRS_PP_LATITUDE_OF_CENTER) );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:2228:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                        strlen(SRS_PP_LATITUDE_OF_ORIGIN) );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:2234:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                        strlen(SRS_PP_LONGITUDE_OF_CENTER) );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:2240:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                        strlen(SRS_PP_PSEUDO_STD_PARALLEL_1) );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:2245:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            memcpy( pszStart, "Scale_Factor", strlen(SRS_PP_SCALE_FACTOR) );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:2251:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                        strlen(SRS_PP_STANDARD_PARALLEL_1) );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:2257:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                        strlen(SRS_PP_STANDARD_PARALLEL_2) );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:2263:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                        strlen(SRS_PP_STANDARD_PARALLEL_2) );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_dataset.cpp:2272:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            memcpy( pszStart, SRS_UL_METER, strlen(SRS_UL_METER) );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_rasterband.cpp:694:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                int nLen = static_cast<int>(strlen( pszStrValue ));
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_rasterband.cpp:696:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                strncpy( pszTarget, pszStrValue, nLen );
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:259:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen( papszParam[0] ) == 0 &&
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:260:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strlen( papszParam[1] ) == 0 &&
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:261:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strlen( papszParam[2] ) == 0 )
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:1455:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy( pszSampling, CPLGetXMLValue( phSubLayer,
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:1457:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy( pszMin, CPLGetXMLValue( phSubLayer,
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:1459:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy( pszMax, CPLGetXMLValue( phSubLayer,
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:1461:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy( pszMean, CPLGetXMLValue( phSubLayer,
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:1463:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy( pszMedian, CPLGetXMLValue( phSubLayer,
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:1465:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy( pszMode, CPLGetXMLValue( phSubLayer,
data/gdal-3.0.4+dfsg/frmts/georaster/georaster_wrapper.cpp:1467:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy( pszStdDev, CPLGetXMLValue( phSubLayer,
data/gdal-3.0.4+dfsg/frmts/georaster/oci_wrapper.cpp:191:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        (sb4) strlen((char*) pszServer), (ub4) 0), hError ) )
data/gdal-3.0.4+dfsg/frmts/georaster/oci_wrapper.cpp:197:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        (dvoid *) pszUserId, (ub4) strlen((char*) pszUserId),
data/gdal-3.0.4+dfsg/frmts/georaster/oci_wrapper.cpp:204:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        (dvoid *) pszPassword, (ub4) strlen((char *) pszPassword),
data/gdal-3.0.4+dfsg/frmts/georaster/oci_wrapper.cpp:362:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        (ub4) strlen( pszTypeName ),
data/gdal-3.0.4+dfsg/frmts/georaster/oci_wrapper.cpp:487:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        (ub4) strlen( pszTable ),
data/gdal-3.0.4+dfsg/frmts/georaster/oci_wrapper.cpp:596:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy( pszName, pszFieldName, nNameLength);
data/gdal-3.0.4+dfsg/frmts/georaster/oci_wrapper.cpp:656:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        (ub4) strlen(pszStatement),
data/gdal-3.0.4+dfsg/frmts/georaster/oci_wrapper.cpp:1124:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ub4 nAmont = (ub4) strlen(pszData);
data/gdal-3.0.4+dfsg/frmts/georaster/oci_wrapper.cpp:1133:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        (ub4) strlen(pszData),
data/gdal-3.0.4+dfsg/frmts/georaster/oci_wrapper.cpp:1813:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t nSize = strlen(pszText);
data/gdal-3.0.4+dfsg/frmts/georaster/oci_wrapper.cpp:1834:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t nSize = strlen( pszText );
data/gdal-3.0.4+dfsg/frmts/georaster/oci_wrapper.cpp:1916:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pszStart += strlen("SDO_GEOR.");
data/gdal-3.0.4+dfsg/frmts/georaster/oci_wrapper.cpp:1924:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy( szBuffer, pszStart, nLength );
data/gdal-3.0.4+dfsg/frmts/gif/gifabstractdataset.cpp:139:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            int nLen = (int)strlen(pszXMP);
data/gdal-3.0.4+dfsg/frmts/gif/gifabstractdataset.cpp:152:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                nLen += (int)strlen(pszXMP + nSize);
data/gdal-3.0.4+dfsg/frmts/gif/giflib/egif_lib.c:221:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(GifVersionPrefix + GIF_VERSION_POS, Version, 3);
data/gdal-3.0.4+dfsg/frmts/gif/giflib/egif_lib.c:254:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              (int)strlen(GifVersionPrefix)) != strlen(GifVersionPrefix)) {
data/gdal-3.0.4+dfsg/frmts/gif/giflib/egif_lib.c:254:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              (int)strlen(GifVersionPrefix)) != strlen(GifVersionPrefix)) {
data/gdal-3.0.4+dfsg/frmts/gif/giflib/egif_lib.c:482:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    length = (unsigned int)strlen(Comment);
data/gdal-3.0.4+dfsg/frmts/grass/grass57dataset.cpp:809:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ( !path || strlen(path) == 0 )
data/gdal-3.0.4+dfsg/frmts/grass/grass57dataset.cpp:817:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ( strlen(p+1) == 0 ) /* repeated '/' */
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:274:4:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
   strcpy (answer, "");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:610:10:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
         strcat (buffer, "/");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:614:10:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
         strcat (buffer, "/");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:622:10:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
         strcat (buffer, ":");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:626:10:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
         strcat (buffer, ":");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:634:10:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
         strcat (buffer, ":");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:638:10:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
         strcat (buffer, ":");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:642:10:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
         strcat (buffer, " ");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:650:10:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
         strcat (buffer, ":");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:965:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   for (i = 0; i < strlen (format); i++) {
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:979:13:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
            strncat (buffer, locBuff, n - j);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:980:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            j += (int)strlen (locBuff);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1051:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   for (i = 0; i < strlen (format); i++) {
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1065:13:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
            strncat (buffer, locBuff, n - j);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1066:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            j += (int)strlen (locBuff);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1675:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   if (strlen (ptr) < 5) {
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1685:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   if (strlen (ptr) == 2) {
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:1823:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   int buffLen = (int)strlen (buffer);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/clock.c:2096:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
         Stack[lenStack - 1].len = (int)strlen (word);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib1.cpp:778:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   inv->element = (char *) malloc ((1 + strlen (varName)) * sizeof (char));
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib1.cpp:780:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   inv->unitName = (char *) malloc ((1 + 2 + strlen (varUnit)) *
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib1.cpp:782:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   snprintf (inv->unitName, (1 + 2 + strlen (varUnit)) *
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib1.cpp:784:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   inv->comment = (char *) malloc ((1 + strlen (varComment) +
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib1.cpp:785:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                    strlen (varUnit) + 2 + 1) *
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib1.cpp:787:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   snprintf (inv->comment, (1 + strlen (varComment) +
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib1.cpp:788:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                    strlen (varUnit) + 2 + 1) *
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib1.cpp:1994:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                     (1 + strlen (varName)) * sizeof (char));
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib1.cpp:1997:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                      (1 + 2 + strlen (varUnit)) *
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib1.cpp:2000:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            (1 + 2 + strlen (varUnit)) *
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib1.cpp:2004:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                     (1 + strlen (varComment) +
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib1.cpp:2005:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                      strlen (varUnit)
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib1.cpp:2008:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            (1 + strlen (varComment) +
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib1.cpp:2009:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                      strlen (varUnit)
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib1.cpp:2015:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      unitLen = static_cast<int>(strlen (unitName));
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib2.cpp:1229:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      unitLen = static_cast<int>(strlen (unitName));
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib2.cpp:1650:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      unitLen = strlen (unitName);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/degrib2.cpp:1653:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy (meta->unitName, unitName, unitLen);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/hazard.c:806:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      haz->english[i] = (char *) malloc ((strlen (buffer) + 1) *
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/hazard.c:921:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      haz->english[0] = (char *) malloc ((strlen (data) + 1) *
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:2765:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   *unit = (char *) malloc (strlen ("[%]") + 1);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3101:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   *name = (char *) malloc (strlen ("ProbUnknown") + 1);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3213:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len = strlen(local[i].name);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3250:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   *name = (char *) malloc (strlen ("unknown") + 1);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3254:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   *unit = (char *) malloc (strlen ("[-]") + 1);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3296:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
         *name = (char *) malloc (strlen ("AVGOZCON") + 1);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3298:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
         *comment = (char *) malloc (strlen ("Average Ozone Concentration") +
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3302:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      *unit = (char *) malloc (strlen ("[PPB]") + 1);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3315:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  *name = (char *) malloc (strlen ("dusts") + 1);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3317:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  *comment = (char *) malloc (strlen ("Surface level dust") + 1);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3319:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  *unit = (char *) malloc (strlen ("[log10(10^-6g/m^3)]") + 1);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3324:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  *name = (char *) malloc (strlen ("dustc") + 1);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3326:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  *comment = (char *) malloc (strlen ("Average vertical column dust") + 1);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3328:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  *unit = (char *) malloc (strlen ("[log10(10^-6g/m^3)]") + 1);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3338:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  *name = (char *) malloc (strlen ("smokes") + 1);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3340:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  *comment = (char *) malloc (strlen ("Surface level smoke from fires") + 1);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3342:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  *unit = (char *) malloc (strlen ("[log10(10^-6g/m^3)]") + 1);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3347:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  *name = (char *) malloc (strlen ("smokec") + 1);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3349:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  *comment = (char *) malloc (strlen ("Average vertical column smoke from fires") + 1);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3351:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  *unit = (char *) malloc (strlen ("[log10(10^-6g/m^3)]") + 1);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3427:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  *name = (char *) malloc (strlen (NDFD_Override[i].NDFDname) + 1);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3429:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  *comment = (char *) malloc (strlen (table[subcat].comment) + 1);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3458:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            *name = (char *) malloc (strlen (table[subcat].name) + 1);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3460:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            *comment = (char *) malloc (strlen (table[subcat].comment) + 1);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3496:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
               *name = (char *) malloc (strlen (local[i].name) + 1);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3498:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
               *comment = (char *) malloc (strlen (local[i].comment) + 1);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3508:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   *name = (char *) malloc (strlen ("unknown") + 1);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3512:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   *unit = (char *) malloc (strlen ("[-]") + 1);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3580:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            *unit = (char *) malloc (strlen (overrideUnit) + 1);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3874:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            origName[strlen (origName) - 2] = '\0';
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:3875:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strlen (origName) > 21)
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:4181:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   if (valBuff[strlen (valBuff) - 1] == '.') {
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:4182:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      valBuff[strlen (valBuff) - 1] = '\0';
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:4187:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (sndBuff[strlen (sndBuff) - 1] == '.') {
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaname.cpp:4188:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
         sndBuff[strlen (sndBuff) - 1] = '\0';
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaparse.cpp:521:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      buffLen = static_cast<int>(strlen (buffer)) + 1;
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaparse.cpp:546:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len = static_cast<int>(strlen (Wx->ugly[j].english[i]));
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaparse.cpp:646:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      buffLen = static_cast<int>(strlen (buffer)) + 1;
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/metaparse.cpp:675:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len = static_cast<int>(strlen (Hazard->haz[j].english[i]));
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myerror.c:102:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   if ((fmt == NULL) || (strlen (fmt) == 0)) {
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myerror.c:114:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      myAssert (lenBuff >= strlen (buffer) + 1);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myerror.c:115:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      lenBuff = strlen (buffer) + 1;
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myerror.c:119:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   while (p < fmt + strlen (fmt)) {
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myerror.c:125:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
         lenBuff += strlen (p1);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myerror.c:133:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy (buffer + ipos, p1, p - p1);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myerror.c:150:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy (buffer + ipos, p + 1, p1 - p - 1);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myerror.c:159:10:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
         strncpy (buffer + ipos, p, p1 - p + 1);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myerror.c:162:10:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
         strncpy (format, p, p1 - p + 1);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myerror.c:185:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
               slen = strlen (bufpart);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myerror.c:193:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
               slen = strlen (bufpart);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myerror.c:201:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
               slen = strlen (bufpart);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myerror.c:209:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
               slen = strlen (bufpart);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myerror.c:227:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  slen = strlen (sval);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myerror.c:239:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                     slen = strlen (*Sval);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myerror.c:243:22:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
                     strcat (buffer + ipos + slen, ",");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myerror.c:258:16:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
               strncpy (buffer + ipos, p + 1, p1 - p);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myerror.c:341:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
         buff_len = strlen (*Ptr) + 1;
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myerror.c:824:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      printf ("%s %d =?= %s %d\n", ptr, strlen (ptr),
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myerror.c:825:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              Ans[test], strlen (Ans[test]));
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:101:22:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
   for (i = 0; ((c = getc (fp)) != EOF) && (c != '\n'); ++i) {
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:176:10:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
         strncpy (argv[argc], head, len);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:192:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
         len = strlen (head);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:333:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   len = strlen (ptr);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:397:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if ((filename[strlen (filename) - 1] == '/') ||
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:398:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          (filename[strlen (filename) - 1] == '\\')) {
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:399:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
         filename[strlen (filename) - 1] = '\0';
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:513:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
         argv[argc] = (char *) malloc ((strlen (dirName) + 1 +
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:514:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                        strlen (dp->d_name) +
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:571:16:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
   while ((c = getc (ifp)) != EOF) {
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:621:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   *tail = (char *) malloc (strlen (ptr) + 1);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:714:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   for (ptr2 = ptr + (strlen (ptr) - 1); isspace (*ptr2); ptr2--) {
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:760:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   for (i = (int)strlen (str) - 1;
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:1132:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   myAssert (strlen (is) == 14);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:1133:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   if (strlen (is) != 14) {
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:1137:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
   strncpy (buffer, is, 4);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:1140:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
   strncpy (buffer, is + 4, 2);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:1143:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
   strncpy (buffer, is + 6, 2);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:1145:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
   strncpy (buffer, is + 8, 2);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:1147:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
   strncpy (buffer, is + 10, 2);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:1149:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
   strncpy (buffer, is + 12, 2);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/myutil.c:1260:4:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
   strcpy (buffer, "");
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/tdlpack.cpp:268:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
   strncpy (pdsMeta->Descriptor, (char *) pds, lenPL);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/tdlpack.cpp:440:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   *element = (char *) malloc (1 + strlen (pds->Descriptor) * sizeof (char));
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/tdlpack.cpp:442:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   (*element)[strlen (pds->Descriptor)] = '\0';
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/tdlpack.cpp:4105:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   commentLen = static_cast<int>(strlen (comment));
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/tendian.cpp:877:16:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if ((c = fgetc (fp)) == EOF) {
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/tendian.cpp:907:16:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if ((c = fgetc (fp)) == EOF) {
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/weather.c:2100:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strlen (data) == 0) {
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/weather.c:2127:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strlen (data) == 0) {
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/weather.c:2151:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strlen (data) == 0) {
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/weather.c:2175:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strlen (data) == 0) {
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/weather.c:2263:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t target_length = strlen(target);
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/weather.c:2264:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( target_length + strlen(string_to_append) < target_size )
data/gdal-3.0.4+dfsg/frmts/grib/degrib/degrib/weather.c:2308:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      ugly->english[i] = (char *) malloc ((strlen (buffer) + 1) *
data/gdal-3.0.4+dfsg/frmts/gsg/gsagdataset.cpp:1359:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( VSIFWriteL( (void *)pszEOL, 1, strlen(pszEOL), fp )
data/gdal-3.0.4+dfsg/frmts/gsg/gsagdataset.cpp:1360:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            != strlen(pszEOL) )
data/gdal-3.0.4+dfsg/frmts/gsg/gsagdataset.cpp:1372:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( VSIFSeekL( fp, VSIFTellL(fp)-strlen(pszEOL), SEEK_SET ) != 0 )
data/gdal-3.0.4+dfsg/frmts/gsg/gsagdataset.cpp:1391:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( VSIFWriteL( (void *)pszEOL, 1, strlen(pszEOL), fp )
data/gdal-3.0.4+dfsg/frmts/gsg/gsagdataset.cpp:1392:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            != strlen(pszEOL) )
data/gdal-3.0.4+dfsg/frmts/gsg/gsagdataset.cpp:1561:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t nDummyRangeLen = strlen( szDummyRange );
data/gdal-3.0.4+dfsg/frmts/gta/gtadataset.cpp:168:20:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    virtual size_t read(void *buffer, size_t size, bool *error) throw () override
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:11175:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszDomain != nullptr && strlen(pszDomain) > 0 )
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:11264:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( strlen(papszDomainList[iDomain]) == 0
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:11310:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        int nLen = static_cast<int>(strlen(pszItemValue));
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:11344:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(papszDomainList[iDomain]) == 0 && nBand == 0 )
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:11635:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(poBand->GetDescription()) > 0 )
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:11664:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( strlen(pszXML_MD) > 32000 )
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:11786:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                              strlen(GDALMD_AREA_OR_POINT)) )
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:12092:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszFilename += strlen("GTIFF_RAW:");
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:12402:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszFilename += strlen("GTIFF_RAW:");
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:12704:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( !pszProjection || strlen(pszProjection) == 0 )
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:12721:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(csUnitStr, pstr, pstr1 - pstr);
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:12951:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszFilename += strlen("GTIFF_RAW:");
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:12955:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszFilename[strlen("GTIFF_DIR:")] == '\0' )
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:12963:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pszFilename += strlen("GTIFF_DIR:");
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:15546:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat(szOpeningFlag, "8");
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:15548:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat(szOpeningFlag, "b");
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:15550:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat(szOpeningFlag, "l");
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:18414:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            int nTagSize = static_cast<int>(strlen(*papszMD));
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:18844:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t nModuleSize = strlen(module);
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:18845:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t nModFmtSize = nModuleSize * 2 + strlen(fmt) + 2;
data/gdal-3.0.4+dfsg/frmts/gtiff/geotiff.cpp:18866:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
    strcat( pszModFmt, ":" );
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:119:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            p1 = p + strlen(p);
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:162:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    p = p2 + strlen("Projection Name = ");
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:164:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    p = p2 + strlen("Projection = ");
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:191:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                p += strlen(keyNames[i]);
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:192:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                p1 = p + strlen(p);
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:254:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int nameLen = static_cast<int>(strlen(psCitation));
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:260:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy( name, pStr, pDelimit - pStr );
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:268:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pStr += strlen(pStr);
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:273:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            ret[CitPcsName] = CPLStrdup(name + strlen("PCS Name = "));
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:279:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                CPLStrdup(name + strlen("PRJ Name = "));
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:284:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            ret[CitLUnitsName] = CPLStrdup(name + strlen("LUnits = "));
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:289:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            ret[CitGcsName] = CPLStrdup(name + strlen("GCS Name = "));
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:294:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            ret[CitDatumName] = CPLStrdup(name + strlen("Datum = "));
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:299:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            ret[CitEllipsoidName] = CPLStrdup(name + strlen("Ellipsoid = "));
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:304:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            ret[CitPrimemName] = CPLStrdup(name + strlen("Primem = "));
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:309:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            ret[CitAUnitsName] = CPLStrdup(name + strlen("AUnits = "));
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:391:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( datumName && strlen(datumName) > 0 )
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:401:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( spheroidName && strlen(spheroidName) > 0 )
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:410:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( primemName && strlen(primemName) > 0 )
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:425:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( angUnitName && strlen(angUnitName) > 0 &&
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:455:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( !lUnitName || strlen(lUnitName) == 0 ||
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:464:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(szCTString, imgCTName, nCTStringLen);
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:484:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            int size = static_cast<int>(strlen(ctNames[CitLUnitsName]));
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:509:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(szCTString) > 0 &&
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:513:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if((!(pszProjCS && strlen(pszProjCS) > 0)
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:546:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(szGCSName, imgCTName, nGCSName);
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:620:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(units) > 0 )
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:628:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                strlen("Projection Name = ");
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:693:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(units) == 0 )
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:705:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                          static_cast<int>(strlen(szCTString)),
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:712:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pStr += strlen("State Plane Zone ");
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:758:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        p += strlen("Datum = ");
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:762:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(datumName, p, p1 - p);
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:778:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        p += strlen("UTM Zone ");
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:783:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(utmName, p, p1 - p);
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_citation.cpp:809:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                       strlen(apszUtmProjCode[i+1])) &&
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_overview.cpp:150:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszMetadata && strlen(pszMetadata) > 0 )
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp:222:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char *pszSkip = pszCitation + strlen(pszCitation) - 1;
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp:233:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    memmove( pszCitation, pszSkip, strlen(pszSkip)+1 );
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp:345:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            const char* pszWKT = szPeStr + strlen("ESRI PE String = ");
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp:713:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if(!pszGeogName || strlen(pszGeogName) == 0)
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp:2364:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const int peStrLen = static_cast<int>(strlen(pszPEString));
data/gdal-3.0.4+dfsg/frmts/gtiff/gt_wkt_srs.cpp:2368:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                CPLMalloc( peStrLen + strlen("ESRI PE String = ") + 1 ) );
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_names.c:130:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            size_t nToCopy = MIN(strlen(pszName), nOutSize - 1);
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_names.c:181:25:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                        strncpy(szName, pszName, sizeof(szName));
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c:326:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( pszDecimal != NULL && strlen(pszDecimal) > 1 )
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c:340:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( strlen(pszDecimal) > 3 )
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_normalize.c:347:21:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                    strncpy( szSeconds+3, pszDecimal + 5, sizeof(szSeconds) - 3 );
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_set.c:127:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        count = (int)strlen(val) + 1; /* force = string length */
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_simpletags.c:200:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        count = (int)strlen((char*)data)+1;
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geo_tiffp.c:84:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		scount = (unsigned short) (strlen(tmp)+1);
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:60:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            sprintf( pszProjection+strlen(pszProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:109:25:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                        strncpy( szAsBoolean,pszStart, sizeof(szAsBoolean)-1-4);
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:130:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszStart != NULL && strlen(pszStart) > 0 )
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:149:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t field_len = strlen(pszField);
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:162:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( strlen(papszNV[i]) == field_len )
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:945:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        sprintf(szProjection+strlen(szProjection),"+proj=latlong ");
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:954:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:964:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:978:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:994:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1001:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1015:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1029:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1043:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1057:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1066:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1081:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1095:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1108:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1121:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1134:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1147:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1160:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1173:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1189:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1205:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1217:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1229:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1241:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1257:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1273:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1287:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1313:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1330:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libgeotiff/geotiff_proj4.c:1341:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            sprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_compress.c:203:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    _TIFFmalloc((tmsize_t)(sizeof (codec_t) + sizeof (TIFFCodec) + strlen(name)+1));
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_dir.c:59:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    { setByteArray((void**) cpp, (void*) cp, strlen(cp)+1, 1); }
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_dir.c:584:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				ma=(uint32)(strlen(mb)+1);
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_dirwrite.c:657:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
									pa=(uint32)(strlen(pb));
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_extension.c:103:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    psLink->name = (char *) _TIFFmalloc((tmsize_t)(strlen(name)+1));
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_open.c:117:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	tif = (TIFF *)_TIFFmalloc((tmsize_t)(sizeof (TIFF) + strlen(name) + 1));
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_print.c:682:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	_TIFFprintAsciiBounded( fd, cp, strlen(cp));
data/gdal-3.0.4+dfsg/frmts/gtiff/libtiff/tif_vsi.c:131:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat( szAccess, "b" );
data/gdal-3.0.4+dfsg/frmts/gtiff/tifvsi.cpp:344:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
    strcat( access, "b" );
data/gdal-3.0.4+dfsg/frmts/gxf/gxf_ogcwkt.c:227:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        snprintf( pszProjection + strlen(pszProjection),
data/gdal-3.0.4+dfsg/frmts/gxf/gxf_ogcwkt.c:228:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 nProjectionSize - strlen(pszProjection),
data/gdal-3.0.4+dfsg/frmts/gxf/gxf_ogcwkt.c:303:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy( szWKT, "" );
data/gdal-3.0.4+dfsg/frmts/gxf/gxf_ogcwkt.c:304:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy( szGCS, "" );
data/gdal-3.0.4+dfsg/frmts/gxf/gxf_ogcwkt.c:305:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy( szProjection, "" );
data/gdal-3.0.4+dfsg/frmts/gxf/gxf_ogcwkt.c:314:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(psGXF->papszMapProjection[2]) > 120 )
data/gdal-3.0.4+dfsg/frmts/gxf/gxf_ogcwkt.c:550:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( psGXF->pszUnitName != NULL && strlen(szProjection) > 0 )
data/gdal-3.0.4+dfsg/frmts/gxf/gxf_ogcwkt.c:552:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(psGXF->pszUnitName) > 80 )
data/gdal-3.0.4+dfsg/frmts/gxf/gxf_ogcwkt.c:555:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        CPLsnprintf( szProjection+strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gxf/gxf_ogcwkt.c:556:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                     sizeof(szProjection) - strlen(szProjection),
data/gdal-3.0.4+dfsg/frmts/gxf/gxf_ogcwkt.c:570:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(psGXF->papszMapProjection[1]) > 80 )
data/gdal-3.0.4+dfsg/frmts/gxf/gxf_ogcwkt.c:610:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            CPLsnprintf( szGCS + strlen(szGCS),
data/gdal-3.0.4+dfsg/frmts/gxf/gxf_ogcwkt.c:611:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                         sizeof(szGCS) - strlen(szGCS),
data/gdal-3.0.4+dfsg/frmts/gxf/gxf_ogcwkt.c:615:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        CPLsnprintf( szGCS + strlen(szGCS),
data/gdal-3.0.4+dfsg/frmts/gxf/gxf_ogcwkt.c:616:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                     sizeof(szGCS) - strlen(szGCS),
data/gdal-3.0.4+dfsg/frmts/gxf/gxf_ogcwkt.c:623:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    CPLAssert(strlen(szProjection) < sizeof(szProjection));
data/gdal-3.0.4+dfsg/frmts/gxf/gxf_ogcwkt.c:624:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    CPLAssert(strlen(szGCS) < sizeof(szGCS));
data/gdal-3.0.4+dfsg/frmts/gxf/gxf_ogcwkt.c:629:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(szProjection) > 0 )
data/gdal-3.0.4+dfsg/frmts/gxf/gxf_ogcwkt.c:631:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(psGXF->papszMapProjection[0]) > 80 )
data/gdal-3.0.4+dfsg/frmts/gxf/gxf_proj4.c:36:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define SAFE_strcat(x,y) snprintf(x + strlen(x),sizeof(x) - strlen(x), "%s", y)
data/gdal-3.0.4+dfsg/frmts/gxf/gxf_proj4.c:36:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define SAFE_strcat(x,y) snprintf(x + strlen(x),sizeof(x) - strlen(x), "%s", y)
data/gdal-3.0.4+dfsg/frmts/gxf/gxf_proj4.c:91:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(psGXF->papszMapProjection[2]) > 80 )
data/gdal-3.0.4+dfsg/frmts/gxf/gxf_proj4.c:510:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(psGXF->papszMapProjection[1]) > 80 )
data/gdal-3.0.4+dfsg/frmts/gxf/gxf_proj4.c:533:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            snprintf( szPROJ4+strlen(szPROJ4), sizeof(szPROJ4)-strlen(szPROJ4),
data/gdal-3.0.4+dfsg/frmts/gxf/gxf_proj4.c:533:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            snprintf( szPROJ4+strlen(szPROJ4), sizeof(szPROJ4)-strlen(szPROJ4),
data/gdal-3.0.4+dfsg/frmts/gxf/gxfopen.c:79:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy( pszHTitle, pszLine, i );
data/gdal-3.0.4+dfsg/frmts/gxf/gxfopen.c:116:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t      nLen = strlen(pszLine);
data/gdal-3.0.4+dfsg/frmts/gxf/gxfopen.c:132:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            char* pszTmp = (char*) VSIMalloc(strlen(papszReturn[nReturnLineCount-1]) + strlen(pszTrimmedLine) + 1);
data/gdal-3.0.4+dfsg/frmts/gxf/gxfopen.c:132:88:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            char* pszTmp = (char*) VSIMalloc(strlen(papszReturn[nReturnLineCount-1]) + strlen(pszTrimmedLine) + 1);
data/gdal-3.0.4+dfsg/frmts/gxf/gxfopen.c:141:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                pszTmp[strlen(papszReturn[nReturnLineCount-1]) - 1] = 0;
data/gdal-3.0.4+dfsg/frmts/gxf/gxfopen.c:143:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                strcpy(pszTmp + (strlen(papszReturn[nReturnLineCount-1]) - 1), pszTrimmedLine);
data/gdal-3.0.4+dfsg/frmts/gxf/gxfopen.c:261:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy( psGXF->szDummy, papszList[0], sizeof(psGXF->szDummy) - 1);
data/gdal-3.0.4+dfsg/frmts/gxf/gxfopen.c:527:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            size_t nLineLenOri = strlen(pszLine);
data/gdal-3.0.4+dfsg/frmts/gxf/gxfopen.c:551:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        nLineLenOri = strlen(pszLine);
data/gdal-3.0.4+dfsg/frmts/gxf/gxfopen.c:566:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        nLineLenOri = strlen(pszLine);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:186:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			      (int)strlen(hdfeosVersion), hdfeosVersion);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:281:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				    (int)strlen(hdfeosVersion), hdfeosVersion);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:374:7:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
		    strcpy(errbuf, "\"");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:891:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    slen = (int)strlen(instring);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1117:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	slen = (int)strlen(ptr[i]);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1333:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    tempdimlist = (char *) malloc(strlen(dimlist) + 1);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1590:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy(outstring, "(");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1599:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(outstring, "\"");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1611:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(outstring, "\"");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1620:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(outstring, ",");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1631:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
    strcat(outstring, ")");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1769:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	metalen = (int)strlen(metabuf);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:1775:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    metalen = (int)strlen(metabuf);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:2303:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    seglen = (int)strlen(utlstr);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:2412:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    slen = (int)strlen(parameter) + 1;
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:2418:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
    strcat(retstr, "=");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:2560:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	metalen = (int)strlen(metabuf);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:2566:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    metalen = (int)strlen(metabuf);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:3299:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (memcmp(name, indxstr, strlen(indxstr)) != 0 &&
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:3300:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		memcmp(name, fvstr, strlen(fvstr)) != 0 &&
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:3301:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		memcmp(name, bsom, strlen(bsom)) != 0)
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:3313:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			strcat(attrnames, ",");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:3319:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		slen = (nattr == 1) ? (int)strlen(name) : (int)strlen(name) + 1;
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:3319:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		slen = (nattr == 1) ? (int)strlen(name) : (int)strlen(name) + 1;
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:3434:7:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		    strcat(objectlist, ",");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:3440:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    slen = (nobj == 1) ? (int)strlen(name) : (int)strlen(name) + 1;
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/EHapi.c:3440:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    slen = (nobj == 1) ? (int)strlen(name) : (int)strlen(name) + 1;
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:364:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((intn) strlen(gridname) > VGNAMELENMAX)
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:1052:6:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	    strcpy(projparmbuf, "(");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:1077:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    slen = (int)strlen(projparmbuf);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2615:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		memmove(utlstr, utlstr + 1, strlen(utlstr) - 2);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2616:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		utlstr[strlen(utlstr) - 2] = 0;
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2662:8:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			    strcat(dimlist, ",");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2828:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	dimbuf = (char *) calloc(strlen(dimlist) + 64, 1);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2834:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	dimlist0 = (char *) calloc(strlen(dimlist) + 64, 1);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2883:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(dimbuf, ",");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2962:7:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		    strcat(utlbuf, ",");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2972:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    memmove(dimbuf, comma + 1, strlen(comma)-1);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2973:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    dimbuf[strlen(comma)-1]= 0;
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:2989:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if((intn) strlen(fieldname) > (256 - 7))
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:3078:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if ((intn) strlen(GDXSDname) +
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:3079:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    (intn) strlen(fieldname) + 2 < HDFE_NAMBUFSIZE)
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:3082:7:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		    strcat(GDXSDname, ",");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:3103:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    if ((intn) strlen(GDXSDdims) + 5 < HDFE_DIMBUFSIZE)
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:3125:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if ((intn) strlen(GDXSDdims) +
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:3126:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    (intn) strlen(dimlist0) + 2 < HDFE_DIMBUFSIZE)
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:3129:7:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		    strcat(GDXSDdims, ";");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:3190:7:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		    strcat(utlbuf, ":");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:3395:3:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		strcat(utlbuf2, ")");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:3630:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		memmove(name, name + 1, strlen(name) - 2);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:3631:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		name[strlen(name) - 2] = 0;
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:4361:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(utlstr, utlstr + 1, strlen(utlstr) - 2); \
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:4362:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
utlstr[strlen(utlstr) - 2] = 0;
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:4479:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			memmove(utlstr, utlstr + 1, strlen(utlstr) - 2);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:4480:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			utlstr[strlen(utlstr) - 2] = 0;
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:4484:8:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			    strcat(dimnames, ",");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:4645:8:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			    strcat(utlstr, "=");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:4659:8:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			    strcat(fieldlist, ",");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:4837:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(utlstr, "=");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:4849:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    *strbufsize += (int32)strlen(utlstr) - 2;
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:5185:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(GDXSDname) == 0)
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:5274:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    GDXSDname[strlen(GDXSDname) - 1] = 0;
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:5275:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    GDXSDdims[strlen(GDXSDdims) - 1] = 0;
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:5373:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		nambuf = (char *) calloc(strlen(GDXSDname) + 1, 1);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:5386:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		utlbuf = (char *) calloc(strlen(GDXSDname) * 2 + 7, 1);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:5442:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			strcat(nambuf, ",");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:5443:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			memcpy(nambuf + strlen(nambuf),
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:5483:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			strcat(utlbuf, ":");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:5534:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			strcat(dimbuf2, ":");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:5619:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(GDXSDname, ",");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:5620:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(GDXSDdims, ";");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:8802:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    slendupregion = (int)strlen(GDXRegion[oldregionID]->DimNamePtr[j]);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:8940:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    slen = (int)strlen(vertObj) - 4;
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/GDapi.c:8985:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    slen = (int)strlen(dimlist);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:280:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((intn) strlen(swathname) > VGNAMELENMAX)
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:1610:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    memmove(utlstr, utlstr + 1, strlen(utlstr) - 2);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:1611:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    utlstr[strlen(utlstr) - 2] = 0;
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:1644:7:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		    strcat(dimlist, ",");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2226:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	dimbuf = (char *) calloc(strlen(dimlist) + 64, 1);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2233:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(dimbuf, ",");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2278:7:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		    strcat(utlbuf, ",");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2293:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
               for (i=0; i<(intn)strlen(dimcheck) + 1; i++)
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2333:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (((intn) strlen(fieldname) > VSNAMELENMAX && rank == 1) ||
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2334:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		((intn) strlen(fieldname) > (256 - 7) && rank > 1))
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2415:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			    (intn) strlen(utlbuf) +
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2416:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			    (intn) strlen(fieldname) + 1 <=
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2447:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			strcat(utlbuf, ",");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2558:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    if ((intn) strlen(SWXSDname) +
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2559:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			(intn) strlen(fieldname) + 2 < HDFE_NAMBUFSIZE)
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2562:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			strcat(SWXSDname, ",");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2583:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if ((intn) strlen(SWXSDdims) + 5 < HDFE_DIMBUFSIZE)
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2604:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    if ((intn) strlen(SWXSDdims) +
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2605:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			(intn) strlen(dimlist) + 2 < HDFE_DIMBUFSIZE)
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2608:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			strcat(SWXSDdims, ";");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:2641:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			strcat(utlbuf, ":");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:3291:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(utlstr, utlstr + 1, strlen(utlstr) - 2); \
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:3292:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
utlstr[strlen(utlstr) - 2] = 0;
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:3416:8:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			    strcat(dimnames, ",");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:3560:8:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			    strcat(utlstr, "/");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:3565:8:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			    strcat(dimmaps, ",");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:3726:8:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			    strcat(utlstr, "/");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:3731:8:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			    strcat(idxmaps, ",");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:3931:8:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			    strcat(utlstr, "=");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:3945:8:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			    strcat(fieldlist, ",");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:4274:17:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
                strcat(utlstr, "=");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:4286:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        *strbufsize += (int32)strlen(utlstr) - 2;
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:4589:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		memmove(name, name + 1, strlen(name) - 2);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:4590:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		name[strlen(name) - 2] = 0;
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:8957:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    slen = (int)strlen(vertObj) - 4;
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:9049:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		slen = (int)strlen(dimlist);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:9518:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
       slen = (int)strlen(fieldname);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:9618:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          slen = (int)strlen(tfieldname);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:9967:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(SWXSDname) == 0)
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:10056:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    SWXSDname[strlen(SWXSDname) - 1] = 0;
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:10057:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    SWXSDdims[strlen(SWXSDdims) - 1] = 0;
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:10161:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		nambuf = (char *) calloc(strlen(SWXSDname) + 1, 1);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:10167:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		utlbuf = (char *) calloc(2 * strlen(SWXSDname) + 7, 1);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:10240:8:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			    strcat(nambuf, ",");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:10241:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			    memcpy(nambuf + strlen(nambuf),
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:10302:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			strcat(utlbuf, ":");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:10372:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			strcat(dimbuf2, ":");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:10491:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(SWXSDname, ",");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf-eos/SWapi.c:10492:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(SWXSDdims, ";");
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4dataset.cpp:127:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const int iFieldSize = 32 + static_cast<int>(strlen( pszDelimiter ) );
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4imagedataset.cpp:992:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                     static_cast<int>(strlen(pszValue)) + 1, pszValue )) < 0 )
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4imagedataset.cpp:1002:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        static_cast<int>(strlen(pszProjection)) + 1,
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4imagedataset.cpp:1021:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            static_cast<int>(strlen(pszValue)) + 1,
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4imagedataset.cpp:1043:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            static_cast<int>(strlen(pszValue)) + 1,
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4imagedataset.cpp:1066:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                           static_cast<int>(strlen(pszValue)) + 1,
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4imagedataset.cpp:1215:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(pszFilename) < 8
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4imagedataset.cpp:1216:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        || !EQUAL(pszFilename+strlen(pszFilename)-8,"_HDF.L1G") )
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4imagedataset.cpp:2805:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t nLenPart2 = strlen(papszSubdatasetName[2]);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4imagedataset.cpp:2818:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(papszSubdatasetName[2]) == 1 )
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4imagedataset.cpp:2820:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const size_t nLen = 2 + strlen(papszSubdatasetName[3]) + 1;
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4imagedataset.cpp:2840:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t nLenPart = strlen(papszSubdatasetName[i]);
data/gdal-3.0.4+dfsg/frmts/hdf4/hdf4imagedataset.cpp:4081:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
               static_cast<int>(strlen(pszGDALSignature)) + 1,
data/gdal-3.0.4+dfsg/frmts/hdf5/bagdataset.cpp:3723:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        const char* pszVarName = pszKey + strlen("VAR_");
data/gdal-3.0.4+dfsg/frmts/hdf5/hdf5dataset.cpp:781:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if(pszPath != nullptr && strlen(pszPath) > 0)
data/gdal-3.0.4+dfsg/frmts/hdf5/hdf5imagedataset.cpp:471:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( (strlen(papszName[1]) == 1 && papszName[3] != nullptr) ||
data/gdal-3.0.4+dfsg/frmts/hdf5/iso19115_srs.cpp:79:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(pszDatum) > 0 &&
data/gdal-3.0.4+dfsg/frmts/hdf5/iso19115_srs.cpp:107:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( strlen(pszFalseNorthing) > 0 )
data/gdal-3.0.4+dfsg/frmts/hf2/hf2dataset.cpp:395:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        (strlen(poOpenInfo->pszFilename) > 6 &&
data/gdal-3.0.4+dfsg/frmts/hf2/hf2dataset.cpp:396:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
         EQUAL(poOpenInfo->pszFilename + strlen(poOpenInfo->pszFilename) - 6, "hf2.gz"))) &&
data/gdal-3.0.4+dfsg/frmts/hf2/hf2dataset.cpp:439:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        (strlen(poOpenInfo->pszFilename) > 6 &&
data/gdal-3.0.4+dfsg/frmts/hf2/hf2dataset.cpp:440:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
         EQUAL(poOpenInfo->pszFilename + strlen(poOpenInfo->pszFilename) - 6, "hf2.gz"))) &&
data/gdal-3.0.4+dfsg/frmts/hfa/hfaband.cpp:228:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( pszPath[strlen(pszPath)-1] == ')' )
data/gdal-3.0.4+dfsg/frmts/hfa/hfaband.cpp:229:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                pszPath[strlen(pszPath)-1] = '\0';
data/gdal-3.0.4+dfsg/frmts/hfa/hfaband.cpp:1708:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(poNode->GetName()) > 0 )
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:1277:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        static_cast<int>(strlen(papszStrList[i])) + 1;
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:2093:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(pszAuxMetaData[i]) > 0)
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:2381:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( (nBinValuesLen + strlen(szBuf) + 2) > nBufSize )
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:2393:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat(pszBinValues + nBinValuesLen, "|");
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:2394:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nBinValuesLen += static_cast<int>(strlen(pszBinValues + nBinValuesLen));
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:2684:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(pszName) > 0 )
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:3215:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    strlen(poRAT->GetValueAsString(i, col)) + 1);
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:3395:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszProjection != nullptr && strlen(pszProjection) > 0 &&
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:4194:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
         (strlen(pszGEOGCS) > strlen("GCS_") &&
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:4194:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
         (strlen(pszGEOGCS) > strlen("GCS_") &&
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:4195:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          STARTS_WITH(pszGEOGCS, "GCS_")) ? strlen("GCS_") : 0;
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:4198:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        (strlen(pszDatum) > strlen("D_") &&
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:4198:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        (strlen(pszDatum) > strlen("D_") &&
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:4199:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
         STARTS_WITH(pszDatum, "D_")) ? strlen("D_") : 0;
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:4325:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( peStr != nullptr && strlen(peStr) > 0)
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:4508:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( psMapInfo && strlen(psMapInfo->proName) > 0 &&
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:4509:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strlen(psPro->proName) > 0 &&
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:4564:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          if( psMapInfo && strlen(psMapInfo->proName) > 0 &&
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:4565:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              strlen(psPro->proName) > 0 &&
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:5096:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        ((!psDatum || strlen(psDatum->datumname) == 0 ||
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:5098:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
         (!psPro || strlen(psPro->proName) == 0 ||
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:5100:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
         (psMapInfo && (strlen(psMapInfo->proName) == 0 ||
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:5128:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        && strlen(pszPE_COORDSYS) > 0
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:5950:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(poSrcBand->GetDescription()) > 0 )
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:5966:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszProj != nullptr && strlen(pszProj) > 0 )
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:6048:21:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
                    strcat(pszBinValues + nBinValuesLen, "|");
data/gdal-3.0.4+dfsg/frmts/hfa/hfadataset.cpp:6050:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        static_cast<int>(strlen(pszBinValues + nBinValuesLen));
data/gdal-3.0.4+dfsg/frmts/hfa/hfaentry.cpp:670:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            static_cast<int>(strlen(poEntry->GetName())) == nNameLen )
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:150:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(pszItemObjectType, pszInput, i);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:188:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(pszItemObjectType, pszInput, i);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:222:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(pszToken, pszInput, i);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:237:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(pszFieldName, pszInput, i);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:427:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                nCount = static_cast<GUInt32>(strlen((char *)pValue) + 1);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:478:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                nBytesToCopy = static_cast<int>(strlen((char *)pValue) + 1);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:497:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy((char *)pabyData, (char *)pValue, nBytesToCopy);
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:816:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( pszField != nullptr && strlen(pszField) > 0 )
data/gdal-3.0.4+dfsg/frmts/hfa/hfafield.cpp:1316:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( pszField != nullptr && strlen(pszField) > 0 )
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:286:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    poDF->MakeData(static_cast<int>(strlen(pszDependentFile) + 50));
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:1122:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            + strlen(poMapInfo->proName) + 1
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:1123:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            + strlen(poMapInfo->units) + 1);
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:1217:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(pszPEString) == 0 && poProX == nullptr )
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:1231:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            poProX->MakeData(static_cast<int>(700 + strlen(pszPEString)));
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:1235:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memset(pabyData, 0, 250 + strlen(pszPEString));
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:1259:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        CPLAssert(nDataSize > static_cast<int>(strlen(pszPEString)) + 10);
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:1267:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        GUInt32 nSize = static_cast<GUInt32>(strlen(pszPEString) + 9);
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:1278:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nSize = static_cast<GUInt32>(strlen(pszPEString) + 1);
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:1290:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memcpy(pabyData, pszPEString, strlen(pszPEString) + 1);
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:1375:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            static_cast<int>(34 + 15 * 8 + 8 + strlen(poPro->proName) + 1 + 32 +
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:1376:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                             8 + strlen(poPro->proSpheroid.sphereName) + 1);
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:1379:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            nSize += static_cast<int>(strlen(poPro->proExeName) + 1);
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:1507:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            static_cast<int>(26 + strlen(poDatum->datumname) + 1 + 7 * 8);
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:1510:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            nSize += static_cast<int>(strlen(poDatum->gridname) + 1);
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:1772:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nDictLen += static_cast<int>(strlen(aszDefaultDD[iChunk]));
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:1781:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                       strlen(psInfo->pszDictionary) + 1, 1, fp) > 0;
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:1873:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                       strlen(hHFA->poDictionary->osDictionaryText.c_str()) + 1,
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:2056:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            static_cast<int>(8 + strlen(psInfo->pszIGEFilename) + 1 + 6 * 4));
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:2082:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            static_cast<int>(8 + strlen(pszLayerName) + 2));
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:2135:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        HFAAllocateSpace(psInfo, static_cast<GUInt32>(strlen(szLDict) + 1));
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:2141:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    bRet &= VSIFWriteL((void *)szLDict, strlen(szLDict) + 1, 1, psInfo->fp) > 0;
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:2212:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        poDF->MakeData(static_cast<int>(strlen(pszDependentFile) + 50));
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:2482:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                   static_cast<GUInt32>(strlen(pszValue) + 1));
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:2486:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            HFAAllocateSpace(hHFA, static_cast<GUInt32>(strlen(pszValue) + 1));
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:2492:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            VSIFWriteL((void *)pszValue, strlen(pszValue) + 1, 1, hHFA->fp) > 0;
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:2547:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( EQUALN(pszAuxMetaData[i + 2], pszKey, strlen(pszKey)) )
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:2555:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( strlen(pszAuxMetaData[i]) > 0 )
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:2560:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( poEntry == nullptr && strlen(pszAuxMetaData[i + 3]) > 0 )
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:2916:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            VSIFWriteL((void *)pszMagick, strlen(pszMagick) + 1, 1, fpVSIL) > 0;
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:3568:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                static_cast<int>(18 + strlen(pszProName) + strlen(pszUnits)));
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:3568:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                static_cast<int>(18 + strlen(pszProName) + strlen(pszUnits)));
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:3647:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( strncmp(aosNL[i], pszOldBase, strlen(pszOldBase)) == 0 )
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:3650:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                osNew += aosNL[i].c_str() + strlen(pszOldBase);
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:3657:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(pszNewBase) > strlen(pszOldBase) )
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:3657:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(pszNewBase) > strlen(pszOldBase) )
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:3662:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                nNameCount * (strlen(pszNewBase) - strlen(pszOldBase))));
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:3662:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                nNameCount * (strlen(pszNewBase) - strlen(pszOldBase))));
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:3706:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strncmp(osFileName, pszOldBase, strlen(pszOldBase)) == 0 )
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:3709:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            osNew += osFileName.c_str() + strlen(pszOldBase);
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:3714:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(pszNewBase) > strlen(pszOldBase) )
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:3714:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(pszNewBase) > strlen(pszOldBase) )
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:3719:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                 (strlen(pszNewBase) - strlen(pszOldBase))));
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:3719:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                 (strlen(pszNewBase) - strlen(pszOldBase))));
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:3749:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(pszNewBase) > strlen(pszOldBase) )
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:3749:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(pszNewBase) > strlen(pszOldBase) )
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:3754:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                 (strlen(pszNewBase) - strlen(pszOldBase))));
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:3754:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                 (strlen(pszNewBase) - strlen(pszOldBase))));
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:3758:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strncmp(osFileName, pszOldBase, strlen(pszOldBase)) == 0 )
data/gdal-3.0.4+dfsg/frmts/hfa/hfaopen.cpp:3761:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            osNew += osFileName.c_str() + strlen(pszOldBase);
data/gdal-3.0.4+dfsg/frmts/hfa/hfatype.cpp:134:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(pszTypeName, pszInput, i);
data/gdal-3.0.4+dfsg/frmts/hfa/hfatype.cpp:239:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nNameLen = static_cast<int>(strlen(pszFieldPath));
data/gdal-3.0.4+dfsg/frmts/hfa/hfatype.cpp:316:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nNameLen = static_cast<int>(strlen(pszFieldPath));
data/gdal-3.0.4+dfsg/frmts/hfa/hfatype.cpp:409:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nNameLen = static_cast<int>(strlen(pszFieldPath));
data/gdal-3.0.4+dfsg/frmts/idrisi/IdrisiDataset.cpp:439:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t nLen = strlen(pszName);
data/gdal-3.0.4+dfsg/frmts/idrisi/IdrisiDataset.cpp:482:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            CPLMalloc( strlen(pszValue) + strlen(pszKey)
data/gdal-3.0.4+dfsg/frmts/idrisi/IdrisiDataset.cpp:482:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            CPLMalloc( strlen(pszValue) + strlen(pszKey)
data/gdal-3.0.4+dfsg/frmts/idrisi/IdrisiDataset.cpp:483:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                       + strlen(pszSeparator) + 1 ) );
data/gdal-3.0.4+dfsg/frmts/idrisi/IdrisiDataset.cpp:815:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszMinX != nullptr && strlen( pszMinX ) > 0 &&
data/gdal-3.0.4+dfsg/frmts/idrisi/IdrisiDataset.cpp:816:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszMaxX != nullptr && strlen( pszMaxX ) > 0 &&
data/gdal-3.0.4+dfsg/frmts/idrisi/IdrisiDataset.cpp:817:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszMinY != nullptr && strlen( pszMinY ) > 0 &&
data/gdal-3.0.4+dfsg/frmts/idrisi/IdrisiDataset.cpp:818:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszMaxY != nullptr && strlen( pszMaxY ) > 0 &&
data/gdal-3.0.4+dfsg/frmts/idrisi/IdrisiDataset.cpp:819:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszUnit != nullptr && strlen( pszUnit ) > 0 )
data/gdal-3.0.4+dfsg/frmts/idrisi/IdrisiDataset.cpp:1474:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszPamSRS != nullptr && strlen( pszPamSRS ) > 0 )
data/gdal-3.0.4+dfsg/frmts/idrisi/IdrisiDataset.cpp:1919:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( ( strlen( papszCategoryNames[i] ) > 0 ) )
data/gdal-3.0.4+dfsg/frmts/idrisi/IdrisiDataset.cpp:2030:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen( pszUnitType ) == 0 )
data/gdal-3.0.4+dfsg/frmts/idrisi/IdrisiDataset.cpp:2994:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( pszID != nullptr && strlen( pszID ) > 0 )
data/gdal-3.0.4+dfsg/frmts/idrisi/IdrisiDataset.cpp:3301:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(pOutput, pInput, 3);
data/gdal-3.0.4+dfsg/frmts/ilwis/ilwiscoordinatesystem.cpp:360:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( EQUALN( sEllips.c_str(), piwEllips->pszIlwisEllips, strlen(piwEllips->pszIlwisEllips) ) )
data/gdal-3.0.4+dfsg/frmts/ilwis/ilwiscoordinatesystem.cpp:645:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( EQUALN( pszDatum.c_str(), piwDatum->pszIlwisDatum, strlen(piwDatum->pszIlwisDatum) ) )
data/gdal-3.0.4+dfsg/frmts/ilwis/ilwiscoordinatesystem.cpp:666:75:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if( EQUALN( pszEllips.c_str(), piwEllips->pszIlwisEllips, strlen(piwEllips->pszIlwisEllips) ) )
data/gdal-3.0.4+dfsg/frmts/ilwis/ilwiscoordinatesystem.cpp:995:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    bool bProjection = ((pszProjection != nullptr) && (strlen(pszProjection)>0));
data/gdal-3.0.4+dfsg/frmts/ilwis/ilwiscoordinatesystem.cpp:1031:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( EQUALN( osDatum.c_str(), piwDatum->pszWKTDatum, strlen(piwDatum->pszWKTDatum) ) )
data/gdal-3.0.4+dfsg/frmts/ilwis/ilwisdataset.cpp:1074:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszProj != nullptr && strlen(pszProj) > 0 )
data/gdal-3.0.4+dfsg/frmts/ilwis/ilwisdataset.cpp:1862:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(begin) == 0) return rUNDEF;
data/gdal-3.0.4+dfsg/frmts/iso8211/8211createfromxml.cpp:94:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                nSizeFieldTag = (int)strlen(pszTag);
data/gdal-3.0.4+dfsg/frmts/iso8211/8211createfromxml.cpp:95:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            else if( nSizeFieldTag != (int)strlen(pszTag) )
data/gdal-3.0.4+dfsg/frmts/iso8211/8211createfromxml.cpp:288:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        int nDataLen = (int)strlen(pszValue) / 2;
data/gdal-3.0.4+dfsg/frmts/iso8211/8211createfromxml.cpp:357:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                        (int)strlen(pszSubfieldValue) / 2;
data/gdal-3.0.4+dfsg/frmts/iso8211/ddffielddefn.cpp:116:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( _formatControls == nullptr || strlen(_formatControls) == 0 )
data/gdal-3.0.4+dfsg/frmts/iso8211/ddffielddefn.cpp:122:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const int nOldLen = static_cast<int>(strlen(_formatControls));
data/gdal-3.0.4+dfsg/frmts/iso8211/ddffielddefn.cpp:125:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        CPLMalloc(nOldLen+3+strlen(poNewSFDefn->GetFormat())));
data/gdal-3.0.4+dfsg/frmts/iso8211/ddffielddefn.cpp:130:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat( pszNewFormatControls, "," );
data/gdal-3.0.4+dfsg/frmts/iso8211/ddffielddefn.cpp:133:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
    strcat( pszNewFormatControls, ")" );
data/gdal-3.0.4+dfsg/frmts/iso8211/ddffielddefn.cpp:146:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                   strlen(_arrayDescr)+strlen(poNewSFDefn->GetName())+2);
data/gdal-3.0.4+dfsg/frmts/iso8211/ddffielddefn.cpp:146:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                   strlen(_arrayDescr)+strlen(poNewSFDefn->GetName())+2);
data/gdal-3.0.4+dfsg/frmts/iso8211/ddffielddefn.cpp:147:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(_arrayDescr) > 0 &&
data/gdal-3.0.4+dfsg/frmts/iso8211/ddffielddefn.cpp:148:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
       (_arrayDescr[0] != '*' || strlen(_arrayDescr) > 1) )
data/gdal-3.0.4+dfsg/frmts/iso8211/ddffielddefn.cpp:149:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat( _arrayDescr, "!" );
data/gdal-3.0.4+dfsg/frmts/iso8211/ddffielddefn.cpp:207:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    *pnLength = static_cast<int>(iFDOffset + strlen(_fieldName) + 1
data/gdal-3.0.4+dfsg/frmts/iso8211/ddffielddefn.cpp:208:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        + strlen(_arrayDescr) + 1
data/gdal-3.0.4+dfsg/frmts/iso8211/ddffielddefn.cpp:209:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        + strlen(_formatControls) + 1);
data/gdal-3.0.4+dfsg/frmts/iso8211/ddffielddefn.cpp:211:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(_arrayDescr) == 0 )
data/gdal-3.0.4+dfsg/frmts/iso8211/ddffielddefn.cpp:213:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(_formatControls) == 0 )
data/gdal-3.0.4+dfsg/frmts/iso8211/ddffielddefn.cpp:257:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(_arrayDescr) > 0 )
data/gdal-3.0.4+dfsg/frmts/iso8211/ddffielddefn.cpp:258:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        snprintf( *ppachData + strlen(*ppachData),
data/gdal-3.0.4+dfsg/frmts/iso8211/ddffielddefn.cpp:259:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  *pnLength+1 - strlen(*ppachData), "%c%s",
data/gdal-3.0.4+dfsg/frmts/iso8211/ddffielddefn.cpp:261:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(_formatControls) > 0 )
data/gdal-3.0.4+dfsg/frmts/iso8211/ddffielddefn.cpp:262:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        snprintf( *ppachData + strlen(*ppachData),
data/gdal-3.0.4+dfsg/frmts/iso8211/ddffielddefn.cpp:263:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  *pnLength+1 - strlen(*ppachData), "%c%s",
data/gdal-3.0.4+dfsg/frmts/iso8211/ddffielddefn.cpp:265:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    snprintf( *ppachData + strlen(*ppachData),
data/gdal-3.0.4+dfsg/frmts/iso8211/ddffielddefn.cpp:266:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              *pnLength+1 - strlen(*ppachData), "%c", DDF_FIELD_TERMINATOR );
data/gdal-3.0.4+dfsg/frmts/iso8211/ddffielddefn.cpp:641:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            const size_t nExpandedContentsLen = strlen(pszExpandedContents);
data/gdal-3.0.4+dfsg/frmts/iso8211/ddffielddefn.cpp:658:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            iSrc = iSrc + strlen(pszContents) + 2;
data/gdal-3.0.4+dfsg/frmts/iso8211/ddffielddefn.cpp:697:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            const size_t nExpandedContentsLen = strlen(pszExpandedContents);
data/gdal-3.0.4+dfsg/frmts/iso8211/ddffielddefn.cpp:720:21:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
                    strcat( pszDest + iDst, "," );
data/gdal-3.0.4+dfsg/frmts/iso8211/ddffielddefn.cpp:726:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                iSrc = iSrc + strlen(pszContents) + 2;
data/gdal-3.0.4+dfsg/frmts/iso8211/ddffielddefn.cpp:728:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                iSrc = iSrc + strlen(pszContents);
data/gdal-3.0.4+dfsg/frmts/iso8211/ddffielddefn.cpp:763:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(_formatControls) < 2
data/gdal-3.0.4+dfsg/frmts/iso8211/ddffielddefn.cpp:765:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        || _formatControls[strlen(_formatControls)-1] != ')' )
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfmodule.cpp:321:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy( szTag, pachRecord+nEntryOffset, _sizeFieldTag );
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfmodule.cpp:467:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        CPLAssert( (int)strlen(papoFieldDefns[iField]->GetName()) == _sizeFieldTag );
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfrecord.cpp:431:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy( szTag, pachData+nEntryOffset, _sizeFieldTag );
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfrecord.cpp:631:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy( szTag, pachData+nEntryOffset, _sizeFieldTag );
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfsubfielddefn.cpp:86:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for( i = static_cast<int>(strlen(pszName))-1; i > 0 && pszName[i] == ' '; i-- )
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfsubfielddefn.cpp:845:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nValueLength = static_cast<int>(strlen(pszValue));
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfsubfielddefn.cpp:867:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy( pachData, pszValue, nSize-1 );
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfsubfielddefn.cpp:911:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nSize = static_cast<int>(strlen(szWork)) + 1;
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfsubfielddefn.cpp:917:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( GetBinaryFormat() == NotBinary && (int) strlen(szWork) > nSize )
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfsubfielddefn.cpp:932:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy( pachData, szWork, nSize-1 );
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfsubfielddefn.cpp:946:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            memcpy( pachData + nSize - strlen(szWork), szWork,
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfsubfielddefn.cpp:947:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                     strlen(szWork) );
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfsubfielddefn.cpp:1003:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nSize = static_cast<int>(strlen(szWork)) + 1;
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfsubfielddefn.cpp:1009:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( GetBinaryFormat() == NotBinary && (int) strlen(szWork) > nSize )
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfsubfielddefn.cpp:1024:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy( pachData, szWork, nSize-1 );
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfsubfielddefn.cpp:1034:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            memcpy( pachData + nSize - strlen(szWork), szWork,
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfsubfielddefn.cpp:1035:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                     strlen(szWork) );
data/gdal-3.0.4+dfsg/frmts/iso8211/ddfutils.cpp:103:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy( pszReturn, pszRecord, i );
data/gdal-3.0.4+dfsg/frmts/jaxapalsar/jaxapalsardataset.cpp:551:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strlen( CPLGetDirname( poOpenInfo->pszFilename ) ) +
data/gdal-3.0.4+dfsg/frmts/jaxapalsar/jaxapalsardataset.cpp:552:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strlen( pszSuffix ) + 8;
data/gdal-3.0.4+dfsg/frmts/jaxapalsar/jaxapalsardataset.cpp:614:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t nLeaderFilenameLen = strlen( CPLGetDirname( poOpenInfo->pszFilename ) ) +
data/gdal-3.0.4+dfsg/frmts/jaxapalsar/jaxapalsardataset.cpp:615:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strlen(pszSuffix) + 5;
data/gdal-3.0.4+dfsg/frmts/jdem/jdemdataset.cpp:48:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(szWork, pszField, nWidth);
data/gdal-3.0.4+dfsg/frmts/jp2kak/jp2kakdataset.cpp:876:29:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                poRawInput->read(abySubfileHeader, 16);
data/gdal-3.0.4+dfsg/frmts/jp2kak/jp2kakdataset.cpp:1727:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(CPLGetConfigOption("GDAL_ONE_BIG_READ", "")) > 0 )
data/gdal-3.0.4+dfsg/frmts/jp2kak/jp2kakdataset.cpp:2588:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        poXMLBox->SetWritableData(static_cast<int>(strlen(papszMD[0]) + 1),
data/gdal-3.0.4+dfsg/frmts/jp2kak/jp2kakdataset.h:197:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                m_pszError, strlen(m_pszError) + strlen(string) + 1));
data/gdal-3.0.4+dfsg/frmts/jp2kak/jp2kakdataset.h:197:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                m_pszError, strlen(m_pszError) + strlen(string) + 1));
data/gdal-3.0.4+dfsg/frmts/jp2kak/jp2kakdataset.h:210:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( m_pszError[strlen(m_pszError) - 1] == '\n' )
data/gdal-3.0.4+dfsg/frmts/jp2kak/jp2kakdataset.h:211:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            m_pszError[strlen(m_pszError) - 1] = '\0';
data/gdal-3.0.4+dfsg/frmts/jp2kak/subfile_source.h:80:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                     static_cast<int>(strlen(papszTokens[0]))));
data/gdal-3.0.4+dfsg/frmts/jp2kak/subfile_source.h:83:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                     static_cast<int>(strlen(papszTokens[1]))));
data/gdal-3.0.4+dfsg/frmts/jp2kak/subfile_source.h:177:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    int read(kdu_byte *buf, int num_bytes) override
data/gdal-3.0.4+dfsg/frmts/jp2lura/jp2luradataset.cpp:501:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(pszFilename) > 4)
data/gdal-3.0.4+dfsg/frmts/jp2lura/jp2luradataset.cpp:503:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (EQUAL(pszFilename + strlen(pszFilename) - 4, ".JPC") ||
data/gdal-3.0.4+dfsg/frmts/jp2lura/jp2luradataset.cpp:504:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                EQUAL(pszFilename + strlen(pszFilename) - 4, ".J2K"))
data/gdal-3.0.4+dfsg/frmts/jp2lura/jp2luradataset.cpp:1584:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            while (strlen(oBox.GetType()) > 0)
data/gdal-3.0.4+dfsg/frmts/jpeg/jpgdataset.cpp:2086:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    papszTokens[1], static_cast<int>(strlen(papszTokens[1])));
data/gdal-3.0.4+dfsg/frmts/jpeg/jpgdataset.cpp:2088:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    papszTokens[2], static_cast<int>(strlen(papszTokens[2])));
data/gdal-3.0.4+dfsg/frmts/jpeg/jpgdataset.cpp:2099:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    papszTokens[0], static_cast<int>(strlen(papszTokens[0])));
data/gdal-3.0.4+dfsg/frmts/jpeg/jpgdataset.cpp:2101:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    papszTokens[1], static_cast<int>(strlen(papszTokens[1])));
data/gdal-3.0.4+dfsg/frmts/jpeg/jpgdataset.cpp:2352:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strlen(GetDescription()) > 4 &&
data/gdal-3.0.4+dfsg/frmts/jpeg/jpgdataset.cpp:2353:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        EQUAL(GetDescription() + strlen(GetDescription()) - 4, ".wld");
data/gdal-3.0.4+dfsg/frmts/jpeg/jpgdataset.cpp:3276:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                          static_cast<unsigned int>(strlen(pszComment)));
data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jerror.h:232:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
   strncpy((cinfo)->err->msg_parm.s, (str), JMSG_STR_PARM_MAX), \
data/gdal-3.0.4+dfsg/frmts/jpeg/libjpeg/jerror.h:288:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
   strncpy((cinfo)->err->msg_parm.s, (str), JMSG_STR_PARM_MAX), \
data/gdal-3.0.4+dfsg/frmts/jpeg2000/jpeg2000dataset.cpp:616:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ( strlen( pszFormatName ) < 3 ||
data/gdal-3.0.4+dfsg/frmts/jpeg2000/jpeg2000dataset.cpp:1066:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            strlen(apszComprOptions[j]) ) )
data/gdal-3.0.4+dfsg/frmts/jpeg2000/jpeg2000dataset.cpp:1068:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    const int n = static_cast<int>(strlen( pszOptionBuf ));
data/gdal-3.0.4+dfsg/frmts/jpeg2000/jpeg2000dataset.cpp:1070:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        n + static_cast<int>(strlen( papszOptions[i] )) + 1;
data/gdal-3.0.4+dfsg/frmts/jpeg2000/jpeg2000dataset.cpp:1075:25:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
                        strcat( pszOptionBuf, "\n" );
data/gdal-3.0.4+dfsg/frmts/jpeg2000/jpeg2000dataset.cpp:1352:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                (*papszSrcMDIter)[strlen((*papszSrcMDIter))-1] == '=' )
data/gdal-3.0.4+dfsg/frmts/jpipkak/jpipkakdataset.cpp:83:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                CPLRealloc(m_pszError, strlen(m_pszError) + strlen(string)+1 );
data/gdal-3.0.4+dfsg/frmts/jpipkak/jpipkakdataset.cpp:83:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                CPLRealloc(m_pszError, strlen(m_pszError) + strlen(string)+1 );
data/gdal-3.0.4+dfsg/frmts/jpipkak/jpipkakdataset.cpp:96:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( m_pszError[strlen(m_pszError)-1] == '\n' )
data/gdal-3.0.4+dfsg/frmts/jpipkak/jpipkakdataset.cpp:97:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            m_pszError[strlen(m_pszError)-1] = '\0';
data/gdal-3.0.4+dfsg/frmts/jpipkak/jpipkakdataset.cpp:800:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    poCache->read(pabyBuffer, nLen);
data/gdal-3.0.4+dfsg/frmts/kea/keaband.cpp:247:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ( ( nBinValuesLen + strlen( szBuf ) + 2 ) > nBufSize )
data/gdal-3.0.4+dfsg/frmts/kea/keaband.cpp:260:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat( pszBinValues+nBinValuesLen, "|" );
data/gdal-3.0.4+dfsg/frmts/kea/keaband.cpp:261:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nBinValuesLen += static_cast<int>(strlen(pszBinValues+nBinValuesLen));
data/gdal-3.0.4+dfsg/frmts/kmlsuperoverlay/kmlsuperoverlaydataset.cpp:994:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                strlen(pszSlashDotDot + 4) + 1);
data/gdal-3.0.4+dfsg/frmts/kmlsuperoverlay/kmlsuperoverlaydataset.cpp:2275:13:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
        if( sscanf(CPLGetFilename(pszHref), "kml_image_L%d_%d_%d.%3s",
data/gdal-3.0.4+dfsg/frmts/kmlsuperoverlay/kmlsuperoverlaydataset.cpp:2287:21:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
                    strcpy(sDesc.szExtI, "");
data/gdal-3.0.4+dfsg/frmts/kmlsuperoverlay/kmlsuperoverlaydataset.cpp:2288:21:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
                    strcpy(sDesc.szExtJ, "");
data/gdal-3.0.4+dfsg/frmts/l1b/l1bdataset.cpp:1404:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strlen(pszFilename) == L1B_DATASET_NAME_SIZE )
data/gdal-3.0.4+dfsg/frmts/l1b/l1bdataset.cpp:1492:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if( strlen(pszFilename) == L1B_DATASET_NAME_SIZE &&
data/gdal-3.0.4+dfsg/frmts/l1b/l1bdataset.cpp:1505:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if( strlen(pszFilename) == L1B_DATASET_NAME_SIZE &&
data/gdal-3.0.4+dfsg/frmts/l1b/l1bdataset.cpp:3087:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(pszFilename) == L1B_DATASET_NAME_SIZE &&
data/gdal-3.0.4+dfsg/frmts/l1b/l1bdataset.cpp:3160:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pszFilename = poOpenInfo->pszFilename + strlen("L1BGCPS_INTERPOL:");
data/gdal-3.0.4+dfsg/frmts/l1b/l1bdataset.cpp:3165:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pszFilename = poOpenInfo->pszFilename + strlen("L1BGCPS:");
data/gdal-3.0.4+dfsg/frmts/l1b/l1bdataset.cpp:3170:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pszFilename = poOpenInfo->pszFilename + strlen("L1B_SOLAR_ZENITH_ANGLES:");
data/gdal-3.0.4+dfsg/frmts/l1b/l1bdataset.cpp:3175:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pszFilename = poOpenInfo->pszFilename + strlen("L1B_ANGLES:");
data/gdal-3.0.4+dfsg/frmts/l1b/l1bdataset.cpp:3180:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pszFilename = poOpenInfo->pszFilename + strlen("L1B_CLOUDS:");
data/gdal-3.0.4+dfsg/frmts/leveller/levellerdataset.cpp:515:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if(strlen(psz) >= sizeof(ds.m_szElevUnits))
data/gdal-3.0.4+dfsg/frmts/leveller/levellerdataset.cpp:977:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if(this->write_byte(strlen(pszTag)))
data/gdal-3.0.4+dfsg/frmts/leveller/levellerdataset.cpp:979:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        return (1 == VSIFWriteL(pszTag, strlen(pszTag), 1, m_fp)
data/gdal-3.0.4+dfsg/frmts/leveller/levellerdataset.cpp:1006:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    CPLAssert(strlen(pszTag) <= kMaxTagNameLen);
data/gdal-3.0.4+dfsg/frmts/leveller/levellerdataset.cpp:1010:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t len = strlen(psz);
data/gdal-3.0.4+dfsg/frmts/leveller/levellerdataset.cpp:1303:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy(m_szElevUnits, "");
data/gdal-3.0.4+dfsg/frmts/leveller/levellerdataset.cpp:1338:71:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                m_pszProjection = reinterpret_cast<char *>( CPLMalloc(strlen(szWKT) + 1) );
data/gdal-3.0.4+dfsg/frmts/leveller/levellerdataset.cpp:1379:21:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                    strncpy(m_szElevUnits, pszUnitID, sizeof(m_szElevUnits));
data/gdal-3.0.4+dfsg/frmts/leveller/levellerdataset.cpp:1397:7:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
      strcpy(szWorldUnits, "m");
data/gdal-3.0.4+dfsg/frmts/leveller/levellerdataset.cpp:1422:15:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
              strcpy(szWorldUnits, "m");
data/gdal-3.0.4+dfsg/frmts/mbtiles/mbtilesdataset.cpp:2408:90:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    fpCURLOGR = (VSILFILE* )CPLScanPointer( pszPointer, static_cast<int>(strlen(pszPointer)) );
data/gdal-3.0.4+dfsg/frmts/mem/memdataset.cpp:1033:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        static_cast<int>(strlen(pszDataPointer)) ) );
data/gdal-3.0.4+dfsg/frmts/mem/memdataset.cpp:1427:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                      static_cast<int>(strlen(pszOption)));
data/gdal-3.0.4+dfsg/frmts/mem/memdataset.cpp:1435:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                     static_cast<int>(strlen(pszOption)));
data/gdal-3.0.4+dfsg/frmts/mem/memdataset.cpp:1443:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                     static_cast<int>(strlen(pszOption)));
data/gdal-3.0.4+dfsg/frmts/mem/memdataset.cpp:1448:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        static_cast<int>(strlen(pszDataPointer)) ) );
data/gdal-3.0.4+dfsg/frmts/mrf/JPEG_band.cpp:636:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t CHUNK_NAME_SIZE = strlen(CHUNK_NAME) + 1;
data/gdal-3.0.4+dfsg/frmts/mrf/LERC_band.cpp:236:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (!zImg.read(&ptr, nRemainingBytes, 1e12))
data/gdal-3.0.4+dfsg/frmts/mrf/LERC_band.cpp:444:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        || strlen(poOpenInfo->pszFilename) < 2)
data/gdal-3.0.4+dfsg/frmts/mrf/LERC_band.cpp:479:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        if (zImg.read(&pb, nRemainingBytes, 1e12, true))
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/BitStufferV1.cpp:132:20:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
bool BitStufferV1::read(Byte** ppByte, size_t& nRemainingBytes, vector<unsigned int>& dataVec, size_t nMaxBufferVecElts)
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/BitStufferV1.h:40:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  static bool read( Byte** ppByte, size_t& nRemainingBytes, std::vector<unsigned int>& dataVec, size_t nMaxBufferVecElts);
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/CntZImage.cpp:346:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
bool CntZImage::read(Byte** ppByte,
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/CntZImage.cpp:1055:21:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (!bitStuffer.read(&ptr, nRemainingBytes, dataVec, nMaxElts))
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/CntZImage.cpp:1184:23:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if (!bitStuffer.read(&ptr, nRemainingBytes, dataVec, nMaxElts))
data/gdal-3.0.4+dfsg/frmts/mrf/libLERC/CntZImage.h:72:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  bool read(Byte** ppByte,
data/gdal-3.0.4+dfsg/frmts/mrf/marfa_dataset.cpp:2068:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(GetDescription()) == 0
data/gdal-3.0.4+dfsg/frmts/mrf/mrf_util.cpp:213:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(in) < strlen(ext))
data/gdal-3.0.4+dfsg/frmts/mrf/mrf_util.cpp:213:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(in) < strlen(ext))
data/gdal-3.0.4+dfsg/frmts/mrf/mrf_util.cpp:218:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t extlen = strlen(ext);
data/gdal-3.0.4+dfsg/frmts/mrsid/mrsiddataset.cpp:516:46:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        if(!LT_SUCCESS(poGDS->poImageReader->read(poGDS->poLTINav->getScene(),
data/gdal-3.0.4+dfsg/frmts/mrsid/mrsiddataset.cpp:932:32:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    eLTStatus = poImageReader->read(oNav.getScene(),oLTIBuffer);
data/gdal-3.0.4+dfsg/frmts/mrsid/mrsiddataset.cpp:1076:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            iLength = static_cast<int>(strlen(pszMetadata) + osTemp.size() + 2);
data/gdal-3.0.4+dfsg/frmts/mrsid/mrsiddataset.cpp:1080:17:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant character.
                strncat( pszMetadata, ",", 1 );
data/gdal-3.0.4+dfsg/frmts/mrsid/mrsiddataset.cpp:1134:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy( (char *)pValue,
data/gdal-3.0.4+dfsg/frmts/mrsid/mrsidstream.cpp:167:25:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
lt_uint32 LTIVSIStream::read( lt_uint8 *pDest, lt_uint32 nBytes )
data/gdal-3.0.4+dfsg/frmts/mrsid/mrsidstream.h:54:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    lt_uint32 read( lt_uint8 *, lt_uint32 ) override;
data/gdal-3.0.4+dfsg/frmts/msg/msgdataset.cpp:183:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        pp.read(p_file);
data/gdal-3.0.4+dfsg/frmts/msg/msgdataset.cpp:452:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
          pp.read(p_file);
data/gdal-3.0.4+dfsg/frmts/msg/msgdataset.cpp:565:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
          i_file.read( (char *)ibuf, nb_ibytes);
data/gdal-3.0.4+dfsg/frmts/msg/prologue.cpp:91:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    ifile.read((char*)buf, 8);
data/gdal-3.0.4+dfsg/frmts/msg/prologue.cpp:111:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    ifile.read((char*)buf, 4);
data/gdal-3.0.4+dfsg/frmts/msg/prologue.cpp:127:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    ifile.read((char*)buf, 4);
data/gdal-3.0.4+dfsg/frmts/msg/prologue.cpp:139:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    ifile.read(&b, 1);
data/gdal-3.0.4+dfsg/frmts/msg/prologue.cpp:201:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      ifile.read((char*)dummy, 12);
data/gdal-3.0.4+dfsg/frmts/msg/prologue.cpp:227:16:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
void Prologue::read(std::ifstream & ifile)
data/gdal-3.0.4+dfsg/frmts/msg/prologue.h:106:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  void read(std::ifstream & ifile);
data/gdal-3.0.4+dfsg/frmts/msg/xritheaderparser.cpp:56:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  ifile.read((char*)probeBuf, probeSize); // Probe file by reading first 8 bytes
data/gdal-3.0.4+dfsg/frmts/msg/xritheaderparser.cpp:65:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      ifile.read((char*)buf + probeSize, totalHeaderLength - probeSize); // read the rest of the header section
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:794:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            nc_put_att_text(cdfid, nZId, CF_LNG_NAME, strlen(pszTemp), pszTemp);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:2539:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             i < strlen(poDS->papszDimName[poDS->nXDimID]) && i < 3;
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:4179:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                 strlen(pszCFProjection), pszCFProjection);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:4194:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                strlen(pszSweepAxisAngle), pszSweepAxisAngle);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:4210:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                 strlen(CF_PT_LATITUDE_LONGITUDE),
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:4216:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                             strlen("CRS definition"), "CRS definition");
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:4239:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                 strlen(pszSpatialRef), pszSpatialRef);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:4255:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        strlen(CF_LATITUDE_STD_NAME), CF_LATITUDE_STD_NAME);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:4260:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        strlen(CF_LATITUDE_LNG_NAME), CF_LATITUDE_LNG_NAME);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:4264:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                             strlen(CF_DEGREES_NORTH), CF_DEGREES_NORTH);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:4269:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        strlen(CF_LONGITUDE_STD_NAME), CF_LONGITUDE_STD_NAME);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:4274:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        strlen(CF_LONGITUDE_LNG_NAME), CF_LONGITUDE_LNG_NAME);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:4278:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                             strlen(CF_DEGREES_EAST), CF_DEGREES_EAST);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:4311:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                             strlen(CF_PROJ_X_COORD), CF_PROJ_X_COORD);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:4315:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                             strlen(CF_PROJ_X_COORD_LONG_NAME),
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:4320:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                             strlen(pszUnitsToWrite), pszUnitsToWrite);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:4324:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                             strlen(CF_PROJ_Y_COORD), CF_PROJ_Y_COORD);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:4328:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                             strlen(CF_PROJ_Y_COORD_LONG_NAME),
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:4332:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    status = nc_put_att_text(cdfid, nVarYID, CF_UNITS, strlen(pszUnitsToWrite),
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:5069:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                        strlen(pszCFProjection), pszCFProjection);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:5075:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                    strlen(pszCFCoordinates), pszCFCoordinates);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:5116:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t nMetaNameSize = sizeof(char) * (strlen(pszVarFullName) + 1
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:6926:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            ((strlen(papszName[1]) == 1 &&
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:7005:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    bool bVsiFile = !strncmp(osFilenameForNCOpen, "/vsi", strlen("/vsi"));
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:7693:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if( EQUALN(osMetaName, pszPrefix, strlen(pszPrefix)) )
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:7695:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    osMetaName = osMetaName.substr(strlen(pszPrefix));
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:7714:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    osMetaName = osMetaName.substr(strlen("NC_GLOBAL#"));
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:8839:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                 strlen(pszCFVersion), pszCFVersion);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:8844:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                             strlen(pszNCDF_GDAL), pszNCDF_GDAL);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:8890:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strlen(pszOldHist) + strlen(strtime) + strlen(pszAddHist) + 1 + 1;
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:8890:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strlen(pszOldHist) + strlen(strtime) + strlen(pszAddHist) + 1 + 1;
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:8890:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strlen(pszOldHist) + strlen(strtime) + strlen(pszAddHist) + 1 + 1;
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:8901:13:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
            strcat(pszNewHist, "\n");
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:8906:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                       strlen(pszNewHist), pszNewHist);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:9176:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    while( *nDestSize < (strlen(*ppszDest) + strlen(pszSrc) + 1) )
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:9176:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    while( *nDestSize < (strlen(*ppszDest) + strlen(pszSrc) + 1) )
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:9554:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                     strlen(pszValue), pszValue);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:10165:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                           strlen(papszAttribValues[i])) )
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:10202:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                       strlen(papszAttribValues[i])) )
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:10383:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const int nLen = static_cast<int>(strlen(pszValue));
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdfdataset.cpp:10388:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(pszTemp, pszValue + 1, nLen - 2);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdflayer.cpp:208:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                    strlen("profile_id"), "profile_id");
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdflayer.cpp:223:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                 strlen(m_poFeatureDefn->GetName()),
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdflayer.cpp:247:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            strlen("index of profile"), "index of profile");
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdflayer.cpp:328:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                     strlen("z coordinate"), "z coordinate");
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdflayer.cpp:332:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                     strlen("height"), "height");
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdflayer.cpp:336:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                     strlen("Z"), "Z");
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdflayer.cpp:340:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                     strlen("m"), "m");
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdflayer.cpp:350:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                 strlen(pszFeatureTypeVal), pszFeatureTypeVal);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdflayer.cpp:393:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                 strlen("Geometry as ISO WKT"),
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdflayer.cpp:1342:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if( strlen(pszVal) > 1 &&
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdflayer.cpp:1358:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                anCount[1] = strlen(pszVal);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdflayer.cpp:1653:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            anCount[1] = strlen(pszWKT);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdflayer.cpp:2266:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                 strlen("days since 1970-1-1"),
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdflayer.cpp:2286:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                 strlen("seconds since 1970-1-1 0:0:0"),
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdflayer.cpp:2310:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                             strlen(pszLongName), pszLongName);
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdflayer.cpp:2316:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                 strlen(poFieldDefn->GetNameRef()),
data/gdal-3.0.4+dfsg/frmts/netcdf/netcdflayer.cpp:2327:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                 strlen(pszType), pszType);
data/gdal-3.0.4+dfsg/frmts/nitf/ecrgtocdataset.cpp:560:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (static_cast<int>( strlen(pszTOCPath) ) >= nFirstDirLen + 1 &&
data/gdal-3.0.4+dfsg/frmts/nitf/ecrgtocdataset.cpp:561:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            (pszTOCPath[strlen(pszTOCPath) - (nFirstDirLen + 1)] == '/' ||
data/gdal-3.0.4+dfsg/frmts/nitf/ecrgtocdataset.cpp:562:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                pszTOCPath[strlen(pszTOCPath) - (nFirstDirLen + 1)] == '\\') &&
data/gdal-3.0.4+dfsg/frmts/nitf/ecrgtocdataset.cpp:563:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strncmp(pszTOCPath + strlen(pszTOCPath) - nFirstDirLen, pszName, nFirstDirLen) == 0)
data/gdal-3.0.4+dfsg/frmts/nitf/ecrgtocdataset.cpp:863:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    if (strlen(pszFrameName) != 18)
data/gdal-3.0.4+dfsg/frmts/nitf/ecrgtocdataset.cpp:888:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    if (strlen(pszFrameZone) != 1)
data/gdal-3.0.4+dfsg/frmts/nitf/ecrgtocdataset.cpp:1091:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszFilename += strlen("ECRG_TOC_ENTRY:");
data/gdal-3.0.4+dfsg/frmts/nitf/ecrgtocdataset.cpp:1110:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( strlen(papszTokens[2]) == 1 &&
data/gdal-3.0.4+dfsg/frmts/nitf/ecrgtocdataset.cpp:1125:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                strlen(papszTokens[3]) == 1 &&
data/gdal-3.0.4+dfsg/frmts/nitf/mgrs.c:461:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy (zone_string, MGRS+j, 2);
data/gdal-3.0.4+dfsg/frmts/nitf/mgrs.c:508:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy (east_string, MGRS+j, n);
data/gdal-3.0.4+dfsg/frmts/nitf/mgrs.c:511:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy (north_string, MGRS+j+n, n);
data/gdal-3.0.4+dfsg/frmts/nitf/mgrs.c:699:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy (MGRS_Ellipsoid_Code, Ellipsoid_Code, sizeof(MGRS_Ellipsoid_Code));
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:309:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( ( pCCImageSegment != NULL ) && ( strlen(pCCImageSegment) <= 10 ) )
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:312:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy( szField, pCCImageSegment, strlen(pCCImageSegment) );
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:312:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strncpy( szField, pCCImageSegment, strlen(pCCImageSegment) );
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:313:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            szField[strlen(pCCImageSegment)] = '\0';
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:316:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            while( ( strlen(szField) > 0 ) && ( szField[strlen(szField)-1] == ' ' ) )
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:316:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            while( ( strlen(szField) > 0 ) && ( szField[strlen(szField)-1] == ' ' ) )
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:317:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                szField[strlen(szField)-1] = '\0';
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:319:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if ((strlen(szField) == 2) && (STARTS_WITH_CI(szField, "CC"))) ccSegment.assign("true");
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:472:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             - static_cast<int>( strlen("A.TOC") );
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:1014:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        if (pszLocation && strlen(pszLocation) == 11)
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:1032:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    (strlen(papszLines[8]) >= 7))
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:1066:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszITITLE != nullptr && strlen(pszITITLE) >= 12
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:1067:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        && (pszITITLE[strlen(pszITITLE) - 1] == '9'
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:1068:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            || pszITITLE[strlen(pszITITLE) - 1] == 'J') )
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:1302:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( psImage->pszComments != nullptr && strlen(psImage->pszComments) != 0 )
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:1472:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            CPLsnprintf( szValue+strlen(szValue), sizeof(szValue) - strlen(szValue), "%.16g ",
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:1472:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            CPLsnprintf( szValue+strlen(szValue), sizeof(szValue) - strlen(szValue), "%.16g ",
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:1478:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            CPLsnprintf( szValue+strlen(szValue), sizeof(szValue) - strlen(szValue), "%.16g ",
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:1478:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            CPLsnprintf( szValue+strlen(szValue), sizeof(szValue) - strlen(szValue), "%.16g ",
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:1484:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            CPLsnprintf( szValue+strlen(szValue), sizeof(szValue) - strlen(szValue), "%.16g ",
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:1484:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            CPLsnprintf( szValue+strlen(szValue), sizeof(szValue) - strlen(szValue), "%.16g ",
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:1490:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            CPLsnprintf( szValue+strlen(szValue), sizeof(szValue) - strlen(szValue), "%.16g ",
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:1490:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            CPLsnprintf( szValue+strlen(szValue), sizeof(szValue) - strlen(szValue), "%.16g ",
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:1737:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy( szExpanded, pszDatumName, 3 );
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:1742:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat( szExpanded, "-" );
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:1743:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nLen = strlen(szExpanded);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:2289:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        static_cast<int>( strlen( pszXmlDataContent ) );
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:2512:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy( szTag, pszTREData, 6 );
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:2516:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            while( strlen(szTag) > 0 && szTag[strlen(szTag)-1] == ' ' )
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:2516:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            while( strlen(szTag) > 0 && szTag[strlen(szTag)-1] == ' ' )
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:2517:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                szTag[strlen(szTag)-1] = '\0';
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:2524:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            const size_t nLineLen = strlen(szTag)+strlen(pszEscapedData)+2;
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:2524:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            const size_t nLineLen = strlen(szTag)+strlen(pszEscapedData)+2;
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:2596:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (encodedHeader == nullptr || strlen(encodedHeader) == 0 )
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:2641:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( encodedImageSubheader == nullptr || strlen(encodedImageSubheader) == 0 )
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:2920:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy( szTag, pszTREData, 6 );
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:2924:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            while( strlen(szTag) > 0 && szTag[strlen(szTag)-1] == ' ' )
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:2924:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            while( strlen(szTag) > 0 && szTag[strlen(szTag)-1] == ' ' )
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:2925:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                szTag[strlen(szTag)-1] = '\0';
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:2990:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            while( strlen(szTREName) > 0 && szTREName[strlen(szTREName)-1] == ' ' )
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:2990:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            while( strlen(szTREName) > 0 && szTREName[strlen(szTREName)-1] == ' ' )
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:2991:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                szTREName[strlen(szTREName)-1] = '\0';
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:4470:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    #define WRITE_STR_NOSZ(dst, src) memcpy(dst, src, strlen(src))
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5257:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    #define PLACE(location,name,text)  memcpy(location,text,strlen(text))
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5396:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(errorMessage) != 0)
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5503:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define PLACE(location,name,text)  memcpy(location,text,strlen(text))
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5560:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    std::min(strlen(pszHeaderBuffer), sizeof(achTSH)) );
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5574:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                strncpy(achYear,achOrigDate+12, 2);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdataset.cpp:5623:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int nTextLength = static_cast<int>( strlen(pszTextToWrite) );
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdes.c:543:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nFilenameLen = strlen(pszRadixFileName) + 4 + 1;
data/gdal-3.0.4+dfsg/frmts/nitf/nitfdump.c:468:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( strlen(psImage->pszComments) > 0 )
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:775:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    bOK &= VSIFWriteL(_text, 1, strlen(_text), fp) == strlen(_text); }
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:775:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    bOK &= VSIFWriteL(_text, 1, strlen(_text), fp) == strlen(_text); }
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:785:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    to_write = MIN(width,strlen(pszParmValueMacro)); \
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:971:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            int nLenICOM = (int)strlen(pszICOM);
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:1020:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strlen(papszIREPBANDTokens[iBand]) > 2)
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:1054:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strlen(papszISUBCATTokens[iBand]) > 6)
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:1297:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int nTREPrefixLen = (int)strlen(pszTREPrefix);
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:1404:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( iSize - (int)strlen(pszValue) < 0 )
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:1408:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                         szFullFieldName, (int)strlen(pszValue), iSize);
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:1416:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            memcpy( szBLOCKA + iStart + (iSize - (int)strlen(pszValue)),
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:1417:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    pszValue, strlen(pszValue) );
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:1496:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy( psInfo->szSegmentType, szType, sizeof(psInfo->szSegmentType) );
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:1934:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (i=(int)strlen(pszFilename)-1;i>=0;i--)
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:1938:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (i < (int)strlen(pszFilename) - 3)
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:2114:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int nVarLen = (int)strlen(pszVar);
data/gdal-3.0.4+dfsg/frmts/nitf/nitffile.c:2467:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            const size_t nTmpLen = strlen(pszMDSubPrefix) + 10 + 1;
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:2137:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    i = (int)strlen(pszTarget)-1;
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:2303:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nLen = strlen(szTemp);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:2332:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    memcpy(pszBuffer, szTemp, strlen(szTemp)+1);
data/gdal-3.0.4+dfsg/frmts/nitf/nitfimage.c:2634:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    CPLAssert( strlen(pszRPC00B) == 1041 );
data/gdal-3.0.4+dfsg/frmts/nitf/nitfrasterband.cpp:693:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
    strcat( szPadded, " " );
data/gdal-3.0.4+dfsg/frmts/nitf/rpftocdataset.cpp:1230:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             - static_cast<int>( strlen( "A.TOC" ) );
data/gdal-3.0.4+dfsg/frmts/nitf/rpftocdataset.cpp:1255:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszFilename += strlen("NITF_TOC_ENTRY:");
data/gdal-3.0.4+dfsg/frmts/nitf/rpftocfile.cpp:79:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memmove(str, c, strlen(c)+1);
data/gdal-3.0.4+dfsg/frmts/nitf/rpftocfile.cpp:82:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int i = static_cast<int>(strlen(str)) - 1;
data/gdal-3.0.4+dfsg/frmts/nitf/rpftocfile.cpp:247:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    strlen(toc->entries[i].scale+2)+1);
data/gdal-3.0.4+dfsg/frmts/nitf/rpftocfile.cpp:516:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        bOK &= strlen(frameEntry->filename) > 0;
data/gdal-3.0.4+dfsg/frmts/nitf/rpftocfile.cpp:589:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            memmove(frameEntry->directory, frameEntry->directory+2, strlen(frameEntry->directory+2)+1);
data/gdal-3.0.4+dfsg/frmts/nitf/rpftocfile.cpp:598:73:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                memmove(frameEntry->directory, frameEntry->directory+1, strlen(frameEntry->directory+1)+1);
data/gdal-3.0.4+dfsg/frmts/nitf/rpftocfile.cpp:613:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( VSIStatL( subdir, &sStatBuf ) != 0 && strlen(subdir) > strlen(baseDir) && subdir[strlen(baseDir)] != 0)
data/gdal-3.0.4+dfsg/frmts/nitf/rpftocfile.cpp:613:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( VSIStatL( subdir, &sStatBuf ) != 0 && strlen(subdir) > strlen(baseDir) && subdir[strlen(baseDir)] != 0)
data/gdal-3.0.4+dfsg/frmts/nitf/rpftocfile.cpp:613:98:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( VSIStatL( subdir, &sStatBuf ) != 0 && strlen(subdir) > strlen(baseDir) && subdir[strlen(baseDir)] != 0)
data/gdal-3.0.4+dfsg/frmts/nitf/rpftocfile.cpp:615:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                char* c = subdir + strlen(baseDir)+1;
data/gdal-3.0.4+dfsg/frmts/nitf/rpftocfile.cpp:630:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if( strlen(frameEntry->fullFilePath) > strlen(subdir) )
data/gdal-3.0.4+dfsg/frmts/nitf/rpftocfile.cpp:630:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if( strlen(frameEntry->fullFilePath) > strlen(subdir) )
data/gdal-3.0.4+dfsg/frmts/nitf/rpftocfile.cpp:632:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    char* c = frameEntry->fullFilePath + strlen(subdir)+1;
data/gdal-3.0.4+dfsg/frmts/northwood/grddataset.cpp:507:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy( pGrd->cMICoordSys, psTABProj, sizeof(pGrd->cMICoordSys) -1 );
data/gdal-3.0.4+dfsg/frmts/northwood/grddataset.cpp:651:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int nChar = static_cast<int>(strlen(pGrd->cDescription));
data/gdal-3.0.4+dfsg/frmts/northwood/grddataset.cpp:656:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nChar = static_cast<int>(strlen(pGrd->cZUnits));
data/gdal-3.0.4+dfsg/frmts/northwood/grddataset.cpp:674:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    poHeaderBlock->WriteBytes((int) strlen(pGrd->cMICoordSys),
data/gdal-3.0.4+dfsg/frmts/northwood/grddataset.cpp:676:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    poHeaderBlock->WriteZeros(256 - (int) strlen(pGrd->cMICoordSys));
data/gdal-3.0.4+dfsg/frmts/northwood/grddataset.cpp:951:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(poDS->pGrd->szFileName, pszFilename,
data/gdal-3.0.4+dfsg/frmts/northwood/northwood.cpp:485:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy( pGrd->szFileName, filename, sizeof(pGrd->szFileName) );
data/gdal-3.0.4+dfsg/frmts/null/nulldataset.cpp:287:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const char* pszStr = poOpenInfo->pszFilename + strlen("NULL:");
data/gdal-3.0.4+dfsg/frmts/openjpeg/openjpegdataset.cpp:107:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int nLen = (int)strlen(pszMsgTmp);
data/gdal-3.0.4+dfsg/frmts/openjpeg/openjpegdataset.cpp:1256:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                while( strlen(oBox.GetType()) > 0 )
data/gdal-3.0.4+dfsg/frmts/openjpeg/openjpegdataset.cpp:1645:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            while( strlen(oBox.GetType()) > 0 )
data/gdal-3.0.4+dfsg/frmts/openjpeg/openjpegdataset.cpp:1944:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            while( strlen(oBox.GetType()) > 0 )
data/gdal-3.0.4+dfsg/frmts/openjpeg/openjpegdataset.cpp:1951:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                         strlen(oSubBox.GetType()) > 0;
data/gdal-3.0.4+dfsg/frmts/openjpeg/openjpegdataset.cpp:2468:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(pszFilename) > 4 &&
data/gdal-3.0.4+dfsg/frmts/openjpeg/openjpegdataset.cpp:2469:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            EQUAL(pszFilename + strlen(pszFilename) - 4, ".JP2"))
data/gdal-3.0.4+dfsg/frmts/openjpeg/openjpegdataset.cpp:4061:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    (*papszSrcMDIter)[strlen((*papszSrcMDIter))-1] == '=' )
data/gdal-3.0.4+dfsg/frmts/pcidsk/pcidskdataset2.cpp:621:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszDomain != nullptr && strlen(pszDomain) > 0 )
data/gdal-3.0.4+dfsg/frmts/pcidsk/pcidskdataset2.cpp:674:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszDomain != nullptr && strlen(pszDomain) > 0 )
data/gdal-3.0.4+dfsg/frmts/pcidsk/pcidskdataset2.cpp:728:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszDomain != nullptr && strlen(pszDomain) > 0 )
data/gdal-3.0.4+dfsg/frmts/pcidsk/pcidskdataset2.cpp:761:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszDomain != nullptr && strlen(pszDomain) > 0 )
data/gdal-3.0.4+dfsg/frmts/pcidsk/pcidskdataset2.cpp:1061:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszDomain != nullptr && strlen(pszDomain) > 0 )
data/gdal-3.0.4+dfsg/frmts/pcidsk/pcidskdataset2.cpp:1113:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszDomain != nullptr && strlen(pszDomain) > 0 )
data/gdal-3.0.4+dfsg/frmts/pcidsk/pcidskdataset2.cpp:1165:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszDomain != nullptr && strlen(pszDomain) > 0 )
data/gdal-3.0.4+dfsg/frmts/pcidsk/pcidskdataset2.cpp:1198:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszDomain != nullptr && strlen(pszDomain) > 0 )
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cpcidskchannel.cpp:285:5:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    sscanf( overview_infos[overview_index].c_str(), "%d %d %16s", 
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/channel/cpcidskchannel.cpp:308:5:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    sscanf( overview_infos[overview_index].c_str(), "%d %d %16s", 
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidsk_utils.cpp:64:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy( ctime_out, ctime(&clock), 24 ); // TODO: reentrance issue?
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidsk_utils.h:54:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define STARTS_WITH_CI(x,y) EQUALN(x,y,strlen(y))
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidsk_utils.h:55:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define STARTS_WITH(x,y) (std::strncmp(x,y,strlen(y)) == 0)
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/core/pcidskbuffer.cpp:220:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int v_size = static_cast<int>(strlen(value));
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/pcidsk_gcp.h:73:18:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            std::strncpy(gcp_id_, gcp_id.c_str(),
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/pcidsk_gcp.h:176:18:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            std::strncpy(this->gcp_id_, gcp.gcp_id_, 64);
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskgeoref.cpp:107:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( seg_data.buffer_size >= static_cast<int>(strlen("POLYNOMIAL")) &&
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskgeoref.cpp:128:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    else if( seg_data.buffer_size >= static_cast<int>(strlen("PROJECTION")) &&
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/cpcidskgeoref.cpp:407:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy( local_buf, geosysIn.c_str(), 16 );
data/gdal-3.0.4+dfsg/frmts/pcidsk/sdk/segment/metadatasegment_p.cpp:133:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    prefix_len = std::strlen(key_prefix);
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/_gsomece.c:32:19:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	cellsRead = map->read(buf, (size_t)CELLSIZE(inFileCR),
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/create2.c:68:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	newMap->fileName = (char *)CSF_MALLOC(strlen(fileName)+1);
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/csf.h:209:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  CSF_READ_FUNC read;
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/csftypes.h:29:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
# error read notes in csftypes.h
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/getattr.c:41:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		m->read(attr,elSize, (size_t)(*nmemb),m->fp);
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/legend.c:81:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		m->read(&(l[i].nr), sizeof(INT4), (size_t)1, m->fp);
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/legend.c:82:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		m->read(l[i].descr, sizeof(char), (size_t)CSF_LEGEND_DESCR_SIZE, m->fp);
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/mclose.c:82:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      (void)memset((void *)m->fileName, 0x0, strlen(m->fileName));
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/mopen.c:57:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 m->fileName = (char *)CSF_MALLOC(strlen(fileName)+1);
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/mopen.c:120:5:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
 m->read((void *)&(m->main.signature), sizeof(char), CSF_SIG_SPACE,m->fp);
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/mopen.c:121:5:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
 m->read((void *)&(m->main.version),   sizeof(UINT2),(size_t)1,m->fp);
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/mopen.c:122:5:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
 m->read((void *)&(m->main.gisFileId), sizeof(UINT4),(size_t)1,m->fp);
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/mopen.c:123:5:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
 m->read((void *)&(m->main.projection),sizeof(UINT2),(size_t)1,m->fp);
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/mopen.c:124:5:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
 m->read((void *)&(m->main.attrTable), sizeof(UINT4),(size_t)1,m->fp);
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/mopen.c:125:5:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
 m->read((void *)&(m->main.mapType),  sizeof(UINT2),(size_t)1,m->fp);
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/mopen.c:126:5:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
 m->read((void *)&(m->main.byteOrder), sizeof(UINT4),(size_t)1,m->fp);
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/mopen.c:131:5:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
 m->read((void *)&(m->raster.valueScale), sizeof(UINT2),(size_t)1,m->fp);
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/mopen.c:132:5:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
 m->read((void *)&(m->raster.cellRepr), sizeof(UINT2),(size_t)1,m->fp);
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/mopen.c:147:5:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
 m->read((void *)&(m->raster.xUL), sizeof(REAL8),(size_t)1,m->fp);
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/mopen.c:148:5:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
 m->read((void *)&(m->raster.yUL), sizeof(REAL8),(size_t)1,m->fp);
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/mopen.c:149:5:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
 m->read((void *)&(m->raster.nrRows), sizeof(UINT4),(size_t)1,m->fp);
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/mopen.c:150:5:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
 m->read((void *)&(m->raster.nrCols), sizeof(UINT4),(size_t)1,m->fp);
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/mopen.c:151:5:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
 m->read((void *)&(m->raster.cellSize), sizeof(REAL8),(size_t)1,m->fp);
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/mopen.c:152:5:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
 m->read((void *)&(m->raster.cellSizeDupl), sizeof(REAL8),(size_t)1,m->fp);
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/mopen.c:154:5:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
 m->read((void *)&(m->raster.angle), sizeof(REAL8),(size_t)1,m->fp);
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/moreattr.c:124:4:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strlen(des)+1, des);
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/moreattr.c:140:4:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strlen(history)+1, history);
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/rattrblk.c:16:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	 m->read((void *)&(b->attrs[i].attrId), sizeof(UINT2),(size_t)1,m->fp);
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/rattrblk.c:17:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	 m->read((void *)&(b->attrs[i].attrOffset), sizeof(CSF_FADDR32),(size_t)1,m->fp);
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/rattrblk.c:18:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	 m->read((void *)&(b->attrs[i].attrSize), sizeof(UINT4),(size_t)1,m->fp);
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/rattrblk.c:20:5:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	m->read((void *)&(b->next), sizeof(CSF_FADDR32),(size_t)1,m->fp);
data/gdal-3.0.4+dfsg/frmts/pcraster/libcsf/strpad.c:28:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t l = strlen(s);
data/gdal-3.0.4+dfsg/frmts/pdf/pdfcreatecopy.cpp:1614:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
         .Add("Length", (int)strlen(pszXMP));
data/gdal-3.0.4+dfsg/frmts/pdf/pdfcreatecopy.cpp:4270:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        VSIFWriteL(pszJavascript, strlen(pszJavascript), 1, m_fp);
data/gdal-3.0.4+dfsg/frmts/pdf/pdfdataset.cpp:3087:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                        const char* pszIter = pszBDC + strlen(pszBDCLookup);
data/gdal-3.0.4+dfsg/frmts/pdf/pdfdataset.cpp:3097:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                            pszIter += strlen("1 0 0 1 0 0 cm\n");
data/gdal-3.0.4+dfsg/frmts/pdf/pdfdataset.cpp:3327:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                        osLayerList[/*2 * */ i] + strlen("LAYER_00_NAME="));
data/gdal-3.0.4+dfsg/frmts/pdf/pdfdataset.cpp:3516:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                size_t nLen = strlen(papszLayers[i]);
data/gdal-3.0.4+dfsg/frmts/pdf/pdfdataset.cpp:3605:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                size_t nLen = strlen(papszLayersOFF[i]);
data/gdal-3.0.4+dfsg/frmts/pdf/pdfdataset.cpp:3775:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                size_t nLen = strlen(papszLayers[i]);
data/gdal-3.0.4+dfsg/frmts/pdf/pdfdataset.cpp:3855:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                size_t nLen = strlen(papszLayersOFF[i]);
data/gdal-3.0.4+dfsg/frmts/pdf/pdfdataset.cpp:5092:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t nLen = strlen(pszStr);
data/gdal-3.0.4+dfsg/frmts/pdf/pdfio.cpp:222:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        for(int i=0;i<nToRead-(int)strlen("/Linearized ");i++)
data/gdal-3.0.4+dfsg/frmts/pdf/pdfio.cpp:225:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                       strlen("/Linearized ")) == 0 )
data/gdal-3.0.4+dfsg/frmts/pdf/pdfio.cpp:228:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                memcpy(abyBuffer + i, "/XXXXXXXXXX ", strlen("/Linearized "));
data/gdal-3.0.4+dfsg/frmts/pdf/pdfobject.cpp:286:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    int nLen = (int)strlen(szReal);
data/gdal-3.0.4+dfsg/frmts/pdf/pdfreadvectors.cpp:624:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define PUSH(aszTokenStack, str, strlen) \
data/gdal-3.0.4+dfsg/frmts/pdf/pdfreadvectors.cpp:1716:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            int nLen = (int)strlen(pszStr);
data/gdal-3.0.4+dfsg/frmts/pds/isis2dataset.cpp:383:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(value) > 0 ) {
data/gdal-3.0.4+dfsg/frmts/pds/isis2dataset.cpp:394:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(value) > 0) {
data/gdal-3.0.4+dfsg/frmts/pds/isis2dataset.cpp:405:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(value) > 0 ) {
data/gdal-3.0.4+dfsg/frmts/pds/isis2dataset.cpp:812:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pszWrk[strlen(pszWrk)-1] = '\0';
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:1788:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(pszRes) > 0 ) {
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:1797:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(pszULY) > 0) {
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:1805:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(pszULX) > 0 ) {
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:3106:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            memcpy(pszStartByte, pszOffset, strlen(pszOffset));
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:3107:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            memset(pszStartByte + strlen(pszOffset), ' ',
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:3108:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    strlen(pszSTARTBYTE_PLACEHOLDER) - strlen(pszOffset));
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:3108:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    strlen(pszSTARTBYTE_PLACEHOLDER) - strlen(pszOffset));
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:3118:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            memcpy(pszLabelBytes, pszBytes, strlen(pszBytes));
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:3119:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            memset(pszLabelBytes + strlen(pszBytes), ' ',
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:3120:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    strlen(pszLABEL_BYTES_PLACEHOLDER) - strlen(pszBytes));
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:3120:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    strlen(pszLABEL_BYTES_PLACEHOLDER) - strlen(pszBytes));
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:3158:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        CPLAssert(strlen(pszStartByte) <
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:3159:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                    strlen(pszHISTORY_STARTBYTE_PLACEHOLDER));
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:3160:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memcpy(pszHistoryStartBytes, pszStartByte, strlen(pszStartByte));
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:3161:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memset(pszHistoryStartBytes + strlen(pszStartByte), ' ',
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:3162:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
               strlen(pszHISTORY_STARTBYTE_PLACEHOLDER) - strlen(pszStartByte));
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:3162:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
               strlen(pszHISTORY_STARTBYTE_PLACEHOLDER) - strlen(pszStartByte));
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:3176:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            CPLAssert(strlen(pszStartByte) <
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:3179:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            memcpy(pszPlaceHolder, pszStartByte, strlen(pszStartByte));
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:3180:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            memset(pszPlaceHolder + strlen(pszStartByte), ' ',
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:3182:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                                            strlen(pszStartByte));
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:3517:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    strlen(" = ") + strlen(pszVal) > WIDTH &&
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:3517:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    strlen(" = ") + strlen(pszVal) > WIDTH &&
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:3519:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    strlen(" = ") < WIDTH )
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:3522:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                     osPadding.size() + strlen(" = ");
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:3581:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                     osPadding.size() + strlen(" = (");
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:3602:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    else if( nFirstPos < WIDTH && nCurPos + strlen(pszVal) > WIDTH )
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:3634:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        nCurPos += strlen(pszVal);
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:3641:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    const size_t nValLen = strlen(pszVal);
data/gdal-3.0.4+dfsg/frmts/pds/isis3dataset.cpp:3996:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        && strlen(poSrcDS->GetProjectionRef()) > 0 )
data/gdal-3.0.4+dfsg/frmts/pds/pds4dataset.cpp:1438:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( nCount == 5 && strlen(papszTokens[1]) == 1 &&
data/gdal-3.0.4+dfsg/frmts/pds/pds4dataset.cpp:2640:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    const char* pszVarName = pszKey + strlen("VAR_");
data/gdal-3.0.4+dfsg/frmts/pds/pds4dataset.cpp:3545:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    if( strlen(pszCartSchema) >= strlen("PDS4_CART_xxxx.xsd") &&
data/gdal-3.0.4+dfsg/frmts/pds/pds4dataset.cpp:3545:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    if( strlen(pszCartSchema) >= strlen("PDS4_CART_xxxx.xsd") &&
data/gdal-3.0.4+dfsg/frmts/pds/pds4dataset.cpp:3546:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        EQUALN(pszCartSchema + strlen("PDS4_CART_xxxx."), "xsd", 3) )
data/gdal-3.0.4+dfsg/frmts/pds/pds4dataset.cpp:3548:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        CPLString osVersion(pszCartSchema + strlen("PDS4_CART_"), 4);
data/gdal-3.0.4+dfsg/frmts/pds/pds4dataset.cpp:4114:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        && strlen(poSrcDS->GetProjectionRef()) > 0 )
data/gdal-3.0.4+dfsg/frmts/pds/pds4vector.cpp:1221:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                     pszFieldFormat[strlen(pszFieldFormat)-1] == 'd' )
data/gdal-3.0.4+dfsg/frmts/pds/pdsdataset.cpp:299:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(GetKeyword( "IMAGE_MAP_PROJECTION.MAP_PROJECTION_TYPE")) == 0 &&
data/gdal-3.0.4+dfsg/frmts/pds/pdsdataset.cpp:300:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strlen(GetKeyword( "UNCOMPRESSED_FILE.IMAGE_MAP_PROJECTION.MAP_PROJECTION_TYPE")) != 0 )
data/gdal-3.0.4+dfsg/frmts/pds/pdsdataset.cpp:315:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(value) > 0 ) {
data/gdal-3.0.4+dfsg/frmts/pds/pdsdataset.cpp:368:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(value) > 0) {
data/gdal-3.0.4+dfsg/frmts/pds/pdsdataset.cpp:378:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(value) > 0 ) {
data/gdal-3.0.4+dfsg/frmts/pds/pdsdataset.cpp:987:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( STARTS_WITH_CI(pszMissing, "16#") && strlen(pszMissing) >= 3 + 8 + 1 &&
data/gdal-3.0.4+dfsg/frmts/pds/pdsdataset.cpp:1299:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(poDS->GetKeyword( "IMAGE.LINE_SAMPLES")) == 0 &&
data/gdal-3.0.4+dfsg/frmts/pds/pdsdataset.cpp:1300:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strlen(poDS->GetKeyword( "FILE.IMAGE.LINE_SAMPLES")) != 0 )
data/gdal-3.0.4+dfsg/frmts/pds/pdsdataset.cpp:1434:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pszWrk[strlen(pszWrk)-1] = '\0';
data/gdal-3.0.4+dfsg/frmts/pds/vicardataset.cpp:307:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(value) > 0 ) {
data/gdal-3.0.4+dfsg/frmts/pds/vicardataset.cpp:329:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(value) > 0) {
data/gdal-3.0.4+dfsg/frmts/pds/vicardataset.cpp:338:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(value) > 0 ) {
data/gdal-3.0.4+dfsg/frmts/pds/vicarkeywordhandler.cpp:95:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy( keyval, pch1, std::min(static_cast<size_t>(pch2 - pch1),
data/gdal-3.0.4+dfsg/frmts/pds/vicarkeywordhandler.cpp:192:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy( keyval, pch1, std::min(static_cast<size_t>(pch2 - pch1),
data/gdal-3.0.4+dfsg/frmts/plmosaic/plmosaicdataset.cpp:587:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            poOpenInfo->pszFilename+strlen("PLMosaic:"), ",", TRUE, FALSE );
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngconf.h:1659:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#  define png_strlen  strlen
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngrio.c:105:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      png_size_t read, remaining, err;
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngrio.c:112:48:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
         if ( !ReadFile((HANDLE)(io_ptr), buf, read, &err, NULL) )
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngrio.c:115:42:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
         err = fread(buf, (png_size_t)1, read, io_ptr);
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngrio.c:117:32:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
         png_memcpy(data, buf, read); /* copy far buffer to near buffer */
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngrio.c:118:21:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
         if (err != read)
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngrio.c:122:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
         data += read;
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngrio.c:123:23:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
         remaining -= read;
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngwutil.c:1516:16:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      wc_len = wcslen(wc_buf);
data/gdal-3.0.4+dfsg/frmts/png/libpng/pngwutil.c:1521:16:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      wc_len = wcslen(wc_buf);
data/gdal-3.0.4+dfsg/frmts/postgisraster/postgisrasterdataset.cpp:883:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pszFilteredRes[strlen(pszFilteredRes)-1] = '\0';
data/gdal-3.0.4+dfsg/frmts/postgisraster/postgisrasterdataset.cpp:1610:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszFilteredRes[strlen(pszFilteredRes)-1] = '\0';
data/gdal-3.0.4+dfsg/frmts/postgisraster/postgisrasterdataset.cpp:1712:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pszFilteredRes[strlen(pszFilteredRes)-1] = '\0';
data/gdal-3.0.4+dfsg/frmts/postgisraster/postgisrasterdataset.cpp:2145:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pszFilteredRes[strlen(pszFilteredRes)-1] = '\0';
data/gdal-3.0.4+dfsg/frmts/postgisraster/postgisrasterdataset.cpp:2890:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszTmp = ReplaceQuotes(*ppszWhere, static_cast<int>(strlen(*ppszWhere)));
data/gdal-3.0.4+dfsg/frmts/postgisraster/postgisrastertools.cpp:49:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nLength = static_cast<int>(strlen(pszInput));
data/gdal-3.0.4+dfsg/frmts/postgisraster/postgisrastertools.cpp:73:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nLength = static_cast<int>(strlen(pszInput));
data/gdal-3.0.4+dfsg/frmts/r/rcreatecopy.cpp:69:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        VSIFWriteL(szOutput, 1, strlen(szOutput), fp);
data/gdal-3.0.4+dfsg/frmts/r/rcreatecopy.cpp:86:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    RWriteInteger(fp, bASCII, static_cast<int>(strlen(pszValue)));
data/gdal-3.0.4+dfsg/frmts/r/rcreatecopy.cpp:90:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        VSIFWriteL(pszValue, 1, strlen(pszValue), fp);
data/gdal-3.0.4+dfsg/frmts/r/rcreatecopy.cpp:95:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        VSIFWriteL(pszValue, 1, static_cast<int>(strlen(pszValue)), fp);
data/gdal-3.0.4+dfsg/frmts/r/rcreatecopy.cpp:145:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        VSIFWriteL(pszHeader, 1, strlen(pszHeader), fp);
data/gdal-3.0.4+dfsg/frmts/r/rcreatecopy.cpp:150:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        VSIFWriteL(pszHeader, 1, strlen(pszHeader), fp);
data/gdal-3.0.4+dfsg/frmts/r/rcreatecopy.cpp:192:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    VSIFWriteL(szValue, 1, strlen(szValue), fp);
data/gdal-3.0.4+dfsg/frmts/rasdaman/rasdamandataset.cpp:424:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(result, string + cMatch.rm_so, cMatch.rm_eo - cMatch.rm_so);
data/gdal-3.0.4+dfsg/frmts/rasdaman/rasdamandataset.cpp:435:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(result, string + cMatch.rm_so, cMatch.rm_eo - cMatch.rm_so);
data/gdal-3.0.4+dfsg/frmts/rasdaman/rasdamandataset.cpp:443:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if(strlen(from) == 0)
data/gdal-3.0.4+dfsg/frmts/rasdaman/rasdamandataset.cpp:447:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    str.replace(start_pos, strlen(from), to);
data/gdal-3.0.4+dfsg/frmts/rasdaman/rasdamandataset.cpp:448:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    start_pos += strlen(to); // In case 'to' contains 'from', like replacing 'x' with 'yx'
data/gdal-3.0.4+dfsg/frmts/rasdaman/rasdamandataset.cpp:622:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (size_t(matches[0].rm_eo) < strlen(connString)) {
data/gdal-3.0.4+dfsg/frmts/rasterlite/rasterlitecreatecopy.cpp:119:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (pszWKT != nullptr && strlen(pszWKT) != 0)
data/gdal-3.0.4+dfsg/frmts/raw/ace2dataset.cpp:245:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(pszBasename) < 7)
data/gdal-3.0.4+dfsg/frmts/raw/ace2dataset.cpp:254:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(pszLatLonValueString, &pszBasename[0], 2);
data/gdal-3.0.4+dfsg/frmts/raw/ace2dataset.cpp:258:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(pszLatLonValueString, &pszBasename[3], 3);
data/gdal-3.0.4+dfsg/frmts/raw/btdataset.cpp:609:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy( szVersion, reinterpret_cast<char *>(poDS->abyHeader + 7), 3 );
data/gdal-3.0.4+dfsg/frmts/raw/cpgdataset.cpp:246:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    else if (strlen(pszPolarization) == 2)
data/gdal-3.0.4+dfsg/frmts/raw/cpgdataset.cpp:258:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy( subptr, pszPolarization, 2);
data/gdal-3.0.4+dfsg/frmts/raw/cpgdataset.cpp:283:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const int nNameLen = static_cast<int>(strlen(pszFilename));
data/gdal-3.0.4+dfsg/frmts/raw/cpgdataset.cpp:289:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (( strlen(pszFilename) < 5) ||
data/gdal-3.0.4+dfsg/frmts/raw/cpgdataset.cpp:313:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const int nNameLen = static_cast<int>(strlen( pszFilename ));
data/gdal-3.0.4+dfsg/frmts/raw/cpgdataset.cpp:315:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (( strlen(pszFilename) < 9) ||
data/gdal-3.0.4+dfsg/frmts/raw/cpgdataset.cpp:331:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const int nNameLen = static_cast<int>(strlen( pszFilename ));
data/gdal-3.0.4+dfsg/frmts/raw/cpgdataset.cpp:337:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (( strlen(pszFilename) < 9) ||
data/gdal-3.0.4+dfsg/frmts/raw/cpgdataset.cpp:619:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const int nNameLen = static_cast<int>(strlen(pszWorkname));
data/gdal-3.0.4+dfsg/frmts/raw/cpgdataset.cpp:1102:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      int nNameLen = static_cast<int>(strlen(poOpenInfo->pszFilename));
data/gdal-3.0.4+dfsg/frmts/raw/ctable2dataset.cpp:380:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy( achHeader + 16,
data/gdal-3.0.4+dfsg/frmts/raw/doq1dataset.cpp:66:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy( szWork, reinterpret_cast<const char *>( pabyData ), nBytes );
data/gdal-3.0.4+dfsg/frmts/raw/doq1dataset.cpp:88:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    memcpy( szWork, pszDescBegin, strlen(pszDescBegin) );
data/gdal-3.0.4+dfsg/frmts/raw/doq1dataset.cpp:89:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    memcpy( szWork + strlen(pszDescBegin),
data/gdal-3.0.4+dfsg/frmts/raw/ehdrdataset.cpp:353:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             !EQUALN(papszNV[iLine], pszField, strlen(pszField));
data/gdal-3.0.4+dfsg/frmts/raw/ehdrdataset.cpp:362:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(pszResult, papszTokens[1], nResultLen-1);
data/gdal-3.0.4+dfsg/frmts/raw/ehdrdataset.cpp:364:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(pszResult, pszDefaultValue, nResultLen-1);
data/gdal-3.0.4+dfsg/frmts/raw/ehdrdataset.cpp:448:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( EQUALN(pszKey,papszHDR[i],strlen(pszKey)) &&
data/gdal-3.0.4+dfsg/frmts/raw/ehdrdataset.cpp:449:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            isspace(static_cast<unsigned char>(papszHDR[i][strlen(pszKey)])) )
data/gdal-3.0.4+dfsg/frmts/raw/ehdrdataset.cpp:451:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            const char *pszValue = papszHDR[i] + strlen(pszKey);
data/gdal-3.0.4+dfsg/frmts/raw/ehdrdataset.cpp:472:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(pszValue) > 65 )
data/gdal-3.0.4+dfsg/frmts/raw/ehdrdataset.cpp:474:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        CPLAssert(strlen(pszValue) <= 65);
data/gdal-3.0.4+dfsg/frmts/raw/ehdrdataset.cpp:483:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( EQUALN(papszHDR[i], szNewLine, strlen(pszKey) + 1) )
data/gdal-3.0.4+dfsg/frmts/raw/ehdrdataset.cpp:530:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        strlen(oLine), 1, fp ) != 1 )
data/gdal-3.0.4+dfsg/frmts/raw/ehdrdataset.cpp:555:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        strlen(oLine), 1, fp ) != 1 )
data/gdal-3.0.4+dfsg/frmts/raw/ehdrdataset.cpp:590:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (pszProjection && strlen(pszProjection) > 0)
data/gdal-3.0.4+dfsg/frmts/raw/ehdrdataset.cpp:607:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(pszSRS) == 0 )
data/gdal-3.0.4+dfsg/frmts/raw/ehdrdataset.cpp:622:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t nCount = VSIFWriteL(pszESRI_SRS, strlen(pszESRI_SRS), 1, fp);
data/gdal-3.0.4+dfsg/frmts/raw/ehdrdataset.cpp:724:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t nCount = VSIFWriteL(papszHDR[i], strlen(papszHDR[i]), 1, fp);
data/gdal-3.0.4+dfsg/frmts/raw/ehdrdataset.cpp:1052:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( nLineCount > 50 || strlen(pszLine) > 1000 )
data/gdal-3.0.4+dfsg/frmts/raw/ehdrdataset.cpp:1557:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    const char *c = pszLine + strlen("PRODUCTION_DATE");
data/gdal-3.0.4+dfsg/frmts/raw/eirdataset.cpp:134:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( EQUALN(pszKey,papszHDR[i],strlen(pszKey))
data/gdal-3.0.4+dfsg/frmts/raw/eirdataset.cpp:135:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            && isspace((unsigned char)papszHDR[i][strlen(pszKey)]) )
data/gdal-3.0.4+dfsg/frmts/raw/eirdataset.cpp:137:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            const char *pszValue = papszHDR[i] + strlen(pszKey);
data/gdal-3.0.4+dfsg/frmts/raw/eirdataset.cpp:159:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(pszValue) > 65 )
data/gdal-3.0.4+dfsg/frmts/raw/eirdataset.cpp:161:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        CPLAssert( strlen(pszValue) <= 65 );
data/gdal-3.0.4+dfsg/frmts/raw/eirdataset.cpp:170:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( EQUALN(papszHDR[i],szNewLine,strlen(pszKey)+1 ) )
data/gdal-3.0.4+dfsg/frmts/raw/eirdataset.cpp:308:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(pszLine) > 1000 )
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:651:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszProjection == nullptr || strlen(pszProjection) == 0  ||
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:652:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        (strlen(pszProjection) >= osLocalCs.size() &&
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:962:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if ( strlen(pszProjESRI) )
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:1392:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pszUnits = papszFields[i] + strlen("units=");
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:1397:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                CPLAtof(papszFields[i] + strlen("rotation=")) *
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:1684:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        CPLsnprintf(sVal + strlen(sVal), sizeof(sVal) - strlen(sVal), "%.16g ",
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:1684:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        CPLsnprintf(sVal + strlen(sVal), sizeof(sVal) - strlen(sVal), "%.16g ",
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:1690:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        CPLsnprintf(sVal + strlen(sVal), sizeof(sVal) - strlen(sVal), "%.16g ",
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:1690:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        CPLsnprintf(sVal + strlen(sVal), sizeof(sVal) - strlen(sVal), "%.16g ",
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:1696:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        CPLsnprintf(sVal + strlen(sVal), sizeof(sVal) - strlen(sVal), "%.16g ",
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:1696:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        CPLsnprintf(sVal + strlen(sVal), sizeof(sVal) - strlen(sVal), "%.16g ",
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:1702:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        CPLsnprintf(sVal + strlen(sVal), sizeof(sVal) - strlen(sVal), "%.16g ",
data/gdal-3.0.4+dfsg/frmts/raw/envidataset.cpp:1702:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        CPLsnprintf(sVal + strlen(sVal), sizeof(sVal) - strlen(sVal), "%.16g ",
data/gdal-3.0.4+dfsg/frmts/raw/fastdataset.cpp:374:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char chLastLetterHeader = pszFilename[strlen(pszFilename)-1];
data/gdal-3.0.4+dfsg/frmts/raw/fastdataset.cpp:385:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pszChannelFilename[strlen(pszChannelFilename)-1] = chLastLetterData;
data/gdal-3.0.4+dfsg/frmts/raw/fastdataset.cpp:396:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pszChannelFilename[strlen(pszChannelFilename)-1] = chLastLetterData;
data/gdal-3.0.4+dfsg/frmts/raw/fastdataset.cpp:404:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                pszChannelFilename[strlen(pszChannelFilename)-1] =
data/gdal-3.0.4+dfsg/frmts/raw/fastdataset.cpp:444:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    pszChannelFilename[strlen(pszChannelFilename)-1] =
data/gdal-3.0.4+dfsg/frmts/raw/fastdataset.cpp:452:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        pszChannelFilename[strlen(pszChannelFilename)-1] =
data/gdal-3.0.4+dfsg/frmts/raw/fastdataset.cpp:490:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                pszChannelFilename[strlen(pszChannelFilename)-1]
data/gdal-3.0.4+dfsg/frmts/raw/fastdataset.cpp:528:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszTemp += strlen( pszName );
data/gdal-3.0.4+dfsg/frmts/raw/fastdataset.cpp:775:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                pszTemp += strlen(FILENAME);
data/gdal-3.0.4+dfsg/frmts/raw/fastdataset.cpp:976:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszTemp += strlen( USGS_PARAMETERS );
data/gdal-3.0.4+dfsg/frmts/raw/fastdataset.cpp:1002:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             strlen(pszTemp) >= strlen( CORNER_UPPER_LEFT ) +
data/gdal-3.0.4+dfsg/frmts/raw/fastdataset.cpp:1002:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             strlen(pszTemp) >= strlen( CORNER_UPPER_LEFT ) +
data/gdal-3.0.4+dfsg/frmts/raw/fastdataset.cpp:1005:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pszTemp += strlen( CORNER_UPPER_LEFT ) + 28;
data/gdal-3.0.4+dfsg/frmts/raw/fastdataset.cpp:1013:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             strlen(pszTemp) >= strlen( CORNER_UPPER_RIGHT ) +
data/gdal-3.0.4+dfsg/frmts/raw/fastdataset.cpp:1013:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             strlen(pszTemp) >= strlen( CORNER_UPPER_RIGHT ) +
data/gdal-3.0.4+dfsg/frmts/raw/fastdataset.cpp:1016:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pszTemp += strlen( CORNER_UPPER_RIGHT ) + 28;
data/gdal-3.0.4+dfsg/frmts/raw/fastdataset.cpp:1024:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             strlen(pszTemp) >= strlen( CORNER_LOWER_LEFT ) +
data/gdal-3.0.4+dfsg/frmts/raw/fastdataset.cpp:1024:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             strlen(pszTemp) >= strlen( CORNER_LOWER_LEFT ) +
data/gdal-3.0.4+dfsg/frmts/raw/fastdataset.cpp:1027:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pszTemp += strlen( CORNER_LOWER_LEFT ) + 28;
data/gdal-3.0.4+dfsg/frmts/raw/fastdataset.cpp:1035:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             strlen(pszTemp) >= strlen( CORNER_LOWER_RIGHT ) +
data/gdal-3.0.4+dfsg/frmts/raw/fastdataset.cpp:1035:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             strlen(pszTemp) >= strlen( CORNER_LOWER_RIGHT ) +
data/gdal-3.0.4+dfsg/frmts/raw/fastdataset.cpp:1038:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pszTemp += strlen( CORNER_LOWER_RIGHT ) + 28;
data/gdal-3.0.4+dfsg/frmts/raw/fujibasdataset.cpp:131:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            memmove( pszSep + 1, pszSep + 3, strlen(pszSep+3)+1 );
data/gdal-3.0.4+dfsg/frmts/raw/genbindataset.cpp:388:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (pszProjection && strlen(pszProjection) > 0)
data/gdal-3.0.4+dfsg/frmts/raw/hkvdataset.cpp:1478:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t nOvrFilenameLen = strlen( pszFilename ) + 5;
data/gdal-3.0.4+dfsg/frmts/raw/hkvdataset.cpp:1568:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(CPLGetPath(pszFilenameIn)) == 0 )
data/gdal-3.0.4+dfsg/frmts/raw/idadataset.cpp:817:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy( poDS->szTitle,
data/gdal-3.0.4+dfsg/frmts/raw/idadataset.cpp:822:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int nLastTitleChar = static_cast<int>(strlen(poDS->szTitle))-1;
data/gdal-3.0.4+dfsg/frmts/raw/lcpdataset.cpp:453:15:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
              strcpy(pszList, "");
data/gdal-3.0.4+dfsg/frmts/raw/lcpdataset.cpp:461:25:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
                        strcat(pszList, ",");
data/gdal-3.0.4+dfsg/frmts/raw/lcpdataset.cpp:1639:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            strlen(pszESRIProjection), fp ) );
data/gdal-3.0.4+dfsg/frmts/raw/mffdataset.cpp:850:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( strlen(pszExtension) >= 2
data/gdal-3.0.4+dfsg/frmts/raw/mffdataset.cpp:1138:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        = static_cast<char *>( CPLMalloc( strlen( pszFilenameIn ) + 5 ) );
data/gdal-3.0.4+dfsg/frmts/raw/mffdataset.cpp:1141:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for( int i = static_cast<int>(strlen(pszBaseFilename))-1; i > 0; i-- )
data/gdal-3.0.4+dfsg/frmts/raw/mffdataset.cpp:1362:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        CPLMalloc( strlen(pszFilename)+5) );
data/gdal-3.0.4+dfsg/frmts/raw/mffdataset.cpp:1365:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for( int i = static_cast<int>(strlen(pszBaseFilename))-1; i > 0; i-- )
data/gdal-3.0.4+dfsg/frmts/raw/ndfdataset.cpp:214:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( pszFixed[strlen(pszFixed)-1] == ';' )
data/gdal-3.0.4+dfsg/frmts/raw/ndfdataset.cpp:215:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pszFixed[strlen(pszFixed)-1] = '\0';
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:249:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    std::min(nMinLen, strlen(pszValue)) );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:256:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    std::min(nMinLen, strlen(pszValue)) );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:263:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    std::min(nMinLen, strlen(pszValue)) );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:270:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    std::min(nMinLen, strlen(pszValue)) );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:301:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    std::min(nMinLen, strlen(pszValue)) );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:308:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    std::min(nMinLen, strlen(pszValue)) );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:315:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    std::min(nMinLen, strlen(pszValue)) );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:322:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    std::min(nMinLen, strlen(pszValue)) );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:847:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                std::min(nMinLen, strlen(pszValue)) );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:851:66:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memcpy( achHeader +  4*16+8, pszValue, std::min(nMinLen, strlen(pszValue)) );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:855:66:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memcpy( achHeader +  5*16+8, pszValue, std::min(nMinLen, strlen(pszValue)) );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:859:66:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memcpy( achHeader +  6*16+8, pszValue, std::min(nMinLen, strlen(pszValue)) );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:926:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            std::min(nMinLen, strlen(pszValue)) );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:932:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            std::min(nMinLen, strlen(pszValue)) );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:938:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            std::min(nMinLen, strlen(pszValue)) );
data/gdal-3.0.4+dfsg/frmts/raw/ntv2dataset.cpp:944:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            std::min(nMinLen, strlen(pszValue)) );
data/gdal-3.0.4+dfsg/frmts/raw/pauxdataset.cpp:832:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            static_cast<int>(strlen(papszTokens[1])) );
data/gdal-3.0.4+dfsg/frmts/raw/pauxdataset.cpp:942:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        CPLMalloc( strlen( pszFilename ) + 5 ) );
data/gdal-3.0.4+dfsg/frmts/raw/pauxdataset.cpp:945:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for( int i = static_cast<int>(strlen(pszAuxFilename))-1; i > 0; i-- )
data/gdal-3.0.4+dfsg/frmts/raw/pauxdataset.cpp:973:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int iStart = static_cast<int>(strlen(pszFilename))-1;
data/gdal-3.0.4+dfsg/frmts/raw/pnmdataset.cpp:384:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    bool bOK = VSIFWriteL( szHeader, strlen(szHeader) + 2, 1, fp ) == 1;
data/gdal-3.0.4+dfsg/frmts/raw/snodasdataset.cpp:313:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                     strlen(papszTokens[1] + 1) + 1);
data/gdal-3.0.4+dfsg/frmts/rda/rdadataset.cpp:1122:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        CacheFile( osCachedFilename, pszRes, strlen(pszRes) );
data/gdal-3.0.4+dfsg/frmts/rik/rikdataset.cpp:782:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( nameLength == 0 || nameLength != strlen(name) )
data/gdal-3.0.4+dfsg/frmts/rs2/rs2dataset.cpp:616:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(poOpenInfo->pszFilename) < 11
data/gdal-3.0.4+dfsg/frmts/rs2/rs2dataset.cpp:617:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        || !EQUAL(poOpenInfo->pszFilename + strlen(poOpenInfo->pszFilename)-11,
data/gdal-3.0.4+dfsg/frmts/safe/safedataset.cpp:516:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      osMDFilename = poOpenInfo->pszFilename + strlen("SENTINEL1_DS:");
data/gdal-3.0.4+dfsg/frmts/saga/sagadataset.cpp:362:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (pszProjection && strlen(pszProjection) > 0)
data/gdal-3.0.4+dfsg/frmts/saga/sagadataset.cpp:381:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(pszSRS) == 0 )
data/gdal-3.0.4+dfsg/frmts/saga/sagadataset.cpp:400:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        VSIFWriteL( pszESRI_SRS, 1, strlen(pszESRI_SRS), l_fp );
data/gdal-3.0.4+dfsg/frmts/saga/sagadataset.cpp:494:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( nLineCount > 50 || strlen(pszLine) > 1000 )
data/gdal-3.0.4+dfsg/frmts/saga/sagadataset.cpp:520:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy( szDataFormat, papszTokens[1], sizeof(szDataFormat)-1 );
data/gdal-3.0.4+dfsg/frmts/saga/sagadataset.cpp:522:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy( szByteOrderBig, papszTokens[1], sizeof(szByteOrderBig)-1 );
data/gdal-3.0.4+dfsg/frmts/saga/sagadataset.cpp:524:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy( szTopToBottom, papszTokens[1], sizeof(szTopToBottom)-1 );
data/gdal-3.0.4+dfsg/frmts/sdts/sdts2shp.cpp:113:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for( i = strlen(pszShapefile)-1; i >= 0; i-- )
data/gdal-3.0.4+dfsg/frmts/sdts/sdts2shp.cpp:698:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    nWidth = strlen(poSFDefn->ExtractStringData(pachData,
data/gdal-3.0.4+dfsg/frmts/sdts/sdtscatd.cpp:122:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int i = static_cast<int>(strlen(pszPrefixPath)) - 1;
data/gdal-3.0.4+dfsg/frmts/sdts/sdtscatd.cpp:134:9:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
        strcpy( pszPrefixPath, "." );
data/gdal-3.0.4+dfsg/frmts/sdts/sdtslib.cpp:74:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( pabyData == nullptr || strlen(pabyData) < 5 )
data/gdal-3.0.4+dfsg/frmts/sdts/sdtslib.cpp:118:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(pachData) < 5 )
data/gdal-3.0.4+dfsg/frmts/sdts/sdtslib.cpp:222:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    if( pszModName == nullptr || strlen(pszModName) < 4 )
data/gdal-3.0.4+dfsg/frmts/sdts/sdtslib.cpp:226:21:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                    strncpy( szName, pszModName, 4 );
data/gdal-3.0.4+dfsg/frmts/sdts/sdtsrasterreader.cpp:336:9:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
        strcpy( szLabel, "" );
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:49:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define STARTS_WITH_CI(a,b) EQUALN(a,b,strlen(b))
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:504:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strncmp(osFilename, "/vsizip/", strlen("/vsizip/")) != 0 )
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:523:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strncmp(osFilename, "/vsizip/", strlen("/vsizip/")) != 0 )
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:542:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strncmp(osFilename, "/vsizip/", strlen("/vsizip/")) != 0 )
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:659:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                sizeof(szBuffer) - strlen("</Tile_Geocoding></n1:Geometric_Info></n1:Level-1C_Tile_ID>") - 1 )
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:670:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                sizeof(szBuffer) - strlen("</Tile_Geocoding></n1:Geometric_Info></n1:Level-2A_Tile_ID>") - 1 )
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:720:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int nEPSGCode = atoi(pszCSCode + strlen("EPSG:"));
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:913:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    size_t nLen = strlen(pszTileName);
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:930:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            else if ( nLen > strlen("S2A_USER_MSI_") &&
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:954:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                osGranuleMTD.size() > strlen("S2A_OPER_MSI_") &&
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:1655:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(*papszIter) >= strlen("S2A_XXXX_MTD") &&
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:1655:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(*papszIter) >= strlen("S2A_XXXX_MTD") &&
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:1658:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             EQUALN(*papszIter + strlen("S2A_XXXX"), "_MTD", 4) )
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:1904:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    osFilename = poOpenInfo->pszFilename + strlen("SENTINEL2_L1B:");
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:2287:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( pszImageFile == nullptr || strlen(pszImageFile) < 3 )
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:2378:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if( pszImageFile == nullptr || strlen(pszImageFile) < 3 )
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:2894:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            while( strlen(oBox.GetType()) > 0 )
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:2902:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    while( strlen(oChildBox.GetType()) > 0 )
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:2992:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    osFilename = poOpenInfo->pszFilename + strlen(pszPrefix) + 1;
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:3016:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const int nSubDSEPSGCode = atoi(pszEPSGCode + 1 + strlen("EPSG_"));
data/gdal-3.0.4+dfsg/frmts/sentinel2/sentinel2dataset.cpp:3705:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    osFilename = poOpenInfo->pszFilename + strlen("SENTINEL2_L1C_TILE:");
data/gdal-3.0.4+dfsg/frmts/sigdem/sigdemdataset.cpp:266:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                strlen(pszESRIProjection), fpProj));
data/gdal-3.0.4+dfsg/frmts/srtmhgt/srtmhgtdataset.cpp:266:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if( strlen(fileName) < 11 || fileName[7] != '.' )
data/gdal-3.0.4+dfsg/frmts/srtmhgt/srtmhgtdataset.cpp:368:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(latLonValueString, &fileName[1], 2);
data/gdal-3.0.4+dfsg/frmts/srtmhgt/srtmhgtdataset.cpp:372:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(latLonValueString, &fileName[4], 3);
data/gdal-3.0.4+dfsg/frmts/terragen/terragendataset.cpp:815:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy(m_szUnits, "m");
data/gdal-3.0.4+dfsg/frmts/til/tildataset.cpp:313:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszFilename[strlen(pszFilename)-1] == '"' )
data/gdal-3.0.4+dfsg/frmts/til/tildataset.cpp:314:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const_cast<char *>( pszFilename )[strlen(pszFilename)-1] = '\0';
data/gdal-3.0.4+dfsg/frmts/til/tildataset.cpp:396:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( pszFilename[strlen(pszFilename)-1] == '"' )
data/gdal-3.0.4+dfsg/frmts/til/tildataset.cpp:397:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            const_cast<char *>( pszFilename )[strlen(pszFilename)-1] = '\0';
data/gdal-3.0.4+dfsg/frmts/tiledb/tiledbdataset.cpp:505:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            os.write( pszTree, strlen(pszTree));
data/gdal-3.0.4+dfsg/frmts/tiledb/tiledbdataset.cpp:625:24:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                    is.read( ( char* ) osMetaDoc.data(), nBytes );
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:141:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(pszSrc) < nMaxChars )
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:143:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memcpy( pszTarget, pszSrc, strlen(pszSrc) );
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:144:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memset( pszTarget + strlen(pszSrc), ' ', nMaxChars - strlen(pszSrc));
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:144:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memset( pszTarget + strlen(pszSrc), ' ', nMaxChars - strlen(pszSrc));
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:162:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(pszSrc) < nMaxChars )
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:164:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memset( pszTarget, ' ', nMaxChars - strlen(pszSrc) );
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:165:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memcpy( pszTarget + nMaxChars - strlen(pszSrc), pszSrc,
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:166:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                strlen(pszSrc) );
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:658:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen( psWInfo->horizdatum ) == 0) {
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:896:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy( pszTile, papszTokens[0], 7 );
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:898:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                strncpy( pszName, papszTokens[1], 100 );
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:954:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                strncpy( pszName, papszTokens[1], 100 );
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:989:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy( szTrimmedTile, pszNTS, 6 );
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:1001:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        && (strlen(pszTOPLEFT) == 6 || strlen(pszTOPLEFT) == 7) )
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:1001:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        && (strlen(pszTOPLEFT) == 6 || strlen(pszTOPLEFT) == 7) )
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:1005:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy( szTrimmedTile, pszTOPLEFT, 6 );
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:1040:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    else if( strlen(psWInfo->pszFilename) == 12
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:1046:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy( szTrimmedTile, psWInfo->pszFilename, 6 );
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:1056:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    else if( strlen(psWInfo->pszFilename) == 14
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:1062:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy( szTrimmedTile, psWInfo->pszFilename, 6 );
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:1149:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            || strlen(pszBasename) != 10 )
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:1173:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant character.
    strncpy( psWInfo->horizdatum, "4", 2 );  //USGS DEM code for NAD83
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:1328:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    CPLPrintPointer( szDataPointer+strlen(szDataPointer),
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:1330:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                     static_cast<int>(sizeof(szDataPointer) - strlen(szDataPointer)) );
data/gdal-3.0.4+dfsg/frmts/usgsdem/usgsdem_create.cpp:1431:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant character.
    strncpy( sWInfo.horizdatum, "", 1 );
data/gdal-3.0.4+dfsg/frmts/vrt/vrtdataset.cpp:167:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(obj.GetDescription()) == 0
data/gdal-3.0.4+dfsg/frmts/vrt/vrtdataset.cpp:202:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            VSIFWriteL( pszXML, 1, strlen(pszXML), fpVRT )
data/gdal-3.0.4+dfsg/frmts/vrt/vrtdataset.cpp:203:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            == strlen(pszXML);
data/gdal-3.0.4+dfsg/frmts/vrt/vrtdataset.cpp:474:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(CPLGetXMLValue(psTree, "GeoTransform", "")) > 0 )
data/gdal-3.0.4+dfsg/frmts/vrt/vrtdataset.cpp:961:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pszImageOffset, static_cast<int>(strlen(pszImageOffset)) );
data/gdal-3.0.4+dfsg/frmts/vrt/vrtderivedrasterband.cpp:189:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                PyString_FromStringAndSize(pszDataType, strlen(pszDataType)));
data/gdal-3.0.4+dfsg/frmts/vrt/vrtderivedrasterband.cpp:392:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                osVersion = osFilename.substr(strlen("python"));
data/gdal-3.0.4+dfsg/frmts/vrt/vrtderivedrasterband.cpp:1219:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                size_t nIterModuleLen = strlen(pszIterModule);
data/gdal-3.0.4+dfsg/frmts/vrt/vrtderivedrasterband.cpp:1941:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                PyString_FromStringAndSize(pszValue, strlen(pszValue)));
data/gdal-3.0.4+dfsg/frmts/vrt/vrtderivedrasterband.cpp:2131:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszFuncName != nullptr && strlen(pszFuncName) > 0 )
data/gdal-3.0.4+dfsg/frmts/vrt/vrtdriver.cpp:160:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        static_cast<int>(strlen(pszParserFunc)) );
data/gdal-3.0.4+dfsg/frmts/vrt/vrtdriver.cpp:212:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( 0 != strlen( pszFilename ) )
data/gdal-3.0.4+dfsg/frmts/vrt/vrtdriver.cpp:223:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            bool bRet = VSIFWriteL( pszXML, strlen(pszXML), 1, fpVRT ) > 0;
data/gdal-3.0.4+dfsg/frmts/vrt/vrtfilters.cpp:665:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy( pszKernelCoefs, "" );
data/gdal-3.0.4+dfsg/frmts/vrt/vrtfilters.cpp:667:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        CPLsnprintf( pszKernelCoefs + strlen(pszKernelCoefs),
data/gdal-3.0.4+dfsg/frmts/vrt/vrtfilters.cpp:668:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                     nBufLen - strlen(pszKernelCoefs),
data/gdal-3.0.4+dfsg/frmts/vrt/vrtrasterband.cpp:158:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(poSrcBand->GetDescription()) > 0 )
data/gdal-3.0.4+dfsg/frmts/vrt/vrtrasterband.cpp:620:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(GetDescription()) > 0 )
data/gdal-3.0.4+dfsg/frmts/vrt/vrtrawrasterband.cpp:368:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszImageOffset, static_cast<int>(strlen(pszImageOffset)) );
data/gdal-3.0.4+dfsg/frmts/vrt/vrtrawrasterband.cpp:490:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( m_bRelativeToVRT && strlen(poDS->GetDescription()) > 0 )
data/gdal-3.0.4+dfsg/frmts/vrt/vrtsources.cpp:379:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            pszSyntax[osPrefix.size() + strlen("{FILENAME}")],
data/gdal-3.0.4+dfsg/frmts/vrt/vrtsources.cpp:568:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        pszSyntax[osPrefix.size() + strlen("{FILENAME}")],
data/gdal-3.0.4+dfsg/frmts/vrt/vrtwarped.cpp:922:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strlen(GDAL_GTI2_SIGNATURE) );
data/gdal-3.0.4+dfsg/frmts/vrt/vrtwarped.cpp:1467:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                snprintf( pszOverviewList + strlen(pszOverviewList),
data/gdal-3.0.4+dfsg/frmts/vrt/vrtwarped.cpp:1468:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                          nLen - strlen(pszOverviewList),
data/gdal-3.0.4+dfsg/frmts/wcs/gmlcoverage.cpp:198:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        && (*ppszProjection == nullptr || strlen(*ppszProjection) == 0) )
data/gdal-3.0.4+dfsg/frmts/wcs/wcsdataset.cpp:599:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszPrj && strlen(pszPrj) > 0 )
data/gdal-3.0.4+dfsg/frmts/wcs/wcsdataset.cpp:1589:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszPrj && strlen(pszPrj) > 0 )
data/gdal-3.0.4+dfsg/frmts/wcs/wcsdataset.cpp:1592:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ( pszProjection && strlen(pszProjection) > 0 )
data/gdal-3.0.4+dfsg/frmts/wcs/wcsdataset100.cpp:268:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        && (pszProjection == nullptr || strlen(pszProjection) == 0) )
data/gdal-3.0.4+dfsg/frmts/wcs/wcsdataset100.cpp:332:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszProjection && strlen(pszProjection) > 0 && osCRS == "" )
data/gdal-3.0.4+dfsg/frmts/wcs/wcsrasterband.cpp:186:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        && ((strlen(poODS->osBandIdentifier) && poTileDS->GetRasterCount() != 1)
data/gdal-3.0.4+dfsg/frmts/wcs/wcsrasterband.cpp:187:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            || (!strlen(poODS->osBandIdentifier)
data/gdal-3.0.4+dfsg/frmts/wcs/wcsrasterband.cpp:191:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(poODS->osBandIdentifier) && poTileDS->GetRasterCount() != 1)
data/gdal-3.0.4+dfsg/frmts/wcs/wcsrasterband.cpp:218:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( iBand+1 == GetBand() || (band_count == 1 && strlen(poODS->osBandIdentifier)) )
data/gdal-3.0.4+dfsg/frmts/wcs/wcsutils.cpp:673:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        CPLString code = word.substr(strlen(epsg[i]), std::string::npos);
data/gdal-3.0.4+dfsg/frmts/wcs/wcsutils.cpp:691:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        word.erase(pos, strlen(spec[i]));
data/gdal-3.0.4+dfsg/frmts/wms/minidriver_tiled_wms.cpp:356:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(psconfig) != 0) { // Probably XML encoded because it is XML itself
data/gdal-3.0.4+dfsg/frmts/wms/minidriver_tiled_wms.cpp:634:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                int len = static_cast<int>(strlen(server_xml));
data/gdal-3.0.4+dfsg/frmts/wms/wmsdriver.cpp:327:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(pszURL) > 10 &&
data/gdal-3.0.4+dfsg/frmts/wms/wmsdriver.cpp:329:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strcmp(pszURL + strlen(pszURL) - strlen("1.0.0/"), "1.0.0/") == 0)
data/gdal-3.0.4+dfsg/frmts/wms/wmsdriver.cpp:329:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strcmp(pszURL + strlen(pszURL) - strlen("1.0.0/"), "1.0.0/") == 0)
data/gdal-3.0.4+dfsg/frmts/wms/wmsdriver.cpp:331:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            osURL.resize(strlen(pszURL) - strlen("1.0.0/"));
data/gdal-3.0.4+dfsg/frmts/wms/wmsdriver.cpp:331:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            osURL.resize(strlen(pszURL) - strlen("1.0.0/"));
data/gdal-3.0.4+dfsg/frmts/wms/wmsdriver.cpp:399:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if (bCanChangeURL && strlen(pszHref) > 10 &&
data/gdal-3.0.4+dfsg/frmts/wms/wmsdriver.cpp:400:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    strcmp(pszHref + strlen(pszHref) - strlen("/0"), "/0") == 0)
data/gdal-3.0.4+dfsg/frmts/wms/wmsdriver.cpp:400:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    strcmp(pszHref + strlen(pszHref) - strlen("/0"), "/0") == 0)
data/gdal-3.0.4+dfsg/frmts/wms/wmsdriver.cpp:403:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    osURL.resize(strlen(pszHref) - strlen("/0"));
data/gdal-3.0.4+dfsg/frmts/wms/wmsdriver.cpp:403:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    osURL.resize(strlen(pszHref) - strlen("/0"));
data/gdal-3.0.4+dfsg/frmts/wms/wmsdriver.cpp:882:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            sscanf(pszMaxSize + strlen("Max-size:"), "%d %d", &nXSize, &nYSize) == 2 &&
data/gdal-3.0.4+dfsg/frmts/wms/wmsdriver.cpp:885:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            int nResolutions = atoi(pszResolutionNumber + strlen("Resolution-number:"));
data/gdal-3.0.4+dfsg/frmts/wms/wmsdriver.cpp:1019:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    VSIFWriteL(pszXML, 1, strlen(pszXML), fp);
data/gdal-3.0.4+dfsg/frmts/wms/wmsmetadataset.cpp:751:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    osHref += pszDup100 + strlen("1.0.0/");
data/gdal-3.0.4+dfsg/frmts/wms/wmsutils.cpp:113:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    base->replace(start, strlen(search), tmp);
data/gdal-3.0.4+dfsg/frmts/wmts/wmtsdataset.cpp:614:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                          pszCRS + strlen("urn:ogc:def:crs:EPSG:6.18:3:"));
data/gdal-3.0.4+dfsg/frmts/wmts/wmtsdataset.cpp:852:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    osRet += osStr.substr(nPos + strlen(pszOld));
data/gdal-3.0.4+dfsg/frmts/wmts/wmtsdataset.cpp:2213:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    VSIFWriteL(pszXML, 1, strlen(pszXML), fp);
data/gdal-3.0.4+dfsg/frmts/xpm/xpmdataset.cpp:282:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    while( nActiveColors > static_cast<int>( strlen(pszColorCodes) ) )
data/gdal-3.0.4+dfsg/frmts/xpm/xpmdataset.cpp:515:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy( pszLine, pszNext, i );
data/gdal-3.0.4+dfsg/frmts/xyz/xyzdataset.cpp:538:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(poOpenInfo->pszFilename) > 6 &&
data/gdal-3.0.4+dfsg/frmts/xyz/xyzdataset.cpp:539:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        EQUAL(poOpenInfo->pszFilename + strlen(poOpenInfo->pszFilename) - 6, "xyz.gz") &&
data/gdal-3.0.4+dfsg/frmts/xyz/xyzdataset.cpp:717:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(poOpenInfo->pszFilename) > 6 &&
data/gdal-3.0.4+dfsg/frmts/xyz/xyzdataset.cpp:718:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        EQUAL(poOpenInfo->pszFilename + strlen(poOpenInfo->pszFilename) - 6, "xyz.gz") &&
data/gdal-3.0.4+dfsg/frmts/zlib/gzio.c:127:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    s->path = (char*)ALLOC(strlen(path)+1);
data/gdal-3.0.4+dfsg/frmts/zlib/gzio.c:625:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(buf);
data/gdal-3.0.4+dfsg/frmts/zlib/gzio.c:662:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(buf);
data/gdal-3.0.4+dfsg/frmts/zlib/gzio.c:697:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return gzwrite(file, (char*)s, (unsigned)strlen(s));
data/gdal-3.0.4+dfsg/frmts/zlib/gzio.c:1006:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    s->msg = (char*)ALLOC(strlen(s->path) + strlen(m) + 3);
data/gdal-3.0.4+dfsg/frmts/zlib/gzio.c:1006:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    s->msg = (char*)ALLOC(strlen(s->path) + strlen(m) + 3);
data/gdal-3.0.4+dfsg/frmts/zmap/zmapdataset.cpp:143:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( static_cast<int>( strlen(pszLine) )
data/gdal-3.0.4+dfsg/frmts/zmap/zmapdataset.cpp:487:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int nLen = (int)strlen(pszValue);
data/gdal-3.0.4+dfsg/frmts/zmap/zmapdataset.cpp:513:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( static_cast<int>( strlen(pszValue) ) > nWidth)
data/gdal-3.0.4+dfsg/fuzzers/gdal_translate_fuzzer.cpp:105:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            papszArgv[i+1][strlen(papszArgv[i+1])-1] == '%');
data/gdal-3.0.4+dfsg/fuzzers/gdal_translate_fuzzer.cpp:108:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            papszArgv[i+2][strlen(papszArgv[i+2])-1] == '%');
data/gdal-3.0.4+dfsg/fuzzers/gdal_translate_fuzzer.cpp:119:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                atoi(papszArgv[i+1]+strlen("BLOCKSIZE=")));
data/gdal-3.0.4+dfsg/fuzzers/gdal_translate_fuzzer.cpp:121:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                atoi(papszArgv[i+1]+strlen("BLOCKSIZE=")));
data/gdal-3.0.4+dfsg/fuzzers/gdal_translate_fuzzer.cpp:126:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                atoi(papszArgv[i+1]+strlen("BLOCKXSIZE=")));
data/gdal-3.0.4+dfsg/fuzzers/gdal_translate_fuzzer.cpp:131:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                atoi(papszArgv[i+1]+strlen("BLOCKYSIZE=")));
data/gdal-3.0.4+dfsg/fuzzers/tests/test_gdal_fuzzer.cpp:35:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                           strlen(szVRT));
data/gdal-3.0.4+dfsg/fuzzers/tests/test_ogr_fuzzer.cpp:35:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                           strlen(szGEOJSON));
data/gdal-3.0.4+dfsg/fuzzers/tests/test_osr_set_from_user_input_fuzzer.cpp:35:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                           strlen(szPROJ4));
data/gdal-3.0.4+dfsg/fuzzers/tests/test_wkb_import_fuzzer.cpp:35:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                           strlen(szJUNK));
data/gdal-3.0.4+dfsg/fuzzers/tests/test_wkt_import_fuzzer.cpp:35:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                           strlen(szJUNK));
data/gdal-3.0.4+dfsg/gcore/gdal_misc.cpp:1337:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        osTarget.resize(osTarget.size() - strlen(papszSiblingFiles[iSibling]));
data/gdal-3.0.4+dfsg/gcore/gdal_misc.cpp:1787:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            osTabFilename.resize(strlen(pszBaseFilename) -
data/gdal-3.0.4+dfsg/gcore/gdal_misc.cpp:1788:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                 strlen(CPLGetFilename(pszBaseFilename)));
data/gdal-3.0.4+dfsg/gcore/gdal_misc.cpp:2039:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            osTFWFilename.resize(strlen(pszBaseFilename) -
data/gdal-3.0.4+dfsg/gcore/gdal_misc.cpp:2040:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                 strlen(CPLGetFilename(pszBaseFilename)));
data/gdal-3.0.4+dfsg/gcore/gdal_misc.cpp:3027:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if( pszLine[0] == '#' || strlen(pszLine) == 0 )
data/gdal-3.0.4+dfsg/gcore/gdal_misc.cpp:3464:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(pszBasename) == 0 )
data/gdal-3.0.4+dfsg/gcore/gdal_misc.cpp:3778:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( psGCP->pszInfo != nullptr && strlen(psGCP->pszInfo) > 0 )
data/gdal-3.0.4+dfsg/gcore/gdal_misc.cpp:4049:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strncmp(pszFilename, "/vsisubfile/", strlen("/vsisubfile/")) == 0 )
data/gdal-3.0.4+dfsg/gcore/gdalclientserver.cpp:1306:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return GDALPipeWrite(p, static_cast<int>(strlen(pszStr)) + 1, pszStr);
data/gdal-3.0.4+dfsg/gcore/gdalclientserver.cpp:2323:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    if( strlen(poOtherBand->GetDescription()) > 0 )
data/gdal-3.0.4+dfsg/gcore/gdalclientserver.cpp:5983:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszFilename += strlen("API_PROXY:");
data/gdal-3.0.4+dfsg/gcore/gdaldataset.cpp:3297:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            memmove(pszOption, pszOption + 1, strlen(pszOption + 1) + 1);
data/gdal-3.0.4+dfsg/gcore/gdaldataset.cpp:3395:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( strlen(poDS->GetDescription()) == 0 )
data/gdal-3.0.4+dfsg/gcore/gdaldataset.cpp:3993:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(fmt) + strlen(pszDSName) + 3 >= sizeof(szNewFmt) - 1)
data/gdal-3.0.4+dfsg/gcore/gdaldataset.cpp:3993:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(fmt) + strlen(pszDSName) + 3 >= sizeof(szNewFmt) - 1)
data/gdal-3.0.4+dfsg/gcore/gdaldataset.cpp:3996:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strlen(fmt) + strlen(pszDSName) + 3 < sizeof(szNewFmt) - 1)
data/gdal-3.0.4+dfsg/gcore/gdaldataset.cpp:3996:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strlen(fmt) + strlen(pszDSName) + 3 < sizeof(szNewFmt) - 1)
data/gdal-3.0.4+dfsg/gcore/gdaldataset.cpp:5290:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(CPLGetLastErrorMsg()) == 0 )
data/gdal-3.0.4+dfsg/gcore/gdaldataset.cpp:6212:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if( strlen(CPLGetLastErrorMsg()) == 0 )
data/gdal-3.0.4+dfsg/gcore/gdaldriver.cpp:223:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    || strlen(poDstDS->GetDescription()) == 0 )
data/gdal-3.0.4+dfsg/gcore/gdaldriver.cpp:283:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            || strlen(poDS->GetDescription()) == 0 )
data/gdal-3.0.4+dfsg/gcore/gdaldriver.cpp:590:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        && strlen(poSrcDS->GetProjectionRef()) > 0 )
data/gdal-3.0.4+dfsg/gcore/gdaldriver.cpp:651:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(poSrcBand->GetDescription()) > 0 )
data/gdal-3.0.4+dfsg/gcore/gdaldriver.cpp:834:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    || strlen(poDstDS->GetDescription()) == 0 )
data/gdal-3.0.4+dfsg/gcore/gdaldriver.cpp:942:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                || strlen(poDstDS->GetDescription()) == 0 )
data/gdal-3.0.4+dfsg/gcore/gdaldriver.cpp:1653:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            memmove(pszKey, pszKey + 1, strlen(pszKey+1)+1);
data/gdal-3.0.4+dfsg/gcore/gdaldriver.cpp:1663:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if (strlen(pszOptionName) > 0 &&
data/gdal-3.0.4+dfsg/gcore/gdaldriver.cpp:1664:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    pszOptionName[strlen(pszOptionName) - 1] == '*' &&
data/gdal-3.0.4+dfsg/gcore/gdaldriver.cpp:1665:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    EQUALN(pszOptionName, pszKey, strlen(pszOptionName) - 1))
data/gdal-3.0.4+dfsg/gcore/gdaldriver.cpp:1672:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    strlen(pszKey) > strlen(pszOptionName) &&
data/gdal-3.0.4+dfsg/gcore/gdaldriver.cpp:1672:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    strlen(pszKey) > strlen(pszOptionName) &&
data/gdal-3.0.4+dfsg/gcore/gdaldriver.cpp:1673:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    EQUAL( pszKey + strlen(pszKey) - strlen(pszOptionName + 1), pszOptionName + 1 ) )
data/gdal-3.0.4+dfsg/gcore/gdaldriver.cpp:1673:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    EQUAL( pszKey + strlen(pszKey) - strlen(pszOptionName + 1), pszOptionName + 1 ) )
data/gdal-3.0.4+dfsg/gcore/gdaldriver.cpp:1904:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    if (static_cast<int>(strlen(pszValue)) > atoi(pszMaxSize))
data/gdal-3.0.4+dfsg/gcore/gdaldriver.cpp:1908:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                             pszValue, static_cast<int>(strlen(pszValue)), pszKey,
data/gdal-3.0.4+dfsg/gcore/gdaldrivermanager.cpp:817:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        CPLGetBasename(papszFiles[iFile]) + strlen("gdal_") );
data/gdal-3.0.4+dfsg/gcore/gdaldrivermanager.cpp:823:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                         CPLGetBasename(papszFiles[iFile]) + strlen("ogr_") );
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:267:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strlen(szTemp) + pszDataEnd - pszData >= MAXSTRINGLENGTH)
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:270:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      pszDataEnd += strlen(pszDataEnd);
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:279:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strlen(szTemp) + pszDataEnd - pszData >= MAXSTRINGLENGTH)
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:282:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      pszDataEnd += strlen(pszDataEnd);
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:297:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strlen(szTemp) + pszDataEnd - pszData >= MAXSTRINGLENGTH)
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:300:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      pszDataEnd += strlen(pszDataEnd);
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:310:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strlen(szTemp) + pszDataEnd - pszData >= MAXSTRINGLENGTH)
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:313:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      pszDataEnd += strlen(pszDataEnd);
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:323:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strlen(szTemp) + pszDataEnd - pszData >= MAXSTRINGLENGTH)
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:326:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      pszDataEnd += strlen(pszDataEnd);
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:336:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strlen(szTemp) + pszDataEnd - pszData >= MAXSTRINGLENGTH)
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:339:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      pszDataEnd += strlen(pszDataEnd);
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:357:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strlen(szTemp) + pszDataEnd - pszData >= MAXSTRINGLENGTH)
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:360:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      pszDataEnd += strlen(pszDataEnd);
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:376:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strlen(szTemp) + pszDataEnd - pszData >= MAXSTRINGLENGTH)
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:379:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      pszDataEnd += strlen(pszDataEnd);
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:389:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strlen(szTemp) + pszDataEnd - pszData >= MAXSTRINGLENGTH)
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:392:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      pszDataEnd += strlen(pszDataEnd);
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:402:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strlen(szTemp) + pszDataEnd - pszData >= MAXSTRINGLENGTH)
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:405:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      pszDataEnd += strlen(pszDataEnd);
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:809:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    GByte* pabyData = reinterpret_cast<GByte*>(CPLMalloc(strlen(pszVal)+1));
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:862:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    memcpy(pabyData, pszVal, strlen(pszVal) + 1);
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:863:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    *pnLength = static_cast<GUInt32>(strlen(pszVal));
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:1003:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                (*papszIter)[strlen(tagdescArray[i].name)] == '=' )
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:1050:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    strlen(pszValue) + 1 == tagdescArray[i].length )
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:1053:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    tag.nLength = 1 + static_cast<int>(strlen(pszValue));
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:1055:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                else if( strlen(pszValue) >= tagdescArray[i].length )
data/gdal-3.0.4+dfsg/gcore/gdalexif.cpp:1071:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    memcpy(tag.pabyVal, pszValue, strlen(pszValue));
data/gdal-3.0.4+dfsg/gcore/gdalgeorefpamdataset.cpp:231:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( pszPAMGCPProjection != nullptr && strlen(pszPAMGCPProjection) > 0 )
data/gdal-3.0.4+dfsg/gcore/gdalgeorefpamdataset.cpp:283:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( pszPAMProjection != nullptr && strlen(pszPAMProjection) > 0 )
data/gdal-3.0.4+dfsg/gcore/gdaljp2abstractdataset.cpp:107:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        (nInternalIdx + strlen("INTERNAL") == osGeorefSources.size() ||
data/gdal-3.0.4+dfsg/gcore/gdaljp2abstractdataset.cpp:108:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
         osGeorefSources[nInternalIdx+strlen("INTERNAL")] == ',') )
data/gdal-3.0.4+dfsg/gcore/gdaljp2abstractdataset.cpp:110:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        osGeorefSources.replace( nInternalIdx, strlen("INTERNAL"),
data/gdal-3.0.4+dfsg/gcore/gdaljp2abstractdataset.cpp:155:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(pszProjection) > 0 )
data/gdal-3.0.4+dfsg/gcore/gdaljp2abstractdataset.cpp:416:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    psChild->psChild->pszValue + strlen("gmljp2://xml/");
data/gdal-3.0.4+dfsg/gcore/gdaljp2abstractdataset.cpp:493:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                    papszIter[1] + strlen("gmljp2://xml/");
data/gdal-3.0.4+dfsg/gcore/gdaljp2abstractdataset.cpp:507:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                            strlen(papszBoxData[0]),
data/gdal-3.0.4+dfsg/gcore/gdaljp2box.cpp:324:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             strlen(oSubBox.GetType()) > 0;
data/gdal-3.0.4+dfsg/gcore/gdaljp2box.cpp:360:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    CPLAssert( strlen(pszType) == 4 );
data/gdal-3.0.4+dfsg/gcore/gdaljp2box.cpp:517:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    poBox->SetWritableData( static_cast<int>(strlen(pszLabel)+1),
data/gdal-3.0.4+dfsg/gcore/gdaljp2box.cpp:533:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    oLabel.SetWritableData( static_cast<int>(strlen(pszLabel)+1),
data/gdal-3.0.4+dfsg/gcore/gdaljp2box.cpp:538:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    oXML.SetWritableData( static_cast<int>(strlen(pszXML)+1),
data/gdal-3.0.4+dfsg/gcore/gdaljp2metadata.cpp:219:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        || (pszProjection != nullptr && strlen(pszProjection) > 0)
data/gdal-3.0.4+dfsg/gcore/gdaljp2metadata.cpp:238:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    while( strlen(oChildBox.GetType()) > 0 )
data/gdal-3.0.4+dfsg/gcore/gdaljp2metadata.cpp:250:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            while( strlen(oSubChildBox.GetType()) > 0 )
data/gdal-3.0.4+dfsg/gcore/gdaljp2metadata.cpp:349:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    while( strlen(oBox.GetType()) > 0 )
data/gdal-3.0.4+dfsg/gcore/gdaljp2metadata.cpp:498:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 strlen(oSubBox.GetType()) > 0;
data/gdal-3.0.4+dfsg/gcore/gdaljp2metadata.cpp:616:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( apszProjection[i] != nullptr && strlen(apszProjection[i]) != 0 )
data/gdal-3.0.4+dfsg/gcore/gdaljp2metadata.cpp:1040:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        && (pszProjection == nullptr || strlen(pszProjection) == 0) )
data/gdal-3.0.4+dfsg/gcore/gdaljp2metadata.cpp:2305:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    strlen("gmljp2://xml/");
data/gdal-3.0.4+dfsg/gcore/gdaljp2metadata.cpp:3186:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    poBox->SetWritableData(static_cast<int>(strlen(pszXML) + 1),
data/gdal-3.0.4+dfsg/gcore/gdaljp2metadata.cpp:3216:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                poBox->SetWritableData(static_cast<int>(strlen(*papszSrcMD) + 1),
data/gdal-3.0.4+dfsg/gcore/gdaljp2metadata.cpp:3239:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                          static_cast<int>(strlen(*papszSrcMD) + 1),
data/gdal-3.0.4+dfsg/gcore/gdaljp2metadata.cpp:3257:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        poBox->SetWritableData(static_cast<int>(strlen(*papszSrcMD) + 1),
data/gdal-3.0.4+dfsg/gcore/gdaljp2metadatagenerator.cpp:153:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszStr += strlen("{{{");
data/gdal-3.0.4+dfsg/gcore/gdaljp2metadatagenerator.cpp:165:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszStr += strlen("}}}");
data/gdal-3.0.4+dfsg/gcore/gdaljp2metadatagenerator.cpp:170:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszStr += strlen("XPATH");
data/gdal-3.0.4+dfsg/gcore/gdaljp2metadatagenerator.cpp:342:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        error->int1 < static_cast<int>(strlen(error->str1)) )
data/gdal-3.0.4+dfsg/gcore/gdaljp2structure.cpp:1429:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        while( strlen(oBox.GetType()) > 0 )
data/gdal-3.0.4+dfsg/gcore/gdaljp2structure.cpp:1534:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            static_cast<int>(strlen(pszBoxData)) + 2 >= nBoxDataLength  )
data/gdal-3.0.4+dfsg/gcore/gdalmultidomainmetadata.cpp:286:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen( papszDomainList[iDomain] ) > 0 )
data/gdal-3.0.4+dfsg/gcore/gdalopeninfo.cpp:194:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(pszFilenameIn) == 2 && pszFilenameIn[1] == ':' )
data/gdal-3.0.4+dfsg/gcore/gdalopeninfo.cpp:199:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat( szAltPath, "\\" );
data/gdal-3.0.4+dfsg/gcore/gdalopeninfo.cpp:229:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            || pszFilename[strlen(pszFilename)-1] == '}'
data/gdal-3.0.4+dfsg/gcore/gdalpamdataset.cpp:403:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(CPLGetXMLValue(psTree, "GeoTransform", "")) > 0 )
data/gdal-3.0.4+dfsg/gcore/gdalpamdataset.cpp:616:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(pszPhysicalFile) == 0 && GetDescription() != nullptr )
data/gdal-3.0.4+dfsg/gcore/gdalpamdataset.cpp:619:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(pszPhysicalFile) == 0 )
data/gdal-3.0.4+dfsg/gcore/gdalpamdataset.cpp:632:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        psPam->pszPamFilename = static_cast<char*>(CPLMalloc(strlen(pszPhysicalFile)+10));
data/gdal-3.0.4+dfsg/gcore/gdalpamdataset.cpp:655:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(pszPhysicalFile) == 0 && GetDescription() != nullptr )
data/gdal-3.0.4+dfsg/gcore/gdalpamdataset.cpp:658:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t nLenPhysicalFile = strlen(pszPhysicalFile);
data/gdal-3.0.4+dfsg/gcore/gdalpamdataset.cpp:1373:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(GetPhysicalFilename()) > 0 )
data/gdal-3.0.4+dfsg/gcore/gdalpamdataset.cpp:1420:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(pszPhysicalFile) == 0 && GetDescription() != nullptr )
data/gdal-3.0.4+dfsg/gcore/gdalpamdataset.cpp:1423:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(pszPhysicalFile) == 0 )
data/gdal-3.0.4+dfsg/gcore/gdalpamdataset.cpp:1456:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(poAuxDS->GetProjectionRef()) > 0 )
data/gdal-3.0.4+dfsg/gcore/gdalpamdataset.cpp:1517:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(poAuxBand->GetDescription()) > 0 )
data/gdal-3.0.4+dfsg/gcore/gdalpamproxydb.cpp:259:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    strlen(aosOriginalFiles[i].c_str())+1, 1, fpDB );
data/gdal-3.0.4+dfsg/gcore/gdalpamproxydb.cpp:263:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                    strlen(pszProxyFile)+1, 1, fpDB );
data/gdal-3.0.4+dfsg/gcore/gdalpamproxydb.cpp:389:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int i = static_cast<int>(strlen(pszOriginal)) - 1;
data/gdal-3.0.4+dfsg/gcore/gdalpamrasterband.cpp:108:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(GetDescription()) > 0 )
data/gdal-3.0.4+dfsg/gcore/gdalpamrasterband.cpp:553:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(poSrcBand->GetDescription()) > 0 )
data/gdal-3.0.4+dfsg/gcore/gdalpamrasterband.cpp:555:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( !bOnlyIfMissing || strlen(GetDescription()) == 0 )
data/gdal-3.0.4+dfsg/gcore/gdalpamrasterband.cpp:618:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(poSrcBand->GetUnitType()) > 0 )
data/gdal-3.0.4+dfsg/gcore/gdalpamrasterband.cpp:1044:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(pszHistCounts) < 2 * static_cast<size_t>(*pnBuckets) - 1 )
data/gdal-3.0.4+dfsg/gcore/gdalpamrasterband.cpp:1158:13:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
            strcat( pszHistCounts + iHistOffset, "|" );
data/gdal-3.0.4+dfsg/gcore/gdalpamrasterband.cpp:1159:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        iHistOffset += strlen(pszHistCounts+iHistOffset);
data/gdal-3.0.4+dfsg/gcore/gdalrasterband.cpp:6558:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(fmt) + strlen(pszDSName) + 20 >= sizeof(szNewFmt) - 1 )
data/gdal-3.0.4+dfsg/gcore/gdalrasterband.cpp:6558:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(fmt) + strlen(pszDSName) + 20 >= sizeof(szNewFmt) - 1 )
data/gdal-3.0.4+dfsg/gcore/gdalrasterband.cpp:6561:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strlen(fmt) + strlen(pszDSName) + 20 < sizeof(szNewFmt) - 1 )
data/gdal-3.0.4+dfsg/gcore/gdalrasterband.cpp:6561:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strlen(fmt) + strlen(pszDSName) + 20 < sizeof(szNewFmt) - 1 )
data/gdal-3.0.4+dfsg/gcore/mdreader/reader_geo_eye.cpp:54:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t nBaseNameLen = strlen(pszBaseName);
data/gdal-3.0.4+dfsg/gcore/mdreader/reader_landsat.cpp:51:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t nBaseNameLen = strlen(pszBaseName);
data/gdal-3.0.4+dfsg/gcore/mdreader/reader_pleiades.cpp:58:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t nBaseNameLen = strlen(pszBaseName);
data/gdal-3.0.4+dfsg/gnm/gnm_frmts/db/gnmdbnetwork.cpp:356:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pszActiveSchema = CPLStrdup( pszActiveSchemaStart + strlen("active_schema=") );
data/gdal-3.0.4+dfsg/gnm/gnm_frmts/db/gnmdbnetwork.cpp:360:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                pszEnd = pszFilename + strlen(pszFilename);
data/gdal-3.0.4+dfsg/gnm/gnm_frmts/db/gnmdbnetwork.cpp:362:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pszActiveSchema[pszEnd - pszActiveSchemaStart - strlen("active_schema=")] = '\0';
data/gdal-3.0.4+dfsg/ogr/generate_encoding_table.c:143:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t  nSrcLen = strlen( szSrcBuf );
data/gdal-3.0.4+dfsg/ogr/generate_encoding_table.c:170:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            nUnicode = utf8decode(szDstBuf, szDstBuf + strlen(szDstBuf), &len);
data/gdal-3.0.4+dfsg/ogr/gml2ogrgeometry.cpp:288:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( strlen(pszDecimal) != 1 ||
data/gdal-3.0.4+dfsg/ogr/gml2ogrgeometry.cpp:303:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( strlen(pszCS) != 1 || (pszCS[0] >= '0' && pszCS[0] <= '9') )
data/gdal-3.0.4+dfsg/ogr/gml2ogrgeometry.cpp:316:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( strlen(pszTS) != 1 || (pszTS[0] >= '0' && pszTS[0] <= '9') )
data/gdal-3.0.4+dfsg/ogr/gml2ogrgeometry.cpp:3738:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszGML == nullptr || strlen(pszGML) == 0 )
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:112:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    _GrowBuffer( *pnLength + strlen(pszTextToAppend) + 1,
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:116:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    *pnLength += strlen( *ppszText + *pnLength );
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:130:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    *pnLength += strlen(*ppszText + *pnLength);
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:134:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    *pnLength += strlen(*ppszText + *pnLength);
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:144:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        _GrowBuffer( *pnLength + strlen(szCoordinate) + 1,
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:148:13:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
            strcat( *ppszText + *pnLength, " " );
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:151:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        *pnLength += strlen(*ppszText + *pnLength);
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:156:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    *pnLength += strlen(*ppszText + *pnLength);
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:188:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nAttrsLength += strlen(szAttributes + nAttrsLength);
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:197:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( nullptr != pszAuthName && strlen(pszAuthName) < 10 &&
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:198:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            nullptr != pszAuthCode && strlen(pszAuthCode) < 10 )
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:205:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            nAttrsLength += strlen(szAttributes + nAttrsLength);
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:223:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        _GrowBuffer( *pnLength + strlen(szCoordinate) + 60 + nAttrsLength,
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:231:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        *pnLength += strlen( *ppszText + *pnLength );
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:245:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        _GrowBuffer( *pnLength + strlen(szCoordinate) + 70 + nAttrsLength,
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:253:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        *pnLength += strlen( *ppszText + *pnLength );
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:479:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszY == nullptr || strlen(pszY) < 2)
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:520:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    *pnLength += strlen(*ppszText + *pnLength);
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:527:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    *pnLength += strlen(*ppszText + *pnLength);
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:545:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        _GrowBuffer( *pnLength + strlen(szCoordinate)+1,
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:549:13:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
            strcat( *ppszText + *pnLength, " " );
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:552:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        *pnLength += strlen(*ppszText + *pnLength);
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:557:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    *pnLength += strlen(*ppszText + *pnLength);
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:600:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nAttrsLength += strlen(szAttributes + nAttrsLength);
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:608:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( nullptr != pszAuthName && strlen(pszAuthName) < 10 &&
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:609:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            nullptr != pszAuthCode && strlen(pszAuthCode) < 10 )
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:635:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                nAttrsLength += strlen(szAttributes + nAttrsLength);
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:646:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nAttrsLength += strlen(szAttributes + nAttrsLength);
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:652:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nAttrsLength + 9 + strlen(pszGMLId) + 1 < sizeof(szAttributes) )
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:658:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nAttrsLength += strlen(szAttributes + nAttrsLength);
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:679:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        _GrowBuffer( *pnLength + strlen(szCoordinate) + 60 + nAttrsLength,
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:686:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        *pnLength += strlen( *ppszText + *pnLength );
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:705:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        _GrowBuffer( *pnLength + strlen(szCoordinate) + 70 + nAttrsLength,
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:712:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        *pnLength += strlen( *ppszText + *pnLength );
data/gdal-3.0.4+dfsg/ogr/ogr2gmlgeometry.cpp:875:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const size_t nPolyTagLength = 7 + strlen(pszElemName);
data/gdal-3.0.4+dfsg/ogr/ogr_srs_dict.cpp:130:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( EQUALN(pszLine, pszCode, strlen(pszCode))
data/gdal-3.0.4+dfsg/ogr/ogr_srs_dict.cpp:131:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            && pszLine[strlen(pszCode)] == ',' )
data/gdal-3.0.4+dfsg/ogr/ogr_srs_dict.cpp:133:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            osWKT = pszLine + strlen(pszCode)+1;
data/gdal-3.0.4+dfsg/ogr/ogr_srs_erm.cpp:232:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy( pszDatum, pszWKTDatum, BUFFER_SIZE );
data/gdal-3.0.4+dfsg/ogr/ogr_srs_erm.cpp:333:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy( pszProj, pszPROJCS, BUFFER_SIZE );
data/gdal-3.0.4+dfsg/ogr/ogr_srs_esri.cpp:274:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( strlen(papszNV[iLine]) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogr_srs_esri.cpp:278:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        while( papszNV[iLine] != nullptr && strlen(papszNV[iLine]) == 0 )
data/gdal-3.0.4+dfsg/ogr/ogr_srs_esri.cpp:330:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             !EQUALN(papszNV[iLine], pszField, strlen(pszField));
data/gdal-3.0.4+dfsg/ogr/ogr_srs_esri.cpp:336:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return CPLAtof( papszNV[iLine] + strlen(pszField) );
data/gdal-3.0.4+dfsg/ogr/ogr_srs_esri.cpp:353:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             !EQUALN(papszNV[iLine], pszField, strlen(pszField));
data/gdal-3.0.4+dfsg/ogr/ogr_srs_esri.cpp:419:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                CPLRealloc(pszWKT, strlen(pszWKT)+strlen(papszPrj[i]) + 1));
data/gdal-3.0.4+dfsg/ogr/ogr_srs_esri.cpp:419:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                CPLRealloc(pszWKT, strlen(pszWKT)+strlen(papszPrj[i]) + 1));
data/gdal-3.0.4+dfsg/ogr/ogr_srs_esri.cpp:700:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                              strlen("Parameters"));
data/gdal-3.0.4+dfsg/ogr/ogr_srs_esri.cpp:798:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                strncpy( code, pszLine, pComma - pszLine);
data/gdal-3.0.4+dfsg/ogr/ogr_srs_pci.cpp:241:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy( szEarthModel, "" );
data/gdal-3.0.4+dfsg/ogr/ogr_srs_pci.cpp:242:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const char *pszEM = pszProj + strlen(pszProj) - 1;
data/gdal-3.0.4+dfsg/ogr/ogr_srs_pci.cpp:464:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(pszProj) > 10 && pszProj[10] != ' ' )
data/gdal-3.0.4+dfsg/ogr/ogr_srs_pci.cpp:508:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(szEarthModel) > 0
data/gdal-3.0.4+dfsg/ogr/ogr_srs_pci.cpp:549:25:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                        strncpy( szEarthModel, papszLineItems[2],
data/gdal-3.0.4+dfsg/ogr/ogr_srs_pci.cpp:1074:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszDatum == nullptr || strlen(pszDatum) == 0 )
data/gdal-3.0.4+dfsg/ogr/ogr_srs_xml.cpp:148:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    CPLAssert( strlen(pszAuthority) + strlen(pszObjectType) <
data/gdal-3.0.4+dfsg/ogr/ogr_srs_xml.cpp:148:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    CPLAssert( strlen(pszAuthority) + strlen(pszObjectType) <
data/gdal-3.0.4+dfsg/ogr/ogr_srs_xml.cpp:155:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        snprintf( szURN + strlen(szURN), sizeof(szURN) - strlen(szURN),
data/gdal-3.0.4+dfsg/ogr/ogr_srs_xml.cpp:155:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        snprintf( szURN + strlen(szURN), sizeof(szURN) - strlen(szURN),
data/gdal-3.0.4+dfsg/ogr/ogr_srs_xml.cpp:209:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    CPLAssert( strlen(pszAuthority) + strlen(pszObjectType) <
data/gdal-3.0.4+dfsg/ogr/ogr_srs_xml.cpp:209:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    CPLAssert( strlen(pszAuthority) + strlen(pszObjectType) <
data/gdal-3.0.4+dfsg/ogr/ogr_srs_xml.cpp:860:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(pszCode) == 0 )
data/gdal-3.0.4+dfsg/ogr/ogr_srs_xml.cpp:1016:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    CPLXMLNode *psTargetNode = pszPath == nullptr || strlen(pszPath) == 0
data/gdal-3.0.4+dfsg/ogr/ogr_srsnode.cpp:489:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t nLength = strlen(pszValue) + 4;
data/gdal-3.0.4+dfsg/ogr/ogr_srsnode.cpp:494:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nLength += strlen(papszChildrenWkt[i]) + 1;
data/gdal-3.0.4+dfsg/ogr/ogr_srsnode.cpp:510:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat( *ppszResult, "\"" );
data/gdal-3.0.4+dfsg/ogr/ogr_srsnode.cpp:512:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat( *ppszResult, "\"" );
data/gdal-3.0.4+dfsg/ogr/ogr_srsnode.cpp:521:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat( *ppszResult, "[" );
data/gdal-3.0.4+dfsg/ogr/ogr_srsnode.cpp:527:13:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
            strcat( *ppszResult, "]" );
data/gdal-3.0.4+dfsg/ogr/ogr_srsnode.cpp:529:13:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
            strcat( *ppszResult, "," );
data/gdal-3.0.4+dfsg/ogr/ogr_srsnode.cpp:563:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t nLength = strlen(pszValue) + 4;
data/gdal-3.0.4+dfsg/ogr/ogr_srsnode.cpp:569:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nLength += strlen(papszChildrenWkt[i]) + 2 + nDepth*4;
data/gdal-3.0.4+dfsg/ogr/ogr_srsnode.cpp:585:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat( *ppszResult, "\"" );
data/gdal-3.0.4+dfsg/ogr/ogr_srsnode.cpp:587:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat( *ppszResult, "\"" );
data/gdal-3.0.4+dfsg/ogr/ogr_srsnode.cpp:598:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat( *ppszResult, "[" );
data/gdal-3.0.4+dfsg/ogr/ogr_srsnode.cpp:604:13:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
            strcat( *ppszResult, "\n" );
data/gdal-3.0.4+dfsg/ogr/ogr_srsnode.cpp:606:17:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
                strcat( *ppszResult, " " );
data/gdal-3.0.4+dfsg/ogr/ogr_srsnode.cpp:610:13:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
            strcat( *ppszResult, "," );
data/gdal-3.0.4+dfsg/ogr/ogr_srsnode.cpp:615:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( (*ppszResult)[strlen(*ppszResult)-1] == ',' )
data/gdal-3.0.4+dfsg/ogr/ogr_srsnode.cpp:616:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            (*ppszResult)[strlen(*ppszResult)-1] = '\0';
data/gdal-3.0.4+dfsg/ogr/ogr_srsnode.cpp:618:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat( *ppszResult, "]" );
data/gdal-3.0.4+dfsg/ogr/ogrct.cpp:793:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                pszSrcProj4Defn[strlen(pszSrcProj4Defn)-1] == ' ' )
data/gdal-3.0.4+dfsg/ogr/ogrct.cpp:794:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                pszSrcProj4Defn[strlen(pszSrcProj4Defn)-1] = 0;
data/gdal-3.0.4+dfsg/ogr/ogrct.cpp:796:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                pszDstProj4Defn[strlen(pszDstProj4Defn)-1] == ' ' )
data/gdal-3.0.4+dfsg/ogr/ogrct.cpp:797:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                pszDstProj4Defn[strlen(pszDstProj4Defn)-1] = 0;
data/gdal-3.0.4+dfsg/ogr/ogrct.cpp:800:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                memmove(pszNeedle, pszNeedle + 1, strlen(pszNeedle + 1)+1);
data/gdal-3.0.4+dfsg/ogr/ogrct.cpp:803:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                memmove(pszNeedle, pszNeedle + 1, strlen(pszNeedle + 1)+1);
data/gdal-3.0.4+dfsg/ogr/ogrct.cpp:814:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    char* pszSrc = pszDst + strlen("+towgs84=0,0,0,0,0,0,0 ");
data/gdal-3.0.4+dfsg/ogr/ogrct.cpp:815:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    memmove(pszDst, pszSrc, strlen(pszSrc)+1);
data/gdal-3.0.4+dfsg/ogr/ogrct.cpp:823:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                char* pszSrc = pszDst + strlen("+nadgrids=@null ");
data/gdal-3.0.4+dfsg/ogr/ogrct.cpp:824:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                memmove(pszDst, pszSrc, strlen(pszSrc)+1);
data/gdal-3.0.4+dfsg/ogr/ogrct.cpp:829:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    pszSrc = pszDst + strlen("+wktext ");
data/gdal-3.0.4+dfsg/ogr/ogrct.cpp:830:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    memmove(pszDst, pszSrc, strlen(pszSrc)+1);
data/gdal-3.0.4+dfsg/ogr/ogrcurvecollection.cpp:330:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nCumulativeLength += strlen(papszGeoms[iGeom]);
data/gdal-3.0.4+dfsg/ogr/ogrcurvecollection.cpp:338:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                           strlen(poGeom->getGeometryName()) + 10));
data/gdal-3.0.4+dfsg/ogr/ogrcurvecollection.cpp:357:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nCumulativeLength = strlen(*ppszDstText);
data/gdal-3.0.4+dfsg/ogr/ogrcurvecollection.cpp:369:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            nSkip = strlen("LINESTRING ");
data/gdal-3.0.4+dfsg/ogr/ogrcurvecollection.cpp:378:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const size_t nGeomLength = strlen(papszGeoms[iGeom] + nSkip);
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:2246:13:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
            strcat( szTempBuffer, "-" );
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:2251:13:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
            strcat( szTempBuffer, "+" );
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:2255:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            snprintf( szTempBuffer+strlen(szTempBuffer),
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:2256:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                      TEMP_BUFFER_SIZE-strlen(szTempBuffer), "%02d", nHours );
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:2258:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            snprintf( szTempBuffer+strlen(szTempBuffer),
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:2259:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                      TEMP_BUFFER_SIZE-strlen(szTempBuffer),
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:2475:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( strlen(szTempBuffer) + strlen(szItem) + 6
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:2475:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( strlen(szTempBuffer) + strlen(szItem) + 6
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:2482:17:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
                strcat( szTempBuffer, "," );
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:2490:13:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
            strcat( szTempBuffer, ")" );
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:2508:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( strlen(szTempBuffer) + strlen(szItem) + 6
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:2508:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( strlen(szTempBuffer) + strlen(szItem) + 6
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:2515:17:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
                strcat( szTempBuffer, "," );
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:2523:13:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
            strcat( szTempBuffer, ")" );
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:2550:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( strlen(szTempBuffer) + strlen(szItem) + 6
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:2550:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( strlen(szTempBuffer) + strlen(szItem) + 6
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:2557:17:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
                strcat( szTempBuffer, "," );
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:2565:13:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
            strcat( szTempBuffer, ")" );
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:2582:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( strlen(szTempBuffer) + strlen(pszItem) + 6
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:2582:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( strlen(szTempBuffer) + strlen(pszItem) + 6
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:2589:17:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
                strcat( szTempBuffer, "," );
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:2597:13:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
            strcat( szTempBuffer, ")" );
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:3035:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        *pnBytes = static_cast<int>(strlen(pauFields[iField].String));
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:3941:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( pszValue[0] == '[' && pszValue[strlen(pszValue)-1] == ']' &&
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:4059:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                pszValue[strlen(pszValue)-1] == ')' )
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:4077:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                     pszValue[strlen(pszValue)-1] == ']' &&
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:5345:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    if( strlen(poFDefn->GetNameRef()) > 0 &&
data/gdal-3.0.4+dfsg/ogr/ogrfeature.cpp:6496:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                     pszDefault[strlen(pszDefault)-1] == '\'' )
data/gdal-3.0.4+dfsg/ogr/ogrfeaturestyle.cpp:678:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(pszString) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrfeaturestyle.cpp:1591:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszWanted == nullptr || strlen(pszWanted) == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrfeaturestyle.cpp:1604:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( pszFound[strlen(pszRealWanted)] == '-' )
data/gdal-3.0.4+dfsg/ogr/ogrfeaturestyle.cpp:1605:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            nValue =atoi(&pszFound[strlen(pszRealWanted)+1]);
data/gdal-3.0.4+dfsg/ogr/ogrfielddefn.cpp:438:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszDefaultIn[strlen(pszDefaultIn)-1] == '\'' )
data/gdal-3.0.4+dfsg/ogr/ogrfielddefn.cpp:573:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszDefault[0] == '\'' && pszDefault[strlen(pszDefault)-1] == '\'' )
data/gdal-3.0.4+dfsg/ogr/ogrgeometry.cpp:1623:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const size_t nTokenLen = strlen(szToken);
data/gdal-3.0.4+dfsg/ogr/ogrgeometry.cpp:2295:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        char ch = pszGeomType[strlen(pszGeomType)-1];
data/gdal-3.0.4+dfsg/ogr/ogrgeometry.cpp:2299:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( strlen(pszGeomType) > 1 )
data/gdal-3.0.4+dfsg/ogr/ogrgeometry.cpp:2300:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                ch = pszGeomType[strlen(pszGeomType)-2];
data/gdal-3.0.4+dfsg/ogr/ogrgeometry.cpp:6796:70:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            sfcgal_geometry_t *_geometry = sfcgal_io_read_wkt(buffer,strlen(buffer));
data/gdal-3.0.4+dfsg/ogr/ogrgeometry.cpp:6810:70:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            sfcgal_geometry_t *_geometry = sfcgal_io_read_wkt(buffer,strlen(buffer));
data/gdal-3.0.4+dfsg/ogr/ogrgeometry.cpp:6823:70:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            sfcgal_geometry_t *_geometry = sfcgal_io_read_wkt(buffer,strlen(buffer));
data/gdal-3.0.4+dfsg/ogr/ogrgeometry.cpp:6832:66:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        sfcgal_geometry_t *_geometry = sfcgal_io_read_wkt(buffer,strlen(buffer));
data/gdal-3.0.4+dfsg/ogr/ogrgeometrycollection.cpp:838:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            EQUALN(papszGeoms[iGeom], pszSkipPrefix, strlen(pszSkipPrefix)) &&
data/gdal-3.0.4+dfsg/ogr/ogrgeometrycollection.cpp:839:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            papszGeoms[iGeom][strlen(pszSkipPrefix)] == ' ' )
data/gdal-3.0.4+dfsg/ogr/ogrgeometrycollection.cpp:841:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            nSkip = strlen(pszSkipPrefix) + 1;
data/gdal-3.0.4+dfsg/ogr/ogrgeometrycollection.cpp:866:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        substr + strlen(" Z"),
data/gdal-3.0.4+dfsg/ogr/ogrgeometrycollection.cpp:867:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        1 + strlen(substr + strlen(" Z")));
data/gdal-3.0.4+dfsg/ogr/ogrgeometrycollection.cpp:867:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        1 + strlen(substr + strlen(" Z")));
data/gdal-3.0.4+dfsg/ogr/ogrgeometrycollection.cpp:870:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nCumulativeLength += strlen(papszGeoms[iGeom] + nSkip);
data/gdal-3.0.4+dfsg/ogr/ogrgeometrycollection.cpp:925:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nCumulativeLength = strlen(*ppszDstText);
data/gdal-3.0.4+dfsg/ogr/ogrgeometrycollection.cpp:938:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            EQUALN(papszGeoms[iGeom], pszSkipPrefix, strlen(pszSkipPrefix)) &&
data/gdal-3.0.4+dfsg/ogr/ogrgeometrycollection.cpp:939:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            papszGeoms[iGeom][strlen(pszSkipPrefix)] == ' ' )
data/gdal-3.0.4+dfsg/ogr/ogrgeometrycollection.cpp:941:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            nSkip = strlen(pszSkipPrefix) + 1;
data/gdal-3.0.4+dfsg/ogr/ogrgeometrycollection.cpp:950:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const size_t nGeomLength = strlen(papszGeoms[iGeom] + nSkip);
data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp:1929:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( nMaxString <= strlen(*ppszDstText+nRetLen) + 32 + nRetLen )
data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp:1936:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                      static_cast<int>(strlen(*ppszDstText)), i, *ppszDstText );
data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp:1944:13:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
            strcat( *ppszDstText + nRetLen, "," );
data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp:1946:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nRetLen += strlen(*ppszDstText + nRetLen);
data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp:1954:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nRetLen += strlen(*ppszDstText + nRetLen);
data/gdal-3.0.4+dfsg/ogr/ogrlinestring.cpp:1957:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
    strcat( *ppszDstText+nRetLen, ")" );
data/gdal-3.0.4+dfsg/ogr/ogrmultipoint.cpp:209:13:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
            strcat( *ppszDstText + nRetLen, "," );
data/gdal-3.0.4+dfsg/ogr/ogrmultipoint.cpp:212:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nRetLen += strlen(*ppszDstText + nRetLen);
data/gdal-3.0.4+dfsg/ogr/ogrmultipoint.cpp:223:13:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
            strcat( *ppszDstText + nRetLen, "(" );
data/gdal-3.0.4+dfsg/ogr/ogrmultipoint.cpp:238:13:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
            strcat( *ppszDstText + nRetLen, ")" );
data/gdal-3.0.4+dfsg/ogr/ogrmultipoint.cpp:243:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
    strcat( *ppszDstText+nRetLen, ")" );
data/gdal-3.0.4+dfsg/ogr/ogrpolygon.cpp:689:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nCumulativeLength += strlen(papszRings[iRing] + pnRingBeginning[iRing]);
data/gdal-3.0.4+dfsg/ogr/ogrpolygon.cpp:699:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nCumulativeLength + nNonEmptyRings + strlen(getGeometryName()) + strlen(" ZM ()") + 1));
data/gdal-3.0.4+dfsg/ogr/ogrpolygon.cpp:699:74:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nCumulativeLength + nNonEmptyRings + strlen(getGeometryName()) + strlen(" ZM ()") + 1));
data/gdal-3.0.4+dfsg/ogr/ogrpolygon.cpp:723:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nCumulativeLength = strlen(*ppszDstText);
data/gdal-3.0.4+dfsg/ogr/ogrpolygon.cpp:738:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t nRingLen = strlen(papszRings[iRing] + pnRingBeginning[iRing]);
data/gdal-3.0.4+dfsg/ogr/ogrpolyhedralsurface.cpp:483:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            EQUALN(papszGeoms[iGeom], pszSkipPrefix, strlen(pszSkipPrefix)) &&
data/gdal-3.0.4+dfsg/ogr/ogrpolyhedralsurface.cpp:484:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            papszGeoms[iGeom][strlen(pszSkipPrefix)] == ' ' )
data/gdal-3.0.4+dfsg/ogr/ogrpolyhedralsurface.cpp:486:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            nSkip = strlen(pszSkipPrefix) + 1;
data/gdal-3.0.4+dfsg/ogr/ogrpolyhedralsurface.cpp:508:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                memmove(substr, substr+strlen(" Z"),
data/gdal-3.0.4+dfsg/ogr/ogrpolyhedralsurface.cpp:509:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        1 + strlen(substr+strlen(" Z")));
data/gdal-3.0.4+dfsg/ogr/ogrpolyhedralsurface.cpp:509:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        1 + strlen(substr+strlen(" Z")));
data/gdal-3.0.4+dfsg/ogr/ogrpolyhedralsurface.cpp:512:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nCumulativeLength += strlen(papszGeoms[iGeom] + nSkip);
data/gdal-3.0.4+dfsg/ogr/ogrpolyhedralsurface.cpp:565:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nCumulativeLength = strlen(*ppszDstText);
data/gdal-3.0.4+dfsg/ogr/ogrpolyhedralsurface.cpp:578:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            EQUALN(papszGeoms[iGeom], pszSkipPrefix, strlen(pszSkipPrefix)) &&
data/gdal-3.0.4+dfsg/ogr/ogrpolyhedralsurface.cpp:579:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            papszGeoms[iGeom][strlen(pszSkipPrefix)] == ' ' )
data/gdal-3.0.4+dfsg/ogr/ogrpolyhedralsurface.cpp:581:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            nSkip = strlen(pszSkipPrefix) + 1;
data/gdal-3.0.4+dfsg/ogr/ogrpolyhedralsurface.cpp:590:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t nGeomLength = strlen(papszGeoms[iGeom] + nSkip);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/aeronavfaa/ograeronavfaalayer.cpp:229:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(pszLine) != 128)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/aeronavfaa/ograeronavfaalayer.cpp:241:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(szBuffer, pszLine + psRecordDesc->pasFields[i].nStartCol - 1, nWidth);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/aeronavfaa/ograeronavfaalayer.cpp:331:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(pszLine) != 132)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/aeronavfaa/ograeronavfaalayer.cpp:346:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(szBuffer, pszLine + psRecordDesc->pasFields[i].nStartCol - 1, nWidth);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/aeronavfaa/ograeronavfaalayer.cpp:435:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(pszLine) != 85)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/aeronavfaa/ograeronavfaalayer.cpp:624:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(pszLine) != 85)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/aeronavfaa/ograeronavfaalayer.cpp:696:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(szBuffer, pszLine + psRecordDesc->pasFields[i].nStartCol - 1, nWidth);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/amigocloud/ogramigoclouddatasource.cpp:210:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pszProjectId = CPLStrdup(pszFilename + strlen("AMIGOCLOUD:"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/amigocloud/ogramigoclouddatasource.cpp:313:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszAuthorityName == nullptr || strlen(pszAuthorityName) == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/amigocloud/ogramigoclouddatasource.cpp:324:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if ( pszAuthorityCode != nullptr && strlen(pszAuthorityCode) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/amigocloud/ogramigoclouddatasource.cpp:912:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( !EQUALN(pszSQLCommand, "SELECT", strlen("SELECT")) &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/amigocloud/ogramigoclouddatasource.cpp:913:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        !EQUALN(pszSQLCommand, "EXPLAIN", strlen("EXPLAIN")) &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/amigocloud/ogramigoclouddatasource.cpp:914:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        !EQUALN(pszSQLCommand, "WITH", strlen("WITH")) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/amigocloud/ogramigoclouddriver.cpp:41:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return EQUALN(poOpenInfo->pszFilename, "AMIGOCLOUD:", strlen("AMIGOCLOUD:"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/amigocloud/ogramigocloudlayer.cpp:310:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        for(size_t i = nPos + strlen(" LIMIT "); i < nSize; i++)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/amigocloud/ogramigocloudresultlayer.cpp:112:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        for(size_t i = nPos + strlen(" LIMIT "); i < nSize; i++)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/amigocloud/ogramigocloudtablelayer.cpp:914:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(szVals,ptr,ptrEndParenthesis - ptr);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/amigocloud/ogramigocloudtablelayer.cpp:1064:9:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
        strcpy( szFieldType, "");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_bin.cpp:219:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    psFile->pszFilename = (char*)CPLMalloc(strlen(pszPath)+strlen(pszName)+1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_bin.cpp:219:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    psFile->pszFilename = (char*)CPLMalloc(strlen(pszPath)+strlen(pszName)+1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_bin.cpp:221:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             strlen(pszPath)+strlen(pszName)+1, "%s%s", pszPath, pszName);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_bin.cpp:221:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             strlen(pszPath)+strlen(pszName)+1, "%s%s", pszPath, pszName);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_bin.cpp:590:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nLen = (int)strlen(psFile->pszFilename);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_bin.cpp:1279:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pszFname = (char*)CPLMalloc(strlen(pszPath)+strlen(pszName)+1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_bin.cpp:1279:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pszFname = (char*)CPLMalloc(strlen(pszPath)+strlen(pszName)+1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_bin.cpp:1280:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    snprintf(pszFname, strlen(pszPath)+strlen(pszName)+1, "%s%s", pszPath, pszName);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_bin.cpp:1280:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    snprintf(pszFname, strlen(pszPath)+strlen(pszName)+1, "%s%s", pszPath, pszName);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_bin.cpp:1399:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        ((int)(strlen((char*)psTxt->pszText)+3)/4)*4 < numCharsToRead )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_bin.cpp:1594:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        ((int)(strlen((char*)psTxt->pszText)+3)/4)*4 < numCharsToRead )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_bin.cpp:1856:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nBufLen = strlen(pszInfoPath)+strlen(pszBasename)+10;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_bin.cpp:1856:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nBufLen = strlen(pszInfoPath)+strlen(pszBasename)+10;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_bin.cpp:1879:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszBuf[strlen(pszBuf)-1] = '\0';
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_bin.cpp:1964:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nLen = (int)strlen(szNameToFind);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_bin.cpp:1971:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pszFname = (char*)CPLMalloc(strlen(pszInfoPath)+9);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_bin.cpp:1973:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        snprintf(pszFname, strlen(pszInfoPath)+9, "%sarcdr9", pszInfoPath);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_bin.cpp:1975:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        snprintf(pszFname, strlen(pszInfoPath)+9, "%sarc.dir", pszInfoPath);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_bin.cpp:2046:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nFnameLen = strlen(pszInfoPath)+81;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_bin.cpp:2069:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                       strlen(pszTableName)) &&                _AVCBinReadInfoFileExists(pszInfoPath,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_bin.cpp:2121:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            for(i = (int)strlen(sTableDef.szDataFile)-1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_bin.cpp:2146:85:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        snprintf(sTableDef.szDataFile, sizeof(sTableDef.szDataFile), "%s", pszFname+strlen(pszInfoPath));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_bin.cpp:2672:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy((char*)pasFields[i].pszStr, pszValue, pasDef[i].nSize);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_binwr.cpp:171:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    psFile->pszFilename = (char*)CPLMalloc(strlen(pszPath)+strlen(pszName)+1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_binwr.cpp:171:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    psFile->pszFilename = (char*)CPLMalloc(strlen(pszPath)+strlen(pszName)+1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_binwr.cpp:172:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    snprintf(psFile->pszFilename, strlen(pszPath)+strlen(pszName)+1, "%s%s", pszPath, pszName);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_binwr.cpp:172:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    snprintf(psFile->pszFilename, strlen(pszPath)+strlen(pszName)+1, "%s%s", pszPath, pszName);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_binwr.cpp:210:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nLen = (int)strlen(pszFname);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_binwr.cpp:1100:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nStrLen = (((int)strlen((char*)psTxt->pszText) + 3)/4)*4;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_binwr.cpp:1217:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nStrLen = (((int)strlen((char*)psTxt->pszText) + 4)/4)*4;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_binwr.cpp:1570:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                   strlen(psTableDef->szTableName)))        {
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_binwr.cpp:1706:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nFnameLen = strlen(pszInfoPath)+81;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_binwr.cpp:1796:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nLen = (int)strlen(psTableDef->szTableName);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_binwr.cpp:1825:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(szSubclass) == 0)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_binwr.cpp:1971:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    psFile->pszFilename = (char*)CPLCalloc(strlen(psSrcTableDef->szTableName)+
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_binwr.cpp:1972:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                           strlen(pszPath)+10, sizeof(char));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_binwr.cpp:1974:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (EQUALN(psSrcTableDef->szTableName, pszCoverName, strlen(pszCoverName))
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_binwr.cpp:1975:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        && psSrcTableDef->szTableName[strlen(pszCoverName)] == '.')
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_binwr.cpp:1977:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszDBFBasename = psSrcTableDef->szTableName + strlen(pszCoverName)+1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_binwr.cpp:1986:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for(i=(int)strlen(psFile->pszFilename); *pszDBFBasename; i++, pszDBFBasename++)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_binwr.cpp:2021:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(szFieldName, pasDef[i].szName, 10);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00gen.cpp:610:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            snprintf(psInfo->pszBuf + strlen(psInfo->pszBuf),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00gen.cpp:611:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                     psInfo->nBufSize - strlen(psInfo->pszBuf), "%10d",
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00gen.cpp:939:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((int)strlen((char*)psTxt->pszText) > (iLine*80))
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00gen.cpp:1077:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((int)strlen((char*)psTxt->pszText) > (iLine*80))
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00gen.cpp:1431:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(psInfo->pszBuf, psInfo->pszBuf+(81+psInfo->iCurItem), nLen);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00parse.cpp:115:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (pszStr && numChars >= (int)strlen(pszStr))
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00parse.cpp:448:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (psInfo->eSuperSectionType == AVCFileTX6 && strlen(pszLine)==0)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00parse.cpp:456:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        else if (strlen(pszLine) > 0 && !isspace((unsigned char)pszLine[0]) &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00parse.cpp:696:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nLen = strlen(pszLine);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00parse.cpp:816:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nLen = strlen(pszLine);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00parse.cpp:966:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nLen = strlen(pszLine);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00parse.cpp:1087:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nLen = strlen(pszLine);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00parse.cpp:1199:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nLen = strlen(pszLine);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00parse.cpp:1285:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    else if ( strlen(pszLine) > 1 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00parse.cpp:1293:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            size_t nOldLen = strlen(psInfo->aosPrj.List()[psInfo->aosPrj.size()-1]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00parse.cpp:1294:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            size_t nAddLen = strlen(pszLine + 1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00parse.cpp:1334:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nLen = strlen(pszLine);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00parse.cpp:1591:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nLen = strlen(pszLine);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00parse.cpp:1817:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nLen = strlen(pszLine);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00parse.cpp:1882:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nLen = strlen(pszLine);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00parse.cpp:1906:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(psTableDef->szTableName, pszLine, 32);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00parse.cpp:1908:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(psTableDef->szExternal, pszLine+32, 2);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00parse.cpp:1968:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(psDef->szName, pszLine, 16);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00parse.cpp:1986:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(psDef->szAltName, pszLine+49, 16);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00parse.cpp:2070:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy((char*)pasFields[i].pszStr, pszBuf, nSize);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00parse.cpp:2081:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(szTmp, pszBuf, 14);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00parse.cpp:2113:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if ((int)strlen(pszTmpStr) > nSize)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00parse.cpp:2114:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                pszTmpStr = pszTmpStr + strlen(pszTmpStr) - nSize;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00parse.cpp:2115:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy((char*)pasFields[i].pszStr, pszTmpStr, nSize);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00parse.cpp:2134:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(szTmp, pszBuf, 14);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00parse.cpp:2145:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(szTmp, pszBuf, 24);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00parse.cpp:2288:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nSrcLen = (int)strlen(pszLine);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00parse.cpp:2290:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(psInfo->pszBuf+psInfo->iCurItem, pszLine, nLenToCopy);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00read.cpp:181:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (pszCoverPath == nullptr || strlen(pszCoverPath) == 0 ||
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00read.cpp:210:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nLen = (int)strlen(pszCoverPath);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00read.cpp:232:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        for( i = (int)strlen(psInfo->pszCoverPath)-1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00read.cpp:249:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for( i = (int)strlen(psInfo->pszCoverPath)-1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00read.cpp:308:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t nInfoPathLen = strlen(psInfo->pszCoverPath)+9;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00read.cpp:421:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (pszE00FileName == nullptr || strlen(pszE00FileName) == 0 ||
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00read.cpp:657:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nLen = (int)strlen(papszCoverDir[i]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00read.cpp:755:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nExtLen = (int)strlen(pszFileExtension);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00read.cpp:763:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nLen = (int)strlen(papszCoverDir[iDirEntry]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00read.cpp:1005:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nLen = (int)strlen(szCWD);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00read.cpp:1009:13:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
            strcat(szCWD, "\\");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00read.cpp:1012:13:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
            strcat(szCWD, "/");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00read.cpp:1296:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if ((nLen = (int)strlen(papszCoverDir[iFile])) == 7 &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00read.cpp:1381:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            int nLen = (int)strlen(pszLine);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00write.cpp:166:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (pszCoverPath == nullptr || strlen(pszCoverPath) == 0)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00write.cpp:253:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nLen = (int)strlen(pszCoverPath);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00write.cpp:274:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for( i = (int)strlen(psInfo->pszCoverPath)-1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00write.cpp:299:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(psInfo->pszCoverName) > 13 ||
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00write.cpp:327:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t nInfoPathLen = strlen(psInfo->pszCoverPath)+9;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00write.cpp:362:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pszInfoDir[strlen(pszInfoDir)-1] = '\0';
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00write.cpp:495:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(szOldExt) < 3)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00write.cpp:507:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(szOldExt) == 3)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00write.cpp:607:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        else if (strlen(pszLine) > 30 || strchr(pszLine, ' ') != nullptr)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00write.cpp:616:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(pszLine) > 30 || strchr(pszLine, ' ') != nullptr)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_e00write.cpp:623:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(pszLine) > 30 || strchr(pszLine, ' ') != nullptr)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_misc.cpp:211:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pszBuf = (char*)CPLMalloc(strlen(pszPath)+strlen(pszName)+1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_misc.cpp:211:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pszBuf = (char*)CPLMalloc(strlen(pszPath)+strlen(pszName)+1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_misc.cpp:213:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             strlen(pszPath)+strlen(pszName)+1, "%s%s", pszPath, pszName);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_misc.cpp:213:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             strlen(pszPath)+strlen(pszName)+1, "%s%s", pszPath, pszName);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_misc.cpp:259:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nTotalLen = (int)strlen(pszTmpPath);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_misc.cpp:347:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    while(bValidPath && strlen(pszTmpPath) < (size_t)nTotalLen)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_misc.cpp:392:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(pszTmpPath+iTmpPtr, pszFname+iTmpPtr, nTotalLen-iTmpPtr);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_misc.cpp:434:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        for(i=(int)strlen(szBuf)-1; i>0; i--)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_misc.cpp:444:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nBufLen -= strlen(pszBuf);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_misc.cpp:445:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pszBuf = pszBuf+strlen(pszBuf);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_misc.cpp:487:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        n = (int)strlen(pszBuf);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_misc.cpp:496:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    CPLAssert(strlen(pszBuf) == (size_t)nLen);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/avc_rawbin.cpp:672:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nLen = (int)strlen((const char *)pszString);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/ogravce00layer.cpp:403:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    pszTableType, strlen(pszTableType) ) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/avc/ogravclayer.cpp:572:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                size_t nLen = strlen( reinterpret_cast<char *>(
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/cadfilestreamio.cpp:106:46:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    return static_cast<size_t>(m_oFileStream.read( static_cast<char *>(ptr), static_cast<long>(size) ).gcount());
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cad/libopencad/opencad.cpp:55:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t nPathLen = strlen( pszFilePath );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/carto/ogrcartodatasource.cpp:162:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pszAccount = CPLStrdup(pszFilename + strlen("CARTODB:"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/carto/ogrcartodatasource.cpp:164:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pszAccount = CPLStrdup(pszFilename + strlen("CARTO:"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/carto/ogrcartodatasource.cpp:367:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszAuthorityName == nullptr || strlen(pszAuthorityName) == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/carto/ogrcartodatasource.cpp:378:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if ( pszAuthorityCode != nullptr && strlen(pszAuthorityCode) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/carto/ogrcartodatasource.cpp:587:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( !(strlen(pszSQL)>0) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/carto/ogrcartodatasource.cpp:593:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( !(strlen(pszCopyFile)>0) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/carto/ogrcartodatasource.cpp:768:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen((const char*)psResult->pabyData) < 1000 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/carto/ogrcartolayer.cpp:309:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        for(size_t i = nPos + strlen(" LIMIT "); i < nSize; i++)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/carto/ogrcartoresultlayer.cpp:111:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        for(size_t i = nPos + strlen(" LIMIT "); i < nSize; i++)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/carto/ogrcartotablelayer.cpp:1756:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(szVals,ptr,ptrEndParenthesis - ptr);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/carto/ogrcartotablelayer.cpp:1900:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( pszFieldName == nullptr || strlen(pszFieldName) == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cloudant/ogrcloudantdatasource.cpp:157:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strchr(pszKnowProvider + strlen(".cloudant.com/"), '/' ) == nullptr)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cloudant/ogrcloudantdatasource.cpp:164:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strstr(pszKnowProvider + strlen("localhost"), pszSlash ) != nullptr)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cloudant/ogrcloudanttablelayer.cpp:228:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const size_t nLen = strlen(papszTokens[0]) + strlen(papszTokens[1]) + 2;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/cloudant/ogrcloudanttablelayer.cpp:228:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const size_t nLen = strlen(papszTokens[0]) + strlen(papszTokens[1]) + 2;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/couchdb/ogrcouchdbdatasource.cpp:238:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strchr(pszKnowProvider + strlen(".iriscouch.com/"), '/' ) == nullptr)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/couchdb/ogrcouchdbdatasource.cpp:244:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strchr(pszKnowProvider + strlen(".cloudant.com/"), '/' ) == nullptr)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvdatasource.cpp:665:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        else if( strlen(papszNames[i]) > 2 &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvdatasource.cpp:680:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        else if( strlen(papszNames[i]) > 2 &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvdatasource.cpp:738:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(pszFilename) > 7 &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvdatasource.cpp:739:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            EQUAL(pszFilename + strlen(pszFilename) - 7, ".csv.gz") )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvdatasource.cpp:744:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        else if( strlen(pszFilename) > 7 &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvdatasource.cpp:745:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 EQUAL(pszFilename + strlen(pszFilename) - 7, ".tsv.gz") )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:187:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t nWorkLineLength = strlen(pszWorkLine);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:204:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const size_t nLineLen = strlen(pszLine);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:213:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat(pszWorkLine + nWorkLineLength, "\n");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:298:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if( strlen(pszPattern) >= 3 &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:299:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    pszPattern[strlen(pszPattern) - 1] == '*' )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:311:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    if( strlen(pszFieldName) >= strlen(pszPattern) - 1 &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:311:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    if( strlen(pszFieldName) >= strlen(pszPattern) - 1 &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:312:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        EQUAL(pszFieldName + strlen(pszFieldName) -
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:313:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                  (strlen(pszPattern) - 1),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:320:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            else if( pszPattern[strlen(pszPattern) - 1] == '*' )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:323:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if( EQUALN(pszFieldName, pszPattern, strlen(pszPattern) - 1) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:578:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                   pszFieldName[strlen(pszFieldName) - 1] == ' ' )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:579:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                pszFieldName[strlen(pszFieldName) - 1] = '\0';
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:767:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    const int nEPSGCode = atoi(pszEPSG + strlen("_EPSG_"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:846:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        strlen(pszNfdcGeomField)) &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:847:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 EQUAL(oField.GetNameRef() + strlen(pszNfdcGeomField),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:857:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        strlen(pszNfdcGeomField)) &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:858:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 EQUAL(oField.GetNameRef() + strlen(pszNfdcGeomField),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:869:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        strlen(pszGeonamesGeomFieldPrefix)) &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:871:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            strlen(pszGeonamesGeomFieldPrefix),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:874:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            strlen(pszGeonamesGeomFieldPrefix),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:877:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            strlen(pszGeonamesGeomFieldPrefix),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:889:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        strlen(pszGeonamesGeomFieldPrefix)) &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:891:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            strlen(pszGeonamesGeomFieldPrefix),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:894:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            strlen(pszGeonamesGeomFieldPrefix),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:897:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            strlen(pszGeonamesGeomFieldPrefix),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:1002:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                papszTokens[iField][strlen(papszTokens[iField]) - 1] == ' ' )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:1003:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                papszTokens[iField][strlen(papszTokens[iField]) - 1] = '\0';
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:1135:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    nFieldWidth = static_cast<int>(strlen(papszTokens[iField]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:1147:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                static_cast<int>(strlen(pszDot + 1));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:1579:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                             static_cast<int>(strlen(papszTokens[iAttr])) >
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:1596:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                ? static_cast<int>(strlen(pszDot + 1))
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:1651:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    static_cast<int>(strlen(papszTokens[iAttr])) >
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:1987:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( STARTS_WITH_CI(pszName, "geom_") && strlen(pszName) >= strlen("geom_") )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:1987:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( STARTS_WITH_CI(pszName, "geom_") && strlen(pszName) >= strlen("geom_") )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:1988:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszName += strlen("geom_");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:2364:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            bRet &= VSIFWriteL(pszWKT, strlen(pszWKT), 1, fpCSV) > 0;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:2386:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                const int nLenWKT = static_cast<int>(strlen(pszEscaped));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/csv/ogrcsvlayer.cpp:2448:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const int nLen = static_cast<int>(strlen(pszEscaped));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/gdaldb2rasterband.cpp:1497:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int rc = sqlite3_prepare_v2(m_hTempDB, pszSQL, strlen(pszSQL), &hStmt, NULL);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/gdaldb2rasterband.cpp:1749:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int rc = sqlite3_prepare_v2(m_hTempDB, pszSQL, strlen(pszSQL), &hStmt, NULL);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/gdaldb2rasterband.cpp:1836:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                rc = sqlite3_prepare_v2(m_hTempDB, pszSQL, strlen(pszSQL), &hStmt, NULL);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2cli.cpp:305:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                              (SQLCHAR *) pszDSN, (SQLSMALLINT)strlen(pszDSN),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2cli.cpp:1001:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            size_t iEnd = strlen(pszTarget);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2cli.cpp:1015:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            m_panColValueLengths[iCol] = strlen(m_papszColValues[iCol]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2cli.cpp:1174:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t  nTextLen = strlen(pszText);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2cli.cpp:1211:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t  iIn, iOut ,nTextLen = strlen(pszText);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:262:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    stime[strlen(stime) - 1] = '\0';  /* get rid of newline */
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:316:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(pszSchemaName, pszLayerNameUpper, length);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:447:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(pszSchemaName, pszLayerName, length);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:664:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int nLen = static_cast<int>(strlen(pszKey));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:671:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(*pszValue, pszSource + nStart + nLen,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:1026:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char* pszConnectionName = CPLStrdup(pszNewName + strlen(DB2ODBC_PREFIX));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:1029:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nCurrent = nNext = nTerm = static_cast<int>(strlen(pszConnectionName));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:1098:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    int len = static_cast<int>(strlen(pszGeomColumnName));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:1384:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(m_papszGeomColumnNames[iTable]) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:1656:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszAuthorityName == nullptr || strlen(pszAuthorityName) == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2datasource.cpp:1667:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if ( pszAuthorityCode != nullptr && strlen(pszAuthorityCode) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2tablelayer.cpp:44:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t  iIn, iOut , nTextLen = strlen(pszStrValue);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2tablelayer.cpp:928:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            int nLen = (int) strlen(pszWKT);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2tablelayer.cpp:1077:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            int nLen = (int) strlen(pszWKT);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2tablelayer.cpp:1177:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            int nLen = (int) strlen(pszWKT);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2tablelayer.cpp:1318:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nLen = (int) strlen(stringValue);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/db2/ogrdb2tablelayer.cpp:1450:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 && pszDefault[strlen(pszDefault)-1] == ')'
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgndump.cpp:239:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy( szLine+8+iChar*2, szHex, 2 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnhelp.cpp:469:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( i >= (int) strlen(str) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:1386:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t nDataOffset = 48 + strlen(psTagSet->tagSetName) + 1 + 1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:1396:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            nDataOffsetEnd += strlen((char *)psDGN->abyElem + nDataOffsetEnd)+1 +
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:1401:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            nDataOffsetEnd += strlen((char *)psDGN->abyElem + nDataOffsetEnd)+1 +
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:1405:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                nDataOffsetEnd += strlen(tagDef->defaultValue.string)+1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:1430:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nDataOffset += strlen(tagDef->name)+1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:1439:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nDataOffset += strlen(tagDef->prompt)+1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnread.cpp:1454:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            nDataOffset += strlen(tagDef->defaultValue.string)+1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:488:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const size_t nSize = sizeof(DGNElemText) + strlen(psSrcText->string);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:1389:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        CPLCalloc( sizeof(DGNElemText)+strlen(pszText), 1 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:1413:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        psCore->raw_bytes = 60 + static_cast<int>(strlen(pszText));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:1415:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        psCore->raw_bytes = 76 + static_cast<int>(strlen(pszText));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:1461:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    psCore->raw_data[nBase] = (unsigned char) strlen(pszText);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:1463:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    memcpy( psCore->raw_data + nBase+2, pszText, strlen(pszText) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:1475:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        dfOriginX + dfLengthMult * strlen(pszText),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:1510:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    sMin.x = dfOriginX - dfLengthMult * strlen(pszText);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:1513:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    sMax.x = dfOriginX + dfLengthMult * strlen(pszText);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/dgnwrite.cpp:2018:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(pszName) > 3 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/ogrdgnlayer.cpp:293:13:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
            strcat( szFullStyle, ";" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/ogrdgnlayer.cpp:396:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    static_cast<int>(strlen(szEntityList + nEntityLen ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/ogrdgnlayer.cpp:398:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    static_cast<int>(strlen(szMSLinkList + nMSLinkLen ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/ogrdgnlayer.cpp:451:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(szFSColor) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/ogrdgnlayer.cpp:452:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        snprintf( szPen+strlen(szPen), sizeof(szPen)-strlen(szPen),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/ogrdgnlayer.cpp:452:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        snprintf( szPen+strlen(szPen), sizeof(szPen)-strlen(szPen),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/ogrdgnlayer.cpp:456:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        snprintf( szPen+strlen(szPen), sizeof(szPen)-strlen(szPen),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/ogrdgnlayer.cpp:456:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        snprintf( szPen+strlen(szPen), sizeof(szPen)-strlen(szPen),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/ogrdgnlayer.cpp:459:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
    strcat( szPen, ")" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/ogrdgnlayer.cpp:571:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          const size_t nOgrFSLen = strlen(psText->string) + 150;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/ogrdgnlayer.cpp:578:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          if( strlen(szFSColor) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/ogrdgnlayer.cpp:579:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              snprintf( pszOgrFS+strlen(pszOgrFS), nOgrFSLen-strlen(pszOgrFS),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/ogrdgnlayer.cpp:579:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              snprintf( pszOgrFS+strlen(pszOgrFS), nOgrFSLen-strlen(pszOgrFS),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/ogrdgnlayer.cpp:585:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              CPLsnprintf( pszOgrFS+strlen(pszOgrFS),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/ogrdgnlayer.cpp:586:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                           nOgrFSLen-strlen(pszOgrFS), ",s:%dg",
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/ogrdgnlayer.cpp:589:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              CPLsnprintf( pszOgrFS+strlen(pszOgrFS),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/ogrdgnlayer.cpp:590:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                          nOgrFSLen-strlen(pszOgrFS), ",s:%.3fg",
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/ogrdgnlayer.cpp:593:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              CPLsnprintf( pszOgrFS+strlen(pszOgrFS),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/ogrdgnlayer.cpp:594:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                          nOgrFSLen-strlen(pszOgrFS), ",s:%.12fg",
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/ogrdgnlayer.cpp:626:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              snprintf( pszOgrFS+strlen(pszOgrFS),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/ogrdgnlayer.cpp:627:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        nOgrFSLen-strlen(pszOgrFS), ",f:%s",
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/ogrdgnlayer.cpp:632:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              snprintf( pszOgrFS+strlen(pszOgrFS),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/ogrdgnlayer.cpp:633:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        nOgrFSLen-strlen(pszOgrFS), ",f:MstnFont%d",
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/ogrdgnlayer.cpp:639:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              snprintf( pszOgrFS+strlen(pszOgrFS),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/ogrdgnlayer.cpp:640:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        nOgrFSLen-strlen(pszOgrFS), ",a:%d",
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/ogrdgnlayer.cpp:643:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          snprintf( pszOgrFS+strlen(pszOgrFS),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/ogrdgnlayer.cpp:644:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        nOgrFSLen-strlen(pszOgrFS), ")" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dgn/ogrdgnlayer.cpp:1065:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( (pszText == nullptr || strlen(pszText) == 0)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dods/ogrdodsdatasource.cpp:102:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int nLen = static_cast<int>(strlen(pszWrkURL));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dods/ogrdodsfielddefn.cpp:102:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int    nTargPathLen = static_cast<int>(strlen(oTargPath.c_str()));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dods/ogrdodsfielddefn.cpp:117:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            nTargPathLen = static_cast<int>(strlen(oTargPath.c_str()));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dods/ogrdodsgrid.cpp:61:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(oLayerName.c_str()) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dods/ogrdodssequencelayer.cpp:60:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(oLayerName.c_str()) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dods/ogrdodssequencelayer.cpp:595:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        CPLAssert( strlen(poFD->pszPathToSequence)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dods/ogrdodssequencelayer.cpp:596:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                   < strlen(poFD->pszFieldName)-1 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dods/ogrdodssequencelayer.cpp:603:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                + strlen(poFD->pszPathToSequence) + 1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfdriver.cpp:74:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    i += static_cast<int>(strlen("SECTION"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfreader.cpp:187:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy( pszValueBuf, achSrcBuffer + iSrcBufferOffset,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfreader.cpp:197:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy( pszValueBuf, achSrcBuffer + iSrcBufferOffset,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfwriterds.cpp:85:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                VSIFWriteL( pszLine, 1, strlen(pszLine), fp );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfwriterds.cpp:297:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t nLen = strlen(szLinePair);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfwriterds.cpp:318:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t nLen = strlen(szLinePair);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfwriterds.cpp:418:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            while( strlen(szLineBuf) < 8 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfwriterds.cpp:420:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                memmove( szLineBuf+1, szLineBuf, strlen(szLineBuf)+1 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfwriterds.cpp:648:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy( szWorkBuf + i, osNewValue.c_str(), osNewValue.size() );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfwriterds.cpp:873:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(poThisBlockFeat->GetFieldAsString("Layer")) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfwriterds.cpp:915:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(poThisBlockFeat->GetFieldAsString("Layer")) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfwriterlayer.cpp:129:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(pszValue) < 255 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfwriterlayer.cpp:165:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t nLen = strlen(szLinePair);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfwriterlayer.cpp:194:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszLayer == nullptr || strlen(pszLayer) == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfwriterlayer.cpp:217:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( (pszExists == nullptr || strlen(pszExists) == 0)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/dxf/ogrdxfwriterlayer.cpp:635:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( bDefault || strlen(pszPattern) == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/edigeo/ogredigeodatasource.cpp:135:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(pszLine) < 8 || pszLine[7] != ':')
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/edigeo/ogredigeodatasource.cpp:235:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(pszLine) < 8 || pszLine[7] != ':')
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/edigeo/ogredigeodatasource.cpp:297:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(pszLine) < 8 || pszLine[7] != ':')
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/edigeo/ogredigeodatasource.cpp:351:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strlen(pszLine) < 8 || pszLine[7] != ':')
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/edigeo/ogredigeodatasource.cpp:416:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strlen(pszLine) < 8 || pszLine[7] != ':')
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/edigeo/ogredigeodatasource.cpp:529:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strlen(pszLine) < 8 || pszLine[7] != ':')
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/edigeo/ogredigeodatasource.cpp:672:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strlen(pszLine) < 8 || pszLine[7] != ':')
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/edigeo/ogredigeodatasource.cpp:846:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    strlen(pszLine) >= 8 &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/elastic/ogrelasticlayer.cpp:1170:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    hashlen = static_cast<int>(strlen(geohash));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/elastic/ogrelasticlayer.cpp:1373:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    const int nRadiusLength = (int)strlen(pszRadius);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbDatasource.cpp:628:74:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        FGdbLayer* poLayer = (FGdbLayer*) GetLayerByName(pszSQLCommand + strlen("GetLayerDefinition "));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbDatasource.cpp:646:74:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        FGdbLayer* poLayer = (FGdbLayer*) GetLayerByName(pszSQLCommand + strlen("GetLayerMetadata "));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbDriver.cpp:81:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t nLen = strlen(pszFilename);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/filegdb/FGdbDriver.cpp:87:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            size_t nLen2 = strlen(pszCurrentDir);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmecacheindex.cpp:183:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    VSIFWrite( pszIndexBuffer, 1, strlen(pszIndexBuffer), fpIndex );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmedatasource.cpp:84:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszMessageCopy[strlen(pszMessageCopy)-1] == '\n' )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmedatasource.cpp:85:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszMessageCopy[strlen(pszMessageCopy)-1] = '\0';
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmedatasource.cpp:420:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszCoordSys == NULL || strlen(pszCoordSys) == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmedatasource.cpp:551:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        && strlen(pszCompositeName) > 7 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmedatasource.cpp:859:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            && strlen(poFMEFeature->getCoordSys()) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmedatasource.cpp:1061:21:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    err = poReader->read( *poFMEFeature, eEndOfSchema );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmedatasource.cpp:1376:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( strlen(papszTokens[i+1]) + strlen(papszTokens[i]) + 20
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmedatasource.cpp:1376:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( strlen(papszTokens[i+1]) + strlen(papszTokens[i]) + 20
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmedatasource.cpp:1377:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                < sizeof(szDefinition) - strlen(szDefinition) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmedatasource.cpp:1379:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                sprintf( szDefinition + strlen(szDefinition), "%s=%s;",
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayer.cpp:284:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        && strlen(poSchemaFeature->getCoordSys()) > 0
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayer.cpp:317:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszNewFilter == NULL || strlen(pszNewFilter) == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayerdb.cpp:127:21:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    err = poReader->read( *poFMEFeature, eEndOfSchema );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayerdb.cpp:192:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pszWorking = (char *) CPLMalloc(strlen(poMacros->data())
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayerdb.cpp:193:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                    + strlen(pszNewValue)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayerdb.cpp:194:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                    + strlen(pszTarget) + 20 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayerdb.cpp:199:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        || pszValStart[strlen(pszTarget)] != ',' )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayerdb.cpp:201:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(pszWorking) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayerdb.cpp:202:13:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
            strcat( pszWorking, "," );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayerdb.cpp:204:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        sprintf( pszWorking + strlen(pszWorking), "%s,%s",
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayerdb.cpp:211:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pszValStart += strlen(pszTarget) + 1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayerdb.cpp:218:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    memmove( pszValStart + strlen(pszNewValue),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayerdb.cpp:220:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strlen(pszValStart + nOldValLength)+1 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayerdb.cpp:222:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    memcpy( pszValStart, pszNewValue, strlen( pszNewValue ) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/fme/ogrfmelayerdb.cpp:371:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszAttributeFilter != NULL && strlen(pszAttributeFilter) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/generic/ogr_gensql.cpp:130:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if( strlen(CPLGetLastErrorMsg()) == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/generic/ogr_gensql.cpp:232:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(psColDef->field_name) == 0 && !bIsGeometry )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/generic/ogr_gensql.cpp:1214:70:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                                    static_cast<int>(strlen(psSrcField->String)),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/generic/ogr_miattrind.cpp:366:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    OGRErr eErr = (VSIFWrite( pszRawXML, strlen(pszRawXML), 1, fp ) == 1) ? OGRERR_NONE : OGRERR_FAILURE;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/generic/ogrlayer.cpp:347:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszQuery == nullptr || strlen(pszQuery) == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.c:1345:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    p+= strlen(kMetadataVERSION_GCIO);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.c:1396:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    p+= strlen(kMetadataCHARSET_GCIO);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.c:1421:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    p+= strlen(kMetadataFORMAT_GCIO);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.c:1503:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    p+= strlen(kMetadataFIELDS_GCIO);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.c:1726:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if( EQUALN(p,kPrivate_GCIO,strlen(kPrivate_GCIO)) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.c:1728:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        p+= strlen(kPrivate_GCIO);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.c:3185:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(n,k,kItemSize_GCIO-1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.c:3256:15:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
              strncpy(x,k,kExtraSize_GCIO-1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.c:3276:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                strncpy(e,k,kExtraSize_GCIO-1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.c:3363:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(n,k,kItemSize_GCIO-1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.c:3434:15:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
              strncpy(x,k,kExtraSize_GCIO-1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.c:3454:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                strncpy(e,k,kExtraSize_GCIO-1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.c:3541:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(n,k,kItemSize_GCIO-1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.c:3612:15:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
              strncpy(x,k,kExtraSize_GCIO-1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.c:3632:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                strncpy(e,k,kExtraSize_GCIO-1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.c:3705:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(n,k,kItemSize_GCIO-1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.c:3879:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(n,k,kItemSize_GCIO-1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.c:4155:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                ll+= (int)strlen(v);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.c:4250:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                          ll+= (int)strlen(v);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.c:4772:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      (l= (int)strlen(theString))==0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.h:353:31:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
#define SetGCCache_GCIO(gc,v) strncpy((gc)->cache, (v), kCacheSize_GCIO), (gc)->cache[kCacheSize_GCIO]= '\0';
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.h:388:36:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
#define SetMetaUnit_GCIO(header,v) strncpy((header)->unit, (v), kUnitMAX_GCIO), (header)->unit[kUnitMAX_GCIO]= '\0';
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/geoconcept.h:390:37:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
#define SetMetaZUnit_GCIO(header,v) strncpy((header)->zUnit, (v), kUnitMAX_GCIO), (header)->zUnit[kUnitMAX_GCIO]= '\0';
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/ogrgeoconceptdatasource.cpp:242:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(_pszExt) == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/ogrgeoconceptdatasource.cpp:258:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(pszbName)==0) {/* pszName ends with '/' */
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/ogrgeoconceptdatasource.cpp:261:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pszNameDup[strlen(pszName)-2] = '\0';
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geoconcept/ogrgeoconceptdriver.cpp:96:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszName==nullptr || strlen(pszName)==0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/json_object.c:319:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		json_escape_str(pb, iter.key, (int)strlen(iter.key));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/json_object.c:652:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  jso->o.c_string.len = (int)strlen(s);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/json_tokener.c:263:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if ((len < -1) || (len == -1 && strlen(str) > INT32_MAX)) {
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/json_util.c:82:21:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  while((ret = (int)read(fd, buf, JSON_FILE_BUF_SIZE)) > 0) {
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/json_util.c:121:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  wsize = (unsigned int)(strlen(json_str) & UINT_MAX); /* CAW: probably unnecessary, but the most 64bit safe */
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/json_util.c:236:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		buf_cmp_len = (int)strlen(buf_cmp_start);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/json_util.c:244:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    strncmp(buf_sig_digits, buf_cmp_start, strlen(buf_cmp_start)) != 0 ||
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/libjson/json_util.c:245:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			((int)strlen(buf_sig_digits) != buf_cmp_len &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogresrijsonreader.cpp:120:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pszName += strlen("ESRIJSON:");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsondatasource.cpp:104:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszUnprefixed[strlen(pszJSonFlavor)] == ':' )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsondatasource.cpp:106:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszUnprefixed += strlen(pszJSonFlavor) + 1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsondatasource.cpp:639:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            nGeoDataLen_ = strlen(pszGeoData_);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsondatasource.cpp:731:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strncmp(pszGeoData_, apszPrefix[iP], strlen(apszPrefix[iP])) == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsondatasource.cpp:733:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            const size_t nDataLen = strlen(pszGeoData_);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsondatasource.cpp:734:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            memmove( pszGeoData_, pszGeoData_ + strlen(apszPrefix[iP]),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsondatasource.cpp:735:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    nDataLen - strlen(apszPrefix[iP]) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsondatasource.cpp:736:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            size_t i = nDataLen - strlen(apszPrefix[iP]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsondatasource.cpp:854:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pszStr += strlen("\"features\"");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonreader.cpp:476:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                m_osJson.size() + strlen("application/vnd.geo+json");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonreader.cpp:734:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        else if( nLen == strlen("Infinity") && EQUAL(pszValue, "Infinity") )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonreader.cpp:739:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        else if( nLen == strlen("-Infinity") && EQUAL(pszValue, "-Infinity") )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonreader.cpp:744:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        else if( nLen == strlen("NaN") && EQUAL(pszValue, "NaN") )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonreader.cpp:843:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszName += strlen("GeoJSON:");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonreader.cpp:1052:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( nRead >= nSkip + strlen(apszPrefix[i]) &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonreader.cpp:1054:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                   strlen(apszPrefix[i])) == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonreader.cpp:1056:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            nSkip += strlen(apszPrefix[i]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonreader.cpp:3389:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const int nLen = pszText == nullptr ? 0 : static_cast<int>(strlen(pszText));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonseqdriver.cpp:651:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszUnprefixedFilename = poOpenInfo->pszFilename + strlen("GeoJSONSeq:");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonseqdriver.cpp:673:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strlen(poOpenInfo->pszFilename),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonseqdriver.cpp:693:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    strlen(pszStoredContent),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonutils.cpp:67:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strncmp(pszText, apszPrefix[iP], strlen(apszPrefix[iP])) == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonutils.cpp:69:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pszText += strlen(apszPrefix[iP]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonutils.cpp:92:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszIter += strlen("\"type\"");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonutils.cpp:175:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    CPLString osWithoutSpace = GetCompactJSon(pszText, strlen(pszText));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonutils.cpp:239:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                            strlen(szESRIJSonPotentialStart1));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonutils.cpp:288:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            nRead = std::min(strlen(pszText), nBufferSize);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonutils.cpp:481:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( VSIStatL(poOpenInfo->pszFilename + strlen("GeoJSON:"), &sStat) == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonutils.cpp:485:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const char* pszText = poOpenInfo->pszFilename + strlen("GeoJSON:");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonutils.cpp:526:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( VSIStatL(poOpenInfo->pszFilename + strlen("ESRIJSON:"), &sStat) == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonutils.cpp:530:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const char* pszText = poOpenInfo->pszFilename + strlen("ESRIJSON:");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonutils.cpp:585:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( VSIStatL(poOpenInfo->pszFilename + strlen("TopoJSON:"), &sStat) == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonutils.cpp:589:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const char* pszText = poOpenInfo->pszFilename + strlen("TopoJSON:");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonutils.cpp:645:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( VSIStatL(poOpenInfo->pszFilename + strlen("GEOJSONSeq:"), &sStat) == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonutils.cpp:649:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const char* pszText = poOpenInfo->pszFilename + strlen("GEOJSONSeq:");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonwriter.cpp:869:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            const size_t nLen = strlen(pszStr);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geojson/ogrgeojsonwriter.cpp:1501:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return printbuf_memappend(pb, szBuffer, static_cast<int>(strlen(szBuffer)));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geomedia/ogrgeomediadatasource.cpp:128:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszDSN = (char *) CPLMalloc(strlen(pszNewName)+strlen(pszDSNStringTemplate)+100);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geomedia/ogrgeomediadatasource.cpp:128:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszDSN = (char *) CPLMalloc(strlen(pszNewName)+strlen(pszDSNStringTemplate)+100);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geomedia/ogrgeomediadatasource.cpp:131:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  strlen(pszNewName)+strlen(pszDSNStringTemplate)+100,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/geomedia/ogrgeomediadatasource.cpp:131:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  strlen(pszNewName)+strlen(pszDSNStringTemplate)+100,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/georss/ogrgeorsslayer.cpp:325:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = static_cast<int>(strlen(pszStr));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/georss/ogrgeorsslayer.cpp:622:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    memmove(pszStr, pszStr + i, strlen(pszStr + i) + 1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/georss/ogrgeorsslayer.cpp:625:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    i = static_cast<int>(strlen(pszStr)) - 1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/georss/ogrgeorsslayer.cpp:1042:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            size_t nLen = strlen(papszNames[i]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/georss/ogrgeorsslayer.cpp:1151:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    strlen(pszElementName)) == 0 &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/georss/ogrgeorsslayer.cpp:1152:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            papszNames[k][strlen(pszElementName)] == '_')
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/georss/ogrgeorsslayer.cpp:1155:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                papszNames[k] + strlen(pszElementName) + 1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/georss/ogrgeorsslayer.cpp:1466:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( strchr(pszName+strlen("dc_subject"), '_') == nullptr )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gft/ogrgftdatasource.cpp:116:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int len = static_cast<int>(strlen(pszGeomColumnName));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gft/ogrgfttablelayer.cpp:452:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int nLen = (int)strlen(pszLine);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlfeatureclass.cpp:56:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n_nNameLen(static_cast<int>(strlen(pszName))),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlfeatureclass.cpp:292:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n_nElementNameLen = static_cast<int>(strlen(pszElementName));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlfeatureclass.cpp:458:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n_nNameLen = static_cast<int>(strlen(m_pszName));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlfeatureclass.cpp:783:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( strlen(poGeomFDefn->GetName()) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlfeatureclass.cpp:787:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                strlen(poGeomFDefn->GetSrcElement()) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlfeatureclass.cpp:812:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(poGeomFDefn->GetName()) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlfeatureclass.cpp:817:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strlen(poGeomFDefn->GetSrcElement()) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlhandler.cpp:1082:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    osFieldName = pszElement + strlen("member|");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlhandler.cpp:1323:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    else if( (!(nLenName == (int)strlen("FeatureCollection") &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlpropertydefn.cpp:51:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    m_nSrcElementLen(pszSrcElement ? strlen(pszSrcElement) : 0),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlpropertydefn.cpp:78:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        m_nSrcElementLen = strlen(pszSrcElement);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlpropertydefn.cpp:185:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                const int nWidth = static_cast<int>(strlen(pszValue));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlreader.cpp:705:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        else if (nElementLength == (int)strlen("BriefRecord") &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlreader.cpp:706:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 nLenLast == strlen("SearchResults") &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlreader.cpp:711:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        else if (nElementLength == (int)strlen("SummaryRecord") &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlreader.cpp:712:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 nLenLast == strlen("SearchResults") &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlreader.cpp:717:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        else if (nElementLength == (int)strlen("Record") &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlreader.cpp:718:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 nLenLast == strlen("SearchResults") &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlreader.cpp:829:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            int nFullLen = nLen + 1 + static_cast<int>(strlen(pszAttrKey));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlreader.cpp:841:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            nFullLen += 1 + static_cast<int>(strlen(pszAttrKey));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlreader.cpp:1039:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    osFieldName = pszElement + strlen("member|");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlreader.cpp:1268:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    else if( VSIFWriteL(pszWholeText, strlen(pszWholeText), 1, fp) != 1 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/gmlutils.cpp:63:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            const int nLen = static_cast<int>(strlen(pszSRSName));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/hugefileresolver.cpp:750:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                          static_cast<int>(strlen(gmlText)),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/hugefileresolver.cpp:892:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                static_cast<int>(strlen(pItem->gmlTagValue->c_str())),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/hugefileresolver.cpp:899:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                static_cast<int>(strlen(pItem->gmlTagValue->c_str())),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/ogrgmldatasource.cpp:66:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        char *pszTmp = static_cast<char *>(CPLMalloc(strlen(pszURL) + 2 + 1));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/ogrgmldatasource.cpp:70:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strcpy(pszTmp + nBeforeNeedle + strlen(";%20"),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/ogrgmldatasource.cpp:71:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
               pszNeedle + strlen("; "));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/ogrgmldatasource.cpp:357:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        osXSDFilename = pszXSDFilenameTmp + strlen(",xsd=");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/ogrgmldatasource.cpp:570:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszSchemaLocation += strlen("schemaLocation=");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/ogrgmldatasource.cpp:695:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             STARTS_WITH_CI(pszOption - 4 + strlen(pszOption), ".gml") )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/ogrgmldatasource.cpp:805:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        osGFSFilename = osGFSFilename.substr(strlen("/vsigzip/"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/ogrgmldatasource.cpp:2734:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszDescription += strlen("<gml:description>");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/ogrgmldatasource.cpp:2784:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszEndBoundedBy[strlen("</gml:boundedBy>")] = '\0';
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/ogrgmldatasource.cpp:2787:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat(pszXML, ">");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/ogrgmllayer.cpp:222:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            int i = static_cast<int>(strlen(pszGML_FID)) - 1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/ogrgmllayer.cpp:234:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                strncpy(pszFIDPrefix, pszGML_FID, i + 1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/ogrgmllayer.cpp:254:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            int nLenPrefix = static_cast<int>(strlen(pszFIDPrefix_notnull));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/ogrgmllayer.cpp:257:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                strlen(pszGML_FID + nLenPrefix) < 20 &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/parsexsd.cpp:467:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                strlen(psIter->pszName)) == 0)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/parsexsd.cpp:640:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                strlen(psIter->pszName)) == 0)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/parsexsd.cpp:1044:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        else if( strlen(pszType) > 4 &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/parsexsd.cpp:1045:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 strcmp(pszType + strlen(pszType) - 4, "Type") == 0 &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/parsexsd.cpp:1046:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 strlen(pszName) > strlen(pszType) - 4 &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/parsexsd.cpp:1046:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 strlen(pszName) > strlen(pszType) - 4 &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/parsexsd.cpp:1047:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 strncmp(pszName + strlen(pszName) - (strlen(pszType) - 4),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/parsexsd.cpp:1047:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 strncmp(pszName + strlen(pszName) - (strlen(pszType) - 4),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/parsexsd.cpp:1049:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                         strlen(pszType) - 4) == 0 )        {
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/parsexsd.cpp:1052:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        else if( !EQUALN(pszType, pszName, strlen(pszName))
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/parsexsd.cpp:1053:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            || !(EQUAL(pszType + strlen(pszName), "_Type") ||
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/parsexsd.cpp:1054:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    EQUAL(pszType + strlen(pszName), "Type") ||
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/parsexsd.cpp:1055:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    EQUAL(pszType + strlen(pszName), "FeatureType")) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/resolvexlinks.cpp:260:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          psChild->psChild->pszValue[strlen(pszURL)] == '#') )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/resolvexlinks.cpp:277:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            size_t nPathLen = strlen(pszURL);  // Used after for.
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gml/resolvexlinks.cpp:294:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                strncpy(pszURLWithoutID, psChild->psChild->pszValue, nURLLen);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlasdatasource.cpp:782:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        CPLExpandTilde(poOpenInfo->pszFilename + strlen(szGMLAS_PREFIX)) :
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlasdatasource.cpp:848:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                size_t nPos2 = osBuffer.find('"', nPos+strlen("timeStamp=\""));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlaslayer.cpp:1250:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    CPLAssert(nPos + strlen(szAT_XLINK_HREF) == osXPath.size());
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlasreader.cpp:317:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            osNewPath.substr(strlen("/vsicurl_streaming/")));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlasreader.cpp:2718:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const size_t nLen = strlen(pszValues);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlasreader.cpp:3022:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            const size_t nOldLength = strlen(psNode->pszValue);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlasschemaanalyzer.cpp:282:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            osPrefix = osNamespaceURI.substr( strlen(szOPENGIS_URL) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlasschemaanalyzer.cpp:284:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            osPrefix = osNamespaceURI.substr( strlen("http://") );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlaswriter.cpp:2218:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                        pszGML + strlen("<gml:Polygon>"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlaswriter.cpp:2230:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                        pszGML + strlen("<gml:LineString>"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlaswriter.cpp:2240:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                        pszGML + strlen("<gml:Point>"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlaswriter.cpp:3101:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszFilename += strlen(szGMLAS_PREFIX);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlasxsdcache.cpp:113:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                strlen("/vsicurl_streaming/") );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlasxsdcache.cpp:115:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        osLaunderedName = osLaunderedName.substr( strlen("http://") );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlasxsdcache.cpp:117:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        osLaunderedName = osLaunderedName.substr( strlen("https://") );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlasxsdcache.cpp:136:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nWindowsMaxFilenameSize - strlen(".tmp") -  2 * CPL_SHA256_HASH_SIZE) ?
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlasxsdcache.cpp:141:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    CPLAssert( nMaxFilenameSize >= strlen(".tmp") );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlasxsdcache.cpp:142:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( osLaunderedName.size() >= nMaxFilenameSize - strlen(".tmp") )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gmlas/ogrgmlasxsdcache.cpp:147:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        osLaunderedName.resize(nMaxFilenameSize - strlen(".tmp") -  2 * CPL_SHA256_HASH_SIZE);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:468:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ( pszAuthorityName == nullptr || strlen(pszAuthorityName) == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:477:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if ( pszAuthorityCode != nullptr && strlen(pszAuthorityCode) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:494:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ( pszAuthorityName != nullptr && strlen(pszAuthorityName) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:960:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        else if ( nCount == 4 && strlen(papszTokens[1]) == 1 &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:1040:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                        strlen("CREATE VIRTUAL TABLE ");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:5544:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const char *pszLayerName = osSQLCommand.c_str() + strlen("DELLAYER:");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:5562:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const char *pszLayerName = osSQLCommand.c_str() + strlen("RECOMPUTE EXTENT ON ");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:5583:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const char *pszLayerName = osSQLCommand.c_str() + strlen("DROP TABLE ");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagedatasource.cpp:5744:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                       strlen(apszFuncsWithSideEffects[i])) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagetablelayer.cpp:269:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    int nValLengthBytes = (int)strlen(pszVal);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagetablelayer.cpp:278:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        nValLengthBytes = (int)strlen(pszVal);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagetablelayer.cpp:295:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            nValLengthBytes = (int)strlen(pszVal);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpkg/ogrgeopackagetablelayer.cpp:3755:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             (pszDefault[0] == '(' && pszDefault[strlen(pszDefault)-1] == ')' &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpx/ogrgpxdatasource.cpp:116:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    VSIFWriteL(szMetadata, 1, strlen(szMetadata), fpOutput);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpx/ogrgpxlayer.cpp:485:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = (int)strlen(pszStr);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpx/ogrgpxlayer.cpp:1159:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strncmp(pszName, pszExtensionsNS, strlen(pszExtensionsNS)) == 0 &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpx/ogrgpxlayer.cpp:1160:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszName[strlen(pszExtensionsNS)] == '_')
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpx/ogrgpxlayer.cpp:1162:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszName += strlen(pszExtensionsNS) + 1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpx/ogrgpxlayer.cpp:1336:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    if (pszRaw[0] == '<' && pszRaw[strlen(pszRaw) - 1] == '>')
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gpx/ogrgpxlayer.cpp:1347:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            STARTS_WITH(pszRaw + strlen(pszRaw) - 4, "&gt;"))
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/grass/ogrgrassdatasource.cpp:268:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ( !path || strlen(path) == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/grass/ogrgrassdatasource.cpp:276:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ( strlen(p+1) == 0 ) /* repeated '/' */
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gtm/gtm.cpp:334:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const size_t nLen = strlen("/vsigzip/") + strlen(pszFilename) + 1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gtm/gtm.cpp:334:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const size_t nLen = strlen("/vsigzip/") + strlen(pszFilename) + 1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gtm/gtmtracklayer.cpp:151:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t trackNameLength = strlen(psztrackname);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gtm/gtmwaypointlayer.cpp:126:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                strncpy (psNameField, poFeature->GetFieldAsString( i ), 10);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gtm/gtmwaypointlayer.cpp:177:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t commentLength = strlen(pszcomment);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gtm/ogrgtmdatasource.cpp:275:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t layerNameSize = strlen(pszBaseFileName) + sizeof("_waypoints");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gtm/ogrgtmdatasource.cpp:291:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    layerNameSize = strlen(pszBaseFileName) + sizeof("_tracks");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gtm/ogrgtmdatasource.cpp:379:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t sizeBuffer = 175 + strlen(pszBaseFileName);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gtm/ogrgtmdatasource.cpp:406:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    appendUShort(pCurrentPos, (unsigned short) strlen(pszBaseFileName));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/gtm/ogrgtmdatasource.cpp:412:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pCurrentPos = ((char*) pBuffer) + 151 + strlen(pszBaseFileName);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/htf/ogrhtflayer.cpp:115:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        else if (bSoundingHeader && strlen(pszLine) > 10 &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/htf/ogrhtflayer.cpp:162:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                static_cast<int>(strlen(pszLine)) ==
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/htf/ogrhtflayer.cpp:358:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            poFeature->SetField(0, pszLine + strlen("POLYGON DESCRIPTION: "));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/htf/ogrhtflayer.cpp:362:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            poFeature->SetField(1, pszLine + strlen("POLYGON IDENTIFIER: "));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/htf/ogrhtflayer.cpp:366:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            const char* pszVal = pszLine + strlen("SEAFLOOR COVERAGE: ");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/htf/ogrhtflayer.cpp:372:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            const char* pszVal = pszLine + strlen("POSITION ACCURACY: ");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/htf/ogrhtflayer.cpp:378:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            const char* pszVal = pszLine + strlen("DEPTH ACCURACY: ");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/idb/ogridbdatasource.cpp:210:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(papszGeomCol[iTable]) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/idrisi/ogridrisilayer.cpp:209:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strncmp(pszLine, szKey, strlen(szKey)) == 0)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/idrisi/ogridrisilayer.cpp:221:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            const char* pszFieldType = pszLine + strlen("data type:");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ili/ili1reader.cpp:672:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(pszLine) == 0) return nullptr;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ili/ili1reader.cpp:684:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    while (strlen(pszLine) && token[0] == codeContinue && token[1] == '\0')
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ili/ogrili1datasource.cpp:89:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(pszNewName) == 0)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ili/ogrili1datasource.cpp:276:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      table = pszLayerName+strlen(topic)+2; //after "__"
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ili/ogrili1layer.cpp:392:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              for(size_t i=0; i<strlen(pszString); i++ ) {
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringresdatasource.cpp:155:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (pszInstance == NULL || strlen(pszInstance) != 2)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringresdatasource.cpp:169:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (pszUsername == NULL || strlen(pszUsername) == 0)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringresdatasource.cpp:176:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (pszPassword == NULL || strlen(pszPassword) == 0)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringresdatasource.cpp:225:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        && strlen(pszEffuser) > 0
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringresdatasource.cpp:227:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        && strlen(pszDBpwd) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringresdatasource.cpp:595:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    CPLAssert( strlen(pszProj4) + strlen(pszWKT) < sizeof(szCommand) - 500 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringresdatasource.cpp:595:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    CPLAssert( strlen(pszProj4) + strlen(pszWKT) < sizeof(szCommand) - 500 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringresdatasource.cpp:652:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if(pszAuthName == NULL || strlen(pszAuthName) == 0)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringresdatasource.cpp:659:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if ( pszAuthorityCode != NULL && strlen(pszAuthorityCode) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringrestablelayer.cpp:364:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nSize += strlen(poFeatureDefn->GetFieldDefn(i)->GetNameRef()) + 4;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringrestablelayer.cpp:375:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(pszFieldList) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringrestablelayer.cpp:380:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            sprintf( pszFieldList+strlen(pszFieldList),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringrestablelayer.cpp:386:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            sprintf( pszFieldList+strlen(pszFieldList),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringrestablelayer.cpp:395:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(pszFieldList) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringrestablelayer.cpp:401:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    CPLAssert( (int) strlen(pszFieldList) < nSize );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ingres/ogringrestablelayer.cpp:1140:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char        *pszCommand = (char *) CPLMalloc(strlen(pszFieldList)+2000);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/jml/ogrjmllayer.cpp:227:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                AddStringToElementValue(ppszAttr[1], (int)strlen(ppszAttr[1]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/jml/ogrjmllayer.cpp:238:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        AddStringToElementValue(pszName, (int)strlen(pszName));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/jml/ogrjmllayer.cpp:244:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            AddStringToElementValue(papszIter[0], (int)strlen(papszIter[0]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/jml/ogrjmllayer.cpp:246:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            AddStringToElementValue(papszIter[1], (int)strlen(papszIter[1]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/jml/ogrjmllayer.cpp:304:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        AddStringToElementValue(pszName, static_cast<int>(strlen(pszName)));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/jml/ogrjmllayer.cpp:580:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                strlen("http://www.opengis.net/gml/srs/epsg.xml#")).c_str()));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/ogr2kmlgeometry.cpp:189:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    _GrowBuffer( *pnLength + strlen(pszTextToAppend) + 1,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/ogr2kmlgeometry.cpp:193:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    *pnLength += strlen( *ppszText + *pnLength );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/ogr2kmlgeometry.cpp:208:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    *pnLength += strlen(*ppszText + *pnLength);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/ogr2kmlgeometry.cpp:212:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    *pnLength += strlen(*ppszText + *pnLength);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/ogr2kmlgeometry.cpp:221:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        _GrowBuffer( *pnLength + strlen(szCoordinate)+1,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/ogr2kmlgeometry.cpp:225:13:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
            strcat( *ppszText + *pnLength, " " );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/ogr2kmlgeometry.cpp:228:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        *pnLength += strlen(*ppszText + *pnLength);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/ogr2kmlgeometry.cpp:233:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    *pnLength += strlen(*ppszText + *pnLength);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/ogr2kmlgeometry.cpp:257:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            *pnLength += strlen( *ppszText + *pnLength );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/ogr2kmlgeometry.cpp:265:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            _GrowBuffer( *pnLength + strlen(szCoordinate) + 60,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/ogr2kmlgeometry.cpp:272:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            *pnLength += strlen( *ppszText + *pnLength );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/ogr2kmlgeometry.cpp:289:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            _GrowBuffer( *pnLength + strlen(szCoordinate) + 70,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/ogr2kmlgeometry.cpp:298:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            _GrowBuffer( *pnLength + strlen(szCoordinate)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/ogr2kmlgeometry.cpp:299:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                         + strlen(szAltitudeMode) + 70,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/ogr2kmlgeometry.cpp:307:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        *pnLength += strlen( *ppszText + *pnLength );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/ogr2kmlgeometry.cpp:514:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (nullptr != pszAltitudeMode && strlen(pszAltitudeMode) < 128 - (29 + 1))
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/kml/ogrkmldatasource.cpp:310:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( (nullptr != pszAltitudeMode_) && strlen(pszAltitudeMode_) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmldatasource.cpp:157:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nPos += strlen("<coordinates>");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmldatasource.cpp:171:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                         nPosEnd + strlen("</coordinates>") -
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmldatasource.cpp:174:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            nPos = nPosAfterCoordinates + strlen("</coordinates>");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmldatasource.cpp:200:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        oKml = oKml.substr(0, nPos) + ">" + oKml.substr(nPos + strlen(">\n"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmldatasource.cpp:210:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                oKml.substr(nPos + osSpaces.size() + strlen("</>") +
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmldatasource.cpp:1557:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszPhoneNumber += strlen("tel:");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmlfeature.cpp:145:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        osRet.substr(nPos + strlen("$[level]"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmlfeature.cpp:150:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        osRet.substr(nPos + strlen("$[x]"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmlfeature.cpp:155:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        osRet.substr(nPos + strlen("$[y]"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmlfeature.cpp:722:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        pszInitFrom += strlen("<init_from>");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmlfeaturestyle.cpp:217:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                static_cast<int>(strlen( poOgrDS->GetStylePath() ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmlstyle.cpp:1093:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(pszStyleName) > strlen("_normal") &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmlstyle.cpp:1093:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(pszStyleName) > strlen("_normal") &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmlstyle.cpp:1094:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            EQUAL(pszStyleName + strlen(pszStyleName) -
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmlstyle.cpp:1095:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  strlen("_normal"), "_normal") )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmlstyle.cpp:1098:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            osName.resize(strlen(pszStyleName) - strlen("_normal"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmlstyle.cpp:1098:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            osName.resize(strlen(pszStyleName) - strlen("_normal"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmlstyle.cpp:1101:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        else if( strlen(pszStyleName) > strlen("_highlight") &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmlstyle.cpp:1101:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        else if( strlen(pszStyleName) > strlen("_highlight") &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmlstyle.cpp:1102:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 EQUAL(pszStyleName + strlen(pszStyleName) -
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmlstyle.cpp:1103:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                       strlen("_highlight"), "_highlight") )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmlstyle.cpp:1106:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            osName.resize(strlen(pszStyleName) - strlen("_highlight"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/libkml/ogrlibkmlstyle.cpp:1106:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            osName.resize(strlen(pszStyleName) - strlen("_highlight"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_bounds.cpp:1098:9:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
        strcpy(szPreviousMitabBoundsFile, "");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_bounds.cpp:1234:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strlen(pszLine) < 10 || STARTS_WITH_CI(pszLine, "#"))
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:742:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(psFieldDef->szName, pszName, sizeof(psFieldDef->szName) - 1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:1260:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(m_pasFieldDef[iField].szName, poNewFieldDefn->GetNameRef(),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:1368:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                strncpy(pabyNewField,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:1394:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                strncpy(pabyNewField,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:1400:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                strncpy(pabyNewField,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:1406:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                strncpy(pabyNewField,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:1412:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                strncpy(pabyNewField,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:1564:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int nLen = static_cast<int>(strlen(m_szBuffer)) - 1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:1995:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const int nLen = std::min(static_cast<int>(strlen(pszStr)), nWidth);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2169:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(pszValue) == 8)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2180:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    else if (strlen(pszValue) == 10 &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2184:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             (strlen(papszTok[0]) == 4 || strlen(papszTok[2]) == 4) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2184:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             (strlen(papszTok[0]) == 4 || strlen(papszTok[2]) == 4) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2187:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(papszTok[0]) == 4)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2200:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    else if (strlen(pszValue) == 0)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2278:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(pszValue) == 8)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2290:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    else if (strlen(pszValue) == 9)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2295:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(szBuf, pszValue, HHLength);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2300:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(szBuf, pszValue + HHLength, MMLength);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2305:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(szBuf, pszValue + HHLength + MMLength, SSLength);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2310:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(szBuf, pszValue + HHLength + MMLength + SSLength, mmmLength);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2314:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    else if (strlen(pszValue) == 0)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2403:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(pszValue) == 17)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2422:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    else if (strlen(pszValue) == 19 &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2426:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             (strlen(papszTok[0]) == 4 || strlen(papszTok[2]) == 4) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2426:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             (strlen(papszTok[0]) == 4 || strlen(papszTok[2]) == 4) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2429:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if(strlen(papszTok[0]) == 4)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2450:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    else if (strlen(pszValue) == 0)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_datfile.cpp:2534:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (static_cast<int>(strlen(pszVal)) > nWidth)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature.cpp:5810:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        m_dWidth = 0.6 * m_dHeight * strlen(m_pszString);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature.cpp:6158:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int nStringLen = static_cast<int>(strlen(GetTextString()));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature.cpp:6245:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pszTextString = static_cast<char*>(CPLMalloc((strlen(pszTmpTextString)+1)*sizeof(char)));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature.cpp:8334:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(szPattern) != 0)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature.cpp:8695:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(pszBrushColor) == 8 &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature.cpp:8703:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( strlen(pszBrushColor) > 6 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature.cpp:8723:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(pszBrushColor) == 8 &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature.cpp:8736:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(pszBrushColor) > 6 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature.cpp:8794:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy( m_sFontDef.szFontName, pszName, sizeof(m_sFontDef.szFontName)-1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:73:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char *pszToken = static_cast<char *>(CPLMalloc(strlen(pszLine)+1));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:74:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int nDelimLen = static_cast<int>(strlen(pszDelim));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:92:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            iChar += static_cast<int>(strlen(pszDelim)) - 1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:168:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if (strlen(papszToken[i]) == 9)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:178:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if (strlen(papszToken[i]) == 8)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_feature_mif.cpp:187:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if (strlen(papszToken[i]) == 17)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_idfile.cpp:142:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const int nLen = static_cast<int>(strlen(m_pszFname));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_imapinfofile.cpp:130:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nLen = static_cast<int>(strlen(pszFname));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_imapinfofile.cpp:514:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if(pszCharset && strlen(pszCharset) > 0)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_imapinfofile.cpp:628:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen( pszEncoding ) == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_indfile.cpp:140:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const int nLen = static_cast<int>(strlen(m_pszFname));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_miffile.cpp:172:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nFnameLen = static_cast<int>(strlen(m_pszFname));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_miffile.cpp:626:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen( GetEncoding() ) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_miffile.cpp:1003:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen( GetEncoding() ) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_miffile.cpp:1413:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
       if (strlen(poTextFeature->GetTextString()) == 0)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_miffile.cpp:1682:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(szNewFieldName, pszName, sizeof(szNewFieldName)-1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_ogr_datasource.cpp:115:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(CPLGetExtension(pszName)) == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_rawbinblock.cpp:919:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nLen = static_cast<int>(strlen(pszString));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_rawbinblock.cpp:1149:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(m_szName, pszName, sizeof(m_szName));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_spatialref.cpp:1209:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    else if( strlen(psDatumInfo->pszOGCDatumName) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_tabfile.cpp:221:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nFnameLen = static_cast<int>(strlen(m_pszFname));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_tabfile.cpp:746:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    if( strlen( GetEncoding() ) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_tabfile.cpp:1037:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if( strlen( GetEncoding() ) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_tabfile.cpp:1968:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(szNewFieldName, pszName, sizeof(szNewFieldName)-1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_tabseamless.cpp:237:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nFnameLen = static_cast<int>(strlen(m_pszPath));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_tabview.cpp:243:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nFnameLen = static_cast<int>(strlen(pszPath));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_tabview.cpp:362:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nFnameLen = static_cast<int>(strlen(pszPath));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_tabview.cpp:490:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            int nLen = static_cast<int>(strlen(papszTok[2]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_tabview.cpp:690:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        m_pszFname[strlen(m_pszFname)-4] = '\0';
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_tabview.cpp:695:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        snprintf(pszFile, strlen(pszFile)+1, "%s2.id", m_pszFname);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_tabview.cpp:1451:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t nLen = strlen(m_pszMainFieldName) + 1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_utils.cpp:143:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const int nTotalLen = static_cast<int>(strlen(pszTmpPath));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_utils.cpp:170:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    while(bValidPath && static_cast<int>(strlen(pszTmpPath)) < nTotalLen)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_utils.cpp:207:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(pszTmpPath+iTmpPtr, pszFname+iTmpPtr, nTotalLen-iTmpPtr);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_utils.cpp:243:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for( int i = static_cast<int>(strlen(pszFname)) - 1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_utils.cpp:256:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for( int i = static_cast<int>(strlen(pszFname))-1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_utils.cpp:284:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const char *pszTmp = pszFname + strlen(pszFname) - 1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_utils.cpp:294:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for( int i = static_cast<int>(strlen(pszBasename))-1; i >= 0; i-- )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_utils.cpp:372:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            CPLMalloc(sizeof(char) * (strlen(pszString) +1)));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_utils.cpp:431:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                                        (strlen(pszString) +1)));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mitab/mitab_utils.cpp:471:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(pszNewName) > 31)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mongodb/ogrmongodbdriver.cpp:1667:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            size_t j = osJSon.find("\" }", i+strlen("{ \"$date\" : { \"$numberLong\" : \"-"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mongodb/ogrmongodbdriver.cpp:1670:66:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            GIntBig negNumber = CPLAtoGIntBig(osJSon.c_str() + i+strlen("{ \"$date\" : { \"$numberLong\" : \"-")-1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mongodb/ogrmongodbdriver.cpp:1671:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            osJSon = osJSon.substr(0, i+strlen("{ \"$date\" : ")) +
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mongodb/ogrmongodbdriver.cpp:1673:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                     osJSon.substr(j+strlen("\" }"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mongodb/ogrmongodbdriver.cpp:2686:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const char* pszLayerName = pszSQLCommand + strlen("WRITE_OGR_METADATA ");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mongodbv3/ogrmongodbv3driver.cpp:916:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        ret = ret.substr(strlen("{ \"v\" : "), ret.size() - strlen("{ \"v\" : ") - 2);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mongodbv3/ogrmongodbv3driver.cpp:916:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        ret = ret.substr(strlen("{ \"v\" : "), ret.size() - strlen("{ \"v\" : ") - 2);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mongodbv3/ogrmongodbv3driver.cpp:2126:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pszURI = poOpenInfo->pszFilename + strlen("mongodbv3:");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mongodbv3/ogrmongodbv3driver.cpp:2486:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const char* pszLayerName = pszSQLCommand + strlen("WRITE_OGR_METADATA ");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialdatasource.cpp:115:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(szVer, pszVer, iLen);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialdatasource.cpp:125:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(szNum, pszVer, iLen);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialdatasource.cpp:137:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(szNum, pszVer, iLen);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialdatasource.cpp:149:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(szNum, pszVer, iLen);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialdatasource.cpp:161:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(szNum, pszVer, iLen);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialdatasource.cpp:222:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(pszSchemaName, pszLayerName, length);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialdatasource.cpp:283:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ( strlen(pszTableName) == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialdatasource.cpp:351:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(pszSchemaName, pszLayerName, length);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialdatasource.cpp:650:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int nLen = static_cast<int>(strlen(pszKey));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialdatasource.cpp:655:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(*pszValue, pszSource + nStart + nLen, nNext - nStart - nLen);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialdatasource.cpp:696:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nCurrent = nNext = nTerm = static_cast<int>(strlen(pszConnectionName));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialdatasource.cpp:796:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    int len = static_cast<int>(strlen(pszGeomColumnName));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialdatasource.cpp:1060:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(papszGeomColumnNames[iTable]) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialdatasource.cpp:1397:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszAuthorityName == nullptr || strlen(pszAuthorityName) == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialdatasource.cpp:1408:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if ( pszAuthorityCode != nullptr && strlen(pszAuthorityCode) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatiallayer.cpp:266:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                int nLen = static_cast<int>(strlen(pszDefault));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialtablelayer.cpp:50:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t  iIn, iOut , nTextLen = strlen(pszStrValue);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialtablelayer.cpp:1422:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            (SQLCHAR *) pszDSN, (SQLSMALLINT)strlen(pszDSN),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialtablelayer.cpp:2192:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (oStatement.GetCommand()[strlen(oStatement.GetCommand()) - 1] != ']')
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialtablelayer.cpp:2479:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            SQL_VARCHAR, strlen(pszStrValue) + 1, 0, (SQLPOINTER)pszStrValue,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mssqlspatial/ogrmssqlspatialtablelayer.cpp:2526:27:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            size_t nLen = wcslen(buffer) + 1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/mvt_tile.cpp:75:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            const size_t nSize = strlen(oOther.m_pszValue);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/mvt_tile.cpp:212:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            const size_t nSize = strlen(m_pszValue);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/mvt_tile.cpp:242:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            const size_t nSize = strlen(m_pszValue);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/mvt_tile.cpp:311:25:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
bool MVTTileLayerValue::read(const GByte** ppabyData, const GByte* pabyDataLimit)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/mvt_tile.cpp:503:27:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
bool MVTTileLayerFeature::read(const GByte** ppabyData,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/mvt_tile.cpp:713:20:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
bool MVTTileLayer::read(const GByte** ppabyData, const GByte* pabyDataLimit)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/mvt_tile.cpp:739:33:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                if( !poFeature->read(&pabyData, pabyDataFeatureEnd) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/mvt_tile.cpp:757:29:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                if( !oValue.read(&pabyData, pabyDataValueEnd) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/mvt_tile.cpp:792:20:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
bool MVTTileLayer::read(const GByte* pabyData, const GByte* pabyEnd)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/mvt_tile.cpp:794:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    return read(&pabyData, pabyEnd);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/mvt_tile.cpp:884:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
bool MVTTile::read(const GByte** ppabyData, const GByte* pabyDataLimit)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/mvt_tile.cpp:901:31:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                if( !poLayer->read(&pabyData, pabyDataLimitLayer) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/mvt_tile.cpp:923:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
bool MVTTile::read(const GByte* pabyData, const GByte* pabyEnd)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/mvt_tile.cpp:925:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    return read(&pabyData, pabyEnd);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/mvt_tile.h:180:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        bool read(const GByte** ppabyData, const GByte* pabyEnd);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/mvt_tile.h:250:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        bool read(const GByte** ppabyData, const GByte* pabyEnd);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/mvt_tile.h:320:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        bool read(const GByte** ppabyData, const GByte* pabyEnd);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/mvt_tile.h:321:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        bool read(const GByte* pabyData, const GByte* pabyEnd);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/mvt_tile.h:349:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        bool read(const GByte** ppabyData, const GByte* pabyEnd);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/mvt_tile.h:350:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        bool read(const GByte* pabyData, const GByte* pabyEnd);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/mvt_tile_test.cpp:191:39:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        bool bRet = oTileDeserialized.read(pabyBuffer, pabyBuffer + nSize);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/ogrmvtdataset.cpp:2859:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        osFilename = poOpenInfo->pszFilename + strlen("MVT:");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/ogrmvtdataset.cpp:2863:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            osFilename = osFilename.substr(strlen("/vsigzip/"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/ogrmvtdataset.cpp:2968:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            osMetadataFile = osMetadataFile.substr(strlen("/vsigzip/"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/ogrmvtdataset.cpp:4810:23:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        oSrcTileLayer.read(pabyUncompressed,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mvt/ogrmvtdataset.cpp:6000:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        osTempDBDefault = CPLString(pszFilename + strlen("/vsizip/")) + ".temp.db";
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqldatasource.cpp:545:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pszAuthorityCode != nullptr && strlen(pszAuthorityCode) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqldatasource.cpp:584:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszAuthorityName == nullptr || strlen(pszAuthorityName) == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqldatasource.cpp:595:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if ( pszAuthorityCode != nullptr && strlen(pszAuthorityCode) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqltablelayer.cpp:145:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int nLenType = (int)strlen(pszType);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqltablelayer.cpp:452:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t nWHERELen = 500 + ((pszQuery) ? strlen(pszQuery) : 0);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqltablelayer.cpp:492:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(pszWHERE) == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqltablelayer.cpp:495:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            snprintf( pszWHERE+strlen(pszWHERE),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqltablelayer.cpp:496:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                      nWHERELen - strlen(pszWHERE), "&& (%s) ", pszQuery );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqltablelayer.cpp:516:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        CPLMalloc(strlen(pszFields)+strlen(pszWHERE)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqltablelayer.cpp:516:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        CPLMalloc(strlen(pszFields)+strlen(pszWHERE)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqltablelayer.cpp:517:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  +strlen(poFeatureDefn->GetName()) + 40);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqltablelayer.cpp:519:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              strlen(pszFields)+strlen(pszWHERE)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqltablelayer.cpp:519:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              strlen(pszFields)+strlen(pszWHERE)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqltablelayer.cpp:520:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  +strlen(poFeatureDefn->GetName()) + 40,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqltablelayer.cpp:551:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nSize += strlen(pszGeomColumn);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqltablelayer.cpp:554:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nSize += strlen(pszFIDColumn);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqltablelayer.cpp:557:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nSize += strlen(poFeatureDefn->GetFieldDefn(i)->GetNameRef()) + 6;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqltablelayer.cpp:567:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(pszFieldList) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqltablelayer.cpp:575:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        snprintf( pszFieldList+strlen(pszFieldList), nSize-strlen(pszFieldList),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqltablelayer.cpp:575:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        snprintf( pszFieldList+strlen(pszFieldList), nSize-strlen(pszFieldList),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqltablelayer.cpp:583:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(pszFieldList) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqltablelayer.cpp:586:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat( pszFieldList, "`");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqltablelayer.cpp:588:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat( pszFieldList, "`");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqltablelayer.cpp:591:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    CPLAssert( strlen(pszFieldList) < nSize );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/mysql/ogrmysqltablelayer.cpp:608:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszQueryIn == nullptr || strlen(pszQueryIn) == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/nas/nashandler.cpp:210:9:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
        strcpy( m_pszGeometry+m_nGeomLen, "<" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/nas/nashandler.cpp:215:13:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
            strcat( m_pszGeometry+m_nGeomLen, " " );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/nas/nashandler.cpp:219:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat( m_pszGeometry+m_nGeomLen, ">" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/nas/nashandler.cpp:220:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        m_nGeomLen += static_cast<int>(strlen(m_pszGeometry+m_nGeomLen));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/nas/nashandler.cpp:603:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat( m_pszGeometry+m_nGeomLen+nLNLen+2, ">" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/nas/nashandler.cpp:604:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        m_nGeomLen += static_cast<int>(strlen(m_pszGeometry+m_nGeomLen));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/nas/nashandler.cpp:736:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const int nCurFieldLength = static_cast<int>(strlen(m_pszCurField));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/nas/nashandler.cpp:788:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        m_nGeomLen += static_cast<int>(strlen(m_pszGeometry+m_nGeomLen));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/nas/nasreader.cpp:381:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const int nLen = static_cast<int>(strlen(pszLast));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/nas/nasreader.cpp:575:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                    static_cast<int>(strlen(pszElement)));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/nas/nasreader.cpp:795:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    else if( VSIFWriteL(pszWholeText, strlen(pszWholeText), 1, fp) != 1 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/nas/nasreader.cpp:799:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( VSIFWriteL( pszWholeText, strlen(pszWholeText), 1, fp ) != 1 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/nas/ogrnasdatasource.cpp:240:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                const int nTLen = static_cast<int>(strlen(pszTarget));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/nas/ogrnasrelationlayer.cpp:112:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const char *pszType = pszFromID + strlen(pszFromID) + 1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/nas/ogrnasrelationlayer.cpp:113:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const char *pszToID = pszType + strlen(pszType) + 1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/nas/ogrnasrelationlayer.cpp:186:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strlen(pszFromID) + strlen(pszType) + strlen(pszToID) + 3;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/nas/ogrnasrelationlayer.cpp:186:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strlen(pszFromID) + strlen(pszType) + strlen(pszToID) + 3;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/nas/ogrnasrelationlayer.cpp:186:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strlen(pszFromID) + strlen(pszType) + strlen(pszToID) + 3;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/nas/ogrnasrelationlayer.cpp:190:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    strcpy( pszMerged + strlen(pszFromID) + 1, pszType );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/nas/ogrnasrelationlayer.cpp:191:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    strcpy( pszMerged + strlen(pszFromID) + strlen(pszType) + 2, pszToID );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/nas/ogrnasrelationlayer.cpp:191:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    strcpy( pszMerged + strlen(pszFromID) + strlen(pszType) + 2, pszToID );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ngw/gdalngwdataset.cpp:938:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        CPLString osLayerName = osStatement.substr(strlen("DELLAYER:"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ngw/gdalngwdataset.cpp:964:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        CPLString osLayerName = osStatement.substr(strlen("DELETE FROM "));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ngw/gdalngwdataset.cpp:989:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        CPLString osLayerName = osStatement.substr(strlen("DROP TABLE "));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ngw/ngw_api.cpp:178:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    std::string osResourceId = CPLString(osUrlInt.substr(nFound + strlen("/resource/"))).Trim();
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ngw/ogrngwlayer.cpp:1689:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        osWhere = pszQuery + strlen("NGW:");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_estlayers.cpp:1749:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    const size_t nFormatLen = strlen(pszFormat);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntf_generic.cpp:213:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                                 static_cast<int>(strlen(papszValues[iAtt])) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:371:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            for( int iChar = static_cast<int>(strlen(pszProduct))-1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:376:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            for( int iChar = static_cast<int>(strlen(pszPVName))-1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:409:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( STARTS_WITH_CI(pszProduct, "LAND-LINE") && strlen(pszPVName) > 5 &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:471:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t nTileNameLen = strlen(pszTileName);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntffilereader.cpp:1077:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            const int nWidth = static_cast<int>(strlen(pszRawValue));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntfrecord.cpp:122:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy( szType, pszData, 2 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ntfrecord.cpp:254:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy( pszFieldBuf, pszData + nStart - 1, nSize );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ogrntfdatasource.cpp:229:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( strlen(candidateFileList[i]) > 4
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ogrntfdatasource.cpp:230:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              && STARTS_WITH_CI(candidateFileList[i] + strlen(candidateFileList[i])-4, ".ntf") )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ntf/ogrntfdatasource.cpp:535:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy( szCandidateName, poNewReader->GetTileName(),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocidatasource.cpp:149:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        for( i = static_cast<int>(strlen(pszUserid))-1; i > 1; i-- )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocidatasource.cpp:332:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(poLayer->GetFIDColumn()) == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocidatasource.cpp:345:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(poLayer->GetGeometryColumn()) != 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocidatasource.cpp:864:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        && papszResult[2] != nullptr && strlen(papszResult[1]) != 0
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrociloaderlayer.cpp:339:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nLineLen += static_cast<int>(strlen(pszStrValue));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrociloaderlayer.cpp:346:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                && (int) strlen(pszStrValue) > poFldDefn->GetWidth() )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrociloaderlayer.cpp:356:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            int nLength = static_cast<int>(strlen(pszStrValue));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrociloaderlayer.cpp:464:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                && (int) strlen(pszStrValue) > poFldDefn->GetWidth() )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrociloaderlayer.cpp:477:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            int nLength = static_cast<int>(strlen(pszStrValue));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrociloaderlayer.cpp:497:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t  nStringLen = strlen(oLine.GetString());
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrociloaderlayer.cpp:671:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    sDimUpdate.Appendf( static_cast<int>(strlen(poFeatureDefn->GetName()) + 100),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocisession.cpp:178:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                static_cast<int>(strlen((char*) pszDatabaseIn)), 0) ) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocisession.cpp:200:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                (dvoid *) pszUseridIn, (ub4) strlen((char *) pszUseridIn),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocisession.cpp:207:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                (dvoid *) pszPasswordIn, (ub4) strlen((char *) pszPasswordIn),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocisession.cpp:252:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                       (text *) SDO_GEOMETRY, (ub4) strlen(SDO_GEOMETRY),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocisession.cpp:446:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy( szTermColName, pszColName, nColLen );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocisession.cpp:558:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(pszName) > nMaxNameLength )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocisession.cpp:587:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                       (text *) pszType, (ub4) strlen(pszType),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocistatement.cpp:142:77:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        (text *) pszSQLStatement, static_cast<unsigned int>(strlen(pszSQLStatement)),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocistatement.cpp:163:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                           (text *) pszPlaceName, (sb4) strlen(pszPlaceName),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocistatement.cpp:193:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                           (text *) pszPlaceName, (sb4) strlen(pszPlaceName),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocistatement.cpp:214:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        static_cast<int>(strlen(pszData)) + 1, SQLT_STR , paeInd);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocistringbuf.cpp:80:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int  nNewLen = static_cast<int>(strlen(pszNewText));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocistringbuf.cpp:119:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nLen += static_cast<int>(strlen(pszString+nLen));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:167:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        osOwner.assign( pszTable, strlen(pszTable)-osTableName.size() - 1 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:347:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszGeomName != nullptr && strlen(pszGeomName) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:671:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    oCmd.Appendf( static_cast<int>(50+strlen(pszFIDName)),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:926:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    oCmdText.Appendf( static_cast<int>(strlen(poFeatureDefn->GetName())+strlen(pszFIDName)+100),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:926:73:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    oCmdText.Appendf( static_cast<int>(strlen(poFeatureDefn->GetName())+strlen(pszFIDName)+100),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:1044:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        snprintf( pszCommand + strlen(pszCommand),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:1045:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  nCommandBufSize - strlen(pszCommand), "%s",
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:1051:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    CPLAssert( strlen(pszCommand) < nCommandBufSize );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:1096:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(pszCommand) + strlen(szSDO_GEOMETRY)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:1096:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(pszCommand) + strlen(szSDO_GEOMETRY)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:1100:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
               strlen(pszCommand) + strlen(szSDO_GEOMETRY) + 10000;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:1100:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
               strlen(pszCommand) + strlen(szSDO_GEOMETRY) + 10000;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:1110:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t nOffset = strlen(pszCommand);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:1120:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nOffset += strlen(pszCommand+nOffset);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:1151:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(pszStrValue) + strlen(pszCommand+nOffset) + nOffset
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:1151:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(pszStrValue) + strlen(pszCommand+nOffset) + nOffset
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:1154:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            nCommandBufSize = strlen(pszCommand) + strlen(pszStrValue) + 10000;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:1154:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            nCommandBufSize = strlen(pszCommand) + strlen(pszStrValue) + 10000;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:1163:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                && (int) strlen(pszStrValue) > poFldDefn->GetWidth() )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:1176:13:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
            strcat( pszCommand+nOffset, "'" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:1178:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            nOffset += strlen(pszCommand+nOffset);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:1199:13:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
            strcat( pszCommand+nOffset, "'" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:1201:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nOffset += strlen(pszCommand+nOffset);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:1204:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
    strcat( pszCommand+nOffset, ")" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:1651:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        sDimUpdate.Appendf(static_cast<int>(strlen(poFeatureDefn->GetName()) + 100),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:1660:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        sDimUpdate.Appendf( static_cast<int>(strlen(poFeatureDefn->GetName()) + 100),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:2107:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            nLen = static_cast<int>(strlen(pszStrValue));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:2112:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy( pszTarget, pszStrValue, nLen );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:2212:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(poFeatureDefn->GetName()) < 15 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrocitablelayer.cpp:2214:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        else if( strlen(poFeatureDefn->GetName()) < 17 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrociwritablelayer.cpp:331:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const int nCommandSize = static_cast<int>(70 + strlen(poFeatureDefn->GetName())
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrociwritablelayer.cpp:332:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                          + strlen(oField.GetNameRef())
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrociwritablelayer.cpp:333:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                          + strlen(szFieldType)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrociwritablelayer.cpp:334:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                          + (oField.GetDefault() ? strlen(oField.GetDefault()) : 0));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrociwritablelayer.cpp:339:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ( strlen(oField.GetNameRef()) > sizeof ( szFieldName ) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrociwritablelayer.cpp:351:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        snprintf( oCommand.GetString() + strlen(oCommand.GetString()),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/oci/ogrociwritablelayer.cpp:352:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  nCommandSize - strlen(oCommand.GetString()),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/odbc/ogrodbcdatasource.cpp:126:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char* pszDSN = (char *) CPLMalloc(strlen(pszNewName)+strlen(pszDSNStringTemplate)+100);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/odbc/ogrodbcdatasource.cpp:126:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char* pszDSN = (char *) CPLMalloc(strlen(pszNewName)+strlen(pszDSNStringTemplate)+100);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/odbc/ogrodbcdatasource.cpp:129:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              strlen(pszNewName)+strlen(pszDSNStringTemplate)+100,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/odbc/ogrodbcdatasource.cpp:129:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              strlen(pszNewName)+strlen(pszDSNStringTemplate)+100,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/odbc/ogrodbcdatasource.cpp:145:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pszDSN = (char *) CPLMalloc(strlen(pszNewName)+strlen(pszDSNStringTemplate)+100);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/odbc/ogrodbcdatasource.cpp:145:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pszDSN = (char *) CPLMalloc(strlen(pszNewName)+strlen(pszDSNStringTemplate)+100);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/odbc/ogrodbcdatasource.cpp:147:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                      strlen(pszNewName)+strlen(pszDSNStringTemplate)+100,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/odbc/ogrodbcdatasource.cpp:147:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                      strlen(pszNewName)+strlen(pszDSNStringTemplate)+100,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/odbc/ogrodbcdatasource.cpp:228:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if( pszSchema != nullptr && strlen(pszSchema) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/odbc/ogrodbcdatasource.cpp:446:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if( pszSchema != nullptr && strlen(pszSchema) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/odbc/ogrodbcdatasource.cpp:469:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(papszGeomCol[iTable]) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ods/ods_formula.cpp:127:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        char *token = static_cast<char *>( CPLMalloc(strlen(pszInput)+1) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ods/ods_formula_parser.cpp:889:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#   define yystrlen strlen
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ods/ogrodsdatasource.cpp:509:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(pszValue) == 4 + 1 + 2 + 1 + 2)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/ods/ogrodsdatasource.cpp:1845:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strlen("application/vnd.oasis.opendocument.spreadsheet")) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/filegdbindex.cpp:947:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                strncpy(szUUID, psValue->String, UUID_LEN_AS_STRING);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/filegdbindex.cpp:950:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    strlen(psValue->String) !=
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/filegdbindex.cpp:1686:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                strlen(pszOut) > static_cast<size_t>(MAX_UTF8_LEN_STR),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/ogropenfilegdbdatasource.cpp:108:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(pszFilenameWithoutPath) == strlen("a00000000.gdbtable") &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/ogropenfilegdbdatasource.cpp:108:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(pszFilenameWithoutPath) == strlen("a00000000.gdbtable") &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/ogropenfilegdbdatasource.cpp:877:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            GetLayerByName(pszSQLCommand + strlen("GetLayerDefinition ")) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/ogropenfilegdbdatasource.cpp:894:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            GetLayerByName(pszSQLCommand + strlen("GetLayerMetadata ")) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/ogropenfilegdbdatasource.cpp:911:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            GetLayerByName(pszSQLCommand + strlen("GetLayerAttrIndexUse ")) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/ogropenfilegdbdatasource.cpp:930:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                           strlen("GetLayerSpatialIndexState ")) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/ogropenfilegdbdatasource.cpp:1217:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(pszFilenameWithoutPath) == strlen("a00000000.gdbtable") &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/ogropenfilegdbdatasource.cpp:1217:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(pszFilenameWithoutPath) == strlen("a00000000.gdbtable") &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/ogropenfilegdbdriver.cpp:50:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    (strLen >= strlen(end) && EQUAL(str + strLen - strlen(end), end))
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/ogropenfilegdbdriver.cpp:50:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    (strLen >= strlen(end) && EQUAL(str + strLen - strlen(end), end))
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/ogropenfilegdbdriver.cpp:65:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t nLen = strlen(pszFilename);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/ogropenfilegdbdriver.cpp:106:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    else if( strlen(CPLGetBasename(pszFilename)) == 9 &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/openfilegdb/ogropenfilegdbdriver.cpp:114:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    else if( strlen(CPLGetBasename(CPLGetBasename(pszFilename))) == 9 &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/gpb.h:509:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t nTextSize = strlen(pszText);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/gpb.h:525:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t nTextSize = strlen(pszText);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:1488:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            int nLenV = static_cast<int>(strlen(pszV)) + 1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:2150:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                const int nLenV = static_cast<int>(strlen(pszV)) + 1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:3280:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int nLen = static_cast<int>(strlen(szTmp));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:3315:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nLen = static_cast<int>(strlen(szTmp));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:3467:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if(pszLine[0] == '[' && pszLine[strlen(pszLine)-1] == ']' )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:3475:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            ((char*)pszLine)[strlen(pszLine)-1] = '\0'; /* Evil but OK */
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:3496:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    pszLine + strlen("closed_ways_are_polygons="), ",", 0);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:3501:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                const int nTokenSize = static_cast<int>(strlen(papszTokens2[i]));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:3513:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( strcmp(pszLine + strlen("report_all_nodes="), "no") == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:3517:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            else if( strcmp(pszLine + strlen("report_all_nodes="), "yes") == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:3525:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( strcmp(pszLine + strlen("report_all_ways="), "no") == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:3529:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            else if( strcmp(pszLine + strlen("report_all_ways="), "yes") == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:3537:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( strcmp(pszLine + strlen("attribute_name_laundering="), "no") == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:3541:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            else if( strcmp(pszLine + strlen("attribute_name_laundering="), "yes") == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:3677:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                     strlen(papszTokens[0]) >= 5 &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:3678:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                     strcmp(papszTokens[0] + strlen(papszTokens[0]) - 5,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:3682:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                osName.resize(strlen(papszTokens[0]) - 5);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:3729:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                     strlen(papszTokens[0]) >= 4 &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:3730:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                     strcmp(papszTokens[0] + strlen(papszTokens[0]) - 4,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdatasource.cpp:3734:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                osName.resize(strlen(papszTokens[0]) - 4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdriver.cpp:60:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        poOpenInfo->nHeaderBytes - static_cast<int>(strlen("OSMHeader"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmdriver.cpp:64:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    strlen("OSMHeader") ) == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmlayer.cpp:674:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                int nLenK = (int)strlen(pszK);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/ogrosmlayer.cpp:675:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                int nLenV = (int)strlen(pszV);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/osm2osm.cpp:175:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define WRITE_STR(str) VSIFWriteL(str, 1, strlen(str), fp)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/osm_parser.cpp:2092:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int nLen = (int)strlen(pszStr);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/osm_parser.cpp:2653:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const int nLimitI = nRead - static_cast<int>(strlen("OSMHeader"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/osm/osm_parser.cpp:2656:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( memcmp(abyHeader + i, "OSMHeader", strlen("OSMHeader") ) == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pds/ogrpdsdatasource.cpp:131:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pszWrk[strlen(pszWrk)-1] = '\0';
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:184:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(szVer,pszVer,iLen);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:194:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(szNum,pszVer,iLen);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:206:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(szNum,pszVer,iLen);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:218:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(szNum,pszVer,iLen);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:398:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            CPLStrdup( pszActiveSchemaStart + strlen("active_schema=") );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:402:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pszEnd = pszConnectionName + strlen(pszConnectionName);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:405:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memmove( pszActiveSchemaStart, pszEnd, strlen(pszEnd) + 1 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:408:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        strlen("active_schema=")] = '\0';
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:428:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        char *pszSchemas = CPLStrdup( pszSchemasStart + strlen("schemas=") );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:432:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pszEnd = pszConnectionName + strlen(pszConnectionName);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:435:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memmove( pszSchemasStart, pszEnd, strlen(pszEnd) + 1 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:437:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszSchemas[pszEnd - pszSchemasStart - strlen("schemas=")] = '\0';
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:471:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pszEnd = pszConnectionName + strlen(pszConnectionName);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:474:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memmove( pszTableStart, pszEnd, strlen(pszEnd) + 1 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:845:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    int len = static_cast<int>(strlen(pszGeomColumnName));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:962:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            bool bHasM = pszGeomType[strlen(pszGeomType)-1] == 'M';
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:984:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        bHasM = pszGeomType[strlen(pszGeomType)-1] == 'M';
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:1124:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                bHasM = pszGeomType[strlen(pszGeomType)-1] == 'M';
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:1546:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(pszSchemaName, pszLayerName, length);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:2073:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int len = static_cast<int>(strlen(pszGeomColumnName));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:2246:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszAuthorityName == nullptr || strlen(pszAuthorityName) == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgdatasource.cpp:2257:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if ( pszAuthorityCode != nullptr && strlen(pszAuthorityCode) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpglayer.cpp:1360:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                   static_cast<int>(strlen(apszKnownGeomFuncPrefixes[i]))) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpglayer.cpp:1404:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        pszName[ strlen(apszKnownGeomFuncPrefixes[iKnownPrefix]) ] == '_' )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpglayer.cpp:1408:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            strlen(apszKnownGeomFuncPrefixes[iKnownPrefix]) + 1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpglayer.cpp:1622:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    GByte* pabyData = (GByte *) CPLMalloc(strlen(pszBytea)+1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpglayer.cpp:1948:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(szVals,ptr,ptrEndParenthesis - ptr);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpglayer.cpp:2034:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                oField.GetNameRef()[strlen(
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpglayer.cpp:2038:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    strlen(apszKnownGeomFuncPrefixes[iGeomFuncPrefix]) + 1 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgresultlayer.cpp:169:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t nLen = strlen(pszRawStatement) + osWHERE.size() + 40;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgtablelayer.cpp:666:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            bool bHasM = pszType[strlen(pszType)-1] == 'M';
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgtablelayer.cpp:872:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  +strlen(pszSqlTableName) + 40);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgtablelayer.cpp:875:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  +strlen(pszSqlTableName) + 40,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgtablelayer.cpp:1623:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int nSrcLen = static_cast<int>(strlen(pszStrValue));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pg/ogrpgtablelayer.cpp:2876:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t size = osFields.size() +  strlen(pszSqlTableName) + 100;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumpdatasource.cpp:274:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(pszSchemaName, pszLayerName, length);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumplayer.cpp:542:13:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
            strcpy( pszNeedToFree, "{" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumplayer.cpp:546:21:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
                    strcat( pszNeedToFree+nOff, "," );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumplayer.cpp:548:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                nOff += static_cast<int>(strlen(pszNeedToFree+nOff));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumplayer.cpp:551:13:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
            strcat( pszNeedToFree+nOff, "}" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumplayer.cpp:562:13:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
            strcpy( pszNeedToFree, "{" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumplayer.cpp:566:21:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
                    strcat( pszNeedToFree+nOff, "," );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumplayer.cpp:568:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                nOff += static_cast<int>(strlen(pszNeedToFree+nOff));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumplayer.cpp:571:13:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
            strcat( pszNeedToFree+nOff, "}" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumplayer.cpp:585:13:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
            strcpy( pszNeedToFree, "{" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumplayer.cpp:589:21:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
                    strcat( pszNeedToFree+nOff, "," );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumplayer.cpp:591:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                nOff += static_cast<int>(strlen(pszNeedToFree+nOff));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumplayer.cpp:600:13:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
            strcat( pszNeedToFree+nOff, "}" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumplayer.cpp:696:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t size = osFields.size() +  strlen(pszSqlTableName) + 100;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumplayer.cpp:832:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int nSrcLen = static_cast<int>(strlen(pszStrValue));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumplayer.cpp:1006:17:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
                strcat( pszNeedToFree+nOff, "," );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumplayer.cpp:1008:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            nOff += static_cast<int>(strlen(pszNeedToFree+nOff));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumplayer.cpp:1030:17:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
                strcat( pszNeedToFree+nOff, "," );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumplayer.cpp:1032:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            nOff += static_cast<int>(strlen(pszNeedToFree+nOff));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumplayer.cpp:1056:17:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
                strcat( pszNeedToFree+nOff, "," );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumplayer.cpp:1058:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            nOff += static_cast<int>(strlen(pszNeedToFree+nOff));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumplayer.cpp:1473:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nPos + strlen("::character varying") == osDefault.size() )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgdump/ogrpgdumplayer.cpp:1478:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             nPos + strlen("::text") == osDefault.size() )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgeo/ogrpgeodatasource.cpp:127:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszDSN = (char *) CPLMalloc(strlen(pszNewName)+strlen(pszDSNStringTemplate)+100);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgeo/ogrpgeodatasource.cpp:127:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszDSN = (char *) CPLMalloc(strlen(pszNewName)+strlen(pszDSNStringTemplate)+100);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgeo/ogrpgeodatasource.cpp:130:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  strlen(pszNewName)+strlen(pszDSNStringTemplate)+100,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgeo/ogrpgeodatasource.cpp:130:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  strlen(pszNewName)+strlen(pszDSNStringTemplate)+100,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgeo/ogrpgeodatasource.cpp:147:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pszDSN = (char *) CPLMalloc(strlen(pszNewName)+strlen(pszDSNStringTemplate)+100);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgeo/ogrpgeodatasource.cpp:147:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pszDSN = (char *) CPLMalloc(strlen(pszNewName)+strlen(pszDSNStringTemplate)+100);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgeo/ogrpgeodatasource.cpp:149:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                     strlen(pszNewName)+strlen(pszDSNStringTemplate)+100,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgeo/ogrpgeodatasource.cpp:149:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                     strlen(pszNewName)+strlen(pszDSNStringTemplate)+100,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/pgeo/ogrpgeoselectlayer.cpp:58:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            poDSIn->GetLayerByName(pszBaseStatement + strlen("SELECT * FROM "));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/plscenes/ogrplscenesdatav1dataset.cpp:370:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        osURL = "http://" + m_osAPIKey + ":@" + osURL.substr(strlen("http://"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/plscenes/ogrplscenesdatav1dataset.cpp:374:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        osURL = "https://" + m_osAPIKey + ":@" + osURL.substr(strlen("https://"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/plscenes/ogrplscenesdatav1dataset.cpp:630:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            if( strncmp(pszKey, "asset_", strlen("asset_")) == 0 ||
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/plscenes/ogrplscenesdatav1dataset.cpp:689:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            poOpenInfo->pszFilename+strlen("PLScenes:"), ",", TRUE, FALSE );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/plscenes/ogrplscenesdriver.cpp:52:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            poOpenInfo->pszFilename+strlen("PLScenes:"), ",", TRUE, FALSE );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/rec/ll_recio.cpp:68:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(pszLine) < 44 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/rec/ll_recio.cpp:129:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy( szWorkField, pszSrc + nStart - 1, nWidth );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/rec/ll_recio.cpp:132:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int i = static_cast<int>(strlen(szWorkField)) - 1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/rec/ll_recio.cpp:162:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int iSegLen = (int)strlen(pszLine);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/rec/ogrrecdatasource.cpp:92:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( !(strlen(pszFilename) > 4 &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/rec/ogrrecdatasource.cpp:93:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          EQUAL(pszFilename+strlen(pszFilename)-4,".rec") ) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/rec/ogrreclayer.cpp:68:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(pszLine) < 44 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/rec/ogrreclayer.cpp:197:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int iSegLen = static_cast<int>(strlen(pszLine));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/rec/ogrreclayer.cpp:246:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(pszFieldText) != 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57classregistrar.cpp:195:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    else if( strlen(pszProfile) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57classregistrar.cpp:268:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    else if( strlen(pszProfile) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57reader.cpp:971:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( strlen(pszValue) == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57reader.cpp:1222:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(szUPDNUpdate) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57reader.cpp:3270:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if( pszUPDN != nullptr && strlen(pszUPDN) < sizeof(szUPDNUpdate) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57writer.cpp:951:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( strlen(papszLNAM_REFS[i]) < 16 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57writer.cpp:1044:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(pszATVL) + nRawSize + 10 > sizeof(achRawData) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57writer.cpp:1052:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memcpy( achRawData + nRawSize, pszATVL, strlen(pszATVL) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/s57/s57writer.cpp:1053:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nRawSize += static_cast<int>(strlen(pszATVL));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sde/ogrsdedatasource.cpp:1380:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        || strlen(szIDColName) == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sde/ogrsdelayer.cpp:2307:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy( sColumnDef.column_name, oField.GetNameRef(), SE_MAX_COLUMN_LEN );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sdts/ogrsdtsdatasource.cpp:103:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( bTestOpen && !(strlen(pszFilename) > 4 &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sdts/ogrsdtsdatasource.cpp:104:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        EQUAL(pszFilename+strlen(pszFilename)-4,".ddf")) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:174:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int nLineLen = static_cast<int>(strlen(pszLine));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:227:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if (strlen(papszTokens[i]) == 4)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:287:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int nLineLen = static_cast<int>(strlen(pszLine));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:567:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int nLineLen = static_cast<int>(strlen(pszLine));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:576:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nLineLen = static_cast<int>(strlen(pszLine));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:677:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char* pszExpandedLine = (char*)CPLMalloc(strlen(pszLine) * 8 + 1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/segukooa/ogrsegukooalayer.cpp:708:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int nLen = static_cast<int>(strlen(pszLine));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/selafin/io_selafin.cpp:366:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (nLength==0) nLength=strlen(pszData);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/selafin/ogrselafindatasource.cpp:384:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(pszFilename)>3) nPos=osExt.find_last_of('.',strlen(pszFilename)-4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/selafin/ogrselafindatasource.cpp:384:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(pszFilename)>3) nPos=osExt.find_last_of('.',strlen(pszFilename)-4);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/selafin/ogrselafindatasource.cpp:386:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            osExt=osExt.substr(nPos+1,strlen(pszFilename)-4-nPos);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/selafin/ogrselafindriver.cpp:100:27:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    if (pszTemp!=nullptr) strncpy(pszTitle,pszTemp,72); else memset(pszTitle,' ',72);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/selafin/ogrselafindriver.cpp:131:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
    strncpy(pszTitle+72,"SERAPHIN",9);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/selafin/ogrselafinlayer.cpp:474:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(poHeader->papszVariables[poHeader->nVar-1],poField->GetNameRef(),32);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/selafin/ogrselafinlayer.cpp:672:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(poHeader->papszVariables[iField],poNewFieldDefn->GetNameRef(),32);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:494:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int nLen = STATIC_CAST(int, strlen(pszBasename));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:637:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        psDBF->pszCodePage = STATIC_CAST(char *, malloc(strlen(REINTERPRET_CAST(char*, pabyBuf)) + 1));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:854:88:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            psHooks->FWrite( CONST_CAST(void*, STATIC_CAST(const void*, pszCodePage)), strlen(pszCodePage), 1, fpCPG );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:893:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        psDBF->pszCodePage = STATIC_CAST(char *, malloc( strlen(pszCodePage) + 1 ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:1047:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy( pszFInfo, pszFieldName, XBASE_FLDNAME_LEN_WRITE );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:1326:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        return strlen(pszValue) == 0;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:1404:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy( pszFieldName, STATIC_CAST(char *,psDBF->pszHeader)+iField*XBASE_FLDHDR_SZ,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:1513:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( STATIC_CAST(int,strlen(szSField)) > psDBF->panFieldSize[iField] )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:1519:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            szSField, strlen(szSField) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:1530:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if( STATIC_CAST(int, strlen(STATIC_CAST(char *,pValue))) > psDBF->panFieldSize[iField] )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:1539:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    j = STATIC_CAST(int, strlen(STATIC_CAST(char *,pValue)));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:1542:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(REINTERPRET_CAST(char *, pabyRec+psDBF->panFieldOffset[iField]),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:1602:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( STATIC_CAST(int, strlen(STATIC_CAST(char *, pValue))) > psDBF->panFieldSize[iField] )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:1608:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        j = STATIC_CAST(int, strlen(STATIC_CAST(char *, pValue)));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:1611:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(REINTERPRET_CAST(char *, pabyRec+psDBF->panFieldOffset[iField]),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/dbfopen.c:2233:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy( pszFInfo, pszFieldName, XBASE_FLDNAME_LEN_WRITE );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/ogrshapedatasource.cpp:220:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( strlen(pszCandidate) < 4
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/ogrshapedatasource.cpp:221:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                || !EQUAL(pszCandidate+strlen(pszCandidate)-4,".shp") )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/ogrshapedatasource.cpp:264:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( strlen(pszCandidate) < 4
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/ogrshapedatasource.cpp:265:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                || !EQUAL(pszCandidate+strlen(pszCandidate)-4, ".dbf") )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/ogrshapedatasource.cpp:278:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if( EQUALN(pszCandidate2, pszLayerName, strlen(pszLayerName))
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/ogrshapedatasource.cpp:279:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    && EQUAL(pszCandidate2 + strlen(pszLayerName), ".tab") )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/ogrshapedatasource.cpp:826:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            VSIFWriteL( pszWKT, strlen(pszWKT), 1, fp );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/ogrshapelayer.cpp:1765:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(szNewFieldName, pszTmp, sizeof(szNewFieldName)-1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/ogrshapelayer.cpp:2109:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(szFieldName, osFieldName, sizeof(szFieldName)-1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/ogrshapelayer.cpp:2178:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    strlen(papszLines[0] + 3) + 1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/ogrshapelayer.cpp:3174:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                const int nLen =  static_cast<int>(strlen(pszVal));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shape2ogr.cpp:978:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(pszSHPEncoding) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shape2ogr.cpp:1045:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                   const int nValueLength = static_cast<int>(strlen(pszValue));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shape2ogr.cpp:1298:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              if( strlen(pszDateValue) >= 10 &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shape2ogr.cpp:1450:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              if( strlen(pszSHPEncoding) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shape2ogr.cpp:1457:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              int nStrLen = static_cast<int>(strlen(pszStr));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shape2ogr.cpp:1525:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              const int nStrLen = static_cast<int>(strlen(szValue));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:561:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int nLen = STATIC_CAST(int, strlen(pszBasename));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:644:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t nMessageLen = strlen(pszFullname)*2+256;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:668:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t nMessageLen = strlen(pszFullname)*2+256;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:1014:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t nMessageLen = strlen( pszFullname ) * 2 + 256;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/shape/shpopen.c:1054:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t nMessageLen = strlen( pszFullname ) * 2 + 256;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sosi/ogrsosidatatypes.cpp:87:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(dato)==14) {
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sosi/ogrsosilayer.cpp:332:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        int nLen = static_cast<int>(strlen(pszLine));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sosi/ogrsosilayer.cpp:334:25:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                        strncpy(pszNline, pszLine+1, nLen-2);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitedatasource.cpp:1342:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            m_pszFilename = CPLStrdup( pszNewName + strlen("SQLITE:") );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitedatasource.cpp:1453:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                            strlen("CREATE VIRTUAL TABLE ");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitedatasource.cpp:2440:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                       strlen(apszFuncsWithSideEffects[i])) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitedatasource.cpp:3169:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszAuthorityName == nullptr || strlen(pszAuthorityName) == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitedatasource.cpp:3180:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if ( pszAuthorityCode != nullptr && strlen(pszAuthorityCode) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitedatasource.cpp:3201:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszAuthorityName != nullptr && strlen(pszAuthorityName) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitedatasource.cpp:3205:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ( pszAuthorityCode != nullptr && strlen(pszAuthorityCode) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitedatasource.cpp:3391:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ( pszAuthorityCode != nullptr && strlen(pszAuthorityCode) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitedriver.cpp:163:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int nLen = (int) strlen(poOpenInfo->pszFilename);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitedriver.cpp:179:71:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        char* pszSQLiteFilename = CPLStrdup(poOpenInfo->pszFilename + strlen( "VirtualShape:" ));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqliteexecutesql.cpp:246:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( EQUALN(pszStr, apszKeywords[i], strlen(apszKeywords[i])) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqliteexecutesql.cpp:320:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 (pszSQLCommand[strlen("f_table_name")] == '=' ||
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqliteexecutesql.cpp:321:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  isspace((int)pszSQLCommand[strlen("f_table_name")])) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqliteexecutesql.cpp:323:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pszSQLCommand += strlen("f_table_name");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqliteexecutesql.cpp:342:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 isspace(pszSQLCommand[strlen("FROM")]) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqliteexecutesql.cpp:344:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pszSQLCommand += strlen("FROM") + 1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqliteexecutesql.cpp:350:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                isspace((int)pszSQLCommand[strlen("SpatialIndex")]) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqliteexecutesql.cpp:352:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                pszSQLCommand += strlen("SpatialIndex") + 1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqliteexecutesql.cpp:432:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  isspace(pszSQLCommand[strlen("JOIN")]) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqliteexecutesql.cpp:434:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pszSQLCommand += strlen("JOIN") + 1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqliteexecutesql.cpp:439:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 isspace(pszSQLCommand[strlen("INTO")]) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqliteexecutesql.cpp:441:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pszSQLCommand += strlen("INTO") + 1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqliteexecutesql.cpp:446:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 isspace(pszSQLCommand[strlen("UPDATE")]) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqliteexecutesql.cpp:448:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pszSQLCommand += strlen("UPDATE") + 1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqliteexecutesql.cpp:454:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pszSQLCommand += strlen("DROP TABLE") + 1;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqliteregexp.cpp:151:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int rc = pcre_exec(p, e, str, static_cast<int>(strlen(str)), 0, 0, nullptr, 0);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitesqlfunctions.cpp:249:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pOut = CPLZLibDeflate( pszVal, strlen(pszVal) + 1, nLevel, nullptr, 0, &nOutBytes);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:174:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszTableName[strlen(pszTableName)-1] == ')' )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:192:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pszGeomCol[strlen(pszGeomCol)-1] = 0;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:1637:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            2 * strlen(poFieldDefn->GetNameRef()) + 70;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:1639:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            nFieldListLen += 10 + strlen( poFieldDefn->GetDefault() );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:1642:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nFieldListLen += 50 + (pszFIDColumn ? 2 * strlen(pszFIDColumn) : strlen("OGC_FID"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:1642:70:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nFieldListLen += 50 + (pszFIDColumn ? 2 * strlen(pszFIDColumn) : strlen("OGC_FID"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:1645:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nFieldListLen += 70 + 2 * strlen(poFeatureDefn->GetGeomFieldDefn(iField)->GetNameRef());
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:1661:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat( pszFieldListForSelect, "," );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:1662:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat( pszNewFieldList, "," );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:1664:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat( pszFieldListForSelect, "\"");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:1666:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat( pszFieldListForSelect, "\"");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:1668:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat( pszNewFieldList, "\"");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:1670:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat( pszNewFieldList, "\"");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:1688:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    snprintf( pszNewFieldList+strlen(pszNewFieldList), nBufLen-strlen(pszNewFieldList),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:1688:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    snprintf( pszNewFieldList+strlen(pszNewFieldList), nBufLen-strlen(pszNewFieldList),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:1692:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        snprintf( pszNewFieldList+strlen(pszNewFieldList),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:1693:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 nBufLen-strlen(pszNewFieldList), " NOT NULL" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:1696:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        snprintf( pszNewFieldList+strlen(pszNewFieldList),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:1697:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 nBufLen-strlen(pszNewFieldList), " DEFAULT %s",
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:1857:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        snprintf( pszFieldListForSelect+strlen(pszFieldListForSelect),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:1858:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  nBufLen-strlen(pszFieldListForSelect),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:1928:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                              static_cast<int>(strlen(poNewFieldDefn->GetNameRef())) +
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:1930:80:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                              (poNewFieldDefn->GetDefault() ? static_cast<int>(strlen(poNewFieldDefn->GetDefault())) : 0)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:1937:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        snprintf( pszFieldListForSelect+strlen(pszFieldListForSelect),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:1938:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 nBufLen-strlen(pszFieldListForSelect),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:1966:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            snprintf( pszNewFieldList+strlen(pszNewFieldList),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:1967:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                      nBufLen-strlen(pszNewFieldList),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:1975:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                snprintf( pszNewFieldList+strlen(pszNewFieldList),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:1976:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                         nBufLen-strlen(pszNewFieldList), "_deflate");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:1979:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                snprintf( pszNewFieldList+strlen(pszNewFieldList),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:1980:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                          nBufLen-strlen(pszNewFieldList)," NOT NULL" );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:1983:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                snprintf( pszNewFieldList+strlen(pszNewFieldList),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:1984:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                         nBufLen-strlen(pszNewFieldList)," DEFAULT %s",
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:2097:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        snprintf( pszFieldListForSelect+strlen(pszFieldListForSelect),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:2098:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  nBufLen - strlen(pszFieldListForSelect),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:2332:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                                     strlen(pszRawValue), -1,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitetablelayer.cpp:3105:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             (pszDefault[0] == '(' && pszDefault[strlen(pszDefault)-1] == ')' &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitevfs.cpp:313:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             ((strlen(zName) > strlen("-journal") &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitevfs.cpp:313:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             ((strlen(zName) > strlen("-journal") &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitevfs.cpp:314:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
               strcmp(zName + strlen(zName) - strlen("-journal"), "-journal") == 0) ||
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitevfs.cpp:314:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
               strcmp(zName + strlen(zName) - strlen("-journal"), "-journal") == 0) ||
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitevfs.cpp:315:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              (strlen(zName) > strlen("-wal") &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitevfs.cpp:315:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              (strlen(zName) > strlen("-wal") &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitevfs.cpp:316:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
               strcmp(zName + strlen(zName) - strlen("-wal"), "-wal") == 0)) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitevfs.cpp:316:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
               strcmp(zName + strlen(zName) - strlen("-wal"), "-wal") == 0)) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitevfs.cpp:355:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( static_cast<int>(strlen( zName )) >= nOut )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitevfs.cpp:362:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                     static_cast<int>(strlen(zName)) + 8);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitevfs.cpp:365:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(zOut, zName, nOut);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sqlite/ogrsqlitevirtualogr.cpp:242:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if ( pszAuthorityCode != nullptr && strlen(pszAuthorityCode) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sua/ogrsualayer.cpp:236:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strlen(pszLine) != 16)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sua/ogrsualayer.cpp:264:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strlen(pszCENTRE) < 17 || pszCENTRE[16] != ' ')
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sua/ogrsualayer.cpp:275:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strlen(pszTO) != 16)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sua/ogrsualayer.cpp:324:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strlen(pszCENTRE) != 16)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxflayer.cpp:1490:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(pszTextBuf, (pszTxt+1),    nTextL);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/sxf/ogrsxflayer.cpp:1555:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(pszTextBuf, (pszTxt+1),    nTextL);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/ogrtigerdatasource.cpp:322:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(CPLGetFilename(pszFilename)) == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/ogrtigerdatasource.cpp:329:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy( szModule, CPLGetFilename(pszFilename), sizeof(szModule)-1 );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/ogrtigerdatasource.cpp:334:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        szModule[strlen(szModule)-1] = '\0';
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/ogrtigerdatasource.cpp:348:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            size_t nCandidateLen = strlen(candidateFileList[i]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/ogrtigerdatasource.cpp:365:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                const size_t nLen = strlen(szModule);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/ogrtigerdatasource.cpp:734:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strlen(GetDirPath())
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/ogrtigerdatasource.cpp:735:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        + strlen(pszModuleName)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/ogrtigerdatasource.cpp:736:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        + strlen(pszExtension) + 10;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/ogrtigerdatasource.cpp:739:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(GetDirPath()) == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/ogrtigerdatasource.cpp:961:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( EQUALN(pszModule,papszDirFiles[i],strlen(pszModule)) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/ogrtigerdriver.cpp:49:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            int nLen = (int)strlen(papszSiblingFiles[i]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerfilebase.cpp:245:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy( aszField, pachRawDataRecord + nStartChar - 1, nLength );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerfilebase.cpp:306:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy( szValue, poFeature->GetFieldAsString( iField ),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerfilebase.cpp:309:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( (int) strlen(szValue) < nEnd - nStart + 1 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerfilebase.cpp:310:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            memset( szValue + strlen(szValue), ' ',
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/tiger/tigerfilebase.cpp:311:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    nEnd - nStart + 1 - strlen(szValue) );
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vdv/ogrvdvdatasource.cpp:37:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define STARTS_WITH(a,b)               (strncmp(a,b,strlen(b)) == 0)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vdv/ogrvdvdatasource.cpp:38:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define STARTS_WITH_CI(a,b)            EQUALN(a,b,strlen(b))
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vdv/ogrvdvdatasource.cpp:64:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( papszFrm[i][strlen("decimal")] == '(' )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vdv/ogrvdvdatasource.cpp:73:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    nWidth = atoi(papszFrm[i] + strlen("decimal") + 1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vdv/ogrvdvdatasource.cpp:85:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( papszFrm[i][strlen("num")] == '[' )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vdv/ogrvdvdatasource.cpp:94:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    nWidth = atoi(papszFrm[i] + strlen("num") + 1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vdv/ogrvdvdatasource.cpp:115:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( papszFrm[i][strlen("char")] == '[' )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vdv/ogrvdvdatasource.cpp:117:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                nWidth = atoi(papszFrm[i] + strlen("char") + 1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vdv/ogrvdvdatasource.cpp:1003:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                size_t nLen = strlen(papszTokens[i]);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vdv/ogrvdvdatasource.cpp:1632:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( pszKey && strlen(pszKey) > strlen("HEADER_") && pszValue )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vdv/ogrvdvdatasource.cpp:1632:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( pszKey && strlen(pszKey) > strlen("HEADER_") && pszValue )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vdv/ogrvdvdatasource.cpp:1635:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                    pszKey + strlen("HEADER_"),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vfk/vfkdatablock.cpp:123:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(pszName, poProp, nLength);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vfk/vfkdatablock.cpp:133:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(pszType, poProp, nLength);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vfk/vfkdatablock.cpp:152:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(pszType, poProp, nLength);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vfk/vfkdatablocksqlite.cpp:167:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        else if (strlen(ftype) > 2 && STARTS_WITH_CI(ftype, "15") && npoints != 1) {
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vfk/vfkfeature.cpp:212:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            else if (strlen(ftype) > 2 && STARTS_WITH_CI(ftype, "15")) { /* -> circle with radius */
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vfk/vfkfeature.cpp:216:26:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
                if (2 != sscanf(ftype, "%2s %f", s, &r) || r < 0) {
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vfk/vfkfeature.cpp:459:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                strncpy(pszProp, poProp, nLength);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vfk/vfkfeature.cpp:484:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(pszProp, poProp, nLength);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vfk/vfkfeature.cpp:541:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(pszValue) < 1)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vfk/vfkpropertydefn.cpp:61:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(pszWidth, poWidth, nLength);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vfk/vfkreader.cpp:124:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(pszBlockName, pszLine + 2, n);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vfk/vfkreader.cpp:145:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const int nLineLength = static_cast<int>(strlen(pszRawLine));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vfk/vfkreader.cpp:174:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(pszLine) < 2 || pszLine[0] != '&') {
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vfk/vfkreader.cpp:212:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        else if (pszLine[1] == 'K' && strlen(pszLine) == 2) {
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vfk/vfkreader.cpp:270:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t nLength = strlen(pszLine);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vfk/vfkreader.cpp:304:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                           pszLine[strlen(pszLine) - 1] == '\244') {
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vfk/vfkreader.cpp:328:21:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                    strncpy(pszLine, osMultiLine.c_str(), nLength);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vfk/vfkreader.cpp:370:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        else if (pszLine[1] == 'K' && strlen(pszLine) == 2) {
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vfk/vfkreader.cpp:506:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(pszKey, poKey, iKeyLength);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vfk/vfkreader.cpp:549:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const size_t nLen = strlen(pszKey) + 5;
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vfk/vfkreadersqlite.cpp:90:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nLen = strlen(m_pszFilename);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vfk/vfkreadersqlite.cpp:95:10:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    std::strncpy(m_pszDBname, osDbName.c_str(), nLen);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vrt/ogrvrtdatasource.cpp:98:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                   strlen(entry.pszName)) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vrt/ogrvrtdatasource.cpp:105:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( pszGType[strlen(pszGType) - 1] == 'M' ||
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vrt/ogrvrtdatasource.cpp:106:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                pszGType[strlen(pszGType) - 2] == 'M' )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vrt/ogrvrtlayer.cpp:558:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( EQUALN(pszSrcDSName, pszPrefix, strlen(pszPrefix)) )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vrt/ogrvrtlayer.cpp:693:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(CPLGetLastErrorMsg()) == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vrt/ogrvrtlayer.cpp:1669:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        char *pszFIDQuery = static_cast<char *>(CPLMalloc(strlen(pszFID) + 64));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vrt/ogrvrtlayer.cpp:1672:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        snprintf(pszFIDQuery, strlen(pszFID) + 64, "%s = " CPL_FRMT_GIB, pszFID,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/vrt/ogrvrtlayer.cpp:2010:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( pszNewQuery == nullptr || strlen(pszNewQuery) == 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogrwalkdatasource.cpp:82:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszDSN = (char *) CPLMalloc(strlen(pszNewName)+strlen(pszDSNStringTemplate)+100);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogrwalkdatasource.cpp:82:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszDSN = (char *) CPLMalloc(strlen(pszNewName)+strlen(pszDSNStringTemplate)+100);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogrwalkdatasource.cpp:85:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  strlen(pszNewName)+strlen(pszDSNStringTemplate)+100,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogrwalkdatasource.cpp:85:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  strlen(pszNewName)+strlen(pszDSNStringTemplate)+100,
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogrwalklayer.cpp:351:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ( strlen(pszProj4) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogrwalktablelayer.cpp:92:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char* pszFeatureTableName = (char *) CPLMalloc(strlen(pszLayerName)+10);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/walk/ogrwalktablelayer.cpp:94:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    snprintf(pszFeatureTableName, strlen(pszLayerName)+10, "%sFeatures", pszLayerName);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogroapifdriver.cpp:226:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const auto nFirstSlashPos = m_osRootURL.find('/', strlen("https://"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogroapifdriver.cpp:230:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            auto osUserPwd = m_osRootURL.substr(strlen("https://"),
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogroapifdriver.cpp:231:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            nArobaseInURLPos - strlen("https://"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogroapifdriver.cpp:237:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        osRet.substr(strlen("https://"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogroapifdriver.cpp:659:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        m_osRootURL = m_osRootURL.substr(strlen("WFS3:"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogroapifdriver.cpp:661:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        m_osRootURL = m_osRootURL.substr(strlen("OAPIF:"));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogrwfsdatasource.cpp:1645:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                (pszPrefix[0] != 0 && strncmp(l_pszName, pszPrefix, strlen(pszPrefix)) == 0 &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogrwfsdatasource.cpp:1646:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 l_pszName[strlen(pszPrefix)] == ':')) &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogrwfsjoinlayer.cpp:620:92:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        CPLMD5Update( &sMD5Context, (const GByte*)pszStr, static_cast<int>(strlen(pszStr)));
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogrwfslayer.cpp:642:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        return pszContentDisposition + strlen("attachment; filename=");
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogrwfslayer.cpp:2004:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strncmp(pszFID, pszShortName, strlen(pszShortName)) == 0 &&
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogrwfslayer.cpp:2005:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszFID[strlen(pszShortName)] == '.')
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/wfs/ogrwfslayer.cpp:2007:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        GIntBig nFID = CPLAtoGIntBig(pszFID + strlen(pszShortName) + 1);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xlsx/ogrxlsxdatasource.cpp:1827:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    VSIFWriteL(XML_HEADER, strlen(XML_HEADER), 1, fp);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xlsx/ogrxlsxdatasource.cpp:1856:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    VSIFWriteL(XML_HEADER, strlen(XML_HEADER), 1, fp);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xlsx/ogrxlsxdatasource.cpp:1876:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    VSIFWriteL(XML_HEADER, strlen(XML_HEADER), 1, fp);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xlsx/ogrxlsxdatasource.cpp:1898:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    VSIFWriteL(XML_HEADER, strlen(XML_HEADER), 1, fp);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xlsx/ogrxlsxdatasource.cpp:1969:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    VSIFWriteL(XML_HEADER, strlen(XML_HEADER), 1, fp);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xlsx/ogrxlsxdatasource.cpp:2144:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    VSIFWriteL(XML_HEADER, strlen(XML_HEADER), 1, fp);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xlsx/ogrxlsxdatasource.cpp:2171:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    VSIFWriteL(XML_HEADER, strlen(XML_HEADER), 1, fp);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xlsx/ogrxlsxdatasource.cpp:2233:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    VSIFWriteL(XML_HEADER, strlen(XML_HEADER), 1, fp);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xlsx/ogrxlsxdatasource.cpp:2258:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    VSIFWriteL(XML_HEADER, strlen(XML_HEADER), 1, fp);
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_apt_reader.cpp:453:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(papszTokens[9]) == 6)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_apt_reader.cpp:494:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    else if (pszRwyNum[0] >= '0' && pszRwyNum[0] <= '9' && strlen(pszRwyNum) >= 2)
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogr_xplane_apt_reader.cpp:639:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(pszRwyNum) == 3 && pszRwyNum[2] == 'x')
data/gdal-3.0.4+dfsg/ogr/ogrsf_frmts/xplane/ogrxplanelayer.cpp:144:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        strlen(papoFeatures[i]->GetFieldAsString(col)));
data/gdal-3.0.4+dfsg/ogr/ogrspatialreference.cpp:634:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t nLen = strlen(pszStrBuf);
data/gdal-3.0.4+dfsg/ogr/ogrspatialreference.cpp:694:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszWKT != nullptr && strlen(pszWKT) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrspatialreference.cpp:1660:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    *ppszInput += strlen(*ppszInput);
data/gdal-3.0.4+dfsg/ogr/ogrspatialreference.cpp:1671:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(*ppszInput) > 0 && strstr(*ppszInput, "VERTCS") )
data/gdal-3.0.4+dfsg/ogr/ogrspatialreference.cpp:3604:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(pszCode) > sizeof(szWMSAuto)-2 )
data/gdal-3.0.4+dfsg/ogr/ogrspatialreference.cpp:3859:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                strncpy(pszComponentUrl, pszCur, nLen);
data/gdal-3.0.4+dfsg/ogr/ogrspatialreference.cpp:3863:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                pszCur += nLen + strlen(searchStr);
data/gdal-3.0.4+dfsg/ogr/ogrspatialreference.cpp:9392:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( *ppszResult != nullptr && strlen(*ppszResult) > 0 )
data/gdal-3.0.4+dfsg/ogr/ogrspatialreference.cpp:9665:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(pszProj4) >= 10000 )
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:259:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strchr(szX, 'e') == nullptr && strlen(szX) < bufSize - 2 )
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:266:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strchr(szY, 'e') == nullptr && strlen(szY) < bufSize - 2 )
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:272:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nLenX = strlen(szX);
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:273:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nLenY = strlen(szY);
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:287:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( nLenX + 1 + nLenY + ((nDimension == 3) ? (1 + strlen(szZ)) : 0) >=
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:361:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strchr(szX, 'e') == nullptr && strlen(szX) < bufSize - 2 )
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:368:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strchr(szY, 'e') == nullptr && strlen(szY) < bufSize - 2 )
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:374:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nLenX = strlen(szX);
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:375:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nLenY = strlen(szY);
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:388:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nLen += strlen(szZ) + 1;
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:401:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nLen += strlen(szM) + 1;
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:433:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            target += strlen(szZ);
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:440:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            target += strlen(szM);
data/gdal-3.0.4+dfsg/ogr/ogrutils.cpp:1155:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(pszInput) <= 3 )
data/gdal-3.0.4+dfsg/ogr/swq.cpp:119:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        char *token = static_cast<char *>(CPLMalloc(strlen(pszInput) + 1));
data/gdal-3.0.4+dfsg/ogr/swq_expr_node.cpp:622:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            const int nLen = static_cast<int>(strlen(apszSubExpr[i]));
data/gdal-3.0.4+dfsg/ogr/swq_op_general.cpp:741:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                strlen(sub_node_values[0]->string_value) > 3 &&
data/gdal-3.0.4+dfsg/ogr/swq_op_general.cpp:742:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                strlen(sub_node_values[1]->string_value) > 3 &&
data/gdal-3.0.4+dfsg/ogr/swq_op_general.cpp:743:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                (strcmp(sub_node_values[0]->string_value + strlen(sub_node_values[0]->string_value)-3, "+00") == 0 &&
data/gdal-3.0.4+dfsg/ogr/swq_op_general.cpp:744:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 sub_node_values[1]->string_value[strlen(sub_node_values[1]->string_value)-3] == ':') )
data/gdal-3.0.4+dfsg/ogr/swq_op_general.cpp:749:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                           strlen(sub_node_values[1]->string_value));
data/gdal-3.0.4+dfsg/ogr/swq_op_general.cpp:755:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                     strlen(sub_node_values[0]->string_value) > 3 &&
data/gdal-3.0.4+dfsg/ogr/swq_op_general.cpp:756:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                     strlen(sub_node_values[1]->string_value) > 3 &&
data/gdal-3.0.4+dfsg/ogr/swq_op_general.cpp:757:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                     (sub_node_values[0]->string_value[strlen(sub_node_values[0]->string_value)-3] == ':') &&
data/gdal-3.0.4+dfsg/ogr/swq_op_general.cpp:758:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                      strcmp(sub_node_values[1]->string_value + strlen(sub_node_values[1]->string_value)-3, "+00") == 0)
data/gdal-3.0.4+dfsg/ogr/swq_op_general.cpp:763:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                           strlen(sub_node_values[0]->string_value));
data/gdal-3.0.4+dfsg/ogr/swq_op_general.cpp:877:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              const int nSrcStrLen = static_cast<int>(strlen(pszSrcStr));
data/gdal-3.0.4+dfsg/ogr/swq_parser.cpp:979:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#   define yystrlen strlen
data/gdal-3.0.4+dfsg/ogr/swq_select.cpp:817:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            || src_fieldname[strlen(src_fieldname)-1] != '*' )
data/gdal-3.0.4+dfsg/port/cpl_aws.cpp:258:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                     "aws4_request", strlen("aws4_request"),
data/gdal-3.0.4+dfsg/port/cpl_aws.cpp:498:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    CPLString(pszColumn + strlen(":")).Trim();
data/gdal-3.0.4+dfsg/port/cpl_aws.cpp:1343:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                CPLString osRegion(pszRegionPtr + strlen("x-amz-bucket-region: "));
data/gdal-3.0.4+dfsg/port/cpl_conv.cpp:299:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t nLen = strlen(pszString);
data/gdal-3.0.4+dfsg/port/cpl_conv.cpp:381:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int nActuallyRead = static_cast<int>(strlen(pszBuffer));
data/gdal-3.0.4+dfsg/port/cpl_conv.cpp:392:29:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        const int chCheck = fgetc(fp);
data/gdal-3.0.4+dfsg/port/cpl_conv.cpp:440:23:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        int chCheck = fgetc(fp);
data/gdal-3.0.4+dfsg/port/cpl_conv.cpp:453:23:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            chCheck = fgetc(fp);
data/gdal-3.0.4+dfsg/port/cpl_conv.cpp:606:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nBytesReadThisTime = strlen(pszRLBuffer + nReadSoFar);
data/gdal-3.0.4+dfsg/port/cpl_conv.cpp:859:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(pszBuffer, pszString, nMaxLength);
data/gdal-3.0.4+dfsg/port/cpl_conv.cpp:864:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t i = strlen(pszBuffer);
data/gdal-3.0.4+dfsg/port/cpl_conv.cpp:876:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t i = strlen(pszBuffer);
data/gdal-3.0.4+dfsg/port/cpl_conv.cpp:1014:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(pszString) <= 18 )
data/gdal-3.0.4+dfsg/port/cpl_conv.cpp:1115:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(szTemp, pszString, nMaxLength);
data/gdal-3.0.4+dfsg/port/cpl_conv.cpp:1184:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(pszValue, pszString, nMaxLength);
data/gdal-3.0.4+dfsg/port/cpl_conv.cpp:2000:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(pszPath) == 2 && pszPath[1] == ':' )
data/gdal-3.0.4+dfsg/port/cpl_conv.cpp:3076:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strcpy( pszFilename + strlen(pszFilename) - osFileOnly.size(),
data/gdal-3.0.4+dfsg/port/cpl_csv.cpp:179:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strlen(psTable->papszFieldNames[i]));
data/gdal-3.0.4+dfsg/port/cpl_csv.cpp:666:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t nWorkLineLength = strlen(pszWorkLine);
data/gdal-3.0.4+dfsg/port/cpl_csv.cpp:684:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const size_t nLineLen = strlen(pszLine);
data/gdal-3.0.4+dfsg/port/cpl_csv.cpp:693:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat( pszWorkLine + nWorkLineLength, "\n" );
data/gdal-3.0.4+dfsg/port/cpl_csv.cpp:747:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t nWorkLineLength = strlen(pszWorkLine);
data/gdal-3.0.4+dfsg/port/cpl_csv.cpp:765:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const size_t nLineLen = strlen(pszLine);
data/gdal-3.0.4+dfsg/port/cpl_csv.cpp:775:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat( pszWorkLine + nWorkLineLength, "\n" );
data/gdal-3.0.4+dfsg/port/cpl_csv.cpp:1222:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const int nFieldNameLength = static_cast<int>(strlen(pszFieldName));
data/gdal-3.0.4+dfsg/port/cpl_csv.cpp:1346:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const size_t nBasenameLen = strlen(pszBasename);
data/gdal-3.0.4+dfsg/port/cpl_csv.cpp:1352:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            const size_t nFullLen = strlen(psTable->pszFilename);
data/gdal-3.0.4+dfsg/port/cpl_error.cpp:383:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            nPreviousSize = static_cast<int>(strlen(psCtx->szLastErrMsg));
data/gdal-3.0.4+dfsg/port/cpl_error.cpp:438:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        char* pszIter = pszPassword + strlen("password=");
data/gdal-3.0.4+dfsg/port/cpl_error.cpp:619:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const size_t nLen = strlen(pszCategory);
data/gdal-3.0.4+dfsg/port/cpl_error.cpp:651:9:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
        strcpy( pszMessage, "[" );
data/gdal-3.0.4+dfsg/port/cpl_error.cpp:658:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( pszMessage[strlen(pszMessage) -1 ] == '\n' )
data/gdal-3.0.4+dfsg/port/cpl_error.cpp:660:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pszMessage[strlen(pszMessage) - 1] = 0; // blow it out
data/gdal-3.0.4+dfsg/port/cpl_error.cpp:662:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        CPLsnprintf(pszMessage+strlen(pszMessage),
data/gdal-3.0.4+dfsg/port/cpl_error.cpp:663:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    ERROR_MAX - strlen(pszMessage),
data/gdal-3.0.4+dfsg/port/cpl_error.cpp:689:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    CPLvsnprintf(pszMessage+strlen(pszMessage), ERROR_MAX - strlen(pszMessage),
data/gdal-3.0.4+dfsg/port/cpl_error.cpp:689:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    CPLvsnprintf(pszMessage+strlen(pszMessage), ERROR_MAX - strlen(pszMessage),
data/gdal-3.0.4+dfsg/port/cpl_error.cpp:701:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        char* pszIter = pszPassword + strlen("password=");
data/gdal-3.0.4+dfsg/port/cpl_error.cpp:796:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        static_cast<size_t>(psCtx->nLastErrMsgMax-1), strlen(pszMsg) );
data/gdal-3.0.4+dfsg/port/cpl_error.cpp:1004:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            size_t nPathLen = strlen(cpl_log) + 20;
data/gdal-3.0.4+dfsg/port/cpl_getexecpath.cpp:69:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy( pszPathBuf, pszDecoded, nMaxLength );
data/gdal-3.0.4+dfsg/port/cpl_http.cpp:720:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                strlen("Content-type: ");
data/gdal-3.0.4+dfsg/port/cpl_http.cpp:1056:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(szCurlErrBuf) > 0 )
data/gdal-3.0.4+dfsg/port/cpl_http.cpp:2142:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( CSLCount(papszTokens) == 0 || strlen(papszTokens[0]) == 0 )
data/gdal-3.0.4+dfsg/port/cpl_json.cpp:94:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    VSIFWriteL(pabyData, 1, strlen(pabyData), fp);
data/gdal-3.0.4+dfsg/port/cpl_json_streaming_parser.cpp:482:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                          m_osToken.size() + 1 <= strlen("Infinity")) ||
data/gdal-3.0.4+dfsg/port/cpl_json_streaming_parser.cpp:484:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                          m_osToken.size() + 1 <= strlen("-Infinity")) ||
data/gdal-3.0.4+dfsg/port/cpl_json_streaming_parser.cpp:486:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                          m_osToken.size() + 1 <= strlen("NaN")) )
data/gdal-3.0.4+dfsg/port/cpl_json_streaming_parser.cpp:848:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        (m_osToken.size() > strlen("true") ||
data/gdal-3.0.4+dfsg/port/cpl_json_streaming_parser.cpp:855:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        (m_osToken.size() > strlen("false") ||
data/gdal-3.0.4+dfsg/port/cpl_json_streaming_parser.cpp:862:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        (m_osToken.size() > strlen("null") ||
data/gdal-3.0.4+dfsg/port/cpl_md5.cpp:278:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  static_cast<int>(strlen(pszText)));
data/gdal-3.0.4+dfsg/port/cpl_minixml.cpp:407:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            psContext->nTokenSize = strlen(psContext->pszToken );
data/gdal-3.0.4+dfsg/port/cpl_minixml.cpp:435:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            psContext->nTokenSize = strlen(psContext->pszToken );
data/gdal-3.0.4+dfsg/port/cpl_minixml.cpp:460:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            psContext->nTokenSize = strlen(psContext->pszToken );
data/gdal-3.0.4+dfsg/port/cpl_minixml.cpp:806:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        strlen(sContext.papsStack[sContext.nStackSize - 1]
data/gdal-3.0.4+dfsg/port/cpl_minixml.cpp:808:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            1 + strlen(sContext.pszToken) + 1));
data/gdal-3.0.4+dfsg/port/cpl_minixml.cpp:809:21:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
                    strcat(sContext.papsStack[sContext.nStackSize - 1]
data/gdal-3.0.4+dfsg/port/cpl_minixml.cpp:1053:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    *pnLength += strlen(*ppszText + *pnLength);
data/gdal-3.0.4+dfsg/port/cpl_minixml.cpp:1054:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( !_GrowBuffer( strlen(psNode->pszValue) + *pnLength + 40 + nIndent,
data/gdal-3.0.4+dfsg/port/cpl_minixml.cpp:1069:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( !_GrowBuffer( strlen(pszEscaped) + *pnLength,
data/gdal-3.0.4+dfsg/port/cpl_minixml.cpp:1090:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        *pnLength += strlen(*ppszText + *pnLength);
data/gdal-3.0.4+dfsg/port/cpl_minixml.cpp:1095:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( !_GrowBuffer( strlen(pszEscaped) + *pnLength,
data/gdal-3.0.4+dfsg/port/cpl_minixml.cpp:1105:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        *pnLength += strlen(*ppszText + *pnLength);
data/gdal-3.0.4+dfsg/port/cpl_minixml.cpp:1108:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat( *ppszText + *pnLength, "\"" );
data/gdal-3.0.4+dfsg/port/cpl_minixml.cpp:1137:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat( *ppszText + *pnLength, "\n" );
data/gdal-3.0.4+dfsg/port/cpl_minixml.cpp:1187:13:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
            strcat( *ppszText + *pnLength, ">" );
data/gdal-3.0.4+dfsg/port/cpl_minixml.cpp:1199:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    *pnLength += strlen(*ppszText + *pnLength);
data/gdal-3.0.4+dfsg/port/cpl_minixml.cpp:1202:21:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
                    strcat( *ppszText + *pnLength, "\n" );
data/gdal-3.0.4+dfsg/port/cpl_minixml.cpp:1211:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            *pnLength += strlen(*ppszText + *pnLength);
data/gdal-3.0.4+dfsg/port/cpl_minixml.cpp:1212:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( !_GrowBuffer( strlen(psNode->pszValue) +
data/gdal-3.0.4+dfsg/port/cpl_minixml.cpp:1225:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            *pnLength += strlen(*ppszText + *pnLength);
data/gdal-3.0.4+dfsg/port/cpl_minixml.cpp:2059:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t nNameSpaceLen = (pszNamespace) ? strlen(pszNamespace) : 0;
data/gdal-3.0.4+dfsg/port/cpl_minixml.cpp:2071:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                           strlen(psRoot->pszValue+nNameSpaceLen+1) + 1);
data/gdal-3.0.4+dfsg/port/cpl_minixml.cpp:2084:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                strlen(pszCheck + 1) + 1);
data/gdal-3.0.4+dfsg/port/cpl_minixml.cpp:2173:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const vsi_l_offset nLength = strlen(pszDoc);
data/gdal-3.0.4+dfsg/port/cpl_minizip_unzip.cpp:1007:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( pszRecoded != nullptr && strlen(pszRecoded) < fileNameBufferSize)
data/gdal-3.0.4+dfsg/port/cpl_minizip_unzip.cpp:1140:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(szFileName)>=UNZ_MAXFILENAMEINZIP)
data/gdal-3.0.4+dfsg/port/cpl_minizip_zip.cpp:927:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  uInt size_filename = static_cast<uInt>(strlen(filename));
data/gdal-3.0.4+dfsg/port/cpl_minizip_zip.cpp:1066:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_comment = static_cast<uInt>(strlen(comment));
data/gdal-3.0.4+dfsg/port/cpl_minizip_zip.cpp:1068:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_filename = static_cast<uInt>(strlen(filename));
data/gdal-3.0.4+dfsg/port/cpl_minizip_zip.cpp:1752:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_global_comment = static_cast<uInt>(strlen(global_comment));
data/gdal-3.0.4+dfsg/port/cpl_minizip_zip.cpp:1947:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                    static_cast<GUInt16>(strlen(pszFilename));
data/gdal-3.0.4+dfsg/port/cpl_minizip_zip.cpp:1958:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                static_cast<uInt>(strlen(pszCPFilename))));
data/gdal-3.0.4+dfsg/port/cpl_minizip_zip.cpp:1961:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memcpy(pabyExtra + 2 + 2 + 1 + 4, pszFilename, strlen(pszFilename));
data/gdal-3.0.4+dfsg/port/cpl_multiproc.cpp:620:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        CPLMalloc(strlen(pszPath) + 30));
data/gdal-3.0.4+dfsg/port/cpl_multiproc.cpp:621:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    snprintf( pszLockFilename, strlen(pszPath) + 30, "%s.lock", pszPath );
data/gdal-3.0.4+dfsg/port/cpl_multiproc.cpp:1077:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        static_cast<char *>(CPLMalloc(strlen(pszPath) + 30));
data/gdal-3.0.4+dfsg/port/cpl_multiproc.cpp:1078:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    snprintf( pszLockFilename, strlen(pszPath) + 30, "%s.lock", pszPath );
data/gdal-3.0.4+dfsg/port/cpl_multiproc.cpp:1761:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t nLen = strlen(pszPath) + 30;
data/gdal-3.0.4+dfsg/port/cpl_odbc.cpp:103:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            const size_t nLen = strlen(pszEnvHome) + 12;
data/gdal-3.0.4+dfsg/port/cpl_odbc.cpp:445:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                              static_cast<SQLSMALLINT>(strlen(pszDSN)),
data/gdal-3.0.4+dfsg/port/cpl_odbc.cpp:1036:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            size_t iEnd = strlen(pszTarget);
data/gdal-3.0.4+dfsg/port/cpl_odbc.cpp:1067:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            m_panColValueLengths[iCol] = strlen(m_papszColValues[iCol]);
data/gdal-3.0.4+dfsg/port/cpl_odbc.cpp:1230:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t nTextLen = strlen(pszText);
data/gdal-3.0.4+dfsg/port/cpl_odbc.cpp:1268:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t nTextLen = strlen(pszText);
data/gdal-3.0.4+dfsg/port/cpl_path.cpp:69:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy( pszStaticResult, "" );
data/gdal-3.0.4+dfsg/port/cpl_path.cpp:116:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t iFileStart = strlen(pszFilename);
data/gdal-3.0.4+dfsg/port/cpl_path.cpp:167:9:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
        strcpy( pszStaticResult, "" );
data/gdal-3.0.4+dfsg/port/cpl_path.cpp:222:9:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
        strcpy( pszStaticResult, "." );
data/gdal-3.0.4+dfsg/port/cpl_path.cpp:304:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t iExtStart = strlen(pszFullFilename);
data/gdal-3.0.4+dfsg/port/cpl_path.cpp:310:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        iExtStart = strlen(pszFullFilename);
data/gdal-3.0.4+dfsg/port/cpl_path.cpp:360:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t iExtStart = strlen(pszFullFilename);
data/gdal-3.0.4+dfsg/port/cpl_path.cpp:366:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        iExtStart = strlen(pszFullFilename)-1;
data/gdal-3.0.4+dfsg/port/cpl_path.cpp:371:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(pszFullFilename+iExtStart+1) > knMaxExtensionSize )
data/gdal-3.0.4+dfsg/port/cpl_path.cpp:450:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        for( size_t i = strlen(pszStaticResult) - 1; i > 0; i-- )
data/gdal-3.0.4+dfsg/port/cpl_path.cpp:559:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t nLenPath = strlen(pszPath);
data/gdal-3.0.4+dfsg/port/cpl_path.cpp:607:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    else if( pszExtension[0] != '.' && strlen(pszExtension) > 0 )
data/gdal-3.0.4+dfsg/port/cpl_path.cpp:667:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t nLen = strlen(pszBasename) + 2;
data/gdal-3.0.4+dfsg/port/cpl_path.cpp:670:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nLen += strlen(pszExtension);
data/gdal-3.0.4+dfsg/port/cpl_path.cpp:678:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    else if( pszExtension[0] != '.' && strlen(pszExtension) > 0 )
data/gdal-3.0.4+dfsg/port/cpl_path.cpp:767:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszProjectDir == nullptr || strlen(pszProjectDir) == 0 )
data/gdal-3.0.4+dfsg/port/cpl_path.cpp:774:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszProjectDir[strlen(pszProjectDir)-1] != '/'
data/gdal-3.0.4+dfsg/port/cpl_path.cpp:775:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        && pszProjectDir[strlen(pszProjectDir)-1] != '\\' )
data/gdal-3.0.4+dfsg/port/cpl_path.cpp:873:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t nBasePathLen = strlen(pszBaseDir);
data/gdal-3.0.4+dfsg/port/cpl_path.cpp:958:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t iPathLength = strlen(pszPath);
data/gdal-3.0.4+dfsg/port/cpl_port.h:578:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define STARTS_WITH(a,b)               (strncmp(a,b,strlen(b)) == 0)
data/gdal-3.0.4+dfsg/port/cpl_port.h:580:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define STARTS_WITH_CI(a,b)            EQUALN(a,b,strlen(b))
data/gdal-3.0.4+dfsg/port/cpl_recode.cpp:280:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nLen = static_cast<int>(strlen(pabyData));
data/gdal-3.0.4+dfsg/port/cpl_recode_iconv.cpp:106:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t nSrcLen = strlen( pszSource );
data/gdal-3.0.4+dfsg/port/cpl_recode_stub.cpp:150:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const int nCharCount = static_cast<int>(strlen(pszSource));
data/gdal-3.0.4+dfsg/port/cpl_recode_stub.cpp:164:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int nCharCount = static_cast<int>(strlen(pszSource));
data/gdal-3.0.4+dfsg/port/cpl_recode_stub.cpp:212:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int nCharCount = static_cast<int>(strlen(pszSource));
data/gdal-3.0.4+dfsg/port/cpl_recode_stub.cpp:255:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int nCharCount = static_cast<int>(strlen(pszSource));
data/gdal-3.0.4+dfsg/port/cpl_recode_stub.cpp:448:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int nSrcLen = static_cast<int>(strlen(pszUTF8Source));
data/gdal-3.0.4+dfsg/port/cpl_recode_stub.cpp:477:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nLen = static_cast<int>(strlen(pabyData));
data/gdal-3.0.4+dfsg/port/cpl_sha256.cpp:688:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                               static_cast<int>(strlen(pszPrivateKey)));
data/gdal-3.0.4+dfsg/port/cpl_spawn.cpp:480:44:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            const int n = static_cast<int>(read(fin, pabyData, nRemain));
data/gdal-3.0.4+dfsg/port/cpl_spawn.cpp:547:30:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            static_cast<int>(read(pipe_fd, buf, PIPE_BUFFER_SIZE));
data/gdal-3.0.4+dfsg/port/cpl_string.cpp:1680:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t nLen = strlen(pszName);
data/gdal-3.0.4+dfsg/port/cpl_string.cpp:1713:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t nLen = strlen(pszName);
data/gdal-3.0.4+dfsg/port/cpl_string.cpp:1806:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t nLen = strlen(pszName);
data/gdal-3.0.4+dfsg/port/cpl_string.cpp:1844:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t nLen = strlen(pszName)+strlen(pszValue)+2;
data/gdal-3.0.4+dfsg/port/cpl_string.cpp:1844:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t nLen = strlen(pszName)+strlen(pszValue)+2;
data/gdal-3.0.4+dfsg/port/cpl_string.cpp:1883:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t nLen = strlen(pszName);
data/gdal-3.0.4+dfsg/port/cpl_string.cpp:1917:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    const size_t nLen2 = strlen(pszName)+strlen(pszValue)+2;
data/gdal-3.0.4+dfsg/port/cpl_string.cpp:1917:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    const size_t nLen2 = strlen(pszName)+strlen(pszValue)+2;
data/gdal-3.0.4+dfsg/port/cpl_string.cpp:1973:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            CPLMalloc( strlen(pszValue) + strlen(pszKey)
data/gdal-3.0.4+dfsg/port/cpl_string.cpp:1973:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            CPLMalloc( strlen(pszValue) + strlen(pszKey)
data/gdal-3.0.4+dfsg/port/cpl_string.cpp:1974:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                       + strlen(pszSeparator) + 1 ) );
data/gdal-3.0.4+dfsg/port/cpl_string.cpp:2040:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nLength = static_cast<int>(strlen(pszInput));
data/gdal-3.0.4+dfsg/port/cpl_string.cpp:2254:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char *pszOutput = static_cast<char *>(CPLMalloc(4 * strlen(pszInput) + 1));
data/gdal-3.0.4+dfsg/port/cpl_string.cpp:2341:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                int nLen = static_cast<int>(strlen(pszUTF8));
data/gdal-3.0.4+dfsg/port/cpl_string.cpp:2367:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                const int nLen = static_cast<int>(strlen(pszUTF8));
data/gdal-3.0.4+dfsg/port/cpl_string.cpp:2536:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t nHexLen = strlen(pszHex);
data/gdal-3.0.4+dfsg/port/cpl_string.cpp:2662:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( bIsReal && pszAfterExponent && strlen(pszAfterExponent) > 3 )
data/gdal-3.0.4+dfsg/port/cpl_string.cpp:2707:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        return strlen(pszSrc);
data/gdal-3.0.4+dfsg/port/cpl_string.cpp:2721:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return pszSrcIter - pszSrc + strlen(pszSrcIter);
data/gdal-3.0.4+dfsg/port/cpl_strtod.cpp:241:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( endptr ) *endptr = const_cast<char *>(nptr) + strlen(nptr);
data/gdal-3.0.4+dfsg/port/cpl_strtod.cpp:251:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( endptr ) *endptr = const_cast<char *>(nptr) + strlen(nptr);
data/gdal-3.0.4+dfsg/port/cpl_strtod.cpp:259:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( endptr ) *endptr = const_cast<char *>(nptr) + strlen(nptr);
data/gdal-3.0.4+dfsg/port/cpl_strtod.cpp:264:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( endptr ) *endptr = const_cast<char*>(nptr) + strlen(nptr);
data/gdal-3.0.4+dfsg/port/cpl_strtod.cpp:270:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( endptr ) *endptr = const_cast<char *>(nptr) + strlen(nptr);
data/gdal-3.0.4+dfsg/port/cpl_strtod.cpp:275:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( endptr ) *endptr = const_cast<char *>(nptr) + strlen(nptr);
data/gdal-3.0.4+dfsg/port/cpl_time.cpp:360:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    else if( strlen(*papszVal) == 5 &&
data/gdal-3.0.4+dfsg/port/cpl_userfaultfd.cpp:171:39:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    bytes_read = static_cast<ssize_t>(read(ctx->uffd, ctx->uffd_msgs, MAX_MESSAGES*sizeof(uffd_msg)));
data/gdal-3.0.4+dfsg/port/cpl_userfaultfd.cpp:285:13:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
            usleep(10000);
data/gdal-3.0.4+dfsg/port/cpl_virtualmem.cpp:243:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const size_t nSizeToWrite = strlen(buffer + offset);
data/gdal-3.0.4+dfsg/port/cpl_virtualmem.cpp:535:9:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
        usleep(1);
data/gdal-3.0.4+dfsg/port/cpl_virtualmem.cpp:764:17:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
                usleep(1);
data/gdal-3.0.4+dfsg/port/cpl_virtualmem.cpp:793:17:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
                usleep(1);
data/gdal-3.0.4+dfsg/port/cpl_virtualmem.cpp:1529:30:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            static_cast<int>(read( pVirtualMemManager->pipefd_wait_thread[0],
data/gdal-3.0.4+dfsg/port/cpl_virtualmem.cpp:1551:30:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            static_cast<int>(read(pVirtualMemManager->pipefd_from_thread[0],
data/gdal-3.0.4+dfsg/port/cpl_virtualmem.cpp:1714:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            read(pVirtualMemManager->pipefd_to_thread[0], &msg,
data/gdal-3.0.4+dfsg/port/cpl_virtualmem.cpp:1923:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        read(pVirtualMemManager->pipefd_wait_thread[0], &wait_ready, 1);
data/gdal-3.0.4+dfsg/port/cpl_vsi.h:520:49:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    VSIFilesystemPluginReadCallback             read; /**< read from current position (r) */
data/gdal-3.0.4+dfsg/port/cpl_vsi_mem.cpp:508:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    osFilename.substr(iPos + strlen("||maxlength=")).c_str()));
data/gdal-3.0.4+dfsg/port/cpl_vsil.cpp:782:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(pszFilename) == 2 && pszFilename[1] == ':' )
data/gdal-3.0.4+dfsg/port/cpl_vsil.cpp:2487:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t nPathLen = strlen(pszPath);
data/gdal-3.0.4+dfsg/port/cpl_vsil_abstract_archive.cpp:137:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t nLen = strlen(fileName);
data/gdal-3.0.4+dfsg/port/cpl_vsil_abstract_archive.cpp:339:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    strlen(pszPrevDir + 4) + 1);
data/gdal-3.0.4+dfsg/port/cpl_vsil_abstract_archive.cpp:343:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    strlen(pszPrevDir + 4) + 1);
data/gdal-3.0.4+dfsg/port/cpl_vsil_abstract_archive.cpp:366:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszFilename[strlen(GetPrefix()) + 1] == '{' )
data/gdal-3.0.4+dfsg/port/cpl_vsil_abstract_archive.cpp:368:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszFilename += strlen(GetPrefix()) + 1;
data/gdal-3.0.4+dfsg/port/cpl_vsil_abstract_archive.cpp:453:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszFilename += strlen(GetPrefix());
data/gdal-3.0.4+dfsg/port/cpl_vsil_abstract_archive.cpp:455:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszFilename += strlen(GetPrefix()) + 1;
data/gdal-3.0.4+dfsg/port/cpl_vsil_abstract_archive.cpp:497:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( EQUALN( pszFilename + i, ".cur_input", strlen(".cur_input") ) )
data/gdal-3.0.4+dfsg/port/cpl_vsil_abstract_archive.cpp:499:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            nToSkip = static_cast<int>(strlen(".cur_input"));
data/gdal-3.0.4+dfsg/port/cpl_vsil_abstract_archive.cpp:596:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( fileInArchiveName == nullptr || strlen(fileInArchiveName) == 0 )
data/gdal-3.0.4+dfsg/port/cpl_vsil_abstract_archive.cpp:854:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    tmpFileName[strlen(tmpFileName)-1] = 0;
data/gdal-3.0.4+dfsg/port/cpl_vsil_az.cpp:155:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                else if( pszKey && strlen(pszKey) > osPrefix.size() )
data/gdal-3.0.4+dfsg/port/cpl_vsil_az.cpp:203:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                else if( pszKey && strlen(pszKey) > osPrefix.size() )
data/gdal-3.0.4+dfsg/port/cpl_vsil_crypt.cpp:1454:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                       strlen(VSICRYPT_PREFIX)) == 0 );
data/gdal-3.0.4+dfsg/port/cpl_vsil_crypt.cpp:1455:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pszFilename += strlen(VSICRYPT_PREFIX);
data/gdal-3.0.4+dfsg/port/cpl_vsil_crypt.cpp:1459:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    CPLString osRet(pszFileArg + strlen("file="));
data/gdal-3.0.4+dfsg/port/cpl_vsil_crypt.cpp:1496:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        CPLAssert( strlen(pszKey) < 10U * 1024U );
data/gdal-3.0.4+dfsg/port/cpl_vsil_crypt.cpp:1507:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            CPLAssert( strlen(pszKey) < 10U * 1024U );
data/gdal-3.0.4+dfsg/port/cpl_vsil_crypt.cpp:1810:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strncmp(newpath, VSICRYPT_PREFIX, strlen(VSICRYPT_PREFIX)) == 0 )
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:195:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pszFilename += strlen("/vsicurl/");
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:420:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(pszDT) >= 5 && pszDT[3] == ',' && pszDT[4] == ' ' )
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:429:9:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    if( sscanf(pszDT, "%02d %03s %04d %02d:%02d:%02d GMT",
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:546:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                   static_cast<int>(strlen(pszLine + 16)));
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:554:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                CPLString osDate = pszLine + strlen("Date: ");
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:667:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        return CPLAtoGIntBig(pszExpires + strlen("&Expires="));
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:673:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        return CPLAtoGIntBig(pszExpires + strlen("&X-Amz-Expires="));
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:853:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                pszContentLength += strlen("Content-Length: ");
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:857:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    static_cast<int>(strlen(pszContentLength)));
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:979:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                pzETag += strlen("ETag: \"");
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:1086:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if( strlen(szCurlErrBuf) > 0 )
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:1472:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                       static_cast<int>(strlen(pszSlash)));
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:1493:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                       static_cast<int>(strlen(pszSize)));
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:2144:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pszBoundary += strlen( "Content-Type: multipart/byteranges; boundary=" );
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:2709:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const size_t nLen = strlen(pszFilenamePrefix);
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:2849:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const size_t nURLLen = strlen(pszFilename);
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:2853:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            const size_t nExtensionLen = strlen(papszExtensions[i]);
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:2920:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( !(GetCachedFileProp(osFilename + strlen(GetFSPrefix()), cachedFileProp) &&
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:3019:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( pszMonthFound - pszStr > 2 && strlen(pszMonthFound) > 15 &&
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:3048:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            int nLenMonth = static_cast<int>(strlen(apszMonths[iMonth]));
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:3052:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                static_cast<int>(strlen(pszMonthFound - 2)) >
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:3081:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                       static_cast<int>(strlen(pszFilesize)));
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:3099:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                     static_cast<int>(strlen(pszMonthFound)) >
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:3126:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                       static_cast<int>(strlen(pszFilesize)));
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:3166:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszDir = strchr(osURL.c_str() + strlen("http://"), '/');
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:3168:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszDir = strchr(osURL.c_str() + strlen("https://"), '/');
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:3170:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszDir = strchr(osURL.c_str() + strlen("ftp://"), '/');
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:3286:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            beginFilename += strlen("<a href=\"");
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:3415:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszPermissions == nullptr || strlen(pszPermissions) != 10 )
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:3433:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nSize = CPLScanUIntBig(pszSize, static_cast<int>(strlen(pszSize)));
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:3441:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszMonth == nullptr || strlen(pszMonth) != 3 )
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:3456:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszDay == nullptr || (strlen(pszDay) != 1 && strlen(pszDay) != 2) )
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:3456:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( pszDay == nullptr || (strlen(pszDay) != 1 && strlen(pszDay) != 2) )
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:3466:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        (strlen(pszHourOrYear) != 4 && strlen(pszHourOrYear) != 5) )
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:3466:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        (strlen(pszHourOrYear) != 4 && strlen(pszHourOrYear) != 5) )
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl.cpp:3468:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(pszHourOrYear) == 4 )
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl_streaming.cpp:615:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                sWriteFuncData.pBuffer + strlen("Content-Length: ");
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl_streaming.cpp:620:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                                strlen("Content-Length: ")));
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl_streaming.cpp:663:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strncmp(m_pszURL, pszEffectiveURL, strlen(m_pszURL)) == 0 &&
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl_streaming.cpp:664:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pszEffectiveURL[strlen(m_pszURL)] == '/' )
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl_streaming.cpp:723:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            const size_t nURLLen = strlen(m_pszURL);
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl_streaming.cpp:727:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                const size_t nExtensionLen = strlen(papszExtensions[i]);
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl_streaming.cpp:967:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    pszContentLength + strlen("Content-Length: ");
data/gdal-3.0.4+dfsg/port/cpl_vsil_curl_streaming.cpp:986:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    pszContentEncoding + strlen("Content-Encoding: ");
data/gdal-3.0.4+dfsg/port/cpl_vsil_gzip.cpp:2154:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        VSIFileManager::GetHandler( pszFilename + strlen("/vsigzip/"));
data/gdal-3.0.4+dfsg/port/cpl_vsil_gzip.cpp:2172:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            poFSHandler->Open( pszFilename + strlen("/vsigzip/"), "wb" );
data/gdal-3.0.4+dfsg/port/cpl_vsil_gzip.cpp:2204:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        VSIFileManager::GetHandler( pszFilename + strlen("/vsigzip/"));
data/gdal-3.0.4+dfsg/port/cpl_vsil_gzip.cpp:2214:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strcmp(pszFilename + strlen("/vsigzip/"),
data/gdal-3.0.4+dfsg/port/cpl_vsil_gzip.cpp:2227:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        poFSHandler->Open( pszFilename + strlen("/vsigzip/"), "rb" );
data/gdal-3.0.4+dfsg/port/cpl_vsil_gzip.cpp:2249:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        new VSIGZipHandle(poVirtualHandle, pszFilename + strlen("/vsigzip/"));
data/gdal-3.0.4+dfsg/port/cpl_vsil_gzip.cpp:2274:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strcmp(pszFilename+strlen("/vsigzip/"),
data/gdal-3.0.4+dfsg/port/cpl_vsil_gzip.cpp:2286:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int ret = VSIStatExL(pszFilename+strlen("/vsigzip/"), pStatBuf, nFlags);
data/gdal-3.0.4+dfsg/port/cpl_vsil_gzip.cpp:2290:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        CPLString osCacheFilename(pszFilename + strlen("/vsigzip/"));
data/gdal-3.0.4+dfsg/port/cpl_vsil_gzip.cpp:2305:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        pszLine + strlen("compressed_size=");
data/gdal-3.0.4+dfsg/port/cpl_vsil_gzip.cpp:2308:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                       static_cast<int>(strlen(pszBuffer)));
data/gdal-3.0.4+dfsg/port/cpl_vsil_gzip.cpp:2313:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        pszLine + strlen("uncompressed_size=");
data/gdal-3.0.4+dfsg/port/cpl_vsil_gzip.cpp:2316:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                       static_cast<int>(strlen(pszBuffer)));
data/gdal-3.0.4+dfsg/port/cpl_vsil_gzip.cpp:3035:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        char chLastChar = pszFilename[strlen(pszFilename) - 1];
data/gdal-3.0.4+dfsg/port/cpl_vsil_hdfs.cpp:297:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strncmp(pszFilename, VSIHdfsHandle::VSIHDFS, strlen(VSIHdfsHandle::VSIHDFS)) != 0) {
data/gdal-3.0.4+dfsg/port/cpl_vsil_hdfs.cpp:301:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const char * pszPath = pszFilename + strlen(VSIHdfsHandle::VSIHDFS);
data/gdal-3.0.4+dfsg/port/cpl_vsil_hdfs.cpp:320:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  hdfsFileInfo * poInfo = hdfsGetPathInfo(poFilesystem, pszeFilename + strlen(VSIHdfsHandle::VSIHDFS));
data/gdal-3.0.4+dfsg/port/cpl_vsil_hdfs.cpp:379:73:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  hdfsFileInfo * paoInfo = hdfsListDirectory(poFilesystem, pszDirname + strlen(VSIHdfsHandle::VSIHDFS), &mEntries);
data/gdal-3.0.4+dfsg/port/cpl_vsil_plugin.cpp:138:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return pszFilename + strlen(m_Prefix);
data/gdal-3.0.4+dfsg/port/cpl_vsil_plugin.cpp:186:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (m_cb->read != nullptr) {
data/gdal-3.0.4+dfsg/port/cpl_vsil_plugin.cpp:187:22:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        return m_cb->read(pFile, pBuffer, nSize, nCount);
data/gdal-3.0.4+dfsg/port/cpl_vsil_s3.cpp:163:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if( pszKey && strlen(pszKey) > osPrefix.size() )
data/gdal-3.0.4+dfsg/port/cpl_vsil_s3.cpp:197:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if( pszKey && strlen(pszKey) > osPrefix.size() )
data/gdal-3.0.4+dfsg/port/cpl_vsil_s3.cpp:215:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        entry->pszName[strlen(entry->pszName) - 1] == '/' ? S_IFDIR : S_IFREG;
data/gdal-3.0.4+dfsg/port/cpl_vsil_s3.cpp:218:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        entry->pszName[strlen(entry->pszName) - 1] = 0;
data/gdal-3.0.4+dfsg/port/cpl_vsil_s3.cpp:988:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                CPLString osEtag(osHeader.substr(nPos + strlen("ETag: ")));
data/gdal-3.0.4+dfsg/port/cpl_vsil_s3.cpp:1439:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                pzETag += strlen("ETag: \"");
data/gdal-3.0.4+dfsg/port/cpl_vsil_sparsefile.cpp:489:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        VSIStatExL( pszFilename + strlen("/vsisparse/"), psStatBuf, nFlags );
data/gdal-3.0.4+dfsg/port/cpl_vsil_stdout.cpp:403:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        VSIFOpenL(pszFilename + strlen("/vsistdout_redirect/"), pszAccess));
data/gdal-3.0.4+dfsg/port/cpl_vsil_subfile.cpp:287:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        CPLScanUIntBig(pszPath+12, static_cast<int>(strlen(pszPath + 12)));
data/gdal-3.0.4+dfsg/port/cpl_vsil_subfile.cpp:301:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                   static_cast<int>(strlen(pszPath + i + 1)));
data/gdal-3.0.4+dfsg/port/cpl_vsil_swift.cpp:483:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    CPLAssert( strlen(pszDirname) >= GetFSPrefix().size() );
data/gdal-3.0.4+dfsg/port/cpl_vsil_tar.cpp:135:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            ((strlen(pszFilename) > 4 &&
data/gdal-3.0.4+dfsg/port/cpl_vsil_tar.cpp:136:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            STARTS_WITH_CI(pszFilename + strlen(pszFilename) - 4, ".tgz")) ||
data/gdal-3.0.4+dfsg/port/cpl_vsil_tar.cpp:137:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            (strlen(pszFilename) > 7 &&
data/gdal-3.0.4+dfsg/port/cpl_vsil_tar.cpp:138:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            STARTS_WITH_CI(pszFilename + strlen(pszFilename) - 7, ".tar.gz"))));
data/gdal-3.0.4+dfsg/port/cpl_vsil_tar.cpp:159:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    strlen("***NEWFILE***:")) == 0);
data/gdal-3.0.4+dfsg/port/cpl_vsil_tar.cpp:243:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                static_cast<int>(strlen("***NEWFILE***:"));
data/gdal-3.0.4+dfsg/port/cpl_vsil_unix_stdio_64.cpp:723:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen(pszPath) == 0 )
data/gdal-3.0.4+dfsg/port/cpl_vsil_webhdfs.cpp:139:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nStart = strlen("http://");
data/gdal-3.0.4+dfsg/port/cpl_vsil_webhdfs.cpp:141:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nStart = strlen("https://");
data/gdal-3.0.4+dfsg/port/cpl_vsil_webhdfs.cpp:588:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    CPLAssert( strlen(pszDirname) >= GetFSPrefix().size() );
data/gdal-3.0.4+dfsg/port/cpl_vsil_webhdfs.cpp:783:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        osDirnameWithoutEndSlash.size() - strlen("/webhdfs/v1") &&
data/gdal-3.0.4+dfsg/port/cpl_vsil_webhdfs.cpp:905:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        osURL.size() - strlen("/webhdfs/v1") &&
data/gdal-3.0.4+dfsg/port/cpl_vsil_webhdfs.cpp:960:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen(szCurlErrBuf) > 0 )
data/gdal-3.0.4+dfsg/port/cpl_vsil_win32.cpp:895:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(pszPath) == 0)
data/gdal-3.0.4+dfsg/port/cpl_vsil_win32.cpp:934:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(pszPath) == 0)
data/gdal-3.0.4+dfsg/port/cpl_vsisimple.cpp:330:12:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    return fgetc( fp );
data/gdal-3.0.4+dfsg/port/cpl_vsisimple.cpp:998:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t nSize = strlen(pszString) + 1;
data/gdal-3.0.4+dfsg/port/cpl_vsisimple.cpp:1250:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 nLine, static_cast<GUIntBig>(strlen(pszStr) + 1));
data/gdal-3.0.4+dfsg/port/cpl_xml_validate.cpp:104:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                strlen(pszSlashDotDot + 4) + 1);
data/gdal-3.0.4+dfsg/port/cpl_xml_validate.cpp:150:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        xmlSchemaNewMemParserCtxt(szLibXMLBugTester, strlen(szLibXMLBugTester));
data/gdal-3.0.4+dfsg/port/cpl_xml_validate.cpp:638:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int nLen = static_cast<int>(strlen(pszSchemasOpenGIS));
data/gdal-3.0.4+dfsg/port/cpl_xml_validate.cpp:840:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        osModURL += URL + strlen("/vsizip/vsicurl/http%3A//");
data/gdal-3.0.4+dfsg/port/cpl_xml_validate.cpp:845:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        osModURL += URL + strlen("/vsicurl/http%3A//");
data/gdal-3.0.4+dfsg/port/cpl_xml_validate.cpp:850:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                URL + strlen("http://schemas.opengis.net/");
data/gdal-3.0.4+dfsg/port/cpl_xml_validate.cpp:856:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            const int nLen = static_cast<int>(strlen(pszSchemasOpenGIS));
data/gdal-3.0.4+dfsg/port/cpl_xml_validate.cpp:926:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int nLen = static_cast<int>(strlen(pszStrDup));
data/gdal-3.0.4+dfsg/port/cpl_xml_validate.cpp:1022:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        xmlSchemaNewMemParserCtxt(pszStr, static_cast<int>(strlen(pszStr)));
data/gdal-3.0.4+dfsg/port/cpl_xml_validate.cpp:1082:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(szHeader, pszXMLFilename, sizeof(szHeader));
data/gdal-3.0.4+dfsg/port/cplstring.cpp:286:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t nTargetLen = strlen(s);
data/gdal-3.0.4+dfsg/port/cplstringlist.cpp:365:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t nLen = strlen(pszKey)+strlen(pszValue)+2;
data/gdal-3.0.4+dfsg/port/cplstringlist.cpp:365:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t nLen = strlen(pszKey)+strlen(pszValue)+2;
data/gdal-3.0.4+dfsg/port/cplstringlist.cpp:429:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const size_t nLen = strlen(pszKey)+strlen(pszValue)+2;
data/gdal-3.0.4+dfsg/port/cplstringlist.cpp:429:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const size_t nLen = strlen(pszKey)+strlen(pszValue)+2;
data/gdal-3.0.4+dfsg/port/cplstringlist.cpp:601:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t nKeyLen = strlen(pszKey);
data/gdal-3.0.4+dfsg/port/cplstringlist.cpp:703:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    CPLAssert( papszList[iKey][strlen(pszName)] == '='
data/gdal-3.0.4+dfsg/port/cplstringlist.cpp:704:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
               || papszList[iKey][strlen(pszName)] == ':' );
data/gdal-3.0.4+dfsg/port/cplstringlist.cpp:706:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return papszList[iKey] + strlen(pszName)+1;
data/gdal-3.0.4+dfsg/port/vsipreload.cpp:114:16:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
DECLARE_SYMBOL(read, ssize_t, (int fd, void *buf, size_t count));
data/gdal-3.0.4+dfsg/port/vsipreload.cpp:200:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    LOAD_SYMBOL(read);
data/gdal-3.0.4+dfsg/port/vsipreload.cpp:1114:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
ssize_t CPL_DLL read( int fd, void *buf, size_t count )
data/gdal-3.0.4+dfsg/port/vsipreload.cpp:1499:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(mydir->ent.d_name, pszName, 256);
data/gdal-3.0.4+dfsg/swig/java/add_javadoc.c:56:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    memmove(pszBuf, pszBuf + i, strlen(pszBuf) - i + 1);
data/gdal-3.0.4+dfsg/swig/java/add_javadoc.c:58:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    i = strlen(pszBuf) - 1;
data/gdal-3.0.4+dfsg/swig/java/add_javadoc.c:102:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    memmove(pszBuf + i + 1, lastOK, strlen(lastOK) + 1);
data/gdal-3.0.4+dfsg/swig/java/add_javadoc.c:104:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    memmove(pszBuf + i, lastOK, strlen(lastOK) + 1);
data/gdal-3.0.4+dfsg/swig/java/add_javadoc.c:118:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                memmove(pszBuf + i, pszBuf + i + 1, strlen(pszBuf + i + 1) + 1);
data/gdal-3.0.4+dfsg/swig/java/add_javadoc.c:238:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        strcpy(szMethodName + strlen(szMethodName) - 1, szLine);
data/gdal-3.0.4+dfsg/swig/perl/gdal_wrap.cpp:386:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const char* te = tb + strlen(tb);
data/gdal-3.0.4+dfsg/swig/perl/gdal_wrap.cpp:670:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(name) + 1 > (bsz - (r - buff))) return 0;
data/gdal-3.0.4+dfsg/swig/perl/gdal_wrap.cpp:691:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t lname = (name ? strlen(name) : 0);
data/gdal-3.0.4+dfsg/swig/perl/gdal_wrap.cpp:696:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(r,name,lname+1);
data/gdal-3.0.4+dfsg/swig/perl/gdal_wrap.cpp:1250:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if ((2*sz + 1 + strlen(SWIG_Perl_TypeProxyName(type))) > 1000) return;
data/gdal-3.0.4+dfsg/swig/perl/gdal_wrap.cpp:1342:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  sv_magic(sv,sv,'U',name,strlen(name));
data/gdal-3.0.4+dfsg/swig/perl/gdal_wrap.cpp:1439:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#ifdef read
data/gdal-3.0.4+dfsg/swig/perl/gdal_wrap.cpp:1440:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  #undef read
data/gdal-3.0.4+dfsg/swig/perl/gdal_wrap.cpp:1952:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (psize) *psize = vptr ? (strlen(vptr) + 1) : 0;
data/gdal-3.0.4+dfsg/swig/perl/gdal_wrap.cpp:2421:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  return SWIG_FromCharPtrAndSize(cptr, (cptr ? strlen(cptr) : 0));
data/gdal-3.0.4+dfsg/swig/perl/gdal_wrap.cpp:4175:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        SV *sv = newSVpv(psTree->pszValue, strlen(psTree->pszValue));
data/gdal-3.0.4+dfsg/swig/perl/gdal_wrap.cpp:9115:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            hv_store(hv, keyptr, strlen(keyptr), newSVpv(valptr, strlen(valptr)), 0);
data/gdal-3.0.4+dfsg/swig/perl/gdal_wrap.cpp:9115:66:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            hv_store(hv, keyptr, strlen(keyptr), newSVpv(valptr, strlen(valptr)), 0);
data/gdal-3.0.4+dfsg/swig/perl/gdalconst_wrap.c:362:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const char* te = tb + strlen(tb);
data/gdal-3.0.4+dfsg/swig/perl/gdalconst_wrap.c:646:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(name) + 1 > (bsz - (r - buff))) return 0;
data/gdal-3.0.4+dfsg/swig/perl/gdalconst_wrap.c:667:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t lname = (name ? strlen(name) : 0);
data/gdal-3.0.4+dfsg/swig/perl/gdalconst_wrap.c:672:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(r,name,lname+1);
data/gdal-3.0.4+dfsg/swig/perl/gdalconst_wrap.c:1226:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if ((2*sz + 1 + strlen(SWIG_Perl_TypeProxyName(type))) > 1000) return;
data/gdal-3.0.4+dfsg/swig/perl/gdalconst_wrap.c:1318:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  sv_magic(sv,sv,'U',name,strlen(name));
data/gdal-3.0.4+dfsg/swig/perl/gdalconst_wrap.c:1415:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#ifdef read
data/gdal-3.0.4+dfsg/swig/perl/gdalconst_wrap.c:1416:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  #undef read
data/gdal-3.0.4+dfsg/swig/perl/gdalconst_wrap.c:1558:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  return SWIG_FromCharPtrAndSize(cptr, (cptr ? strlen(cptr) : 0));
data/gdal-3.0.4+dfsg/swig/perl/gnm_wrap.cpp:386:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const char* te = tb + strlen(tb);
data/gdal-3.0.4+dfsg/swig/perl/gnm_wrap.cpp:670:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(name) + 1 > (bsz - (r - buff))) return 0;
data/gdal-3.0.4+dfsg/swig/perl/gnm_wrap.cpp:691:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t lname = (name ? strlen(name) : 0);
data/gdal-3.0.4+dfsg/swig/perl/gnm_wrap.cpp:696:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(r,name,lname+1);
data/gdal-3.0.4+dfsg/swig/perl/gnm_wrap.cpp:1250:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if ((2*sz + 1 + strlen(SWIG_Perl_TypeProxyName(type))) > 1000) return;
data/gdal-3.0.4+dfsg/swig/perl/gnm_wrap.cpp:1342:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  sv_magic(sv,sv,'U',name,strlen(name));
data/gdal-3.0.4+dfsg/swig/perl/gnm_wrap.cpp:1439:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#ifdef read
data/gdal-3.0.4+dfsg/swig/perl/gnm_wrap.cpp:1440:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  #undef read
data/gdal-3.0.4+dfsg/swig/perl/gnm_wrap.cpp:1913:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (psize) *psize = vptr ? (strlen(vptr) + 1) : 0;
data/gdal-3.0.4+dfsg/swig/perl/ogr_wrap.cpp:386:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const char* te = tb + strlen(tb);
data/gdal-3.0.4+dfsg/swig/perl/ogr_wrap.cpp:670:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(name) + 1 > (bsz - (r - buff))) return 0;
data/gdal-3.0.4+dfsg/swig/perl/ogr_wrap.cpp:691:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t lname = (name ? strlen(name) : 0);
data/gdal-3.0.4+dfsg/swig/perl/ogr_wrap.cpp:696:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(r,name,lname+1);
data/gdal-3.0.4+dfsg/swig/perl/ogr_wrap.cpp:1250:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if ((2*sz + 1 + strlen(SWIG_Perl_TypeProxyName(type))) > 1000) return;
data/gdal-3.0.4+dfsg/swig/perl/ogr_wrap.cpp:1342:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  sv_magic(sv,sv,'U',name,strlen(name));
data/gdal-3.0.4+dfsg/swig/perl/ogr_wrap.cpp:1439:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#ifdef read
data/gdal-3.0.4+dfsg/swig/perl/ogr_wrap.cpp:1440:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  #undef read
data/gdal-3.0.4+dfsg/swig/perl/ogr_wrap.cpp:1652:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  return SWIG_FromCharPtrAndSize(cptr, (cptr ? strlen(cptr) : 0));
data/gdal-3.0.4+dfsg/swig/perl/ogr_wrap.cpp:1816:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (psize) *psize = vptr ? (strlen(vptr) + 1) : 0;
data/gdal-3.0.4+dfsg/swig/perl/ogr_wrap.cpp:2362:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            SV *sv = newSVpv(*first, strlen(*first));
data/gdal-3.0.4+dfsg/swig/perl/osr_wrap.cpp:386:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const char* te = tb + strlen(tb);
data/gdal-3.0.4+dfsg/swig/perl/osr_wrap.cpp:670:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(name) + 1 > (bsz - (r - buff))) return 0;
data/gdal-3.0.4+dfsg/swig/perl/osr_wrap.cpp:691:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t lname = (name ? strlen(name) : 0);
data/gdal-3.0.4+dfsg/swig/perl/osr_wrap.cpp:696:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(r,name,lname+1);
data/gdal-3.0.4+dfsg/swig/perl/osr_wrap.cpp:1250:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if ((2*sz + 1 + strlen(SWIG_Perl_TypeProxyName(type))) > 1000) return;
data/gdal-3.0.4+dfsg/swig/perl/osr_wrap.cpp:1342:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  sv_magic(sv,sv,'U',name,strlen(name));
data/gdal-3.0.4+dfsg/swig/perl/osr_wrap.cpp:1439:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#ifdef read
data/gdal-3.0.4+dfsg/swig/perl/osr_wrap.cpp:1440:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  #undef read
data/gdal-3.0.4+dfsg/swig/perl/osr_wrap.cpp:1573:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  return SWIG_FromCharPtrAndSize(cptr, (cptr ? strlen(cptr) : 0));
data/gdal-3.0.4+dfsg/swig/perl/osr_wrap.cpp:1768:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (psize) *psize = vptr ? (strlen(vptr) + 1) : 0;
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_array_wrap.cpp:414:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const char* te = tb + strlen(tb);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_array_wrap.cpp:698:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(name) + 1 > (bsz - (r - buff))) return 0;
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_array_wrap.cpp:719:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t lname = (name ? strlen(name) : 0);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_array_wrap.cpp:724:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(r,name,lname+1);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_array_wrap.cpp:892:91:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#  define PyString_AsStringAndSize(obj, s, len) {*s = PyString_AsString(obj); *len = *s ? strlen(*s) : 0;}
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_array_wrap.cpp:3399:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        PyObject* pyObj = PyUnicode_DecodeUTF8(pszStr, strlen(pszStr), "ignore");
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_array_wrap.cpp:4052:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (psize) *psize = vptr ? (strlen((char *)vptr) + 1) : 0;
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_array_wrap.cpp:4358:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(pszBuffer, (char*)PyArray_GETPTR1(psArray, i), nMaxLen);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_array_wrap.cpp:4428:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            nLen = static_cast<int>(strlen(papszStringList[n]));
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_array_wrap.cpp:4462:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                strncpy((char*)PyArray_GETPTR1((PyArrayObject *) pOutArray, n), papszStringList[n], nMaxLen);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_array_wrap.cpp:6239:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      size_t size = strlen(name)+1;
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_array_wrap.cpp:6242:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(gv->name,name,size);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_array_wrap.cpp:6306:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              strlen(const_table[j].name)) == 0) {
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_array_wrap.cpp:6317:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            size_t lptr = strlen(ty->name)+2*sizeof(void*)+2;
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_array_wrap.cpp:6321:15:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
              strncpy(buff, methods[i].ml_doc, ldoc);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:415:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const char* te = tb + strlen(tb);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:699:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(name) + 1 > (bsz - (r - buff))) return 0;
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:720:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t lname = (name ? strlen(name) : 0);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:725:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(r,name,lname+1);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:893:91:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#  define PyString_AsStringAndSize(obj, s, len) {*s = PyString_AsString(obj); *len = *s ? strlen(*s) : 0;}
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:3327:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strncmp(pszValue, MODULE_NAME, strlen(MODULE_NAME)) != 0 ||
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:3328:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszValue[strlen(MODULE_NAME)] != ' ')
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:3335:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char* pszNewValue = CPLStrdup(pszValue + strlen(MODULE_NAME) + 1);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:3406:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        PyObject* pyObj = PyUnicode_DecodeUTF8(pszStr, strlen(pszStr), "ignore");
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:3809:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (psize) *psize = vptr ? (strlen((char *)vptr) + 1) : 0;
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:4065:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  return SWIG_FromCharPtrAndSize(cptr, (cptr ? strlen(cptr) : 0));
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:6330:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (nType == CXT_Element && pszText != NULL && strlen(pszText) == 0 && nChildCount == 2)
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:36657:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      size_t size = strlen(name)+1;
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:36660:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(gv->name,name,size);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:36724:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              strlen(const_table[j].name)) == 0) {
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:36735:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            size_t lptr = strlen(ty->name)+2*sizeof(void*)+2;
data/gdal-3.0.4+dfsg/swig/python/extensions/gdal_wrap.cpp:36739:15:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
              strncpy(buff, methods[i].ml_doc, ldoc);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdalconst_wrap.c:391:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const char* te = tb + strlen(tb);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdalconst_wrap.c:675:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(name) + 1 > (bsz - (r - buff))) return 0;
data/gdal-3.0.4+dfsg/swig/python/extensions/gdalconst_wrap.c:696:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t lname = (name ? strlen(name) : 0);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdalconst_wrap.c:701:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(r,name,lname+1);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdalconst_wrap.c:869:91:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#  define PyString_AsStringAndSize(obj, s, len) {*s = PyString_AsString(obj); *len = *s ? strlen(*s) : 0;}
data/gdal-3.0.4+dfsg/swig/python/extensions/gdalconst_wrap.c:3075:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  return SWIG_FromCharPtrAndSize(cptr, (cptr ? strlen(cptr) : 0));
data/gdal-3.0.4+dfsg/swig/python/extensions/gdalconst_wrap.c:5418:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      size_t size = strlen(name)+1;
data/gdal-3.0.4+dfsg/swig/python/extensions/gdalconst_wrap.c:5421:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(gv->name,name,size);
data/gdal-3.0.4+dfsg/swig/python/extensions/gdalconst_wrap.c:5485:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              strlen(const_table[j].name)) == 0) {
data/gdal-3.0.4+dfsg/swig/python/extensions/gdalconst_wrap.c:5496:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            size_t lptr = strlen(ty->name)+2*sizeof(void*)+2;
data/gdal-3.0.4+dfsg/swig/python/extensions/gdalconst_wrap.c:5500:15:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
              strncpy(buff, methods[i].ml_doc, ldoc);
data/gdal-3.0.4+dfsg/swig/python/extensions/gnm_wrap.cpp:415:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const char* te = tb + strlen(tb);
data/gdal-3.0.4+dfsg/swig/python/extensions/gnm_wrap.cpp:699:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(name) + 1 > (bsz - (r - buff))) return 0;
data/gdal-3.0.4+dfsg/swig/python/extensions/gnm_wrap.cpp:720:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t lname = (name ? strlen(name) : 0);
data/gdal-3.0.4+dfsg/swig/python/extensions/gnm_wrap.cpp:725:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(r,name,lname+1);
data/gdal-3.0.4+dfsg/swig/python/extensions/gnm_wrap.cpp:893:91:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#  define PyString_AsStringAndSize(obj, s, len) {*s = PyString_AsString(obj); *len = *s ? strlen(*s) : 0;}
data/gdal-3.0.4+dfsg/swig/python/extensions/gnm_wrap.cpp:3246:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strncmp(pszValue, MODULE_NAME, strlen(MODULE_NAME)) != 0 ||
data/gdal-3.0.4+dfsg/swig/python/extensions/gnm_wrap.cpp:3247:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszValue[strlen(MODULE_NAME)] != ' ')
data/gdal-3.0.4+dfsg/swig/python/extensions/gnm_wrap.cpp:3254:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char* pszNewValue = CPLStrdup(pszValue + strlen(MODULE_NAME) + 1);
data/gdal-3.0.4+dfsg/swig/python/extensions/gnm_wrap.cpp:3325:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        PyObject* pyObj = PyUnicode_DecodeUTF8(pszStr, strlen(pszStr), "ignore");
data/gdal-3.0.4+dfsg/swig/python/extensions/gnm_wrap.cpp:3536:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  return SWIG_FromCharPtrAndSize(cptr, (cptr ? strlen(cptr) : 0));
data/gdal-3.0.4+dfsg/swig/python/extensions/gnm_wrap.cpp:3798:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (psize) *psize = vptr ? (strlen((char *)vptr) + 1) : 0;
data/gdal-3.0.4+dfsg/swig/python/extensions/gnm_wrap.cpp:6824:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      size_t size = strlen(name)+1;
data/gdal-3.0.4+dfsg/swig/python/extensions/gnm_wrap.cpp:6827:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(gv->name,name,size);
data/gdal-3.0.4+dfsg/swig/python/extensions/gnm_wrap.cpp:6891:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              strlen(const_table[j].name)) == 0) {
data/gdal-3.0.4+dfsg/swig/python/extensions/gnm_wrap.cpp:6902:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            size_t lptr = strlen(ty->name)+2*sizeof(void*)+2;
data/gdal-3.0.4+dfsg/swig/python/extensions/gnm_wrap.cpp:6906:15:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
              strncpy(buff, methods[i].ml_doc, ldoc);
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:415:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const char* te = tb + strlen(tb);
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:699:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(name) + 1 > (bsz - (r - buff))) return 0;
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:720:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t lname = (name ? strlen(name) : 0);
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:725:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(r,name,lname+1);
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:893:91:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#  define PyString_AsStringAndSize(obj, s, len) {*s = PyString_AsString(obj); *len = *s ? strlen(*s) : 0;}
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:3241:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  return SWIG_FromCharPtrAndSize(cptr, (cptr ? strlen(cptr) : 0));
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:3311:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strncmp(pszValue, MODULE_NAME, strlen(MODULE_NAME)) != 0 ||
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:3312:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszValue[strlen(MODULE_NAME)] != ' ')
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:3319:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char* pszNewValue = CPLStrdup(pszValue + strlen(MODULE_NAME) + 1);
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:3383:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        PyObject* pyObj = PyUnicode_DecodeUTF8(pszStr, strlen(pszStr), "ignore");
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:3621:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (psize) *psize = vptr ? (strlen((char *)vptr) + 1) : 0;
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:37014:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      size_t size = strlen(name)+1;
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:37017:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(gv->name,name,size);
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:37081:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              strlen(const_table[j].name)) == 0) {
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:37092:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            size_t lptr = strlen(ty->name)+2*sizeof(void*)+2;
data/gdal-3.0.4+dfsg/swig/python/extensions/ogr_wrap.cpp:37096:15:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
              strncpy(buff, methods[i].ml_doc, ldoc);
data/gdal-3.0.4+dfsg/swig/python/extensions/osr_wrap.cpp:415:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const char* te = tb + strlen(tb);
data/gdal-3.0.4+dfsg/swig/python/extensions/osr_wrap.cpp:699:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(name) + 1 > (bsz - (r - buff))) return 0;
data/gdal-3.0.4+dfsg/swig/python/extensions/osr_wrap.cpp:720:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t lname = (name ? strlen(name) : 0);
data/gdal-3.0.4+dfsg/swig/python/extensions/osr_wrap.cpp:725:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(r,name,lname+1);
data/gdal-3.0.4+dfsg/swig/python/extensions/osr_wrap.cpp:893:91:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#  define PyString_AsStringAndSize(obj, s, len) {*s = PyString_AsString(obj); *len = *s ? strlen(*s) : 0;}
data/gdal-3.0.4+dfsg/swig/python/extensions/osr_wrap.cpp:3175:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  return SWIG_FromCharPtrAndSize(cptr, (cptr ? strlen(cptr) : 0));
data/gdal-3.0.4+dfsg/swig/python/extensions/osr_wrap.cpp:3278:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strncmp(pszValue, MODULE_NAME, strlen(MODULE_NAME)) != 0 ||
data/gdal-3.0.4+dfsg/swig/python/extensions/osr_wrap.cpp:3279:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pszValue[strlen(MODULE_NAME)] != ' ')
data/gdal-3.0.4+dfsg/swig/python/extensions/osr_wrap.cpp:3286:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char* pszNewValue = CPLStrdup(pszValue + strlen(MODULE_NAME) + 1);
data/gdal-3.0.4+dfsg/swig/python/extensions/osr_wrap.cpp:3350:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        PyObject* pyObj = PyUnicode_DecodeUTF8(pszStr, strlen(pszStr), "ignore");
data/gdal-3.0.4+dfsg/swig/python/extensions/osr_wrap.cpp:3511:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (psize) *psize = vptr ? (strlen((char *)vptr) + 1) : 0;
data/gdal-3.0.4+dfsg/swig/python/extensions/osr_wrap.cpp:20230:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      size_t size = strlen(name)+1;
data/gdal-3.0.4+dfsg/swig/python/extensions/osr_wrap.cpp:20233:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(gv->name,name,size);
data/gdal-3.0.4+dfsg/swig/python/extensions/osr_wrap.cpp:20297:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              strlen(const_table[j].name)) == 0) {
data/gdal-3.0.4+dfsg/swig/python/extensions/osr_wrap.cpp:20308:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            size_t lptr = strlen(ty->name)+2*sizeof(void*)+2;
data/gdal-3.0.4+dfsg/swig/python/extensions/osr_wrap.cpp:20312:15:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
              strncpy(buff, methods[i].ml_doc, ldoc);
data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc.cpp:154:49:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  if (numBytesHeader <= numBytesBlob && cntZImg.read(&pByte, 1e12, true))    // read just the header
data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc.cpp:183:20:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if (!cntZImg.read(&pByte, 1e12, false, onlyZPart))
data/gdal-3.0.4+dfsg/third_party/LercLib/Lerc.cpp:408:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if (!zImg.read(&pByte1, 1e12, false, onlyZPart))

ANALYSIS SUMMARY:

Hits = 12798
Lines analyzed = 1781923 in approximately 45.22 seconds (39405 lines/second)
Physical Source Lines of Code (SLOC) = 1238891
Hits@level = [0] 4497 [1] 3691 [2] 8300 [3]  54 [4] 746 [5]   7
Hits@level+ = [0+] 17295 [1+] 12798 [2+] 9107 [3+] 807 [4+] 753 [5+]   7
Hits/KSLOC@level+ = [0+] 13.9601 [1+] 10.3302 [2+] 7.35093 [3+] 0.651389 [4+] 0.607802 [5+] 0.00565021
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.